实验目的:
熟悉路由器的基本操作
路由器的3种工作模式
为路由器定义名称
为路由器添加特权密码
启用控制台密码
为TELNET访问启用密码
不执行DNS解析
配置路由器,使得控制台端口不会中止你的连接
配置路由器,使得路由器发送的控制台屏幕的消息不会附加到命令行中
配置路由器,使得当登陆控制台端口的时候显示一个标题。
为路由器接口配置IP地址。
查看配置结果。
实验拓扑:
实验内容:[attach] [/attach]
1.路由器的3种用户模式
用户模式
Router>
Router>? 观察命令的多少
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lat Open a lat connection
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
resume Resume an active network connection
rlogin Open an rlogin connection
show Show running system information
slip Start Serial-line IP (SLIP)
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
tn3270 Open a tn3270 connection
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
xremote Enter XRemote mode
特权模式
Router>enable (进入特权模式)
Router# 进入特权模式中,我们可以观察出特权模式与用户模式的不同在于对命令的使用权限的不同.
Router#?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
bfe For manual emergency modes setting
cd Change current directory
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
erase Erase a filesystem
exit Exit from the EXEC
help Description of the interactive help system
lat Open a lat connection
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
more Display the contents of a file
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
no Disable debugging functions
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
pwd Display current working directory
reload Halt and perform a cold restart
rename Rename a file
restart Restart Connection
resume Resume an active network connection
rlogin Open an rlogin connection
rsh Execute a remote command
send Send a message to other tty lines
setup Run the SETUP command facility
show Show running system information
slip Start Serial-line IP (SLIP)
start-chat Start a chat-script on a line
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
tn3270 Open a tn3270 connection
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
undebug Disable debugging functions (see also 'debug')
verify Verify a file
where List active connections
write Write running configuration t
配置模式
Router#config t(进入配置模式)
Router(config)#
接口模式
Router(config)#interface type number(选择要进入的接口)
Router(config)#interface ethernet 0 进入以太网E0接口
Router(config-if)#
为路由器定义名称
router(config)#hostname xxx(xxx为我们定义的名称)
Router(config)#host fxh
fxh(config)#定义路由器的名称为FXH,那么对路由器定义名称,是为了区别我们所操作所有设备的不同.
为路由器添加特权密码
router(config)#enable password sss(sss为我们定义的明文密码)
router(config)#enable secret cisco (cisco为我们定义的密文密码)
启用控制台密码
router(config)#line console 0
router(config-line)#password xxx(xxx为我们定义的通过console端口进入路由器的密码)
router(config-line)# login(启用密码)
为telnet访问启用密码
router(config)#line vty 0 4
router(config-line)#passowrd xxx(xxx为我们定义的密码)
router(config-line)#login 作用是为了登陆使用
*如果执行telnet,必须设置enable密码和telnet密码才可以实现采用telnet登陆路由器。
不执行DNS解析
router(config)#no ip domain-lookup (这条命令的作用是:
当我们在执行命令错误的时候,路由器会认为这条命令没有错误,它只是一个域名的形式,那么他会给你解析,这样,很浪费我们宝贵的时间,
router#asd
Translating "asd"...domain server (255.255.255.255)
(255.255.255.255)
Translating "asd"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
这样输入命令后当你的输入在出现错误的时候,路由器会提示
router(config)#no ip domain-lookup
router(config)#^Z
router#asdf
05:46:49: %SYS-5-CONFIG_I: Configured from console by console
Translating "asdf"
Translating "asdf"
% Unknown command or computer name, or unable to find computer address
)
配置路由器,使得控制台端口不会中止你的连接。
router(config-line)#exec-timeout 0
我们在长时间不去操作路由器的时候,我们的路由器会自动的终止与我们的对话连接,跳转到非连接状态,这时候,我们还需要输入enable密码重新登陆,从某种意义上来讲是对安全性得到了保证,但是对我们的操作是十分的不方便的。
配置路由器,使得路由器发送的控制台屏幕的消息不会附加到命令行中
router(config)#line console 0
router(config-line)# logging synchronous
配置路由器,使得当登陆控制台端口的时候显示一个标题。
router(config)#banner motd
Enter TEXT message. End with the character 'm'. 在这里M是我们结束时候输入的结束控制字符,你最好找一个特殊的作为结束,例如~等等。
Xxxxxxx(是我们定义的信息)
为路由器的各种接口配置IP地址
router(config )#interface s0(进入接口)
router(config-if)# ip address 192.168.1.1 255.255.255.0(为接口添加IP地址)
router(config-if)#clock rate 64000(定义接口时钟频率,仅用于DCE)
router(config-if)# no shut(启动端口)
router(config-if)# interface e0
router(config-if)# ip address 192.168.1.2 255.255.255.0
router(config-if)# no shut
router(config-if)# interface bri0 (进入ISDN的接口)
router(config-if)# ip address 192.168.1.3 255.255.255.0
router(config-if)# no shut
router(config-if)# interface s0.1(进入子接口)
router(config-if)# ip address 192.168.1.4 255.255.255.0
router(config-if)# no shut
router(config-if)#interface loopback 0(进入逻辑的环回接口)
router(config-if)# ip address 192.168.1.5 255.255.255.0
router(config-if)# no shut
观察配置结果
router#show run(察看路由器当前配置)
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname R2
ip subnet-zero
!
interface Loopback0
no ip address
interface Ethernet0
ip address 192.168.1.2 255.255.255.0
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
shutdown
clockrate 64000
!
interface Serial0.1
ip address 192.168.1.4 255.255.255.0
!
interface Serial1
no ip address
shutdown
!
ip classless
ip http server
line con 0
line aux 0
line vty 0 4
!
end
router#show ip int brief (察看路由器端口状态)
Interface IP-Address OK? Method Status Prot
locol
Ethernet0 192.168.1.2 YES manual up up
Loopback0 unassigned YES unset up up
Serial0 192.168.1.1 YES manual administratively down down
Serial0.1 192.168.1.4 YES manual administratively down down
Serial1 unassigned YES unset administratively down dow
备份和升级IOS软件
1:IOS备份
首先安装tftp-server软件,这种软件在网络上到处都是,下载完成后,安装在你的机器上,这时候,你的PC就是一台tftp服务器了,然后进入路由器,这里需要主意的是,你的PC要与你的路由器的E0口保持连接状态,不管是直连还是通过交换网都可以。
Router#sh flash: 查看本路由ios名称是什么。
System flash directory:
File Length Name/status
1 8083776 c2500-c-l.122-26.bin
[8083840 bytes used, 304764 available, 8388604 total]
8192K bytes of processor board System flash (Read ONLY)
router#copy flash tftp 把flash中的信息拷贝到tftp中。
Address or name of remote host []? 169.169.169.125(输入TFTP服务器地址)
Source file name ?c2500-js-1.112-18.bin(输入源文件名称,这时候你可以通过查看过程中,把本机的flash名称copy下来,在这里粘贴就可以了。)
Destination file name[ c2500-js-1.112-18.bin]?回车就可以了
2:IOS升级
router#copy tftp flash
基本与IOS的备份步骤相同,要求输入TFTP地址和源文件名称。一路回车就可以了。
但是在这里需要主意的是:
Router#sh flash:
System flash directory:
File Length Name/status
1 8083776 c2500-c-l.122-26.bin
[8083840 bytes used, 304764 available, 8388604 total]
8192K bytes of processor board System flash (Read ONLY) 我们这里的flash信息是只读的,需要改变配置寄存器的值,使我们的flash保持可以读写状态。
Router(config)#config-register 0x2101
Router#wri`
Router#reload 就可以完成了,然后在继续上面的升级工作才可以。
管理配置文件
1:配置更改的保存
Router#copy running-config startup-config 把配置文件从内存中保存到nvram中。
2:配置文件的更新
Router#copy startup-config running-config 将nvram中保存的文件覆盖内存中的。
3:配置文件的备份
router#copy running-config tftp(将当前运行的配置保存到TFTP服务器)
router#copy startup-config tftp(将NVRAM中的配置保存到TFTP服务器)
前提和升级备份IOS的准备工作是一样的。
4.删除配置
router#erase startup-config
路由器的口令设置和口令恢复
1:口令设置
router(config)#line console 0
router(config-line)#password Cisco(Cisco为我们添加的密码)
router(config-line)#login(应用密码)
router(config)#line vty 0 4
router(config-line)#password Cisco
router(config-line)#login
router(config)#line aux 0
router(config-line)#password Cisco
router(config-line)#login
router(config)#line 0 6 设置async异步串行链路的密码
router(config-line)#password Cisco
router(config-line)#login
2:简单的口令恢复
所有口令恢复的原理是通过开启配置寄存器的第6位,绕过startup-config文件,即避开以前设置的密码,路由器重新启动以后将可以重新配置密码。这里只给出2500系列路由器的密码恢复方法。其他路由器的口令恢复,你会在下面的实验中看到。
首先,在路由器启动的时候输入 Ctrl+Break组合键进入最小启动模式。
Copyright (c) 1986-1994 by Cisco Systems
2500 processor with 14336 Kbytes of main memory
Abort at 0x103B35C (PC)
>o
Bit# Configuration register option settings:
15 Diagnostic mode disabled
14 IP broadcasts do not have network numbers
13 Boot default ROM software if network boot fails
12-11 Console speed is 9600 baud
10 IP broadcasts with ones
08 Break disabled
07 OEM disabled
06 Ignore configuration enabled
03-00 Boot file is Cisco2-2500 (or 'boot system' command)
>o/r 0x2142
>I
路由器开始重起,然后可以正常的使用路由器了不过需要重新配置路由器,因为路由器的配置文件在启动时被忽略了。
当我们重新配置好路由器保存配置以后,需要将0x2142模式改成0x2102模式,防止无意的修改。
Route#config-regedit 0x2102
然后重新启动路由器
路由器的常用show命令的应用
1:显示版本,寄存器模式等信息
router#show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(21), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by Cisco Systems, Inc.
Compiled Tue 19-Aug-03 01:04 by kellythw
Image text-base: 0x03041F90, data-base: 0x00001000
ROM: System Bootstrap, Version 4.14(6)[fc3], SOFTWARE
Router uptime is 12 minutes
System returned to ROM by reload
System image file is "flash:c2500-i-l.121-21.bin"
Cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 02999009, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2142
2:显示目前路由器的配置
router#show run
Current configuration : 409 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface Ethernet0
no ip address
shutdown
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip classless
ip http server
!
!
line con 0
line aux 0
line vty 0 4
!
end
3:显示CPU使用率
router#show processes cpu
14 88 144 611 0.00% 0.00% 0.00% 0 Net Background
15 12 7 1714 0.00% 0.00% 0.00% 0 Logger
16 88 761 115 0.00% 0.00% 0.00% 0 TTY Background
17 8 921 8 0.00% 0.00% 0.00% 0 Per-Second Jobs
18 4 18 222 0.00% 0.00% 0.00% 0 Net Input
19 4 155 25 0.00% 0.00% 0.00% 0 Compute load avg
20 600 16 37500 0.00% 0.04% 0.03% 0 Per-minute Jobs
21 224 240 933 0.00% 0.00% 0.00% 0 IP Input
4:显示接口状态
Router#show ip int brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0 unassigned YES unset administratively down down
Serial0 unassigned YES unset administratively down down
Serial1 unassigned YES unset administratively down dow
5:显示路由表
Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
179.23.0.0/24 is subnetted, 1 subnets
C 179.23.23.0 is directly connected, Ethernet0
实验总结:
本实验涉及到了路由器时的许多基本配置,这些配置是我们在配置路由器时经常用到的,是我们对路由器进行高级配置的前提,所以大家一定要熟练掌握,反复的联系,不要忽视对基础命令的理解。