Вы находитесь на странице: 1из 9

Cisco 2500

Cisco
, , , ,
20%
.

ISP ,
, Cisco
2500
256K ISP IP .
ISP (Serial 0) Ethernet (P),
, ISP 254 .
1. .
Cisco
IOS, (flash). 2500
1 Ethernet , HUB-
AUI->UTP (Seril 0,
Serial 1). Ethernet0 e 0.
Catalyst , , .
, 3- ethernet 2 "e 3/2".
( )
AUX .
, AUX telnet .
IOS SSH .
. ,
Serial 9600, .
( ) ( CON)
Cisco . ,
bootstrap:
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory
F3: 3268680+81304+204996 at 0x3000060
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
IOS (flash):
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.


Compiled Mon 18-Dec-95 17:49 by alanyu
Image text-base: 0x0301C8DC, data-base: 0x00001000
cisco 2500 (68030) processor (revision D) with 16380K/2048K bytes of memory.
Processor board ID 02413443, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read ONLY)
Press RETURN to get started!
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Mon 18-Dec-95 17:49 by alanyu
, IOS FLASH, TFTP
.
, ( setup).
. ,
NVRAM . ,
setup:
--- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Refer to the 'Getting Started' Guide for additional help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes]: yes
:
First, would you like to see the current interface summary? [yes]:
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned NO not set up up
Serial0 unassigned NO not set down down
Serial1 unassigned NO not set down down
Configuring global parameters:
:
Enter host name [Router]:
enable-secret :
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret: s1
enable-password ( IOS):
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password: s2
:
Enter virtual terminal password: s2
SNMP, :
Configure SNMP Network Management? [yes]: yes
Community string [public]: public1
IP ( IPX), :
Configure IP? [yes]: yes
ISP ,
:
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:
IP Ethernet , Serial 0 as unnumbered (

):
Configuring interface parameters:
Configuring interface Ethernet0:
Is this interface in use? [yes]:
Configure IP on this interface? [yes]:
IP address for this interface: 172.18.5.254 255.255.0.0
2. IP
IP ,
. ISP

, 80%
Cisco. , .
: , C
: 233.233.233.113, 233.233.233 - , 113 - .
, (
"2") . IP 32 4 8
. , 255.255.255.0
:
11111111 11111111 11111111 00000000
(CC)
( )
. 255 2
(. ).
CC -
" "
.
7 6 5 4 3 2 1 0 2
----------------------------------------128 64 32 16 8 4 2 1 2

, - .
233.233.233.111, . 233 :
233 ,
:
233 = 128+ 64 + 32 + 8 + 1
,
- "11101001". ( ) - 113
:
64 + 32 + 16 + 1
:
11101001 11101001 11101001 01110001
A, B, C,
,
. , AAA - , BBB -

A ( "0):
AAA.HHH.HHH.HHH ( AAA 1 127), : 63.12.122.12

B ( 10) :
AAA.AAA.HHH.HHH ( AAA 128 191), 160.12.234.12
C ( 110):
AAA.AAA.AAA.HHH ( AAA 192 223), 200.200.200.1
A (16 777 214) B
(65534) C - 254. 256
- ? ,
2 256-2 = 254.
: A 128-1_7 ,
,
B 2 14 = 16384 (2 8 = 16 - 2
= 14), C 2 21 (3 8 =
24 - 3 = 21).
. 255.255.224.0 .
255 8 :
11111111 11111111 ???????? 00000000
224 :
128 + 64 + 32 = 224
:
11111111 11111111 1110000 00000000
, C.

, 256
, ISP.
,
( ) .
,
. , C
(8 ), .
. 10
12-. 255.255.255.240.
? :
1111111 11111111 11111111 11110000
, 4- . 4
2 (2xx4 ). RFC ,
, 16 2 = 14 .
:
2 4- = 16 - 2 , 14 .

, 14
255.255.255.240 14-.
.
("16) 256, .. 256-160, 24"0-16"4... ,
16.
, :
16 (17-30)
32 (33-46)

48 (49-62)
64 (65-..)
...
...
224 (225-238)
16 17 30. "31"
( ) (
4 )
, 31 = 00011111.
/ ,
.

255.255.255.240.
, 255.255.255.128 RFC ,
ip classless .
3. (ACL)
isco
IPFW IPF FreeBSD.
.
( access list)
. :
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<200-299> Protocol type-code access list
<700-799> 48-bit MAC address access list
: access-list _ permit/deny _
_
SMTP :
, 110:
Router(config)#access-list 110 ?
deny Specify packets to reject
permit Specify packets to forward
:
Router(config)#access-list 110 permit ?
<0-255> An IP protocol number
eigrp Cisco's EIGRP routing protocol
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
:
Router(config)#access-list 110 permit tcp ?
A.B.C.D Source address
any Any source host

host A single source host


( "any" ) :
Router(config)#access-list 110 permit tcp any ?
A.B.C.D Destination address
any Any destination host
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
:
Router(config)#access-list 110 permit tcp any any ?
eq Match only packets on a given port number
established Match established connections
gt Match only packets with a greater port number
log Log matches against this entry
lt Match only packets with a lower port number
neq Match only packets not on a given port number
precedence Match packets with given precedence value
range Match only packets in the range of port numbers
tos Match packets with given TOS value
- smtp (eq):
Router(config)#access-list 110 permit tcp any any eq ?
<0-65535> Port number
bgp Border Gateway Protocol (179)
chargen Character generator (19)
cmd Remote commands (rcmd, 514)
daytime Daytime (13)
discard Discard (9)
domain Domain Name Service (53)
echo Echo (7)
exec Exec (rsh, 512)
finger Finger (79)
ftp File Transfer Protocol (21)
ftp-data FTP data connections (used infrequently, 20)
gopher Gopher (70)
hostname NIC hostname server (101)
irc Internet Relay Chat (194)
klogin Kerberos login (543)
kshell Kerberos shell (544)
login Login (rlogin, 513)
lpd Printer service (515)
nntp Network News Transport Protocol (119)
pop2 Post Office Protocol v2 (109)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol (25)
sunrpc Sun Remote Procedure Call (111)
syslog Syslog (514)
tacacs TAC Access Control System (49)
talk Talk (517)
telnet Telnet (23)
time Time (37)
uucp Unix-to-Unix Copy Program (540)
whois Nicname (43)
www World Wide Web (HTTP, 80)
smtp ( "25):
Router(config)#access-list 110 permit tcp any any eq smtp
.

POP3 :
access-list 110 permit tcp any any eq pop3
(200.200.200.2) 8080
access-list 120 permit tcp 200.200.200.0 0.0.0.255 host 200.200.200.2 eq 8080
access-list 110 permit tcp host 200.200.200.2 any
Squid
FTP HTPP WWW c .
( ):
access-list 10 permi ip 200.200.200.0 0.0.0.255
200.200.200.0 0.0.0.255

,
200.200.200.50 (200.200.200.48 255.255.255.240)
(200.200.200.224 255.255.255.240):
access-list 110 permi ip 200.200.200.48 0.0.0.240 200.200.200.224 0.0.0.240

IP ( ):
access-list 10 permit 200.200.200.0 0.0.0.255 200.200.200.0 0.0.0.255
access-list -
, Ethernet 0:
Router#configure terminal
Router(config)#int e0
!
Router(config)#access-group 120 in
!
Router(config)#access-group 110 in
!
Router(config)#access-group 10 in
Router(config)#exit
Router#wr mem
, e0
.
4.

:
-
- (AUX)
- telnet

Router#config terminal
:
Router(config)#line console 0
Router(config)#password your_password
Router(config)#login
Router(config)#exit
Router#wr mem
AUX :
Router(config)#line aux 0

Router(config)#password your_password
Router(config)#login
Router(config)#exit
Router#wr mem
telnet :
Router(config)#line vty 0 4
Router(config)#password your_password
Router(config)#login
Router(config)#exit
Router#wr mem
, telnet
4-.
: "Enter password:"
AAA acounting
:
Router(config)#username vasya password pipkin_password
Router(config)#exit
Router#wr term
snow config
:
username vasya password 7 737192826282927612
AAA accounting:
aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec local if-authenticated
AUX, Console, telnet , :
line con 0
login authentication CONSOLE
line aux 0
transport input none
line vty 0 4
! (
):
User Access Verification
Username:vasya
Password:
Router>
5.
UNIX MRTG
cfgmaker:
cfgmaker community_name@name_your_router,
SNMP community_name ( ) :
Routet(config)#snmp-server community community_name RO
UNIX :
Workdir: /usr/local/www/docs
Interval: 5
Refresh: 60
WriteExpires: Yes
Background[router.victim.com.1]:#CFCFCF
Options[router.victim.com.1]: bits, growright
Target[router.victim.com.1]: 1:community_name@victim.com
MaxBytes[router.victim.com.1]: 1250000
Title[router.victim.com.1]: router.victim.com : Ethernet0
PageTop[router.victim.com.1]: <H1>Traffic Analysis for Ethernet0
</H1>

<TABLE>
<TR><TD>System:</TD><TD>router.victim.com in </TD></TR>
<TR><TD>Maintainer:</TD><TD></TD></TR>
<TR><TD>Interface:</TD><TD>Ethernet0 (1)</TD></TR>
<TR><TD>IP:</TD><TD>router.victim.com (200.200.200.1)</TD></TR>
<TR><TD>Max Speed:</TD>
<TD>1250.0 kBytes/s (ethernetCsmacd)</TD></TR>
</TABLE>
### Serial 0 ###
Background[router.victim.com.2]:#CFCFCF
Options[community_name@victim.com.2]: bits, growright
Target[community_name@victim.com.2]: 2:community_name@victim.com
MaxBytes[community_name@victim.com.2]: 8000
Title[community_name@victim.com.2]: MTO 64K : Serial0
PageTop[community_name@victim.com.2]: <H1>Traffic Analysis for Serial0
</H1>
<TABLE>
<TR><TD>System:</TD><TD>router.victim.com </TD></TR>
<TR><TD>Maintainer:</TD><TD></TD></TR>
<TR><TD>Interface:</TD><TD>Serial0 (2)</TD></TR>
<TR><TD>IP:</TD><TD> ()</TD></TR>
<TR><TD>Max Speed:</TD>
<TD>8000.0 Bytes/s (propPointToPointSerial)</TD></TR>
</TABLE>
( crond),
/usr/local/www/data HTML .
WWW Apache
(router.victim.com.html) Ethernet Serail 0
(router.victim.com.2.html) .

EXEC Cisco
.
( "debug ?")
IOS (IPX, IP, Appletalk)
cdp Cisco.

, OSPF, BGP, IGRP .
!