1、 路由器和交換機 基礎知識與基本配置路由器與交換機的作用與特點交換機基礎與基本配置路由器基礎與基本配置目錄交換機的作用PCB PCA PCDPCCSWA SWB 連接多個以太網(wǎng)物理段，隔離沖突域對以太網(wǎng)幀進行高速而透明的交換轉發(fā)自行學習和維護MAC地址信息交換機的特點主要工作在OSI模型的物理層、數(shù)據(jù)鏈路層提供以太網(wǎng)間的透明橋接和交換依據(jù)鏈路層的MAC地址，將以太網(wǎng)數(shù)據(jù)幀在端口間進行轉發(fā) 路由器的作用RTC RTBRTA RTD RTE PCB PCA 連接具有不同介質的鏈路連接網(wǎng)絡或子網(wǎng)，隔離廣播對數(shù)據(jù)報文執(zhí)行尋路和轉發(fā)交換和維護路由信息路由器的特點主要工作在OSI模型的物理層、數(shù)據(jù)鏈路層和

2、網(wǎng)絡層根據(jù)網(wǎng)絡層信息進行路由轉發(fā)提供豐富的接口類型支持豐富的鏈路層協(xié)議支持多種路由協(xié)議路由器與交換機的發(fā)展趨勢路由和交換的融合多業(yè)務功能的融合路由器與交換機的作用與特點交換機基礎與基本配置路由器基礎與基本配置本章目錄目標交換原理VLAN原理生成樹協(xié)議其本原理交換機基本配置交換機特性介紹地址學習轉發(fā)/過濾防止環(huán)路交換機的三大功能 交換機的地址學習功能起初MAC地址表是空的MAC address table0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3ABCD交換機的地址學習功能工作站 A 向工作站 C 發(fā)送一個數(shù)據(jù)

3、幀交換機分析該幀，幀的頭部記錄了源地址A，交換機由此知道工作站是連接在端口E0之上的 由于MAC地址表中沒有C工作站的記錄，所以交換機向所有的端口轉發(fā)該幀（Flood 泛洪）MAC address table0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0: 0260.8c01.1111E0E1E2E3DCBA交換機的地址學習功能同樣，工作站B給A發(fā)數(shù)據(jù)包的時候，交換機將其MAC地址和端口關聯(lián)起來MAC地址表記錄了這樣的一種關聯(lián)，用于專用的集成電路ASIC的轉發(fā)依據(jù)轉發(fā)數(shù)據(jù)由ASIC完成，不再需要CPU參與MAC addres

4、s table0260.8c01.11110260.8c01.22220260.8c01.33330260.8c01.4444E0: 0260.8c01.1111E1: 0260.8c01.3333E0E1E2E3DCAB交換機的過濾功能MAC地址表建立之后，當工作站A往工作C發(fā)送數(shù)據(jù)包，交換機知道只需要轉發(fā)到端口E2, 不需要復制到E1、E3, 這就是交換機的過濾功能過濾功能減少了網(wǎng)絡流量對工作站的干擾，提高了可用帶寬 E0: 0260.8c01.1111E2: 0260.8c01.2222E1: 0260.8c01.3333E3: 0260.8c01.44440260.8c01.11110

5、260.8c01.22220260.8c01.33330260.8c01.4444E0E1E2E3XXDCABMAC address table網(wǎng)絡拓撲冗余冗余的網(wǎng)絡拓樸結構可以防止單點故障，但也帶來一些問題: 廣播風暴、重復幀、MAC地址表不穩(wěn)定Segment 1Segment 2Server/host XRouter YSegment 1Segment 2Server/host XRouter Y BroadcastSwitch ASwitch B主機 X 發(fā)送的廣播包由交換機A發(fā)送到網(wǎng)段2廣播風暴Segment 1Segment 2Server/host XRouter Y Broadc

6、astSwitch ASwitch B交換機B把廣播包又轉發(fā)到網(wǎng)段1廣播風暴Segment 1Segment 2Server/host XRouter Y Broadcast廣播包就這樣被反復傳送直到占完帶寬，造成網(wǎng)絡服務中斷Switch ASwitch B廣播風暴端口速度Cost (當前 IEEE 規(guī)范) Cost (前 IEEE 規(guī)范)-10 Gbps 211 Gbps41100 Mbps191010 Mbps100100生成樹協(xié)議的路徑成本生成樹協(xié)議 通過引入生成樹協(xié)議，交換機把某些端口置于阻斷狀態(tài)，避免環(huán)路問題BlockxIEEE 802.3d在一個網(wǎng)絡中只存在一個根橋(root br

7、idge)非根橋上只有一個根端口(到根橋的cost最低)在每一個網(wǎng)段上只有一個指定端口(designated port)xDesignated port (F)Root port (F)Designated port (F)Nondesignated port (B)Root bridgeNonroot bridgeSW XSW Y100baseT 10baseT生成樹基本原理Switch YDefault priority 32768MAC 0c0022222222Switch XDefault priority 32768 MAC 0c0011111111Root bridgexPort

8、0Port 1Port 0Port 1100baseT10baseT Designated port (F)Root port (F)Nondesignated port (B)Designated port (F)生成樹協(xié)議的端口狀態(tài)F Forward 轉發(fā)狀態(tài) B Blocking阻斷狀態(tài)非指定端口將被交換機置于阻斷狀態(tài)，其它端口（根端口、指定端口）都將工作于轉發(fā)狀態(tài)Blocking 阻斷 (20 sec)Listening 偵聽 (15 sec) Learning 學習 (15 sec)Forwarding 轉發(fā)在進行數(shù)據(jù)轉發(fā)之前端口依次要經(jīng)過以下幾種狀態(tài)以默認參數(shù)工作時整個過程需要50

9、秒！生成樹協(xié)議端口狀態(tài)Switch YMAC 0c0022222222Default priority 32768Switch XMAC 0c0011111111Default priority 32768 Port 0Port 1Port 0Port 110baseTx100baseTRoot BridgeDesignated portRoot port (F)Nondesignated port (BLK)Designated port生成樹重計算如果網(wǎng)絡拓樸發(fā)生變化，生成樹必須要進行重新計算，以啟用必要的鏈路Switch YMAC 0c0022222222Default priority

10、 32768Switch XMAC 0c0011111111Default priority 32768 Port 0Port 1Port 0Port 110baseTx100baseTRoot BridgeDesignated portRoot port (F)Nondesignated port (BLK)Designated portBPDUxMAXAGEx生成樹重計算 交換機Y經(jīng)過Maxage定義的時間仍收不到BPDU，可以認為根橋已經(jīng)當?shù)簦貥惆l(fā)生變化, 重新進行計算關鍵問題：會聚所需時間所有交換機完成計算，將端口置于阻斷/轉發(fā)狀態(tài)之后整個網(wǎng)絡就會聚完畢當網(wǎng)絡的拓撲結構發(fā)生變化時，交

11、換機必須重新計算生成樹協(xié)議，這期間用戶的數(shù)據(jù)傳送被中斷生成樹協(xié)議的擴展與發(fā)展PVST :每個VLAN一個生成樹PortFast: 端口快速進入轉發(fā)狀態(tài)RSTP/MSTP: 新一代的生成樹PVST VLAN 10 用戶群VLAN 20 用戶群VLAN 10、20 少數(shù)用戶x阻斷狀態(tài)Root BridgeVLAN10的流量并非最優(yōu)路徑選擇合適的根橋可以優(yōu)化流量PVST VLAN 10 用戶群VLAN 20 用戶群VLAN 10、20 少數(shù)用戶xRoot BridgeVLAN10的流量并非最優(yōu)路徑Root Bridgex調整生成樹設置可以達到某種程度的負載均衡PortFast直接將端口置于轉發(fā)狀態(tài)，

12、“立即可用”避免了生成樹啟動的一些問題：如DHCP失敗只應在連接主機的端口上使用3550高級特性：避免交換機間的端口工作于PortFast方式快速生成樹非?？斓氖諗克俣?，使生成樹計算對網(wǎng)絡數(shù)據(jù)的影響降到最小分區(qū)域（等級）的生成樹增強了擴展性標準化技術，向后兼容目前僅3550, 6500等部分高檔交換機支持，推薦應用于中心接入Half duplex (CSMA/CD)單向數(shù)據(jù)沖突率高一般出現(xiàn)在用HUB的情況 SwitchHub半雙工SwitchHubFull duplex 點對點每個交換機端口上只連接一臺設備雙方都支持(可通過自動協(xié)議選定)不會有沖突發(fā)生 沖突檢測自動關閉全雙工Half dupl

13、ex (CSMA/CD)單向數(shù)據(jù)沖突率高一般出現(xiàn)在用HUB的情況 劃分網(wǎng)段靈活性安全性三樓二樓一樓用電財務工區(qū)VLAN 把一組物理設備劃分為多個邏輯網(wǎng)絡 VLAN 概述Switch AGreenVLANBlackVLAN RedVLANVLAN之間互相隔離，就好象用戶連接到不同的交換機一樣VLAN的特點Switch AGreenVLANBlackVLAN RedVLANSwitch BGreenVLANBlackVLANRedVLANVLAN之間互相隔離，就好象用戶連接到不同的交換機一樣VLAN可以跨越多個交換機VLAN的特點Switch AGreenVLANBlackVLAN RedVLAN

14、Switch BGreenVLANBlackVLANRedVLAN TrunkVLAN之間互相隔離，就好象用戶連接到不同的交換機一樣VLAN可以跨越多個交換機TRUNK(干道)傳送多個VLAN的數(shù)據(jù)，它們使用“封裝”標記不同VLAN的數(shù)據(jù) Fast EthernetVLAN的特點38VLAN指定：動態(tài)與靜態(tài)VLAN5Static VLANDynamic VLANMAC = 1111.1111.1111TrunkVMPS1111.1111.1111 = vlan 10 VLAN10Port e0/9Port e0/439封裝：標記ISL是cisco專有技術802.1Q是開放標準可用于交換機之間或

15、交換機與主機、路由器之間由于新技術的發(fā)展，已經(jīng)逐步統(tǒng)一于dot1qISL 或802.1Q封裝方法通過TRUNK傳輸前加上標記去掉標記傳輸VTPVLAN Trunk Protocol 照字面翻譯是VLAN 干道協(xié)議，但其實稱為VLAN管理協(xié)議更合適VTP在一個由多臺交換機組成的域內創(chuàng)建、修改和同步VLAN數(shù)據(jù)庫VTP 信息只通過TRUNK傳輸支持混合介質(以太網(wǎng)，ATM) 1.“已建立新的VLAN”3.獲知新VLAN的信息2VTP Domain “JSEPC”41VTP 角色ServerClientTransparent轉發(fā)通告信息同步VLAN信息不在NVRAM中保存VLAN信息建立VLAN修改

16、VLAN刪除VLAN發(fā)送/轉發(fā)通告同步VLAN信息在NVRAM保存信息創(chuàng)建VLAN修改VLAN刪除VLAN轉發(fā)通告不同步到域在 NVRAM中保存42VTP 操作VTP 使用組播方式發(fā)送通告 VTP server 和 client 同步到最新版本的VLAN數(shù)據(jù)庫VTP 通告每五分鐘發(fā)送一次，或當VLAN數(shù)據(jù)庫有修改時發(fā)送VTP 使用組播方式發(fā)送通告 VTP server 和 client 同步到最新版本的VLAN數(shù)據(jù)庫VTP 通告每五分鐘發(fā)送一次，或當VLAN數(shù)據(jù)庫有修改時發(fā)送1.創(chuàng)建新 VLAN2.修改VLAN數(shù)據(jù)庫版本號: Rev 3 - Rev 4 ServerClientClient4.

17、Rev 3 - Rev 45.同步到新的VLAN數(shù)據(jù)庫 334.Rev 3 - Rev 45.同步到新的VLAN數(shù)據(jù)庫 同步過程熱點問題：安全手段只允許特定機器使用該端口: port secureWAN只允許特定機器(mac)使用某IP: 靜態(tài)ARP指定只允許特定IP訪問某些資源:訪問控制列表ACL配置安全手段Port Secure: (二層交換機)inter f 0/12port security max-mac-count 1port security action shutdown!mac-address-table secure 000C.00AB.1129 f 0/12靜態(tài)ARP指定

18、: (路由)arp 0001.0001.0001 arpa訪問控制列表: (路由)Access-list 100 deny icmp any anyAccess-list 100 permit ip any anyInter vlan 1 ip access-group 100 out思科交換機基本配置配置方式：console、telnet: CLI命令行方式web方式snmp方式系統(tǒng)啟動程序初始交換機的軟件。初始啟動使用默認的配置參數(shù)。Catalyst交換機的初始啟動 Catalyst 3560交換機的LED 指示燈在自檢期間端口LEDs 狀態(tài) 1. 啟動時, 所有端口LEDs都是綠色恒亮。

19、2. 交換機完成所有端口測試之后每個端口LED均熄滅。3. 如果某端口測試失敗, 所對應LED 變成琥珀（黃）顏色。4. 只要有測試失敗，系統(tǒng)LED變成琥珀（黃）顏色。5. 若無測試失敗，自檢（POST）完成。6.象征POST完成： LEDs 閃爍,然后熄滅。交換機常用配置方式配置方式：console、telnet: CLI命令行方式web方式snmp方式連接交換機第一次連接交換機，配置終端參數(shù)為: 波特率：9600；數(shù)據(jù)位：8；停止位：1；奇偶校驗：無；流控制：無。連接上后看到：Switch用戶命令行模式命令模式3560 交換機SwitchSwitch#Switch(config)#Swit

20、ch(config-if)#Switch(config-line)#配置主機名3560交換機Switch#Conf tSwitch(config)#hostname 3500_A3500_A(config)#exit3500_A#write保存配置配置密碼3560交換機:Switch(config)#enable secret _passwordSwitch(config)#line vty 0 15Switch(config-line)#password _password3560的端口命名方式快速以太網(wǎng)端口：fastethernet 0/0 0/48千兆以太網(wǎng)端口：gigaethernet

21、 0/1 管理端口： vlan 1 (或vlan n)設置端口速度/雙工3560交換機:Switch(config)# interface f 0/1Switch(config-if)#speed 100Switch(config-if)#duplex full檢查端口狀態(tài)3560交換機:Switch# show interface f 0/1如果端口速度/雙工不匹配可能的現(xiàn)象：完全不通錯誤數(shù)多（端口可能會自動關閉，數(shù)據(jù)傳輸可能會意外中斷）端口flap (up-down-up-down)設置管理IP地址3560交換機:Switch(config)#inter vlan 1Switch(conf

22、ig-if)#ip add 設置網(wǎng)關3560交換機:Switch(config)#ip route 54設置TRUNK3560交換機:Switch(config)#inter g 0/1Switch(config-if)#switch trunk enc dot1qSwitch(config-if)#switch mode trunk檢查TRUNK3560交換機:Switch#show inter g 0/1 switchport設置VTP3560交換機:Switch#vlan databaseSwitch(config-if)#switch trunk enc dot1qSwitch(vla

23、n)# vtp client(或server)Switch(vlan)# vtp domain _domainSwitch(vlan)# exit檢查VTP3560交換機:Switch#show vtp status如果沒有同步檢查端口:show interfaceshow port檢查trunk:show trunkshow inter f0/1 switch檢查VTP參數(shù)：版本、域名、模式、密碼show vtp statusshow vtp domain檢查其它配置：show run添加VLAN3560交換機: (VTP模式為Server/Tran時)Switch#vlan databas

24、eSwitch(vlan)#vlan 2 name ydcSwitch(vlan)#vlan 3 name ccd檢查VLAN3560交換機: (VTP模式為Server/Tran時)Switch#show vlan把端口指定的VLAN3560交換機:Switch(config)#interface f0/1Switch(config-if)#switch access vlan 2檢查端口所在VLAN3560交換機:Switch#show vlan 路由器與交換機的作用與特點交換機基礎與基本配置路由器基礎與基本配置本章目錄路由器負責將數(shù)據(jù)報文在邏輯網(wǎng)段間進行轉發(fā)路由是指導路由器如何進行數(shù)據(jù)報

25、文發(fā)送的路徑信息每臺路由器都有路由表，路由存儲在路由表中路由環(huán)路是由錯誤的路由導致的，它會造成IP報文在網(wǎng)絡中循環(huán)轉發(fā)，浪費網(wǎng)絡帶寬引入什么是路由路由是指導IP報文發(fā)送的路徑信息RTBRTCRTDRTERTA網(wǎng)絡N（N,RTB）（N,RTC）（N,RTD）（N,RTE）PCServer路由表的構成路由表是路由器轉發(fā)報文的判斷依據(jù)。E0/0/24/24目的地址/掩碼下一跳地址出接口度量值/0E0/210/24E0/10/24E0/20/32InLoop00/24E0/21/8E0/33/24E0/20路由器單跳操作查找路由表IP報文入站查看下一跳地址送往接口轉發(fā)丟棄沒有匹配路由在直連鏈路上以下一

26、跳作為目的地址不在直連鏈路上報文封裝有匹配路由路由表查找規(guī)則（1）目的地址/掩碼下一跳地址出接口度量值/24E0/10/24E0/20/32InLoop00/24E0/21/8E0/33/24E0/20E0/2/24/24E0/1E0/3/24最長匹配然后轉發(fā)目的地址的報文入站路由表查找規(guī)則（2）目的地址/掩碼下一跳地址出接口度量值/24E0/10/24E0/20/32InLoop00/24E0/21/8E0/33/24E0/20E0/2/24/24E0/1E0/3/24轉發(fā)目的地址的報文入站路由表查找規(guī)則（3）目的地址/掩碼下一跳地址出接口度量值/0E0/210/24E0/10/24E0/2

27、0/32InLoop00/24E0/21/8E0/33/24E0/20E0/2/24/24E0/1E0/3/24轉發(fā)目的地址的報文入站路由的來源直連路由開銷小，配置簡單，無需人工維護。只能發(fā)現(xiàn)本接口所屬網(wǎng)段的路由。手工配置的靜態(tài)路由無開銷，配置簡單，需人工維護，適合簡單拓撲結構的網(wǎng)絡。路由協(xié)議發(fā)現(xiàn)的路由開銷大，配置復雜，無需人工維護，適合復雜拓撲結構的網(wǎng)絡。路由度量值（Metric）路由度量值表示到達這條路由所指目的地址的代價。通常影響路由度量值的因素：線路延遲、帶寬、線路使用率、線路可信度、跳數(shù)、最大傳輸單元不同路由協(xié)議參考的因素不同路由類型度量值參考因素靜態(tài)路由（Static）固定值，0O

28、SPF路由協(xié)議帶寬RIP路由協(xié)議跳數(shù)如果到相同目的地址有多個路由來源，則：以Preference（優(yōu)先級）確定不同類型優(yōu)先級Preference越小，優(yōu)先級越高優(yōu)先級最高的路由被添加進路由表目的網(wǎng)段比較生效路由優(yōu)先級比較添加到路由表不同相同優(yōu)先級高路由優(yōu)先級路由環(huán)路Routing Table目標網(wǎng)絡接口權值.S0/04Routing Table目標網(wǎng)絡接口權值S0/12Routing Table目標網(wǎng)絡接口權值S1/03E1/0S0/0S0/0S1/0S0/0RTARTBRTCS0/1E1/0S0/1環(huán)路產(chǎn)生的原因：配置錯誤或協(xié)議缺陷思科路由器基本配置命令配置密碼Router(config)#

29、 line console 0Router(config-line)# loginRouter(config-line)# password ciscoConsole Password Virtual Terminal Password Router(config)# line vty 0 4Router(config-line)# login Router(config-line)# password ciscoEnable Password Router(config)# enable secret san-franPerform Password EncryptionRouter(con

30、fig)# service password-encryption(set passwords here)Router(config)# no service password-encryption配置路由器的標示Router NameRouter(config)# hostname TokyoTokyo#Login BannerTokyo(config)# banner motd #Welcome to router TokyoAccounting Department3rd Floor#Interface DescriptionTokyo(config)# interface e 0Tok

31、yo(config-if)# description Engineering LAN, Bldg. 18為路由器及其端口配置標示信息Router (config-if) #分配地址和掩碼針對端口配置IP地址設定允許使用子網(wǎng)掩碼配置 IP 地址ip address ip-address subnet-maskRouter (config) #ip subnet-zeroDefines a path to an IP destinationnetwork or subnetip route network mask address | interface distance Router (conf

32、ig) #配置靜態(tài)路由舉例:靜態(tài)路由ip route Cisco A Cisco BE0S0S1S2S0Router# show running-configBuilding configuration.Current configuration:!version 11.2!- More -Router# show startup-configUsing 1108 out of 130048 bytes!version 11.2!hostname router- More -show running-config 命令 show startup-config 命令Use write termi

33、nal with Release 10.3 and earlierUse show config with Release 10.3 and earlierRouterA#show versionCisco Internetwork Operating System SoftwareIOS (tm) 2500 Software (C2500-JS40-L), Version 11.2(5), RELEASE SOFTWARE (fc1)Copyright (c) 1986-1997 by cisco Systems, Inc.Compiled Tue 01-Apr-97 09:12 by ck

34、ralikImage text-base: 0 x0303F9A8, data-base: 0 x00001000ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWAREROM: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)RouterA uptime is 1 day, 5 hours, 50 minutesSystem restarted by reloadSystem image file is flash:c2500-j

35、s40-l.112-5.bin, booted via flash-More-show version 命令cisco 2522 (68030) processor (revision M) with 14336K/2048K bytes of memory.Processor board ID 05614645, with hardware revision 00000002Bridging software.SuperLAT software copyright 1990 by Meridian Technology Corp).X.25 software, Version 2.0, NE

36、T2, BFE and GOSIP compliant.TN3270 Emulation software (copyright 1994 by TGV Inc).Basic Rate ISDN software, Version 1.0.1 Ethernet/IEEE 802.3 interface(s)2 Serial network interface(s)8 Low-speed serial(sync/async) network interface(s)1 ISDN Basic Rate interface(s)32K bytes of non-volatile configurat

37、ion memory.16384K bytes of processor board System flash (Read ONLY)Configuration register is 0 x2102RouterA#show versionRouterA# show protocolsGlobal values: Internet Protocol routing is enabled DECNET routing is enabled XNS routing is enabled Appletalk routing is enabled Novell routing is enabled -

38、More- Ethernet0 is up, line protocol is up Internet address is , subnet mask is 28 Decnet cost is 5 XNS address is 3010.aa00.0400.0284 AppleTalk address is 3012.93, zone ld-e0 Novell address is 3010.aa00.0400.0284 -More-show protocols 命令Router show ip routeCodes: C - connected, S - static, I - IGRP,

39、 R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate defaultGateway of last resort is not set is subnetted (mask is ), 1 subnetsC is

40、directly connected, Ethernet1R R 120/1 via 2, 00:00:09, Ethernet0 is subnetted (mask is 28), 4 subnetsR 28 120/1 via 30, 00:00:17, Serial0 120/1 via 30, 00:00:17, Serial1C is directly connected, Ethernet0C 28 is directly connected, Serial1C 28 is directly connected, Serial0R 列出 IP 路由表Router show ip

41、protocolRouting Protocol is igrp 300 Sending updates every 90 seconds, next due in 55 seconds Invalid after 270 seconds, hold down 280, flushed after 630 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in ou

42、tgoing updates Default networks accepted from incoming updates IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 IGRP maximum hopcount 100 IGRP maximum metric variance 1 Redistributing: igrp 300 Routing for Networks: Routing Information Sources: Gateway Distance Last Update 100 0:00:52 2 100 0:00:43 3

43、0 100 0:01:02 Distance: (default is 100) -More-show ip protocol 命令Router show ip interfacesEthernet0 is up, line protocol is up Internet address is , subnet mask is 28 Broadcast address is 55 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast for

44、warding is enabled Outgoing access list is not set Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching o

45、n the same interface is disabled IP SSE switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled -More-show ip interfaces 命令Router show ip routeCod

46、es: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate defaultGateway of last resort is not set

47、 is subnetted (mask is ), 1 subnetsC is directly connected, Ethernet1I 100/1200 via 00, 00:00:57, Ethernet1I 100/1200 via 2, 00:00:05, Ethernet0 is subnetted (mask is 28), 4 subnetsI 28 100/180671 via 30, 00:00:27, Serial1 100/180671 via 30, 00:00:27, Serial0C is directly connected, Ethernet0C 28 is

48、 directly connected, Serial1C 28 is directly connected, Serial0I 100/1200 via , 00:00:55, Ethernet1I 100/1300 via 00, 00:00:58, Ethernet1show ip route 命令RAMInternetwork Operating SystemProgramsTables and BuffersActiveConfigurationFileBackupConfigurationFileOperating SystemsInterfacesRouter 狀態(tài)檢查命令Rou

49、ter# show versionFlashRouter# show processes CPURouter# show protocolsRouter# show memRouter# show stacksRouter# show buffersRouter# show flashRouter# show running-configRouter# write termRouter# show startup-configRouter# show configNVRAMRouter# show interfaces密碼在Cisco設備上配置控制端口密碼xxzx3640(config)#li

50、ne console 0 xxzx3640(config-line)#loginxxzx3640(config-line)#password ciscoxxzx3640(config-line)#login local/tacacsxxzx3640(config-line)#username xxx password xxxxxzx3640(config-line)#access-class 1 in控制會話超時RSM143(config)#line console 0RSM143(config-line)#exec-timeout 5 30RSM143(config)#line vty 0

51、4RSM143(config-line)#exec-timeout 5 3DSW141 (enable) set logout 5 ASW41(config)#line consoleASW41(config-line)#time-out 300 IOS交換機Set 命令交換機IOS 路由器privilege configure level 3 usernameprivilege exec level 3 copy run startprivilege exec level 3 pingprivilege exec level 3 show runprivilege exec level 3

52、showenable secret level 3 cisco特權級別通過修改用戶的特權級別，你可以為用戶分配更細微的權限IOS路由器 特權級訪問xxzx3640(config)#enable secret level 3 ciscouser xxzx3640(config)#privilege exec level 3 xxxRuns on routers with Cisco IOS 10.3 or later and Cisco switches and hubsSummary information includes:Device identifiersAddress listPort

53、 identifierCapabilities listPlatform CDPshow cdpCDPCDP使用CDP查看鄰居S0S0E0Router AE0Frame Relay WANRouter BCDP 配置舉例RouterA#show cdp interfaceSerial0 is up, line protocol is up, encapsulation is Frame Relay Sending CDP packets every 60 seconds Holdtime is 180 secondsEthernet0 is up, line protocol is up, e

54、ncapsulation is ARPA Sending CDP packets every 60 seconds Holdtime is 180 secondsrouterA (config-if)# cdp enableEnable CDP on each interface使用CDP命令SwitchBRouterARouterBSwitchAS0S1RouterA#sh cdp ? entry Information for specific neighbor entry interface CDP interface status and configuration neighbors

55、 CDP neighbor entries traffic CDP statistics RouterA(config)#no cdp run RouterA(config)#interface serial0 RouterA(config-if)#no cdp enable Showing CDP NeighborsRouterA#show cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge, S - Switch, H - Host, I - IGMPDevice ID L

56、ocal Intrfce Holdtme Capability Platform Port ID Router Ser 0 151 R 2522 Ser 1 SwitchA0050BD855780 Eth 0 165 T s 1900 2RouterA#show cdp neighbors detail-Device ID: RouterBEntry address(es): IP address: Novell address: 1002.0000.0c01.1111Platform: cisco 2522, Capabilities: RouterInterface: Serial1, P

57、ort ID (outgoing port): Serial0Holdtime : 149 sectelnet 操作Initiate a sessionDenver telnet parisEnd a sessionParis exitSuspend a sessionEscape sequenceParis DenverResume a sessionDenver Disconnect a sessionDenver disconnect parisDisplay sessionsDenver# show sessionsConnHostAddressIdleConn Name 1Paris

58、52 0Paris 2Tokyo3 0Tokyo*TokyoParisDenver使用Telnet連接遠程設備Remote deviceSwitchBRouterARouterBSwitchAS0S1RouterA#telnet Trying . Open-Catalyst 1900 Management ConsoleCopyright (c) Cisco Systems, Inc. 1993-1998All rights reserved.Enterprise Edition SoftwareEthernet Address: 00-90-86-73-33-40PCA Number: 73

59、-2239-06PCA Serial Number: FAA02359H8KModel Number: WS-C1924-ENSystem Serial Number: FAA0237X0FQ.SwitchB查看Telnet連接SwitchBRouterARouterBSwitchAS0S1RouterA#sh sessionConn Host Address Byte Idle Conn Name 1 0 1 * 2 0 0 RouterA#sh user Line User Host(s) Idle Location* 0 con 0 3 2 11 vty 0 idle 1 切換Telne

60、t會話SwitchBRouterARouterBSwitchAS0S1RouterB#xRouterA#sh sessionConn Host Address Byte Idle Conn Name 1 0 1 RouterA#resume 1RouterB#RouterA#disconnect Closing connection to confirmRouterA#clear line 11confirm OK關閉Telnet會話Closing a session opened by a remote deviceClosing the current session opened by