一、思科设备命令行
想要进入设备命令行界面:
1.设备支持命令,查看设备上的接口是否为console;
2.需要console线;
3.需要终端软件连接(putty,secretCRT,Xshell);
- 命令行基础
思科设备上的命令行模式
1.用户模式:查看统计信息;
2.特权模式:查看并修改设备的配置;
3.全局模式:针对设备的整体配置参数;
4.接口模式:针对设备的接口修改配置参数;
5.在进入对应模式时,只能一级一级的进入;
6.返回上一级模式时,一级一级的返回使用"exit"命令;如果想直接返回到特权模式可以使用“end”命令;
7.命令输错后不进入域名解析使用“no ip domain-lookup”mingling
//用户模式
Switch>
//进入特权模式命令enable
Switch>en
Switch#
//进入全局模式命令configure terminal
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
//进入接口模式命令interface fasteternet0/1
Switch(config)#int f0/1
Switch(config-if)#
二、常见配置命令
1、个交换机配置一个主机名:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#
2、查看交换机中维护的MAC地址表:
SW1(config)#end
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#show
SW1#show mac-
SW1#show mac-address-table
//MAC地址表无数据
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
SW1#show mac-address-table
//MAC地址表有数据
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0002.4a62.9672 DYNAMIC Fa0/2
1 00e0.a325.7989 DYNAMIC Fa0/1
SW1#
3、交换机的双工模式:
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int f0/1
SW1(config-if)#duple
SW1(config-if)#duplex h
SW1(config-if)#duplex half
SW1(config-if)#
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
SW1(config-if)#end
//查看接口
SW1#show int f0/1
4、交换机的接口速率:
SW1(config)#int f0/2
SW1(config-if)#speed 100
SW1(config-if)#end
SW1#
%SYS-5-CONFIG_I: Configured from console by console
SW1#show int f0/2
FastEthernet0/2 is up, line protocol is up (connected)
Hardware is Lance, address is 0003.e44e.ec02 (bia 0003.e44e.ec02)
BW 100000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s //修改的数据100
5、配置console口密码:
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#lin
SW1(config)#line con
SW1(config)#line console 0
SW1(config-line)#password 12345
SW1(config-line)#login
//需要密码登录
User Access Verification
Password:
SW1>
三、通过远程管理方式连接交换机
1.Telnet 是应用层协议,基于传输层TCP,默认端口号:23;采用明文密码的方式,不太安全,一般用于内网管理;
2.ssh 是应用层协议,基于TCP传输层协议,默认端口号:22;采用密文密码的方式,相对比较安全,经常用于跨越互联网管理;
- 如果通过网络方式进行管理设备,设备就必须配置ip地址;由于交换机上的接口都是交换接口,是不允许配置ip地址,直接为交换机的虚接口配置ip地址,交换机的默认虚接口就是 vlan1 接口;
SW1>enable
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int vlan 1
SW1(config-if)#ip address 192.168.220.10 255.255.255.0
SW1(config-if)#no shutdown
SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
- 配置设备的连接终端并直接设置密码:
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#line vty 0 4
SW1(config-line)#password 1234
SW1(config-line)#login
- 创建连接用户名密码,配置设备的连接终端并应用(SSH)
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
//创建域名
SW1(config)#ip domain-name zhang.com
//创建秘钥对
SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.zhang.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
SW1(config)#
*Mar 1 0:24:21.744: %SSH-5-ENABLED: SSH 1.99 has been enabled
//认证超时时间120s
SW1(config)#ip ssh time-out 120
//允许密码输错5次
SW1(config)#ip ssh authentication-retries 5
//创建用户名密码
SW1(config)#username zhangsan password 1234
SW1(config)#line vty 0 4
//启用需要用户名密码登录
SW1(config-line)#login local
SW1(config-line)#exit
//设置密文密码
SW1(config)#enable secret 5678
- 设置全局模式密码(明文和密文密码同时设置,密文密码生效):
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable password 1234
Switch(config)#enable secret
Switch(config)#enable secret 5678
Switch(config)#exit
Switch#
Switch>en
Password:
Password:
Switch#show running-config
- SSH连接:
1.主机IP:
2.valn 1 ip:
Switch>en
Switch(config)#int vlan 1
Switch(config-if)#ip address 192.168.100.10 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Switch(config-if)#exit
Switch(config)#hostname SW1
SW1(config)#ip domain-name zhang.com
SW1(config)#crypto key generate rsa
The name for the keys will be: SW1.zhang.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
SW1(config)#ip ssh time-out 40
SW1(config)#ip ssh authentication-retries
% Incomplete command.
SW1(config)#ip ssh authentication-retries 5
SW1(config)#username lisi password 1234
SW1(config)#line vty 0 4
SW1(config-line)#login local
SW1(config-line)#exit
SW1(config)#enable secret 5678