实验目的:
熟悉路由器的基本操作 路由器的3种工作模式 为路由器定义名称 为路由器添加特权密码 启用控制台密码 为TELNET访问启用密码 不执行DNS解析 配置路由器,使得控制台端口不会中止你的连接 配置路由器,使得路由器发送的控制台屏幕的消息不会附加到命令行中 配置路由器,使得当登陆控制台端口的时候显示一个标题。 为路由器接口配置IP地址。 查看配置结果。 实验拓扑: 实验内容:[attach] [/attach] 1.路由器的3种用户模式 用户模式 Router> Router>? 观察命令的多少 Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface clear Reset functions connect Open a terminal connection disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user logout Exit from the EXEC mrinfo Request neighbor and version information from a multicast router mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection pad Open a X.29 PAD connection ping Send echo messages ppp Start IETF Point-to-Point Protocol (PPP) resume Resume an active network connection rlogin Open an rlogin connection show Show running system information slip Start Serial-line IP (SLIP) systat Display information about terminal lines telnet Open a telnet connection terminal Set terminal line parameters tn3270 Open a tn3270 connection traceroute Trace route to destination tunnel Open a tunnel connection udptn Open an udptn connection where List active connections x28 Become an X.28 PAD x3 Set X.3 parameters on PAD xremote Enter XRemote mode 特权模式 Router>enable (进入特权模式) Router# 进入特权模式中,我们可以观察出特权模式与用户模式的不同在于对命令的使用权限的不同. Router#? Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files bfe For manual emergency modes setting cd Change current directory clear Reset functions clock Manage the system clock configure Enter configuration mode connect Open a terminal connection copy Copy from one file to another debug Debugging functions (see also 'undebug') delete Delete a file dir List files on a filesystem disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands erase Erase a filesystem exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user logout Exit from the EXEC more Display the contents of a file mrinfo Request neighbor and version information from a multicast router mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection no Disable debugging functions pad Open a X.29 PAD connection ping Send echo messages ppp Start IETF Point-to-Point Protocol (PPP) pwd Display current working directory reload Halt and perform a cold restart rename Rename a file restart Restart Connection resume Resume an active network connection rlogin Open an rlogin connection rsh Execute a remote command send Send a message to other tty lines setup Run the SETUP command facility show Show running system information slip Start Serial-line IP (SLIP) start-chat Start a chat-script on a line systat Display information about terminal lines telnet Open a telnet connection terminal Set terminal line parameters test Test subsystems, memory, and interfaces tn3270 Open a tn3270 connection traceroute Trace route to destination tunnel Open a tunnel connection udptn Open an udptn connection undebug Disable debugging functions (see also 'debug') verify Verify a file where List active connections write Write running configuration t 配置模式 Router#config t(进入配置模式) Router(config)# 接口模式 Router(config)#interface type number(选择要进入的接口) Router(config)#interface ethernet 0 进入以太网E0接口 Router(config-if)# 为路由器定义名称 router(config)#hostname xxx(xxx为我们定义的名称) Router(config)#host fxh fxh(config)#定义路由器的名称为FXH,那么对路由器定义名称,是为了区别我们所操作所有设备的不同. 为路由器添加特权密码 router(config)#enable password sss(sss为我们定义的明文密码) router(config)#enable secret cisco (cisco为我们定义的密文密码) 启用控制台密码 router(config)#line console 0 router(config-line)#password xxx(xxx为我们定义的通过console端口进入路由器的密码) router(config-line)# login(启用密码) 为telnet访问启用密码 router(config)#line vty 0 4 router(config-line)#passowrd xxx(xxx为我们定义的密码) router(config-line)#login 作用是为了登陆使用 *如果执行telnet,必须设置enable密码和telnet密码才可以实现采用telnet登陆路由器。 不执行DNS解析 router(config)#no ip domain-lookup (这条命令的作用是: 当我们在执行命令错误的时候,路由器会认为这条命令没有错误,它只是一个域名的形式,那么他会给你解析,这样,很浪费我们宝贵的时间, router#asd Translating "asd"...domain server (255.255.255.255) (255.255.255.255) Translating "asd"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address 这样输入命令后当你的输入在出现错误的时候,路由器会提示 router(config)#no ip domain-lookup router(config)#^Z router#asdf 05:46:49: %SYS-5-CONFIG_I: Configured from console by console Translating "asdf" Translating "asdf" % Unknown command or computer name, or unable to find computer address ) 配置路由器,使得控制台端口不会中止你的连接。 router(config-line)#exec-timeout 0 我们在长时间不去操作路由器的时候,我们的路由器会自动的终止与我们的对话连接,跳转到非连接状态,这时候,我们还需要输入enable密码重新登陆,从某种意义上来讲是对安全性得到了保证,但是对我们的操作是十分的不方便的。 配置路由器,使得路由器发送的控制台屏幕的消息不会附加到命令行中 router(config)#line console 0 router(config-line)# logging synchronous 配置路由器,使得当登陆控制台端口的时候显示一个标题。 router(config)#banner motd Enter TEXT message. End with the character 'm'. 在这里M是我们结束时候输入的结束控制字符,你最好找一个特殊的作为结束,例如~等等。 Xxxxxxx(是我们定义的信息) 为路由器的各种接口配置IP地址 router(config )#interface s0(进入接口) router(config-if)# ip address 192.168.1.1 255.255.255.0(为接口添加IP地址) router(config-if)#clock rate 64000(定义接口时钟频率,仅用于DCE) router(config-if)# no shut(启动端口) router(config-if)# interface e0 router(config-if)# ip address 192.168.1.2 255.255.255.0 router(config-if)# no shut router(config-if)# interface bri0 (进入ISDN的接口) router(config-if)# ip address 192.168.1.3 255.255.255.0 router(config-if)# no shut router(config-if)# interface s0.1(进入子接口) router(config-if)# ip address 192.168.1.4 255.255.255.0 router(config-if)# no shut router(config-if)#interface loopback 0(进入逻辑的环回接口) router(config-if)# ip address 192.168.1.5 255.255.255.0 router(config-if)# no shut 观察配置结果 router#show run(察看路由器当前配置) version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption hostname R2 ip subnet-zero ! interface Loopback0 no ip address interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ! interface Serial0 ip address 192.168.1.1 255.255.255.0 shutdown clockrate 64000 ! interface Serial0.1 ip address 192.168.1.4 255.255.255.0 ! interface Serial1 no ip address shutdown ! ip classless ip http server line con 0 line aux 0 line vty 0 4 ! end router#show ip int brief (察看路由器端口状态) Interface IP-Address OK? Method Status Prot locol Ethernet0 192.168.1.2 YES manual up up Loopback0 unassigned YES unset up up Serial0 192.168.1.1 YES manual administratively down down Serial0.1 192.168.1.4 YES manual administratively down down Serial1 unassigned YES unset administratively down dow 备份和升级IOS软件 1:IOS备份 首先安装tftp-server软件,这种软件在网络上到处都是,下载完成后,安装在你的机器上,这时候,你的PC就是一台tftp服务器了,然后进入路由器,这里需要主意的是,你的PC要与你的路由器的E0口保持连接状态,不管是直连还是通过交换网都可以。 Router#sh flash: 查看本路由ios名称是什么。 System flash directory: File Length Name/status 1 8083776 c2500-c-l.122-26.bin [8083840 bytes used, 304764 available, 8388604 total] 8192K bytes of processor board System flash (Read ONLY) router#copy flash tftp 把flash中的信息拷贝到tftp中。 Address or name of remote host []? 169.169.169.125(输入TFTP服务器地址) Source file name ?c2500-js-1.112-18.bin(输入源文件名称,这时候你可以通过查看过程中,把本机的flash名称copy下来,在这里粘贴就可以了。) Destination file name[ c2500-js-1.112-18.bin]?回车就可以了 2:IOS升级 router#copy tftp flash 基本与IOS的备份步骤相同,要求输入TFTP地址和源文件名称。一路回车就可以了。 但是在这里需要主意的是: Router#sh flash: System flash directory: File Length Name/status 1 8083776 c2500-c-l.122-26.bin [8083840 bytes used, 304764 available, 8388604 total] 8192K bytes of processor board System flash (Read ONLY) 我们这里的flash信息是只读的,需要改变配置寄存器的值,使我们的flash保持可以读写状态。 Router(config)#config-register 0x2101 Router#wri` Router#reload 就可以完成了,然后在继续上面的升级工作才可以。 管理配置文件 1:配置更改的保存 Router#copy running-config startup-config 把配置文件从内存中保存到nvram中。 2:配置文件的更新 Router#copy startup-config running-config 将nvram中保存的文件覆盖内存中的。 3:配置文件的备份 router#copy running-config tftp(将当前运行的配置保存到TFTP服务器) router#copy startup-config tftp(将NVRAM中的配置保存到TFTP服务器) 前提和升级备份IOS的准备工作是一样的。 4.删除配置 router#erase startup-config 路由器的口令设置和口令恢复 1:口令设置 router(config)#line console 0 router(config-line)#password Cisco(Cisco为我们添加的密码) router(config-line)#login(应用密码) router(config)#line vty 0 4 router(config-line)#password Cisco router(config-line)#login router(config)#line aux 0 router(config-line)#password Cisco router(config-line)#login router(config)#line 0 6 设置async异步串行链路的密码 router(config-line)#password Cisco router(config-line)#login 2:简单的口令恢复 所有口令恢复的原理是通过开启配置寄存器的第6位,绕过startup-config文件,即避开以前设置的密码,路由器重新启动以后将可以重新配置密码。这里只给出2500系列路由器的密码恢复方法。其他路由器的口令恢复,你会在下面的实验中看到。 首先,在路由器启动的时候输入 Ctrl+Break组合键进入最小启动模式。 Copyright (c) 1986-1994 by Cisco Systems 2500 processor with 14336 Kbytes of main memory Abort at 0x103B35C (PC) >o Bit# Configuration register option settings: 15 Diagnostic mode disabled 14 IP broadcasts do not have network numbers 13 Boot default ROM software if network boot fails 12-11 Console speed is 9600 baud 10 IP broadcasts with ones 08 Break disabled 07 OEM disabled 06 Ignore configuration enabled 03-00 Boot file is Cisco2-2500 (or 'boot system' command) >o/r 0x2142 >I 路由器开始重起,然后可以正常的使用路由器了不过需要重新配置路由器,因为路由器的配置文件在启动时被忽略了。 当我们重新配置好路由器保存配置以后,需要将0x2142模式改成0x2102模式,防止无意的修改。 Route#config-regedit 0x2102 然后重新启动路由器 路由器的常用show命令的应用 1:显示版本,寄存器模式等信息 router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 12.1(21), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by Cisco Systems, Inc. Compiled Tue 19-Aug-03 01:04 by kellythw Image text-base: 0x03041F90, data-base: 0x00001000 ROM: System Bootstrap, Version 4.14(6)[fc3], SOFTWARE Router uptime is 12 minutes System returned to ROM by reload System image file is "flash:c2500-i-l.121-21.bin" Cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory. Processor board ID 02999009, with hardware revision 00000000 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Configuration register is 0x2142 2:显示目前路由器的配置 router#show run Current configuration : 409 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ! ! ! ! ! ip subnet-zero ! ! ! ! interface Ethernet0 no ip address shutdown ! interface Serial0 no ip address shutdown ! interface Serial1 no ip address shutdown ! ip classless ip http server ! ! line con 0 line aux 0 line vty 0 4 ! end 3:显示CPU使用率 router#show processes cpu 14 88 144 611 0.00% 0.00% 0.00% 0 Net Background 15 12 7 1714 0.00% 0.00% 0.00% 0 Logger 16 88 761 115 0.00% 0.00% 0.00% 0 TTY Background 17 8 921 8 0.00% 0.00% 0.00% 0 Per-Second Jobs 18 4 18 222 0.00% 0.00% 0.00% 0 Net Input 19 4 155 25 0.00% 0.00% 0.00% 0 Compute load avg 20 600 16 37500 0.00% 0.04% 0.03% 0 Per-minute Jobs 21 224 240 933 0.00% 0.00% 0.00% 0 IP Input 4:显示接口状态 Router#show ip int brief Interface IP-Address OK? Method Status Prot ocol Ethernet0 unassigned YES unset administratively down down Serial0 unassigned YES unset administratively down down Serial1 unassigned YES unset administratively down dow 5:显示路由表 Router#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 3.0.0.0/24 is subnetted, 1 subnets C 3.3.3.0 is directly connected, Loopback0 179.23.0.0/24 is subnetted, 1 subnets C 179.23.23.0 is directly connected, Ethernet0 实验总结: 本实验涉及到了路由器时的许多基本配置,这些配置是我们在配置路由器时经常用到的,是我们对路由器进行高级配置的前提,所以大家一定要熟练掌握,反复的联系,不要忽视对基础命令的理解。 |