1. Trang chủ
  2. » Công Nghệ Thông Tin

cisco press ccna portable command guide 2nd edition 640 802 phần 7 doc

38 273 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 38
Dung lượng 5,04 MB

Nội dung

CHAPTER 19 Telnet and SSH This chapter provides information and commands concerning the following topics: • Using Telnet to remotely connect to other devices • Configuring the Secure Shell Protocol (SSH) Using Telnet to Remotely Connect to Other Devices The following five commands all achieve the same result: the attempt to connect remotely to the router named Paris at IP address 172.16.20.1. Any of the preceding commands lead to the following configuration sequence: Denver>tt tt ee ee ll ll nn nn ee ee tt tt pp pp aa aa rr rr ii ii ss ss Enter if ip host command was used previously to create a mapping of an IP address to the word paris. Denver>tt tt ee ee ll ll nn nn ee ee tt tt 11 11 77 77 22 22 11 11 66 66 22 22 00 00 11 11 Denver>pp pp aa aa rr rr ii ii ss ss Enter if ip host command is using default port #. Denver>cc cc oo oo nn nn nn nn ee ee cc cc tt tt pp pp aa aa rr rr ii ii ss ss Denver>11 11 77 77 22 22 11 11 66 66 22 22 00 00 11 11 Paris> As long as vty password is set. See the Caution following this table. Paris>ee ee xx xx ii ii tt tt Terminates the Telnet session and returns you to the Denver prompt. Denver> Paris> ll ll oo oo gg gg oo oo uu uu tt tt Terminates the Telnet session and returns you to the Denver prompt. 204 Using Telnet to Remotely Connect to Other Devices CAUTION: The following configuration creates a big security hole. Never use it in a live production environment. Use it in the lab only! Denver> Paris> Ç-Í-6, release, then press x Suspends the Telnet session but does not terminate it, and returns you to the Denver prompt. Denver> Denver>® Resumes the connection to Paris. Paris> Denver> rr rr ee ee ss ss uu uu mm mm ee ee Resumes the connection to Paris. Paris> Denver> dd dd ii ii ss ss cc cc oo oo nn nn nn nn ee ee cc cc tt tt pp pp aa aa rr rr ii ii ss ss Terminates the session to Paris. Denver> Denver# ss ss hh hh oo oo ww ww ss ss ee ee ss ss ss ss ii ii oo oo nn nn ss ss Displays connections you opened to other sites. Denver#ss ss hh hh oo oo ww ww uu uu ss ss ee ee rr rr ss ss Displays who is connected remotely to you. Denver#cc cc ll ll ee ee aa aa rr rr ll ll ii ii nn nn ee ee x Disconnects the remote user connected to you on line x. The line number is listed in the output gained from the show users command. Denver(config)#ll ll ii ii nn nn ee ee vv vv tt tt yy yy 00 00 44 44 Moves to line configuration mode for vty lines 0–4. Denver(config-line) ss ss ee ee ss ss ss ss ii ii oo oo nn nn ll ll ii ii mm mm ii ii tt tt x Limits the number of simultaneous sessions per vty line to x number. Configuring the Secure Shell Protocol (SSH) 205 NOTE: A device must have two passwords for a remote user to be able to make changes to your configuration: • Line vty password (or have it explicitly turned off; see the preceding Caution) • Enable or enable secret password Without the enable or enable secret password, a remote user will only be able to get to user mode, not to privileged mode. This is extra security. Configuring the Secure Shell Protocol (SSH) CAUTION: SSH Version 1 implementations have known security issues. It is rec- ommended to use SSH Version 2 whenever possible. NOTE: To work, SSH requires a local username database, a local IP domain, and an RSA key to be generated. The Cisco implementation of SSH requires Cisco IOS Software to support Rivest- Shamir-Adleman (RSA) authentication and minimum Data Encryption Standard (DES) encryption—a cryptographic software image. Denver(config)#ll ll ii ii nn nn ee ee vv vv tt tt yy yy 00 00 44 44 Moves you to line configuration mode for vty lines 0–4. Denver(config-line)#nn nn oo oo pp pp aa aa ss ss ss ss ww ww oo oo rr rr dd dd The remote user is not challenged when Telnetting to this device. Denver(config-line)#nn nn oo oo ll ll oo oo gg gg ii ii nn nn The remote user moves straight to user mode. Router(config)#uu uu ss ss ee ee rr rr nn nn aa aa mm mm ee ee RR RR oo oo ll ll aa aa nn nn dd dd pp pp aa aa ss ss ss ss ww ww oo oo rr rr dd dd t t tt oo oo ww ww ee ee rr rr Creates a locally significant username/ password combination. These are the credentials needed to be entered when connecting to the router with SSH client software. Router(config)#ii ii pp pp dd dd oo oo mm mm aa aa ii ii nn nn nn nn aa aa mm mm ee ee tt tt ee ee ss ss tt tt ll ll aa aa bb bb Creates a host domain for the router. Router(config)#cc cc rr rr yy yy pp pp tt tt oo oo kk kk ee ee yy yy gg gg ee ee nn nn ee ee rr rr aa aa tt tt ee ee rr rr ss ss aa aa Enables the SSH server for local and remote authentication on the router and generates an RSA key pair. This page intentionally left blank CHAPTER 20 The ping and traceroute Commands This chapter provides information and commands concerning the following topics: • ICMP redirect messages • The ping command • Examples of using the ping and the extended ping commands • The traceroute command ICMP Redirect Messages The ping Command The following table describes the possible ping output characters. Router(config-if)#nn nn oo oo ii ii pp pp rr rr ee ee dd dd ii ii rr rr ee ee cc cc tt tt ss ss Disables ICMP redirects from this specific interface Router(config-if)#ii ii pp pp rr rr ee ee dd dd ii ii rr rr ee ee cc cc tt tt ss ss Reenables ICMP redirects from this specific interface Router#pp pp ii ii nn nn gg gg w . x . y . z Checks for Layer 3 connectivity with device at address w.x.y.z Router#pp pp ii ii nn nn gg gg Enters extended ping mode, which provides more options Character Meaning ! Successful receipt of a reply. . Device timed out while waiting for a reply. U A destination unreachable error protocol data unit (PDU) was received. Q Source quench (destination too busy). 208 Examples of Using the ping and the Extended ping Commands Examples of Using the ping and the Extended ping Commands M Could not fragment. ? Unknown packet type. & Packet lifetime exceeded. Router#pp pp ii ii nn nn gg gg 11 11 77 77 22 22 11 11 66 66 88 88 22 22 00 00 11 11 Performs a basic Layer 3 test to address. Router#pp pp ii ii nn nn gg gg pp pp aa aa rr rr ii ii ss ss Same as above but through the IP host name. Router#pp pp ii ii nn nn gg gg Enters extended ping mode; can now change parameters of ping test. Protocol [ip]: ® Press ® to use ping for IP. Target IP address: 11 11 77 77 22 22 11 11 66 66 22 22 00 00 11 11 Enter the target IP address. Repeat count [5]: 11 11 00 00 00 00 Enter the number of echo requests you want to send. The default is 5. Datagram size [100]: ® Enter the size of datagrams being sent. The default is 100. Timeout in Seconds [2]: ® Enter the timeout delay between sending echo requests. Extended commands [n]: yy yy ee ee ss ss Allows you to configure extended commands. Source address or interface: 11 11 00 00 00 00 11 11 00 00 11 11 Allows you to explicitly set where the pings are originating from. Type of Service [0] Allows you to set the TOS field in the IP header. The traceroute Command 209 The traceroute Command Set DF bit in IP header [no] Allows you to set the DF bit in the IP header. Validate reply data? [no] Allows you to set whether you want validation. Data Pattern [0xABCD] Allows you to change the data pattern in the data field of the ICMP echo request packet. Loose, Strict, Record, Timestamp, Verbose[none]: ® Sweep range of sizes [no]: ® Type escape sequence to abort Sending 100, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100) round- trip min/avg/max = 1/1/4 ms Router# tt tt rr rr aa aa cc cc ee ee rr rr oo oo uu uu tt tt ee ee 11 11 77 77 22 22 11 11 66 66 88 88 22 22 00 00 11 11 Discovers the route taken to travel to the destination Router#tt tt rr rr aa aa cc cc ee ee rr rr oo oo uu uu tt tt ee ee pp pp aa aa rr rr ii ii ss ss Command with IP host name rather than IP address Router#tt tt rr rr aa aa cc cc ee ee 11 11 77 77 22 22 11 11 66 66 22 22 00 00 11 11 Common shortcut spelling of the traceroute command This page intentionally left blank CHAPTER 21 SNMP and Syslog This chapter provides information and commands concerning the following topics: • Configuring SNMP • Configuring Syslog Configuring SNMP NOTE: A community string is like a password. In the case of the first command, the community string grants you access to SNMP. Configuring Syslog Router(config)#ss ss nn nn mm mm pp pp ss ss ee ee rr rr vv vv ee ee rr rr cc cc oo oo mm mm mm mm uu uu nn nn ii ii tt tt yy yy aa aa cc cc aa aa d d dd ee ee mm mm yy yy rr rr oo oo Sets a read-only (ro) community string called academy Router(config)#ss ss nn nn mm mm pp pp ss ss ee ee rr rr vv vv ee ee rr rr cc cc oo oo mm mm mm mm uu uu nn nn ii ii tt tt yy yy aa aa cc cc aa aa d d dd ee ee mm mm yy yy rr rr ww ww Sets a read-write (rw) community string called academy Router(config)#ss ss nn nn mm mm pp pp ss ss ee ee rr rr vv vv ee ee rr rr ll ll oo oo cc cc aa aa tt tt ii ii oo oo nn nn 22 22 nn nn dd dd F F FF ll ll oo oo oo oo rr rr II II DD DD FF FF Defines an SNMP string that describes the physical location of the SNMP server Router(config)#ss ss nn nn mm mm pp pp ss ss ee ee rr rr vv vv ee ee rr rr cc cc oo oo nn nn tt tt aa aa cc cc tt tt SS SS cc cc oo oo tt tt tt tt EE EE mm mm pp pp ss ss oo oo nn nn 55 55 55 55 55 55 55 55 22 22 33 33 66 66 Defines an SNMP string that describes the sysContact information Router(config)#ll ll oo oo gg gg gg gg ii ii nn nn gg gg oo oo nn nn Enables logging to all supported destinations. Router(config)#ll ll oo oo gg gg gg gg ii ii nn nn gg gg 11 11 99 99 22 22 11 11 66 66 88 88 11 11 00 00 55 55 33 33 Logging messages will be sent to a syslog server host at address 192.168.10.53. 212 Configuring Syslog There are eight levels of severity in logging messages, as follows: Setting a level means you will get that level and everything below it. Level 6 means you will receive level 6 and 7 messages. Level 4 means you will get levels 4 through 7. Router(config)#ll ll oo oo gg gg gg gg ii ii nn nn gg gg ss ss yy yy ss ss aa aa dd dd mm mm ii ii nn nn Logging messages will be sent to a syslog server host named sysadmin. Router(config)#ll ll oo oo gg gg gg gg ii ii nn nn gg gg tt tt rr rr aa aa pp pp xx xx Sets the syslog server logging level to value x, where x is a number between 0 and 7 or a word defining the level. The table that follows provides more details. Router(config)#ss ss ee ee rr rr vv vv ii ii cc cc ee ee tt tt ii ii mm mm ee ee ss ss tt tt aa aa mm mm pp pp ss ss ll ll oo oo gg gg dd dd aa aa t t tt ee ee tt tt ii ii mm mm ee ee Syslog messages will now have a timestamp included. 0 Emergencies System is unusable 1 Alerts Immediate action needed 2 Critical Critical conditions 3 Errors Error conditions 4 Warnings Warning conditions 5 Notifications Normal but significant conditions 6 Informational Informational messages (default level) 7 Debugging Debugging messages [...]... provides information and commands concerning the following topics: • Viewing the routing table • Determining the gateway of last resort • Determining the last routing update • OSI Layer 3 testing • OSI Layer 7 testing • Interpreting the show interface command • Clearing interface counters • Using CDP to troubleshoot • The traceroute command • The show controllers command • debug commands • Using time... Instead, be selective about which debug commands you turn on Do not leave debugging turned on After you have gathered the necessary information from debugging, turn all debugging off If you want to turn off only one specific debug command and leave others on, issue the no debug x command, where x is the specific debug command you want to disable The ip http server Command 2 17 Using Time Stamps s Router(config)#service... provides more options NOTE: See Chapter 20, “The ping and traceroute Commands,” for all applicable ping commands Clearing Interface Counters 215 OSI Layer 7 Testing NOTE: See Chapter 19, “Telnet and SSH,” for all applicable Telnet commands d Router#debug telnet Displays the Telnet negotiation process Interpreting the show interface Command s Router#show interface serial 0/0/0 Displays the status and... interface type/slot Resets specific interface counters to 0 216 debug Commands Using CDP to Troubleshoot NOTE: See Chapter 19 for all applicable CDP commands The traceroute Command t Router#traceroute w.x.y.z NOTE: Displays all routes used to reach the destination of w.x.y.z See Chapter 20 for all applicable traceroute commands The show controllers Command s Router#show controllers serial 0/0/0 Displays the... route 0.0.0.0 0.0.0.0 172 .16.20.1 Specifies that all routes not in the routing table will be sent to 172 .16.20.1 NOTE: The ip default-network command is for use with the deprecated Cisco proprietary Interior Gateway Routing Protocol (IGRP) Although you can use it with Enhanced Interior Gateway Routing Protocol (EIGRP) or RIP, it is not recommended Use the ip route 0.0.0.0 0.0.0.0 command instead Routers... Make sure you have the date and time set with the clock command at privileged mode so that the time stamps are more meaningful Operating System IP Verification Commands The following are commands that you should use to verify what your IP settings are Different operating systems have different commands • ipconfig (Windows 2000/XP): Click Start > Run > Command > ipconfig or ipconfig/all • winipcfg (Windows... pool scott 64.64.64 .70 64.64.64 .70 netmask 255.255.255.128 Defines the following: The name of the pool is scott (The name of the pool can be anything.) The start of the pool is 64.64.64 .70 The end of the pool is 64.64.64 .70 The subnet mask is 255.255.255.128 Step 3: Create an ACL that will identify which private IP addresses will be translated a Corp(config)#access-list 1 permit 172 .16.10.0 0.0.0.255... router rip command and then use the network command to specify the interfaces on which to run RIP, the RIPng process is created automatically when RIPng is enabled on an interface with the ipv6 rip name enable command NOTE: Cisco IOS Software automatically creates an entry in the configuration for the RIPng routing process when it is enabled on an interface NOTE: The ipv6 router rip processname command. .. Click Start > Run > winipcfg • ifconfig (Mac/Linux): #ifconfig The ip http server Command i Router(config)#ip http server Enables the HTTP server, including the Cisco web browser user interface n Router(config-if)#no ip http server Disables the HTTP server 218 The netstat Command CAUTION: The HTTP server was introduced in Cisco IOS Software Release 11.0 to extend router management to the web You have... network topology for the PAT configuration that follows using the commands covered in this chapter Figure 23-3 Port Address Translation Configuration 172 .16.10.10 fa0/0 172 .16.10.1 s0/0/0 198.133.219.1/30 Company DCE 198.133.219.2/30 Network 172 .16.10.0/24 Lo0 192.31 .7. 1/24 DCE s0/0/1 ISP Network 198.133.219.0/30 IP NAT IP NAT Inside Outside ISP Router e router>enable Moves to privileged mode c router#configure . ping Commands Examples of Using the ping and the Extended ping Commands M Could not fragment. ? Unknown packet type. & Packet lifetime exceeded. Router#pp pp ii ii nn nn gg gg 11 11 77 77 22 22 . 11 11 Denver>pp pp aa aa rr rr ii ii ss ss Enter if ip host command is using default port #. Denver>cc cc oo oo nn nn nn nn ee ee cc cc tt tt pp pp aa aa rr rr ii ii ss ss Denver>11 11 77 77 22 22 11 11 66 66 . pp pp aa aa rr rr ii ii ss ss Enter if ip host command was used previously to create a mapping of an IP address to the word paris. Denver>tt tt ee ee ll ll nn nn ee ee tt tt 11 11 77 77 22 22 11 11 66 66

Ngày đăng: 14/08/2014, 13:21