Cisco howto: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(22 dazwischenliegende Versionen von einem anderen Benutzer werden nicht angezeigt)
Zeile 1: Zeile 1:
==Unprivilegierter Modus==
+
=Cisco Router Grundlagen=
 
+
*[[Cisco Router Grundlagen]]
===Befehle anzeigen===
+
=Einrichten eines SSH Servers=
cisco2600>?
+
*[[CISCO SSH Server]]  
Exec commands:
+
=Accesslisten=
  clear            Reset functions
+
*[[CISCO Accesslisten]]
  disable          Turn off privileged commands
+
=NAT=
  disconnect      Disconnect an existing network connection
 
  enable          Turn on privileged commands
 
  exit            Exit from the EXEC
 
 
 
 
 
===Show nachgeordnete Befehle anzeigen===
 
cisco2600>show ?
 
  backup        Backup status
 
  c2600          Show c2600 information
 
  cca            CCA information
 
  cdapi          CDAPI information
 
  cef            Cisco Express Forwarding
 
  class-map      Show QoS Class Map
 
  clock          Display the system clock
 
  compress      Show compression statistics
 
  connection    Show Connection
 
 
 
===Version anzeigen===
 
cisco2600>show version
 
Cisco Internetwork Operating System Software
 
IOS (tm) C2600 Software (C2600-D-M), Version 12.0(7)T3,  RELEASE SOFTWARE (fc1)
 
TAC Support: http://www.cisco.com/tac
 
Copyright (c) 1986-2003 by cisco Systems, Inc.
 
Compiled Fri 04-Jul-03 05:02 by dchih
 
Image text-base: 0x80008088, data-base: 0x808D2AD0
 
 
ROM: System Bootstrap, Version 12.2(6r),  RELEASE SOFTWARE (fc1)
 
 
cisco2600 uptime is 24 minutes
 
System returned to ROM by power-on
 
System image file is "flash:c2600-d-mz.120-7.T3.bin"
 
 
cisco 2610 (MPC860) processor (revision 0x00) with 26624K/6144K bytes of memory.
 
Processor board ID JAD062603WX (2830545266)
 
M860 processor: part number 0, mask 49
 
Bridging software.
 
X.25 software, Version 3.0.0.
 
1 Ethernet/IEEE 802.3 interface(s)
 
1 Serial network interface(s)
 
32K bytes of non-volatile configuration memory.
 
8192K bytes of processor board System flash (Read/Write)
 
 
 
==Enable Modus==
 
 
 
===Wechsel in den Enable Modus===
 
cisco2600>enable
 
Password: (blind eintippen)
 
cisco2600#
 
 
 
==Konfiguration sichern und wiederherstellen==
 
 
 
===Alte Konfiguration sichern===
 
cisco2600# copy flash:c2600-d-mz.120-7.T3.bin tftp:
 
Address or name of remote host []? 192.168.240.1                         
 
Destination filename [c2600-d-mz.120-7.T3.bin]? cisco2600/c2600-flash (Unterordner mit lese-und schreibrechten)                 
 
 
 
===Alte Konfiguration wiederherstellen===
 
cisco2600# copy tftp: running-config
 
cisco2600# Address or name of remote host []? 192.168.240.1
 
cisco2600# Source filename []? cisco2600/c2600-flash
 
cisco2600# Destination filename [running-config]?
 
 
 
 
 
==Konfigurations Modus==
 
 
 
===Wechsel in den Konfigurations Modus===
 
 
 
cisco2600#configure terminal
 
Enter configuration commands, one per line.  End with CNTL/Z.
 
cisco2600(config)#
 
 
 
 
 
==Grundkonfiguration==
 
 
 
===Setzen des Hostnamens===
 
 
 
cisco2600#configure terminal
 
cisco2600(config)#hostname unkerich
 
unkerich(config)#exit
 
unkerich#
 
 
 
===Setzen des Domainnamens===
 
unkerich#
 
unkerich(config)#ip domain-name schluries.int
 
unkerich(config)#exit
 
unkerich#
 
 
 
===Eintellen der Interfaceparameter (100basetx, 100basefull)===
 
 
 
unkerich#configure terminal
 
unkerich(config)#interface ethernet 0/0
 
unkerich(config-if)#ip address 192.168.250.97 255.255.240.0
 
unkerich(config)#interface ethernet 1/0
 
unkerich(config-if)#ip address 172.22.2.1 255.255.255.0
 
unkerich(config-if)#exit
 
 
 
===Aktivieren der Interfaces===
 
unkerich#configure terminal
 
unkerich(config)#interface ethernet 0/0
 
unkerich(config-if)#no shutdown
 
unkerich(config-if)#interface ethernet 1/0
 
unkerich(config-if)#no shutdown         
 
unkerich(config-if)#exit
 
unkerich(config)#
 
 
 
===Anzeige des Status des Interfaces===
 
 
unkerich#show interfaces ethernet 1/0
 
Ethernet1/0 is up, line protocol is up
 
  Hardware is AmdP2, address is 000a.4142.abd0 (bia 000a.4142.abd0)
 
  Internet address is 172.22.2.1/24
 
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
 
      reliability 255/255, txload 1/255, rxload 1/255
 
  Encapsulation ARPA, loopback not set
 
  Keepalive set (10 sec)
 
  ARP type: ARPA, ARP Timeout 04:00:00
 
  Last input never, output 00:00:09, output hang never
 
  Last clearing of "show interface" counters never
 
  Queueing strategy: fifo
 
  Output queue 0/40, 0 drops; input queue 0/75, 0 drops
 
  5 minute input rate 0 bits/sec, 0 packets/sec
 
  5 minute output rate 0 bits/sec, 0 packets/sec
 
    0 packets input, 0 bytes, 0 no buffer
 
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 
    0 input packets with dribble condition detected
 
    19 packets output, 2766 bytes, 0 underruns
 
    0 output errors, 0 collisions, 1 interface resets
 
    0 babbles, 0 late collision, 0 deferred
 
    0 lost carrier, 0 no carrier
 
    0 output buffer failures, 0 output buffers swapped out
 
unkerich#
 
 
 
 
 
 
 
===Setzen der statischen Routen (Letzter Wert immer auf 1 setzen)===
 
unkerich(config)#ip route 0.0.0.0 0.0.0.0 192.168.240.100 1
 
 
 
==Diverse IP Befehle==
 
 
 
==Domainname setzen==
 
unkerich(config)#ip domain-name alpha.quadrant
 
 
 
==Nameserver einstellen==
 
unkerich(config)#ip name-server 192.168.240.21
 
 
 
==IP einem Hostnamen zu ordnen==
 
unkerich(config)#ip host my-laptop 192.168.250.2
 
 
 
==Benutzen von Klassenlosen netzen erlauben==
 
unkerich(config)#ip classless
 
 
 
==Klassenloses Netz mit der Nummer 0 erlauben ==
 
unkerich(config)#ip subnet-zero
 
 
 
 
 
===Setzen des Telnet Passwortes===
 
 
 
  unkerich#configure terminal
 
  unkerich(config)#line vty 0 4
 
  unkerich(config)#password suxer
 
  unkerich(config)#exit
 
  unkerich#
 
 
 
 
 
===Setzen des Enable Passwortes===
 
 
 
Falls kein enable-passwort vergeben ist, mit
 
enable password (unverschlüsselt)
 
oder
 
enable secret (verschlüsselt)
 
ein passwort vergeben.
 
 
 
 
 
==Einrichten eines SSH Servers==
 
 
===Enabling AAA ===
 
aaa new-model
 
 
 
===rsa key generieren und starten===
 
unkerich#configure terminal
 
unkerich(config)#crypto key generate rsa                                       
 
The name for the keys will be: unkerich.schluries.int                         
 
Choose the size of the key modulus in the range of 360 to 2048 for your       
 
General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.
 
                                                                               
 
How many bits in the modulus [512]: ''1024''                                       
 
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]            
 
                                                                             
 
unkerich(config)#                                                             
 
*Mar  1 01:22:47.054: %SSH-5-ENABLED: SSH 1.99 has been enabled 
 
unkerich(config)#exit
 
unkerich#
 
 
 
===ssh time out einstellen===
 
unkerich(config)#ip ssh time-out 120                                           
 
 
 
===user anlegen===                                                                               
 
unkerich(config)#username admin password oimel
 
 
 
===rsa key löschen===
 
unkerich(config)#crypto key zeroize rsa
 
 
 
==Misc==
 
 
 
===Warmstart des Sytems===
 
unkerich#write memory
 
Building configuration...
 
[OK]
 
unkerich#
 
 
 
===Einstellen der Uhrzeit===
 
unkerich#clock set 14:11:40 18 MAY 2009
 
 
 
===Einstellen der Default Sommerzeit===
 
unkerich(config)#clock summer-time MEST recurring last Sunday March 2:00 last Sunday October 3:00 60
 
 
 
===Einstellung der Zeitzone===
 
unkerich(config)#clock timezone MEZ 1
 
 
 
 
 
===Anzeigen der Uhrzeit (detaliert)===
 
unkerich#show clock detail
 
16:20:41.014 MEST Mon May 18 2009
 
Time source is user configuration
 
Summer time starts 02:00:00 MET Sun Mar 29 2009
 
Summer time ends 03:00:00 MEST Sun Oct 25 2009
 
 
 
===Einstellen des NTP Server===
 
unkerich(config)#ntp server 195.145.119.188 source ethernet 0/0
 
 
 
==Accesslisten==
 
**[[CISCO Accesslisten]]
 
 
 
==NAT==
 
 
*[[CISCO NAT]]
 
*[[CISCO NAT]]
 
+
=Logging=
==IPSEC Site to Site VPN==
+
*[[CISCO Logging]]
 +
=IPSEC Site to Site VPN=
 
*[[CISCO IPSEC Site to Site VPN]]
 
*[[CISCO IPSEC Site to Site VPN]]
 
+
=Cisco Configuration Professional=
==Diagnose==
+
*[[Cisco Configuration Professional]]
+
=Diagnose=
===Ping einfach===
+
*[[Cisco Router Diagnose]]
unkerich#ping arilon
+
=DHCP einrichten=
 
Type escape sequence to abort.
 
Sending 5, 100-byte ICMP Echos to 192.168.240.1, timeout is 2 seconds:
 
!!!!!
 
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
 
 
 
===Ping erweitert===
 
unkerich#ping             
 
Protocol [ip]:
 
Target IP address: 192.168.240.100
 
Repeat count [5]:
 
Datagram size [100]:
 
Timeout in seconds [2]:
 
Extended commands [n]: y
 
Source address or interface: 172.22.2.1
 
Type of service [0]:
 
Set DF bit in IP header? [no]:
 
Validate reply data? [no]:
 
Data pattern [0xABCD]:
 
Loose, Strict, Record, Timestamp, Verbose[none]:
 
Sweep range of sizes [n]:
 
Type escape sequence to abort.
 
Sending 5, 100-byte ICMP Echos to 192.168.240.100, timeout is 2 seconds:
 
!!!!!
 
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms
 
 
 
===Traceroute===
 
unkerich#traceroute www.1fck.de
 
Translating "www.1fck.de"...domain server (192.168.240.21) [OK]
 
 
Type escape sequence to abort.
 
Tracing the route to www.1fck.de (78.46.48.17)
 
 
  1 zonk.alpha.quadrant (192.168.254.17) 0 msec 0 msec 4 msec
 
  2 83-169-166-158-isp.superkabel.de (83.169.166.158) 8 msec 4 msec 8 msec
 
  3 83-169-176-158-isp.superkabel.de (83.169.176.158) 12 msec 12 msec 16 msec
 
  4 83-169-183-102-isp.superkabel.de (83.169.183.102) 16 msec 12 msec 12 msec
 
  5 83-169-128-86-isp.superkabel.de (83.169.128.86) 12 msec 16 msec 17 msec
 
  6 83-169-128-89-isp.superkabel.de (83.169.128.89) 16 msec 12 msec 12 msec
 
  7 decix-gw.hetzner.de (80.81.192.164) 16 msec 16 msec 20 msec
 
  8 hos-bb1.juniper1.rz8.hetzner.de (213.239.240.240) 20 msec 20 msec 20 msec
 
  9 gi.4.1.rs3k7.rz8.hetzner.de (213.239.242.41) 20 msec 16 msec 16 msec
 
  10 www.1fck.de (78.46.48.17) 16 msec 16 msec 16 msec
 
 
 
==Debugging==
 
===ICMP===
 
unkerich#debug ip icmp
 
ICMP packet debugging is on
 
unkerich#terminal monitor
 
unkerich#
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2
 
unkerich# no debug all
 
 
 
===Dialer===
 
unkerich#debug dialer packets
 
Dial on demand packets debugging is on
 
 
 
 
 
 
 
==Misc==
 
 
 
===Webserver aktivieren===
 
unkerich#configure terminal
 
unkerich(config)#ip http server
 
unkerich(config)#exit
 
unkerich#
 
 
 
===DHCP einrichten===
 
 
*[[Cisco DHCP SERVER]]
 
*[[Cisco DHCP SERVER]]
 +
=Cisco 1800 pppoe (nur für 1811/12?)=
 +
*[[Cisco Router PPPOE]]
 +
=Hot Standby Router Protocol (HSRP)=
 +
*[[Hot Standby Router Protocol (HSRP)]]
 +
=Policy-Based Routing=
 +
*[[Cisco Policy-Based Routing]]
 +
=Misc=
 +
*[[Cisco Router Misc]]
  
==Cisco 1800 pppoe (nur für 1811/12?)==
+
=Debug=
 
+
*[[Cisco Debug]]
===Virtual Private Dialup Network Group Number konfigurieren===
+
=OSPF=
 
+
*[[Cisco OSPF]]
VPDN aktivieren
 
Router(config)# vpdn enable
 
Erstellt und assoziiert eine VPDN-Gruppe mit einem benutzerdefinierten oder VPDN-Profil
 
Router(config-vpdn)# vpdn group 1
 
Erstelle eine request-dialin-subgruppe, welches die Einwahl-Richtung angibt und den tunnel initiiert
 
Router(config-vpdn-grp)# request-dialin
 
Spezifiziert die IP, zu welcher anfragen getunnelt werden
 
Router(config-vpdn-grp)# initiate to 192.168.1.1
 
spezifiziert die Art der Session, welche die subgruppe herstellen kann
 
Router(config-vpdn-grp)# protocol pppoe
 
 
===Fast Ethernet WAN Interfaces konfigurieren===
 
 
 
WAN interface
 
Router(config)#interface fastethernet 0
 
Konfiguriert den pppoe-client
 
Router(config-if)# pppoe-client dial-pool-number 1
 
aktiviert das Interface
 
Router(config-if)# no shutdown
 
 
===Dialer Interface konfigurieren===
 
 
Erstellt das Dialer-Interface
 
Router(config)# interface dialer 0
 
Router(config-if)# ip address negotiated
 
Router(config-if)# ip mtu 1492
 
Router(config-if)# encapsulation ppp
 
Router(config-if)# ppp authentication chap
 
Router(config-if)# dialer pool 1
 
Router(config-if)# dialer group 1
 
Router(config-if)# exit
 
Router(config)# dialer-list 1 protocol ip permit
 
Router(config)# ip route 10.10.25.2 0.255.255.255 dialer 0
 
 
===NAT konfigurieren===
 
Router(config)# ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 0.0.0.255
 
 
 
Router(config)# ip nat inside source list 1 interface dialer 0 overload
 
oder
 
Router(config)# ip nat inside source list acl1 pool pool1
 
 
 
Router(config)# interface vlan 1
 
Router(config-if)# ip nat inside
 
Router(config-if)# no shutdown
 
Router(config-if)# exit
 
Router(config)#interface fastethernet 0
 
Router(config-if)# ip nat outside
 
Router(config-if)# no shutdown
 
Router(config-if)# exit
 
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
 
  
==Links==
+
=Links=
 
[http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml IPsec von Cisco Router zu Cisco PIX VPN]
 
[http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml IPsec von Cisco Router zu Cisco PIX VPN]
  

Aktuelle Version vom 4. November 2021, 14:58 Uhr

Cisco Router Grundlagen

Einrichten eines SSH Servers

Accesslisten

NAT

Logging

IPSEC Site to Site VPN

Cisco Configuration Professional

Diagnose

DHCP einrichten

Cisco 1800 pppoe (nur für 1811/12?)

Hot Standby Router Protocol (HSRP)

Policy-Based Routing

Misc

Debug

OSPF

Links

IPsec von Cisco Router zu Cisco PIX VPN

Konfigurationsbeispiele

Vorlage:HOWTO Vorlage:Passwords

Abgerufen von „http://wiki.ixheim.de/index.php?title=Cisco_howto&oldid=29318