copyright © 2002, cisco systems, inc. icnd router 의 기초

Copyright © 2002, Cisco Systems, Inc.ICND

Router 의 기초

2ICND Copyright © 2002, Systems, Inc.

• Router 하드웨어 구성• 라우터의 로그인• 도움기능을 이용해 완전한 명령 수행 • 불완전한 명령어를 수정• 라우터 상태 검사• Password 설정방법• 라우터 배너 설정• 인터페이스 환경설정의 수행• 인터페이스 설명문• 호스트명 설정

목적


Serial 0 LED

Cisco Router 포트 (25xx)

SD

AUI SERIAL 0 SERIAL 1 CONSOLE AUX

CISCO 2501

Input: 100-240VACFreq: 50.60 HzCurrent: 1.2-0.6AWatts: 40W

Ethernet AUI Port

Serial Port 0

Serial Port 1

Console Port

AUX Port

Switch on/off

Power

Ethernet AUI LED Serial 1 LED System OK LED


Serial Port

Cisco Router 포트 (26xx)

Fastethernet Port

Console Port

AUX Port

Switch on/off

Power


Console 접속

라우터의 console 포트와 PC 의 통신포트 연결


Console 접속

PC 에서 하이퍼터미널 실행하여 위와 같이 접속

비트 9600, 데이터비트 8 로 설정


외부에서 환경 설정하는 단말기

• 여러 단말기를 통해 환경정보를 제공받을 수 있음

Console Port

Auxiliary Port

Interfaces

VirtualTerminals

VTY 0 4

Internet

8ICND Copyright © 2002, Systems, Inc.Copyright © 1998, Cisco Systems, Inc.ICRC_revision_11.3

Router Mode


Global Configuration Mode시스템의 전체적인 부분에 명령을 내리는 모드

Operating system 이 플래쉬나 부트시퀀스에 없을 경우나 start-up 시 인터럽트 된 경우 사용

ROM Monitor Mode

> or rommon>

초가 환경설정 시 사용되는 모드Setup Mode

RXBoot Mode부팅시 플래쉬메모리에서 Cisco IOS 를 발견하지 못했을 경우 도움을 주는 소프트웨어

Router<boot>

Router(config)#

세부적인 명령이나 동시명령 수행시 사용Other Configuration Modes

Router(config - mode)#

Router>

User EXEC Mode

Limited examination of router. Remote access.

Privileged EXEC ModeDetailed examination of router. Debugging and testing. File manipulation. Remote access.

Router#

Router>

User EXEC Mode

Limited examination of router. Remote access.

Privileged EXEC ModeDetailed examination of router. Debugging and testing. File manipulation. Remote access.

Router#

Privileged EXEC Mode라우터의 상세한 디버깅과 테스팅기능 수행 . 원격사용 가능

Router#

Router>

User EXEC Mode

라우터의 제한된 기능만 사용 , 원격사용 가능

라우터모드


Router>?Exec commands: access-enable Create a temporary Access-List entry atmsig Execute Atm Signalling Commands cd Change current device clear Reset functions connect Open a terminal connection dir List files on given device disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user logout Exit from the EXEC mrinfo Request neighbor and version information from a

multicast router -- More --

User Mode Command List


Router#?Exec commands: access-enable Create a temporary Access-List entry access-template Create a temporary Access-List entry bfe For manual emergency modes setting clear Reset functions clock Manage the system clock configure Enter configuration mode connect Open a terminal connection copy Copy configuration or image data debug Debugging functions (see also 'undebug') disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands erase Erase flash or configuration memory exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user logout Exit from the EXEC mbranch Trace multicast route down tree branch --More--

Privileged Mode Command List


Router#clokTranslating "clo"...domain server (255.255.255.255)% Unknown command or computer name, or unable to find computer address

Help



Router#cl?clear clock

Help




Router#clock% Incomplete command.

Help





Router#clock ?set Set the time and date

Help






Router#clock set% Incomplete command.

Help







Router#clock set ?Current Time (hh:mm:ss)

Help








Router#clock set 19:56:00% Incomplete command.

Router#clock set 19:56:00 ?<1-31> Day of the monthMONTH Month of the year

Router#clock set 19:56:00 04 8. ^% Invalid input detected at the '^' marker

Router#clock set 19:56:00 04 August% Incomplete command.

Router#clock set 19:56:00 04 August ?<1993-2035> Year

Help


Router>Shape the future of internetworking by creating unpreced

단축키를 이용한 명령어 수정


Router>$ future of internetworking by creating unprecedented op

Automatic scrolling of long lines.



Router>Shape the value of internetworking by creating unpreced


<Ctrl><A> 명령어의 처음으로 이동



Router>$ value for customers, employees, and partners.


<Ctrl><A> 명령어의 처음으로 이동 .

<Ctrl><E> 명령어 마지막으로 이동 .






<Ctrl><E> 명령어 마지막으로 이동 .

<Esc><B> 직전 단어 처음으로 이동 .






<Ctrl><E> 명령어 마지막으로 이동

<Esc><B> 직전 단어 처음으로 이동

<Ctrl><F> 한문자씩 앞으로 이동 .






<Ctrl><E> 명령어 마지막으로 이동

<Esc><B> 직전 단어 처음으로 이동

<Ctrl><F> 한문자씩 앞으로 이동 .

<Ctrl><B> 한문자씩 뒤로 이동 .





[ Ctrl+A ] 명령어의 처음으로 이동 .

[ Ctrl+E ] 명령어 마지막으로 이동

[ Esc+B ] 직전 단어 처음으로 이동

[ Ctrl+F ] 한문자씩 앞으로 이동 .

[ Ctrl+B ] 한문자씩 뒤로 이동 .

[ Esc+F ] 한단어씩 앞으로 이동



명령 history 수행

Router#show history show history enable terminal history size 10 terminal no editing terminal editing show historyRouter# [ Ctrl+P ] or Up arrow 마지막에 입력된 명령어를 보여줌

[ Ctrl+N ] or Down arrow 직전에 입력된 명령어를 보여줌

[ Tab ] 명령어 입력을 끝냄


History Size 변경

Router#show terminalLength: 25 lines, Width: 80 columns

[ 생략 ]

Time since activation: neverEditing is enabled.History is enabled, history size is 10. . .

Router# terminal history size ?

<0-256> Size of history buffer

Router#terminal history size 30

Router#show terminalLength: 25 lines, Width: 80 columns[ 생략 ]Time since activation: neverEditing is enabled.History is enabled, history size is 30. . .

Router#show terminalLength: 25 lines, Width: 80 columns[ 생략 ]Time since activation: neverEditing is enabled.History is enabled, history size is 30. . .

History size 를 변경할 수 있는 명령어는 terminal history size

##Copyright © 2002, Cisco Systems, Inc.ICND

User Interface


사용자 인터페이스의 개요

사용자 (User) Mode

Privileged Mode• 명령모드에 접근이 가능함


Router 에 로그인

Console



Console

Router con0 is now available

Press RETURN to get started.



Console

Router>Router>enablePassword:*****



User Mode Prompt



Console

Router>Router>enablePassword:*****Router#



User Mode Prompt

Privileged-mode prompt



Console

Router>Router>enablePassword:*****Router#Router#disableRouter>



User Mode Prompt




Console

Router>Router>enablePassword:*****Router#Router#disableRouter>Router>logout



User Mode Prompt


Copyright © 2002, Cisco Systems, Inc.ICND

Router 상태 검사


ConsoleConsole

AuxiliaryAuxiliaryInterfacesInterfaces

RAMRAM NVRAMNVRAM FlashFlash ROMROM

라우터내부의 Configuration관여 컴포넌트


RAM

Internetwork Operating System

ProgramsTables

and Buffers

DynamicConfigurationInformation

NVRAM Flash

BackupBackupConfigurationConfiguration

FileFile

Operating Operating SystemsSystems

IInntteerrffaacceess

Router#show interfacesRouter#show interfaces

Router#show memRouter#show ip routeRouter#show memRouter#show ip route

Router#show flashRouter#show flash

Router#show startup-configRouter#show startup-config

Router#show running-configRouter#show running-config

Router#show processes CPURouter#show protocolsRouter#show processes CPURouter#show protocols

Router#show versionRouter#show version

라우터 상태 검사 명령어


Router#show version

IOS (tm) 2500 Software (C2500-JS-L), Version 11.2 (6), RELEASE SOFTWARE (fc1)Copyright (c) 1986-1997 by cisco Systems, Inc.Compiled Tue 06-May-97 16:17 by kuongImage text-base: 0x0303ED8C, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWAREROM: 2500-XBOOT Bootstrap Software, Version 10.1(1), RELEASE SOFTWARE (fc1)

router uptime is 1 week, 3 days, 32 minutesSystem restarted by reloadSystem image file is "c2500-js-l", booted via tftp from 171.69.1.129

--More--

show version 명령어


Router#show startup-configUsing 1108 out of 130048 bytes!version 11.2!hostname router

-- More --

show startup-config Command and show running-config Command

• 버전 10.2 와 그 앞버젼은 write terminal 사용

• 버전 10.2 와 그 앞버젼은 show config 사용

Router#show running-configBuilding configuration...

Current configuration:!version 11.2!

-- More --


Show Processes CPU

RouterB#sh processes CPUCPU utilization for five seconds: 10%/9%; one minute: 23%; five minutes: 25% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 152 4200 36 0.00% 0.00% 0.00% 0 Load Meter 2 664 100 6640 0.40% 0.85% 0.20% 2 Virtual Exec 3 47876 3228 14831 0.00% 0.21% 0.19% 0 Check heaps 4 0 1 0 0.00% 0.00% 0.00% 0 Pool Manager 5 0 2 0 0.00% 0.00% 0.00% 0 Timers 6 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun 7 1504 378 3978 0.00% 0.00% 0.00% 0 ARP Input 8 8 3 2666 0.00% 0.00% 0.00% 0 DDR Timers 9 16 2 8000 0.00% 0.00% 0.00% 0 Entity MIB API 10 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect 11 2576 2157 1194 0.40% 0.06% 0.01% 0 IP Input 12 3360 2568 1308 0.00% 0.01% 0.01% 0 CDP Protocol 13 4 1 4000 0.00% 0.00% 0.00% 0 PPP IP Add Route 14 4 36 111 0.00% 0.00% 0.00% 0 MOP Protocols 15 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana

RouterB#sh protocolGlobal values: Internet Protocol routing is enabledEthernet0 is up, line protocol is up Internet address is 162.20.30.1/24Serial0 is down, line protocol is down Internet address is 162.20.20.2/24Serial1 is up, line protocol is up Internet address is 162.20.40.1/24


Show memory of ip routeRouter#show mem Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)Processor 861F4 5737996 1050352 4687644 4457384 4471724 I/O 600000 2097152 336376 1760776 1760776 1760556

Router#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default U - per-user static route, o - ODR

Gateway of last resort is 162.20.40.2 to network 0.0.0.0

162.20.0.0/24 is subnetted, 3 subnetsI 162.20.60.0 [100/8976] via 162.20.40.2, 00:00:47, Serial1C 162.20.40.0 is directly connected, Serial1C 162.20.30.0 is directly connected, Ethernet0S* 0.0.0.0/0 [1/0] via 162.20.40.2


Router#show interfaces Serial0 is up, line protocol is up Hardware is MK5025 Internet address is 183.8.64.129, subnet mask is 255.255.255.128 MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec, rely 255/255, load 9/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 0:00:00, output 0:00:01, output hang never Last clearing of "show interface" counters never Output queue 0/40, 0 drops; input queue 0/75, 0 drops Five minute input rate 1000 bits/sec, 0 packets/sec Five minute output rate 2000 bits/sec, 0 packets/sec 331885 packets input, 62400237 bytes, 0 no buffer Received 230457 broadcasts, 0 runts, 0 giants 3 input errors, 3 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 403591 packets output, 66717279 bytes, 0 underruns 0 output errors, 0 collisions, 8 interface resets, 0 restarts 45 carrier transitions

show interfaces Command


Show flash Command

Router#show flash

System flash directory:File Length Name/status 1 6888660 c2500-d-l.120-9.bin[6888724 bytes used, 1499884 available, 8388608 total]8192K bytes of processor board System flash (Read ONLY)

47ICND Copyright © 2002, Systems, Inc.ICND

Password Configuration


Password 개념

• Cisco 라우터는 보안을 위해 5 개의 Password 를 사용함 .

• 두 가지의 패스워드는 Privileged 모드의 보안을 위해서 설정 .

• 세가지 패스워드는 Consol Port, AUX Port, Telnet 을 통해 사용자 모드로 접근할 때 사용 .


Password 개념

• Enable Password Configuration

• Enable Secret Configuration

• Console Password Configuration

• AUX Password Configuration

• Telnet Password Configuration


Enable Password Configuration

Enable password 글로벌 환경설정 모드에서 가능 .

소대 문자를 구분하기 때문의 주의 .

명령 구문

Router#config terminalEnter configuration commands, one per line. End with CNTL/Z Router(config)#enable password {User password}


Enable Password Configuration

Router(config)#enable password cisco

User 모드에서 Privileged 모드로 전환시 묻는 암호

Router

Consol Cable Consol Port


Enable Secret Password Configuration

Router(config)#enable secret cisco1

User 모드에서 Privileged 모드로 전환시 묻는 또 하나의 암호

Router

Consol Cable


User Password Configuration

사용자 모드 패스워드는 Line 명령어를 사용하여 설정함 .

Router(config)#line ? <0-6> First Line number aux Auxiliary line console Primary terminal line vty Virtual terminal

Router(config)#


AUX Password Configuration

Router(config)#line aux 0

Router(config-line)#password auxpass

Router(config-line)#login

Router

Console Cable


Console Password Configuration

Router(config)#line console 0

Router(config-line)#password conpass


Router

Console Cable


Telnet Password Configuration

Router(config)#line vty 0 4

Router(config-line)#password telnetpass


Router

Console Cable


Password 암호화 설정

Enable password 는 수동으로 암호화를 설정해 주어야 함 .

Router# show running-config Building configuration...

Current configuration:!version 12.0!hostname Router!enable secret 5 $1$QFfP$ULrR2anexiRLw4cozRBmE1enable password Cisco!



명령어 형식 : Router(config)#Service password-encryption

Router(config)#service password-encryption




Current configuration:!version 12.0!hostname Router!enable secret 5 $1$QFfP$ULrR2anexiRLw4cozRBmE1enable password Cisco!


Current configuration:!version 12.0!hostname Router!enable secret 5 $1$QFfP$ULrR2anexiRLw4cozRBmE1enable password 7 030752180500!

설정 전

설정 후


Password 삭제 방법

Router((config)#no enable secret

Router(config)#no enable password

Password 를 삭제 하고자 할 경우 글로벌 설정모드에서 NO 를 사용함


Interface Configuration


Interface IP Address Configuration

• 인터페이스에 IP 어드레스를 설정하려면 인터페이스 환경설정모드로부터 IP

어드레스 명령을 사용한다 .

Router(config)#interface [ 포트이름 ]

Router(config)#ip address [IP 주소 ] [ 서브넷마스크 ]

Router(config)#interface [ 포트이름 ]

Router(config)#ip address [IP 주소 ] [ 서브넷마스크 ]


Interface IP Address Configuration

* Interface IP Address 설정방법

Router(config)#interface fastethernet0/0

Router(config)#ip address 172.16.10.1 255.255.255.0

Router(config)#no shutdown

Router(config)#interface fastethernet0/0

Router(config)#ip address 172.16.10.1 255.255.255.0

Router(config)#no shutdown


Secondary Command

• 두 번째 서브넷 어드레스를 인터페이스에 추가하고 싶을 경우 사용

• 세컨더리 IP 어드레스를 추가할 때는 반드시 Secondary 명령어를 사용 .

Router(config-if)#

Ip address 172.16.20.1 255.255.255.0 secondaryIp address 172.16.20.1 255.255.255.0 secondary


Router#show running-configBuilding configuration…Current configuration:[ 생략 ]!Interface fastethernet0/0 ip address 172.16.10.1 255.255.255.0 !

Router#show running-configBuilding configuration…Current configuration:[ 생략 ]!Interface fastethernet0/0 ip address 172.16.10.1 255.255.255.0 !

Secondary 확인

ip address 172.16.20.1 255.255.255.0 secondary


Configuring a Serial Interface

Serial Interface

A B

Router(config)#interface serial0/0

Router(config-if)#ip address [ip-address] [subnet mask]

Router(config-if)#no shutdown

Router(config)#interface serial0/0

Router(config-if)#ip address [ip-address] [subnet mask]

Router(config-if)#no shutdown

S0 S1


Serial Interface Command

• Interface Line Clocking 을 제공하는 CSU/DSU 타입의 디바이스

• 교육 용으로 사용되는 Back-to-Back 설정


DCE Serial Interface Configuration

DTE DCE

회선사업자가입자

Router(config-if)#clock rate 56000

Serial Link 구간의 통신 속도 설정

DCE 포트에만 설정

Router(config-if)#clock rate 56000

Serial Link 구간의 통신 속도 설정



DCE Serial Interface Configuration

DTE DCE

회선사업자가입자

Router(config-if)#bandwidth 64

Serial Link 구간의 대역폭 설정


Router(config-if)#bandwidth 64

Serial Link 구간의 대역폭 설정



기타 설정


Hostname 설정

Hostname 명령어는 라우터를 식별하기 위한 명령어

Router(config)#hostname Cisco

Cisco(config)#hostname Router

라우터 이름 변경


Description ( 설명 ) 설정

• 인터페이스에 설명문을 보기 위해서는 Show running-config 이나 show interface 명령어로 확인을 할 수가 있다 .

Router(config)# interface fastethernet0/0

Router(config-if)# description Ethernet Interface


웹 관리 설정

• Web 에서 라우터로 접속하여 라우터를 관리하기위한 설정

설정

Router(config)# ip http server

해제Router(config)# no ip http server


사용자 계정

• 사용자별 게정및 암호를 설정할 수 있다 .

Router(config)# username wpc password wpcpass

telnet 포트에 적용

Router(config)# line vty 0 4

Router(config)# login local


telnet 접속 유지 시간 설정

• 텔넷 접속 후 일정시간 동안 아무런 입력이 없으면 자동으로 연결을

해제하는 시간 설정

Router(config)# line vty 0 4

Router(config)# exec-timeout 2 30


Banner 설정

개요

• 사용자가 라우터로 로그인할 때 표시

• 다이얼링을 하는 사용자에게 보안통보를 표시

• 배너 설정방법에는 4 가지의 종류가 있다 .


Banner 설정

Router

Router(config)#banner ? LINE c banner-text c, where 'c' is a delimiting character exec Set EXEC process creation banner incoming Set incoming terminal line banner login Set login banner motd Set Message of the Day bannerRouter(config)#


Banner MOTD Configuration

Router

Router# config terminalEnter configuration commands, one per line. End with CNTL/Z.

Router(config)#banner motd # World Academy #Router(config)#

MOTD (Message of the Day) 가 가장 널리 사용된다 .


Banner Mode Configuration

Router

World Academy

User Access Verification

Password:

copyright © 2002, cisco systems, inc. icnd router 의 기초

Documents