Cisco howto: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
=Cisco Router Grundlagen= | =Cisco Router Grundlagen= | ||
| − | *[[Cisco Router Grundlagen]] | + | *[[Cisco Router Grundlagen]] |
| − | + | =Einrichten eines SSH Servers= | |
| − | |||
| − | |||
| − | |||
*[[CISCO SSH Server]] | *[[CISCO SSH Server]] | ||
==Misc== | ==Misc== | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
==Accesslisten== | ==Accesslisten== | ||
| Zeile 44: | Zeile 15: | ||
==IPSEC Site to Site VPN== | ==IPSEC Site to Site VPN== | ||
*[[CISCO IPSEC Site to Site VPN]] | *[[CISCO IPSEC Site to Site VPN]] | ||
| + | |||
=Cisco Configuration Professional= | =Cisco Configuration Professional= | ||
*[[Cisco Configuration Professional]] | *[[Cisco Configuration Professional]] | ||
Version vom 7. April 2016, 11:30 Uhr
Cisco Router Grundlagen
Einrichten eines SSH Servers
Misc
Accesslisten
NAT
Logging
IPSEC Site to Site VPN
Cisco Configuration Professional
Diagnose
Ping einfach
unkerich#ping arilon Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.240.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Ping erweitert
unkerich#ping Protocol [ip]: Target IP address: 192.168.240.100 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 172.22.2.1 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.240.100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms
Traceroute
unkerich#traceroute www.1fck.de Translating "www.1fck.de"...domain server (192.168.240.21) [OK] Type escape sequence to abort. Tracing the route to www.1fck.de (78.46.48.17) 1 zonk.alpha.quadrant (192.168.254.17) 0 msec 0 msec 4 msec 2 83-169-166-158-isp.superkabel.de (83.169.166.158) 8 msec 4 msec 8 msec 3 83-169-176-158-isp.superkabel.de (83.169.176.158) 12 msec 12 msec 16 msec 4 83-169-183-102-isp.superkabel.de (83.169.183.102) 16 msec 12 msec 12 msec 5 83-169-128-86-isp.superkabel.de (83.169.128.86) 12 msec 16 msec 17 msec 6 83-169-128-89-isp.superkabel.de (83.169.128.89) 16 msec 12 msec 12 msec 7 decix-gw.hetzner.de (80.81.192.164) 16 msec 16 msec 20 msec 8 hos-bb1.juniper1.rz8.hetzner.de (213.239.240.240) 20 msec 20 msec 20 msec 9 gi.4.1.rs3k7.rz8.hetzner.de (213.239.242.41) 20 msec 16 msec 16 msec 10 www.1fck.de (78.46.48.17) 16 msec 16 msec 16 msec
Debugging
ICMP
unkerich#debug ip icmp ICMP packet debugging is on unkerich#terminal monitor unkerich# 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 6d02h: ICMP: echo reply sent, src 172.22.2.1, dst 172.22.2.2 unkerich# no debug all
Dialer
unkerich#debug dialer packets Dial on demand packets debugging is on
Misc
Webserver aktivieren
unkerich#configure terminal unkerich(config)#ip http server unkerich(config)#exit unkerich#
DHCP einrichten
Cisco 1800 pppoe (nur für 1811/12?)
Virtual Private Dialup Network Group Number konfigurieren
VPDN aktivieren
Router(config)# vpdn enable
Erstellt und assoziiert eine VPDN-Gruppe mit einem benutzerdefinierten oder VPDN-Profil
Router(config-vpdn)# vpdn group 1
Erstelle eine request-dialin-subgruppe, welches die Einwahl-Richtung angibt und den tunnel initiiert
Router(config-vpdn-grp)# request-dialin
Spezifiziert die IP, zu welcher anfragen getunnelt werden
Router(config-vpdn-grp)# initiate to 192.168.1.1
spezifiziert die Art der Session, welche die subgruppe herstellen kann
Router(config-vpdn-grp)# protocol pppoe
Fast Ethernet WAN Interfaces konfigurieren
WAN interface
Router(config)#interface fastethernet 0
Konfiguriert den pppoe-client
Router(config-if)# pppoe-client dial-pool-number 1
aktiviert das Interface
Router(config-if)# no shutdown
Dialer Interface konfigurieren
Erstellt das Dialer-Interface
Router(config)# interface dialer 0 Router(config-if)# ip address negotiated Router(config-if)# ip mtu 1492 Router(config-if)# encapsulation ppp Router(config-if)# ppp authentication chap Router(config-if)# dialer pool 1 Router(config-if)# dialer group 1 Router(config-if)# exit Router(config)# dialer-list 1 protocol ip permit Router(config)# ip route 10.10.25.2 0.255.255.255 dialer 0
NAT konfigurieren
Router(config)# ip nat pool pool1 192.168.1.0 192.168.2.0 netmask 0.0.0.255
Router(config)# ip nat inside source list 1 interface dialer 0 overload
oder
Router(config)# ip nat inside source list acl1 pool pool1
Router(config)# interface vlan 1 Router(config-if)# ip nat inside Router(config-if)# no shutdown Router(config-if)# exit Router(config)#interface fastethernet 0 Router(config-if)# ip nat outside Router(config-if)# no shutdown Router(config-if)# exit Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255