Вы находитесь на странице: 1из 13

CISCO

Cisco ,
ISP ,
1.

Cisco

3- ethernet 2 "e 3/2".


IOS SSH .
# Hardwired line
cuaa0:dv=/dev/cuaa0:br#9600:
cuaa1:dv=/dev/cuaa1:br#9600:

( ) ( CON)
bash-2.04#tip cuaa0
, bootstrap :
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
2500 processor with 16384 Kbytes of main memory
F3: 3268680+81304+204996 at 0x3000060
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
IOS (flash) :
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Mon 18-Dec-95 17:49 by alanyu
Image text-base: 0x0301C8DC, data-base: 0x00001000
cisco 2500 (68030) processor (revision D) with 16380K/2048K bytes of memory.
Processor board ID 02413443, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read ONLY)
Press RETURN to get started!
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.


Compiled Mon 18-Dec-95 17:49 by alanyu
IOS FLASH TFTP
--- System Configuration Dialog --At any point you may enter a question mark '?' for help.
Refer to the 'Getting Started' Guide for additional help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Would you like to enter the initial configuration dialog? [yes]: yes
:
First, would you like to see the current interface summary? [yes]:
Any interface listed with OK? value "NO" does not have a valid configuration
Interface
Ethernet0
Serial0
Serial1

IP-Address
unassigned
unassigned
unassigned

OK?
NO
NO
NO

Method
not set
not set
not set

Status
up
down
down

Protocol
up
down
down

Configuring global parameters:


:
Enter host name [Router]:
enable-secret :
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret: s1
enable-password (
IOS) :
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password: s2
:
Enter virtual terminal password: s2
SNMP :
Configure SNMP Network Management? [yes]: yes
Community string [public]: public1
IP ( IPX), :
Configure IP? [yes]: yes
ISP , :
Configure IGRP routing? [yes]: no
Configure RIP routing? [no]:

IP Ethernet , Serial 0 as unnumbered (


Configuring interface parameters:
Configuring interface Ethernet0:
Is this interface in use? [yes]:
Configure IP on this interface? [yes]:
IP address for this interface: 1200.1200.200.1
Number of bits in subnet field [0]:
Class C network is 200.200.200.0, 0 subnet bits; mask is 255.255.255.0
Configuring interface Serial0:
Is this interface in use? [yes]:
Configure IP on this interface? [yes]: no
Serial1 :
Configuring interface Serial1:
Is this interface in use? [yes]: no
The following configuration command script was created:
:
hostname Router
enable secret 5 $1$FE5i$sIvZuXxqJWjFllqA5heFn1
enable password s2
line vty 0 4
password s2
snmp-server community public1
!
ip routing
!
interface Ethernet0
ip address 200.200.200.1 255.255.255.0
!
interface Serial0
no ip address
!
interface Serial1
shutdown
no ip address
!
end
NVRAM :
Use this configuration? [yes/no]: yes
Building configuration...
[OK]Use the enabled mode 'configure' command to modify this configuration.
Press RETURN to get started!
%SYS-5-RESTART: System restarted -Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Mon 18-Dec-95 17:49 by alanyu
Router>

90% ,
Router>
show version :
Router>show version
Cisco Internetwork Operating System Software
IOS (tm) 3000 Software (IGS-I-L), Version 11.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1995 by cisco Systems, Inc.
Compiled Mon 18-Dec-95 17:49 by alanyu
Image text-base: 0x0301C8DC, data-base: 0x00001000
ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
ROM: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (f
c1)
Router uptime is 3 days, 1 hour, 20 minutes
System restarted by error - Software forced crash, PC 0x311B808
System image file is "flash:igs-in-l.110-4", booted via flash
cisco 2500 (68030) processor (revision D) with 16380K/2048K bytes of memory.
Processor board ID 02413443, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
4096K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
:
Router>show int
Ethernet0 is up, line protocol is up
Hardware is Lance, address is 0000.0c5d.8231 (bia 0000.0c5d.8231)
Internet address is 200.200.200.1 255.255.255.0
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 4:00:00
Last input 0:00:10, output 0:00:09, output hang never
Last clearing of "show interface" counters never
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
16094 packets input, 1867191 bytes, 0 no buffer
Received 16094 broadcasts, 0 runts, 0 giants
16 input errors, 16 CRC, 16 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
30833 packets output, 2896155 bytes, 0 underruns
3 output errors, 416 collisions, 1 interface resets, 0 restarts
0 output buffer failures, 0 output buffers swapped out
Serial0 is down, line protocol is down
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never

Output queue 0/40, 0 drops; input queue 0/75, 0 drops


5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 8805 interface resets, 0 restarts
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=down RTS=down CTS=up
Serial1 is administratively down, line protocol is down
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Output queue: 0/64/0 (size/threshold/drops)
Conversations 0/0 (active/max active)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets, 0 restarts
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=down DTR=down RTS=down CTS=down

sh int e0, Ethernet


Router>?
Exec commands:
connect
Open a terminal connection
disable
Turn off privileged commands
disconnect
Disconnect an existing network connection
enable
Turn on privileged commands
exit
Exit from the EXEC
help
Description of the interactive help system
lock
Lock the terminal
login
Log in as a particular user
logout
Exit from the EXEC
mrinfo
Request neighbor and version information from a multicast
router
mstat
Show statistics after multiple multicast traceroutes
mtrace
Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad
Open a X.29 PAD connection
ping
Send echo messages
ppp
Start IETF Point-to-Point Protocol (PPP)
resume
Resume an active network connection
rlogin
Open an rlogin connection
show
Show running system information
slip
Start Serial-line IP (SLIP)
telnet
Open a telnet connection
terminal
Set terminal line parameters
traceroute
Trace route to destination
tunnel
Open a tunnel connection

where
x3

List active connections


Set X.3 parameters on PAD

, ,
Router>enable
Password:

Router#?
Exec commands:
bfe
clear
clock
configure
connect
copy
debug
disable
disconnect
enable
erase
exit
help
lock
login
logout
mbranch
mrbranch
mrinfo

"#" ( root-a UNIX shell) :

For manual emergency modes setting


Reset functions
Manage the system clock
Enter configuration mode
Open a terminal connection
Copy configuration or image data
Debugging functions (see also 'undebug')
Turn off privileged commands
Disconnect an existing network connection
Turn on privileged commands
Erase flash or configuration memory
Exit from the EXEC
Description of the interactive help system
Lock the terminal
Log in as a particular user
Exit from the EXEC
Trace multicast route down tree branch
Trace reverse multicast route up tree branch
Request neighbor and version information from a multicast
router
mstat
Show statistics after multiple multicast traceroutes
name-connection Name an existing network connection
no
Disable debugging functions
pad
Open a X.29 PAD connection
ping
Send echo messages
ppp
Start IETF Point-to-Point Protocol (PPP)
reload
Halt and perform a cold restart
resume
Resume an active network connection
rlogin
Open an rlogin connection
rsh
Execute a remote command
send
Send a message to other tty lines
setup
Run the SETUP command facility
show
Show running system information
slip
Start Serial-line IP (SLIP)
start-chat
Start a chat-script on a line
systat
Display information about terminal lines
telnet
Open a telnet connection
terminal
Set terminal line parameters
test
Test subsystems, memory, and interfaces
traceroute
Trace route to destination
tunnel
Open a tunnel connection
undebug
Disable debugging functions (see also 'debug')
verify
Verify checksum of a Flash file
write
Write running configuration to memory, network, or terminal
x3
Set X.3 parameters on PAD

:
Router#sh conf
Using 465 out of 32762 bytes

!
version 11.0
service config
service udp-small-servers
service tcp-small-servers
!
hostname Router
!
enable secret 5 $1$FE5i$sIvZuXxqJWjFllqA5heFn1
enable password s2
!
!
interface Ethernet0
ip address 200.200.200.1 255.255.255.0
!
interface Serial0
no ip address
no fair-queue
snmp-server community public1 RO
!
interface Serial1
no ip address
shutdown
!
line con 0
exec-timeout 0 0
line aux 0
transport input all
line vty 0 4
password s2
login
!
end

configure terminal
sh conf
:
service udp-small-servers
service tcp-small-servers
:
Router#config terminal

"no" : Router(config)#no s
:
Router(config)#exit


Router#configure terminal
Router(config)#interface ethernet 0
Router(config-if)#shutdown
Router(config-if)#exit
Router(config)#exit
Router#write memory
Building configuration ...

no shutdown . IOS

Ethernet 0 IP

Serail .
Router#conf t
Router(config)#int s0
Router(config-if)#ip unnumbered Ethernet 0
Router(config-if)#exit
Router(config)#exit
Router#wr mem

IP ethernet ISP 200.200.199.1 ( ISP Serial


Router(config)#ip route 0.0.0.0 0.0.0.0 200.200.200.199.1 Serial0
Router#wr mem

IP

void.ru
2. IP
IP
233.233.233.113, 233.233.233 - , 113 - .

, (
11111111 11111111 11111111 00000000

(CC)
7 6 5 4 3 2 1 0 2
-------------------------------------------------------------------------128 64 32 16 8 4 2 1 2
,
233 = 128+ 64 + 32 + 8 + 1

,
64 + 32 + 16 + 1
:
11101001 11101001 11101001 01110001

A, B, C,
A ( "0):
AAA.HHH.HHH.HHH ( AAA 1 127), : 63.12.122.12
B ( 10) :
AAA.AAA.HHH.HHH ( AAA 128 191), 160.12.234.12
C ( 110):
AAA.AAA.AAA.HHH ( AAA 192 223), 200.200.200.1

A (16 777 214) B (6


. 255.255.224.0 .

11111111 11111111 ???????? 00000000

224 :
128 + 64 + 32 = 224
11111111 11111111 1110000 00000000

C.

1111111 11111111 11111111 11110000

4- . 4

16
32
48
64
...
...
224

(17-30)
(33-46)
(49-62)
(65-..)
(225-238)

16 17 30. "31"

3. (ACL)

isco
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list ?
<1-99>
IP standard access list
<100-199>
IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<200-299>
Protocol type-code access list
<700-799>
48-bit MAC address access list

: access-list _ permit/deny _

, 110 :
Router(config)#access-list 110 ?
deny
Specify packets to reject
permit Specify packets to forward
:
Router(config)#access-list 110 permit ?
<0-255> An IP protocol number
eigrp
Cisco's EIGRP routing protocol
gre
Cisco's GRE tunneling
icmp
Internet Control Message Protocol
igmp
Internet Gateway Message Protocol
igrp
Cisco's IGRP routing protocol
ip
Any Internet Protocol
ipinip IP in IP tunneling
nos
KA9Q NOS compatible IP over IP tunneling

ospf
tcp
udp

OSPF routing protocol


Transmission Control Protocol
User Datagram Protocol

:
Router(config)#access-list 110 permit tcp ?
A.B.C.D Source address
any
Any source host
host
A single source host
( "any" ) :
Router(config)#access-list 110 permit tcp any ?
A.B.C.D Destination address
any
Any destination host
eq
Match only packets on a given port number
gt
Match only packets with a greater port number
host
A single destination host
lt
Match only packets with a lower port number
neq
Match only packets not on a given port number
range
Match only packets in the range of port numbers
:
Router(config)#access-list 110 permit tcp any any ?
eq
Match only packets on a given port number
established Match established connections
gt
Match only packets with a greater port number
log
Log matches against this entry
lt
Match only packets with a lower port number
neq
Match only packets not on a given port number
precedence Match packets with given precedence value
range
Match only packets in the range of port numbers
tos
Match packets with given TOS value
<cr>
- smtp (eq) :
Router(config)#access-list 110 permit tcp any any eq ?
<0-65535> Port number
bgp
Border Gateway Protocol (179)
chargen
Character generator (19)
cmd
Remote commands (rcmd, 514)
daytime
Daytime (13)
discard
Discard (9)
domain
Domain Name Service (53)
echo
Echo (7)
exec
Exec (rsh, 512)
finger
Finger (79)
ftp
File Transfer Protocol (21)
ftp-data FTP data connections (used infrequently, 20)
gopher
Gopher (70)
hostname NIC hostname server (101)
irc
Internet Relay Chat (194)
klogin
Kerberos login (543)
kshell
Kerberos shell (544)
login
Login (rlogin, 513)
lpd
Printer service (515)
nntp
Network News Transport Protocol (119)
pop2
Post Office Protocol v2 (109)
pop3
Post Office Protocol v3 (110)

smtp
sunrpc
syslog
tacacs
talk
telnet
time
uucp
whois
www

Simple Mail Transport Protocol (25)


Sun Remote Procedure Call (111)
Syslog (514)
TAC Access Control System (49)
Talk (517)
Telnet (23)
Time (37)
Unix-to-Unix Copy Program (540)
Nicname (43)
World Wide Web (HTTP, 80)

smtp ( "25) :
Router(config)#access-list 110 permit tcp any any eq smtp

. POP3
access-list 110 permit tcp any any eq pop3
(200.200.200.2) 8080
access-list 120 permit tcp 200.200.200.0 0.0.0.255 host 200.200.200.2 eq 8080
access-list 110 permit tcp host 200.200.200.2 any

Squid FTP

access-list 110 permi ip 200.200.200.48 0.0.0.240 200.200.200.224 0.0.0.240

IP
access-list 10 permit 200.200.200.0 0.0.0.255 200.200.200.0 0.0.0.255

access-list -
Router#configure terminal
Router(config)#int e0
!
Router(config)#access-group 120 in
!
Router(config)#access-group 110 in
!
Router(config)#access-group 10 in
Router(config)#exit
Router#wr mem

, e0
4.

TCP/IP Cisco ,
-
- (AUX)
- telnet

Router#config terminal
:
Router(config)#line console 0
Router(config)#password your_password
Router(config)#login
Router(config)#exit
Router#wr mem

AUX :
Router(config)#line aux 0
Router(config)#password your_password
Router(config)#login
Router(config)#exit
Router#wr mem
telnet :
Router(config)#line vty 0 4
Router(config)#password your_password
Router(config)#login
Router(config)#exit
Router#wr mem

, telnet
Router(config)#username vasya password pipkin_password
Router(config)#exit
Router#wr term

snow config
username vasya password 7 737192826282927612
AAA accounting :
aaa new-model
aaa authentication login default local
aaa authentication login CONSOLE none
aaa authorization exec local if-authenticated
AUX, Console, telnet , :
line con 0
login authentication CONSOLE
line aux 0
transport input none
line vty 0 4
!
( ):
User Access Verification
Username:vasya
Password:
Router>

5.
UNIX MRTG
cfgmaker community_name@name_your_router,
SNMP community_name ( ) :
Routet(config)#snmp-server community community_name RO
UNIX :
Workdir: /usr/local/www/docs
Interval: 5
Refresh: 60
WriteExpires: Yes
Background[router.victim.com.1]:#CFCFCF

Options[router.victim.com.1]: bits, growright


Target[router.victim.com.1]: 1:community_name@victim.com
MaxBytes[router.victim.com.1]: 1250000
Title[router.victim.com.1]: router.victim.com : Ethernet0
PageTop[router.victim.com.1]: <H1>Traffic Analysis for Ethernet0
</H1>
<TABLE>
<TR><TD>System:</TD><TD>router.victim.com in </TD></TR>
<TR><TD>Maintainer:</TD><TD></TD></TR>
<TR><TD>Interface:</TD><TD>Ethernet0 (1)</TD></TR>
<TR><TD>IP:</TD><TD>router.victim.com (200.200.200.1)</TD></TR>
<TR><TD>Max Speed:</TD>
<TD>1250.0 kBytes/s (ethernetCsmacd)</TD></TR>
</TABLE>
### Serial 0 ###
Background[router.victim.com.2]:#CFCFCF
Options[community_name@victim.com.2]: bits, growright
Target[community_name@victim.com.2]: 2:community_name@victim.com
MaxBytes[community_name@victim.com.2]: 8000
Title[community_name@victim.com.2]: MTO 64K : Serial0
PageTop[community_name@victim.com.2]: <H1>Traffic Analysis for Serial0
</H1>
<TABLE>
<TR><TD>System:</TD><TD>router.victim.com </TD></TR>
<TR><TD>Maintainer:</TD><TD></TD></TR>
<TR><TD>Interface:</TD><TD>Serial0 (2)</TD></TR>
<TR><TD>IP:</TD><TD> ()</TD></TR>
<TR><TD>Max Speed:</TD>
<TD>8000.0 Bytes/s (propPointToPointSerial)</TD></TR>
</TABLE>

( crond), /usr

EXEC Cisco