.

IP-

R1

G0/1

172.16.99.1

255.255.255.0

N/A

S1

VLAN 99

172.16.99.11

255.255.255.0

172.16.99.1

PC-A

NIC

172.16.99.3

255.255.255.0

172.16.99.1

1.
2.
3. SSH S1

SSH.

SSH.

SSH.

4. S1

/
,
. ,
, .

LAN .
SSH HTTPS. ,
, MAC-,
.
. CCNA
Cisco 1941 Cisco IOS 15.2(4) M3 ( universalk9).
Cisco Catalyst 2960 Cisco IOS 15.0(2) (
lanbasek9). ,
Cisco / , 2014. .
Cisco.

1 10

 .
Cisco IOS. Cisco IOS
,
.
.
. , ,
. ,
,
.

1 (Cisco 1941 M3 Cisco IOS 15.2(4)

);

1 (Cisco 2960 Cisco IOS 15.0(2), lanbasek9

);

1 ( Windows 7, Vista XP , Tera

Term);

Cisco IOS ;

Ethernet, .

1.

.

1:

2:

,
, .

2.

,
.
.

1:

IP- PC-A.

2:

R1.

a. .
b. DNS.
c.

IP- .

d. class EXEC.
e. cisco VTY .
f.

Cisco / , 2014. .
Cisco.

2 10

 .
g. .

3:

S1.

IP- VLAN 1 (
VLAN ). VLAN 99
IP-.
a. .
b. DNS.
c.

class EXEC.

d. cisco VTY .
e. S1 IP- R1.
f.

g. .
h. VLAN 99 Management.
S1(config)# vlan 99
S1(config-vlan)# name Management
S1(config-vlan)# exit
S1(config)#
i.

IP- VLAN 99
.
S1(config)# interface vlan 99
S1(config-if)# ip address 172.16.99.11 255.255.255.0
S1(config-if)# no shutdown
S1(config-if)# end
S1#

j.

show vlan S1. VLAN 99?

______________________

k.

show ip interface brief S1.

VLAN 99 ?
____________________________________________________________________________________
, no shutdown
VLAN 99?
____________________________________________________________________________________

l.

F0/5 F0/6 VLAN 99 .

S1# config t
S1(config)# interface f0/5
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 99
S1(config-if)# interface f0/6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 99
S1(config-if)# end

Cisco / , 2014. .
Cisco.

3 10

 .
m. show ip interface brief S1.
VLAN 99 ? _______________________________________________
. .

4:

a. PC-A - R1.
-? ______________
b. PC-A - S1.
-? ______________
c.

S1 - R1.
-? ______________

d. PC-A - http://172.16.99.11.
, ,
class. , No.
- S1? ______________
e. PC-A.
. - ( HTTP) Cisco 2960
. ,
4.

3. SSH
S1
1:

SSH S1.

a. SSH S1. CCNA-Lab.com.

S1(config)# ip domain-name CCNA-Lab.com
b. ,
SSH.
.
. .
.
S1(config)# username admin privilege 15 secret sshadmin
c.

, VTY
SSH. .
S1(config)# line
S1(config-line)#
S1(config-line)#
S1(config-line)#

vty 0 15
transport input ssh
login local
exit

d. RSA 1024 .
S1(config)# crypto key generate rsa modulus 1024
The name for the keys will be: S1.CCNA-Lab.com

% The key modulus size is 1024 bits

% Generating 1024 bit RSA keys, keys will be non-exportable...

Cisco / , 2014. .
Cisco.

4 10

 .
[OK] (elapsed time was 3 seconds)

S1(config)#
S1(config)# end
e. SSH .
S1# show ip ssh
SSH ? _____________________
SSH? _____________________
SSH? _______________

2:

SSH S1.

SSH .
S1# config t
S1(config)# ip ssh time-out 75
S1(config)# ip ssh authentication-retries 2
SSH? _____________________
SSH? ___________________

3:

SSH S1.

a. SSH PC-A ( Tera

Term), SSH- S1. SSH
, . , admin
, cisco .
? _________________________
S1? ?
____________________________________________________________________________________
____________________________________________________________________________________
b. SSH S1, exit.

4. S1
,
, ,
-. -,
- .
, -,
, .

1:

S1.

a. MOTD ( ) S1
.
b. show ip interface brief S1. ?
____________________________________________________________________________________

Cisco / , 2014. .
Cisco.

5 10

 .
c.

. interface
range.
S1(config)# interface range f0/1 4
S1(config-if-range)# shutdown
S1(config-if-range)# interface range f0/7 24
S1(config-if-range)# shutdown
S1(config-if-range)# interface range g0/1 2
S1(config-if-range)# shutdown
S1(config-if-range)# end
S1#

d. show ip interface brief S1.

F0/1 F0/4?
____________________________________________________________________________________
e. show ip http server status.
HTTP? ___________________________
? ___________________________
HTTP? ______________________
? ___________________________
f.

HTTP .
HTTP, S1.
S1(config)# no ip http server

g. PC-A - http://172.16.99.11.
?
____________________________________________________________________________________
h. PC-A - https://172.16.99.11.
. , class.
?
____________________________________________________________________________________
i.

2:

PC-A.

S1.

a. MAC- G0/1 R1.

R1 show interface g0/1 MAC- .
R1# show interface g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 30f7.0da3.1821 (bia
3047.0da3.1821)
MAC- G0/1 R1?
____________________________________________________________________________________
b. S1 show mac address-table
. F0/5 F0/6.
.

Cisco / , 2014. .
Cisco.

6 10

 .
MAC- F0/5: ________________________________
MAC- F0/6: ________________________________
c.

.
. , .
F0/5 .
1) S1
, R1.
S1(config)# interface f0/5
2) .
S1(config-if)# shutdown
3) F0/5.
S1(config-if)# switchport port-security
. switchport port-security
- 1.
. switchport port-security maximum switchport port-security violation
, .
4) - G0/1 R1,
2.
S1(config-if)# switchport port-security mac-address xxxx.xxxx.xxxx
( - G0/1 xxxx.xxxx.xxxx).
. switchport port-security macaddress, -,
( ).
5) .
S1(config-if)# no shutdown
S1(config-if)# end

d. F0/5 S1
show port-security interface.
S1# show port-security interface f0/5
Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address:Vlan
Security Violation Count

:
:
:
:
:
:
:
:
:
:
:
:

Enabled
Secure-up
Shutdown
0 mins
Absolute
Disabled
1
1
1
0
0000.0000.0000:0
0

F0/5?
____________________________________________________________________________________

Cisco / , 2014. .
Cisco.

7 10

 .
e. R1 - PC-A,
.
R1# ping 172.16.99.3
f.

, - , .
G0/1 .
R1# config t
R1(config)# interface g0/1
R1(config-if)# shutdown

g. MAC- , aaaa.bbbb.cccc .
R1(config-if)# mac-address aaaa.bbbb.cccc
h. ,
S1. S1
. G0/1 R1.
R1(config-if)# no shutdown
i.

R1 - PC-A.
-? .
____________________________________________________________________________________

j.

, .
S1# show port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count)
(Count)
(Count)
-------------------------------------------------------------------Fa0/5
1
1
1
Shutdown
---------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:0
Max Addresses limit in System (excluding one mac per port) :8192

S1# show port-security interface f0/5

Port Security
Port Status
Violation Mode
Aging Time
Aging Type
SecureStatic Address Aging
Maximum MAC Addresses
Total MAC Addresses
Configured MAC Addresses
Sticky MAC Addresses
Last Source Address:Vlan
Security Violation Count

:
:
:
:
:
:
:
:
:
:
:
:

Enabled
Secure-shutdown
Shutdown
0 mins
Absolute
Disabled
1
1
1
0
aaaa.bbbb.cccc:99
1

S1# show interface f0/5

FastEthernet0/5 is down, line protocol is down (err-disabled)

Hardware is Fast Ethernet, address is 0cd9.96e2.3d05 (bia 0cd9.96e2.3d05)
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Cisco / , 2014. .
Cisco.

8 10

 .
<output omitted>

S1# show port-security address

Secure Mac Address Table

-----------------------------------------------------------------------Vlan
Mac Address
Type
Ports
Remaining Age
(mins)
--------------------------------99
30f7.0da3.1821
SecureConfigured
Fa0/5
----------------------------------------------------------------------Total Addresses in System (excluding one mac per port)
:0
Max Addresses limit in System (excluding one mac per port) :8192

k.

G0/1, MAC G0/1.

R1(config-if)#
R1(config-if)#
R1(config-if)#
R1(config-if)#

l.

shutdown
no mac-address aaaa.bbbb.cccc
no shutdown
end

R1 - PC-A 172.16.99.3.
-? _________________

m. -, show interface f0/5.

.
____________________________________________________________________________________
n. F0/5 S1.
S1# config t
S1(config)# interface f0/5
S1(config-if)# shutdown
S1(config-if)# no shutdown
. .
o. , F0/5 ,
S1 show interface f0/5.
S1# show interface f0/5

FastEthernet0/5 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0023.5d59.9185 (bia 0023.5d59.9185)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255

p. R1 - PC-A. -
.

1. ?
_______________________________________________________________________________________
_______________________________________________________________________________________

Cisco / , 2014. .
Cisco.

9 10

 .
2. ?
_______________________________________________________________________________________
_______________________________________________________________________________________

Ethernet 1

Ethernet 2

1800

Fast Ethernet 0/0

(F0/0)

Fast Ethernet 0/1

(F0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

1900

Gigabit Ethernet
0/0 (G0/0)

Gigabit Ethernet
0/1 (G0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

2801

Fast Ethernet 0/0

(F0/0)

Fast Ethernet 0/1

(F0/1)

Serial 0/1/0 (S0/1/0)

Serial 0/1/1 (S0/1/1)

2811

Fast Ethernet 0/0

(F0/0)

Fast Ethernet 0/1

(F0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

2900

Gigabit Ethernet
0/0 (G0/0)

Gigabit Ethernet
0/1 (G0/1)

Serial 0/0/0 (S0/0/0)

Serial 0/0/1 (S0/0/1)

. , ,
.
.
Ethernet
(Serial) . - ,
.
ISDN BRI. , Cisco
IOS .

Cisco / , 2014. .
Cisco.

10 10