Command status
Router>
The router is in the user command state, and the user can see the router's connection status, access other networks and hosts, but cannot see and change the set content of the router.
2. Router #
Type Enable at the Router> prompt, the router enters the privilege command status Router #, but also can also perform all user commands, but also change the set content of the router.
3. Router (config) #
Type Configure Terminal at the Router # prompt, the prompt Router (config) #, at which time the router is in a global setting state, the global parameter of the router can be set.
4. Router (config-if) #; router (config-line) #; router (config-router) #; ...
The router is in a local setting state, and a partial parameter of the router can be set.
5.>
The router is in the RXBOOT state, press Ctrl-Break within 60 seconds after the power-on can enter this state, and the router cannot complete the normal function, and can only be upgraded and manually booted.
6. Set a dialog state
This is a state that automatically enters when a new router is powered on. You can also enter this status using the setup command in the privileged command status. At this time, the router can be set by dialog.
Set the dialog process
1. Show prompt information
2. Setting of global parameters
3. Settings of interface parameters
4. Display results
Using the settings dialog process can avoid the cumbersome of manual input commands, but it can't completely replace manual settings, and some special settings must be completed by manually entered.
After entering the settings dialog process, the router will display some prompt information first:
--- System Configuration Dialog ---
AT Any Point You May ENTER A Question Mark '?' For Help.
Use Ctrl-C To Abort Configuration Dialog At ANY Prompt.
Default Settings Are In Square Brackets '[]'.
This is to tell you anywhere in the settings dialogue process can be used to get the system help, press Ctrl-C to exit the setting process, the default settings will be displayed in '[]'. Then the router will ask if you enter the settings conversation:
Would you like to enter the initial configuration dialog? [YES]:
If you press Y or Enter, the router will enter the setup dialog process. First you can see the current status of each port:
First, Would you like to see the current interface summary? [YES]:
Any Interface listed with ok? Value "no" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned no unset up UP
Serial0 Unassigned No Unset Up Up
......... ......... ...... ... ...
Then, the router starts the setting of the global parameter:
Configuring Global Parameters:
1. Set the router name:
ENTER HOST NAME [ROUTER]:
2. Set the secrets that enter the privileged state (SECRET), this ciphertext will not display in a clear text after setting:
..................
ENTER ENABLE SECRET: Cisco
3. Set the password entered into the privileged state, this password only works when there is no ciphertext, and will be displayed in a clear text after setting:
The Enable Password Is Used When there is no enable secret
And when useless. Software and some boot images.
ENTER ENABLE Password: Pass
4. Set the password when the virtual terminal is accessible:
ENTER Virtual Terminal Password: Cisco
5. Ask if you want to set various network protocols supported by the router:
Configure SNMP NetWork Management? [YES]:
Configure Decnet? [No]:
Configure AppleTalk? [No]:
Configure IPX? [NO]:
Configure ip? [YES]:
Configure IGRP ROUTING? [YES]:
Configure rip routing? [No]:
.........
6. If configured is a dial-up access server, the system will also set the parameters of the asynchronous port:
Configure async lines? [YES]:
1) Set the highest speed of the line:
Async line speed [9600]:
2) Whether to use hardware flow control:
Configure for HW Flow Control? [YES]:
3) Whether to set Modem:
Configure for modems? [YES / NO]: YES
4) Whether to use the default modem command:
Configure for Default Chat Script? [YES]:
5) Whether to set the PPP parameters of the asynchronous port:
Configure for Dial-in IP SLIP / PPP Access? [NO]: YES
6) Whether to use a dynamic IP address:
Configure for Dynamic IP Addresses? [YES]:
7) Whether to use the default IP address:
Configure Default IP Addresses? [No]: YES
8) Whether to use TCP header compression:
Configure for TCP Header Compression? [YES]:
9) Whether to use routing table update on asynchronous ports:
Configure for routing Updates ON async links? [No]: y
10) Whether to set other protocols on the asynchronous port.
Next, the system will be set to each interface.
1. Configuring interface ethernet0:
1) Whether to use this interface:
IS this interface in use? [Yes]:
2) Do IP parameters for this interface:
Configure IP on this interface? [YES]:
3) Set the IP address of the interface:
IP Address for this interface: 192.168.162.2
4) Set the IP subnet mask of the interface:
Number of Bits in Subnet Field [0]:
Class C Network IS 192.168.162.0, 0 Subnet Bits; Mask IS / 24 After setting the parameters of all interfaces, the system will display the results of the entire setup dialog process:
The Following Configuration Command Script Was Created:
Hostname Router
Enable Secret 5 $ W5OH $ P6J7TIGRMBOIKVXVG53UH1
Enable Password Pass
..........
Note that it is garbled after Enable Secret, and the Enable Password is displayed.
After the display is over, the system will ask if this setting is used:
Use this configuration? [YES / NO]: YES
If you answer your YES, the system will store the set result into the router's NVRAM, and then end the setup dialog process so that the router starts working properly.
Back to Contents
Common command
Help
In iOS operation, you can type "?" To get the help of the system, no matter any status and position.
2. Change the status of the command
Task command
Enter privileged command status enable
Exit privilege command status disable
Enter Setup Dial Status Setup
Enter the global settings CONFIG TERMINAL
Exit global setting state END
Enter Port Set Status Interface Type Slot / Number
Enter Sub-port Set Status Interface Type Number.suBinterface [Point-to-Point | Multipoint]
Enter the line setting status LINE TYPE SLOT / NUMBER
Enter the routing setting Status Router Protocol
Exit local setting status EXIT
3. Display command
Task command
View versions and boot information Show Version
View Run Set Show Running-Config
View boot settings show startup-config
Display port information show interface type slot / number
Display route information show ip router
4. Copy command
Backup and upgrade for iOS and Config
5. Network command
Task command
Login Remote Host Telnet Hostname | IP Address
Network Detection Ping Hostname | IP Address
Routing Track Trace Hostname | IP Address
6. Basic Settings Command
Task command
Global Setup CONFIG TERMINAL
Set access users and password Username Username Password Password
Set privileged password Enable Secret Password
Set router name hostname name
Set static routing ip route destination subnet-mask next-hop
Start IP routing ip routing
Start IPX Routing IPX Routing
Port Setting Interface Type Slot / Number
Set IP Address IP AddRess Address Subnet-Mask
Set IPX Network IPX Network Network Network Network NetWork
Activate port No Shutdown
Line Type Number
Launch Login Process Login [Local | TACACS Server]
Set login password Password Password
Configure IP addressing
1. IP address classification
The IP address is divided into two parts of the network address and the host address. The first A class address is the network address. The last 24 bit is the host address, the B-class address 16 is the network address, the last 16 bits are the host address, before the Class C 24 is the network address, the last 8 bit is the host address, the network address range is shown in the table: Type Network Address Range
A 1.0.0.0 to 126.0.0.0 is valid 0.0.0.0 and 127.0.0.0
B 128.1.0.0 to 191.254.0.0 valid 128.0.0.0 and 191.255.0.0 Reserved
C 192.0.1.0 to 223.255.254.0 is valid from 192.0.0.0 and 223.255.255.0
D224.0.0.0 to 239.255.255.255 for multi-channel broadcasting
E 240.0.0.0 to 255.255.255.254 Reserved 255.255.255.255 for broadcast
2. Assign an interface IP address
Task command
Interface Type slot / Number
Set IP Address IP-Address Mask for Interfaces
Mask (MASK) is used to identify network address bits in the IP address, the IP address (IP-address) and mask (MASK) are giving the network address.
3. Use the growing subnet mask
By using the variable long subnet mask, you can use the network number of the same network number at different interfaces to use a different mask, which saves the IP address to take advantage of the valid IP address space.
As shown below:
The E0 port of Router1 and Router2 uses Class C-class addresses 192.1.0.0 as network addresses, the network address of the Router1 E0 is 192.1.0.128, the mask is 255.255.255.192, the network address of the Router2 E0 is 192.1.0.64, mask For 255.255.255.192, this is assigned a Class C network address to two networks, which are divided into two subnets that play a role in saving addresses.
4. Using the network address translation (NAT)
The NAT (Network Address Translation) enables internal private addresses to external legitimate global addresses, which makes users who do not have legal IP addresses can access the external Internet via NAT.
When establishing an internal network, it is recommended to use the following address group for the host, which is reserved by Network Working Group (RFC 1918) for private network addresses allocation.
l Class A: 10.1.1.1 to 10.254.254.254
l Class B: 172.16.1.1 to 172.31.254.254
l Class C: 192.168.1.1 to 192.168.254.254
The order is described as follows:
Task command
Define a standard access list Access-list access-list-number permit source [source-wildcard]
Define a global address pool IP Nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type rotary]
Establish dynamic address translation IP NAT INSIDE SOURCE {List {Access-list-number | name} pool name [overload] | static local-ip global-ip}
Specify internal and external port IP nat {inside | outside}
As shown below,
The router's Ethernet 0 port is an InsIDE port, which is connected to the internal network, and the network connected to this port should be translated, the Serial 0 port is an Outside port, which has a legal IP address (legally assigned by the NIC or service provider) IP address), hosts from network 10.1.1.0/24 will select an address from the IP address pool C2501 as its own legal address, access the Internet via Serial 0. Command IP NAT Inside Source List 2 POOL C2501 OverLoad The parameter overload will allow multiple internal addresses to use the same global address (a legitimate IP address, which is assigned by the NIC or service provider). Command IP NAT POOL C2501 202.96.38.1 202.96.38.62 Netmask 255.255.255.192 The scope of the global address is defined. Set as follows:
IP Nat Pool C2501 202.96.38.1 202.96.38.62 Netmask 255.255.255.192
Interface Ethernet 0
IP Address 10.1.1.1 255.255.255.0
IP Nat INSIDE
!
Interface Serial 0
IP Address 202.200.10.5 255.255.255.252
IP Nat Outside
!
IP Route 0.0.0.0 0.0.0.0 Serial 0
Access-list 2 permit 10.0.0.0 0.0.0.255
Dynamic Nat
!
IP Nat INSIDE SOURCE LIST 2 POOL C2501 OVERLOAD
Line Console 0
EXEC-TIMEOUT 0 0
!
Line Vty 0 4
end
Configuring static routes
By configuring static routing, users can artificially specify the path to which a network access is sent, and the network structure is relatively simple, and the path is generally reaching the path through which the path passed by a network is unique.
Task command
Establish static routing ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
Prefix: The destination network to arrive
Mask: Subnet Mask
Address: The next hop address, that is, the port address of the adjacent router.
Interface: Local Network Interface
Distance: Manage Distance (Optional)
Tag Tag: Tag value (optional)
Permanent: Specifies that this route is not removed even if the port is turned off.
The following is set on the Router1 to 192.1.0.64/26 this network next hop address is 192.200.10.6, that is, when a destination address belongs to the network range of the network range of 192.1.0.64/26, it should route its route to the address of 192.200. 10.6 adjacent routers. The two net hop addresses in the two networks of 192.1.0.128/26 and 192.200.4/30 are set on Router3. Since the port serial 0 address is 192.200.10.5, 192.200.10.5, 192.200.10.5, 192.200.10.4 / 30, there is already an access to the 192.200.10.4/30, so it is not necessary to add static routes on Router1.
Router1:
IP ROUTE 192.1.0.64 255.255.255.192 192.200.10.6
Router3:
IP ROUTE 192.1.0.128 255.255.255.192 192.1.0.65
IP ROUTE 192.200.10.4 255.255.255.252 192.1.0.65
At the same time, since the router Router3 is connected to the router Router2, it is no longer connected to other routers, so it is also possible to give a default route instead of the above two static routes, IP Route 0.0.0.0 0.0.0.0 192.1.0.65
That is, the data is routed to an adjacent router that is routed to 192.1.0.65 is not found in the routing table.
Back to Contents
First, HDLC
HDLC is the default protocol used by the Cisco router, and a new router uses an HDLC package by default when not specifying a package protocol.
Configure
Port setting
Task command
Set HDLC Package Encapsulation HDLC
Set DCE Direction Circuit Speed ClockRate Speed
Reset a hardware interface Clear Interface Serial Unit
Display interface status show interfaces serial [unit] 1
Note: 1. An example of displaying the Cisco synchronous serial port status is given below.
Router # show interface serial 0
Serial 0 IS UP, LINE Protocol Is Up
Hardware is MCI Serial
Internet Address IS 150.136.190.203, Subnet Mask IS 255.255.255.0
MTU 1500 Bytes, BW 1544 Kbit, Dly 20000 Usec, Rely 255/255, LOAD 1/255
Encapsulation HDLC, Loopback Not Set, Keepalive Set (10 sec)
Last INPUT 0:00:07, Output 0:00:00, Output HANG NEVER
Output Queue 0/40, 0 Drops; Input Queue 0/75, 0 DROPS
FIVE Minute Input Rate 0 Bits / Sec, 0 Packets / Sec
FIVE Minute Output Rate 0 Bits / Sec, 0 Packets / Sec
16263 Packets Input, 1347238 BYtes, 0 no buffer
Received 13983 Broadcasts, 0 Runts, 0 giants
2 INPUT Errors, 0 CRC, 0 Frame, 0 overrun, 0 ignored, 2 Abort
22146 Packets Output, 2383680 Bytes, 0 Underruns
0 Output Errors, 0 Collisions, 2 Interface Resets, 0 Restarts
1 Carrier Transitions
2. Example
Set as follows:
Router1:
Interface serial0
IP Address 192.200.10.1 255.255.255.0
ClockRate 1000000
Router2:
Interface serial0
IP Address 192.200.10.2 255.255.255.0
!
3. Examples use the E1 line to implement multiple 64K dedicated lines.
Related commands:
Task command
Enter Controller Configuration Mode Controller {T1 | E1} Number
Select frame type framing {crc4 | NO-CRC4}
Select Line-Code Type Linecode {AMI | B8ZS | HDB3}
Establish a logical channel group and a time slot of time slots Channel-Group Number Timeslots Range1
Show Controllers Interface Status Show Controllers E1 [Slot / Port] 2
Note: 1. When the link is T1, the channel-group number is 0-23, TIMESLOT range 1-24; when the link is E1, the Channel-Group number is 0-30, and the TIMESLOT range 1-31.2. Use Show Controllers E1 Observe the Controller status, the following is the normal state of the Controllers when the frame type is CRC4.
Router # show controllers E1
E1 0/0 IS Up.
Applique Type Is Channelized E1 - UNBALANCED
Framing is CRC4, Line Code Is HDB3 NO ALARMS Detected.
Data IN Current Interval (725 SECONDS ELAPSED):
0 line code violations, 0 Path Code ViOLATIONS
0 Slip Secs, 0 Fr Loss Secs, 0 line Err Secs, 0 Degraded Mins
0 ERRORED Secs, 0 Bursty Err Secs, 0 Sevelely Err Secs, 0 Unavail Secs
Total Data (Last 24 Hours) 0 line code violations, 0 Path Code ViOLATIONS,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 ERRORED Secs, 0 Bursty Err Secs, 0 Sevelely Err Secs, 0 Unavail Secs
The following example is an E1 connection 3 64K line, the type of frame type is NO-CRC4, the non-balance link, the router is specifically set as follows:
Shanxi # WRI T
Building configuration ...
CURRENT Configuration:
!
Version 11.2
No Service UDP-Small-Servers
No Service TCP-Small-Servers
!
Hostname Shanxi
!
Enable Secret 5 $ xn08 $ TTR8NFLOP9.2RGZHCBZKK /
Enable Password Shanxi
!
!
IP Subnet-Zero
!
Controller E1 0
Framing no-crc4
Channel-Group 0 TimeSlots 1
Channel-Group 1 TimeSlots 2
Channel-Group 2 TimeSlots 3
!
Interface Ethernet0
IP Address 133.118.40.1 255.255.0.0
Media-Type 10Baset
!
Interface Ethernet1
No ip address
Shutdown
!
Interface serial0: 0
IP Address 202.119.96.1 255.255.255.252
NO ip mroute-cache
!
Interface serial0: 1
IP Address 202.119.96.5 255.255.255.252
NO ip mroute-cache
!
Interface Serial0: 2
IP Address 202.119.96.9 255.255.255.252
NO ip mroute-cache
!
NO ip classless
IP Route 133.210.40.0 255.255.255.0 Serial0: 0
IP Route 133.210.41.0 255.255.255.0 Serial0: 1
IP Route 133.210.42.0 255.255.255.0 Serial0: 2
!
Line Con 0
Line aux 0line vty 0 4
Password Shanxi
login
!
end
WAN settings:
First, HDLC
HDLC is the default protocol used by the Cisco router, and a new router uses an HDLC package by default when not specifying a package protocol.
Configure
Port setting
Task command
Set HDLC Package Encapsulation HDLC
Set DCE Direction Circuit Speed ClockRate Speed
Reset a hardware interface Clear Interface Serial Unit
Display interface status show interfaces serial [unit] 1
Note: 1. An example of displaying the Cisco synchronous serial port status is given below.
Router # show interface serial 0
Serial 0 IS UP, LINE Protocol Is Up
Hardware is MCI Serial
Internet Address IS 150.136.190.203, Subnet Mask IS 255.255.255.0
MTU 1500 Bytes, BW 1544 Kbit, Dly 20000 Usec, Rely 255/255, LOAD 1/255
Encapsulation HDLC, Loopback Not Set, Keepalive Set (10 sec)
Last INPUT 0:00:07, Output 0:00:00, Output HANG NEVER
Output Queue 0/40, 0 Drops; Input Queue 0/75, 0 DROPS
FIVE Minute Input Rate 0 Bits / Sec, 0 Packets / Sec
FIVE Minute Output Rate 0 Bits / Sec, 0 Packets / Sec
16263 Packets Input, 1347238 BYtes, 0 no buffer
Received 13983 Broadcasts, 0 Runts, 0 giants
2 INPUT Errors, 0 CRC, 0 Frame, 0 overrun, 0 ignored, 2 Abort
22146 Packets Output, 2383680 Bytes, 0 Underruns
0 Output Errors, 0 Collisions, 2 Interface Resets, 0 Restarts
1 Carrier Transitions
2. Example
Set as follows:
Router1:
Interface serial0
IP Address 192.200.10.1 255.255.255.0
ClockRate 1000000
Router2:
Interface serial0
IP Address 192.200.10.2 255.255.255.0
!
3. Examples use the E1 line to implement multiple 64K dedicated lines.
Related commands:
Task command
Enter Controller Configuration Mode Controller {T1 | E1} Number
Select frame type framing {crc4 | NO-CRC4}
Select Line-Code Type Linecode {AMI | B8ZS | HDB3}
Establish a logical channel group and a time slot of time slots Channel-Group Number Timeslots Range1
Show Controllers Interface Status Show Controllers E1 [Slot / Port] 2
Note: 1. When the link is T1, the channel-group number is 0-23, and the TIMESLOT range 1-24; when the link is E1, the Channel-Group number is 0-30, and the TIMESLOT range 1-31.
2. Observe the Controller status using the Show Controllers E1, the following is the normal state of the Controllers when the frame type is CRC4.
Router # show controllers E1E1 0/0 IS Up.
Applique Type Is Channelized E1 - UNBALANCED
Framing is CRC4, Line Code Is HDB3 NO ALARMS Detected.
Data IN Current Interval (725 SECONDS ELAPSED):
0 line code violations, 0 Path Code ViOLATIONS
0 Slip Secs, 0 Fr Loss Secs, 0 line Err Secs, 0 Degraded Mins
0 ERRORED Secs, 0 Bursty Err Secs, 0 Sevelely Err Secs, 0 Unavail Secs
Total Data (Last 24 Hours) 0 line code violations, 0 Path Code ViOLATIONS,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 ERRORED Secs, 0 Bursty Err Secs, 0 Sevelely Err Secs, 0 Unavail Secs
The following example is an E1 connection 3 64K line, the type of frame type is NO-CRC4, the non-balance link, the router is specifically set as follows:
Shanxi # WRI T
Building configuration ...
CURRENT Configuration:
!
Version 11.2
No Service UDP-Small-Servers
No Service TCP-Small-Servers
!
Hostname Shanxi
!
Enable Secret 5 $ xn08 $ TTR8NFLOP9.2RGZHCBZKK /
Enable Password Shanxi
!
!
IP Subnet-Zero
!
Controller E1 0
Framing no-crc4
Channel-Group 0 TimeSlots 1
Channel-Group 1 TimeSlots 2
Channel-Group 2 TimeSlots 3
!
Interface Ethernet0
IP Address 133.118.40.1 255.255.0.0
Media-Type 10Baset
!
Interface Ethernet1
No ip address
Shutdown
!
Interface serial0: 0
IP Address 202.119.96.1 255.255.255.252
NO ip mroute-cache
!
Interface serial0: 1
IP Address 202.119.96.5 255.255.255.252
NO ip mroute-cache
!
Interface Serial0: 2
IP Address 202.119.96.9 255.255.255.252
NO ip mroute-cache
!
NO ip classless
IP Route 133.210.40.0 255.255.255.0 Serial0: 0
IP Route 133.210.41.0 255.255.255.0 Serial0: 1
IP Route 133.210.42.0 255.255.255.0 Serial0: 2
!
Line Con 0
LINE AUX 0
Line Vty 0 4
Password Shanxi
login
!
end
Back to Contents
Second, PPP
PPP (Point-to-Point Protocol) is the successor of SLIP (Serial Line IP Protocol), which provides Router-to-Router and hosts to the network across synchronous and asynchronous circuits (Host-to-router) NetWork's connection. Chap (Chapter Handshake Authentication Protocol) and PAP (PaP (PassWord Authentication Protocol) (PAP) are often used to provide security authentication on serial lines of PPP packages. With CHAP and PAP authentication, each router recognizes the name to prevent unauthorized access.
CHAP and PAP have a detailed description on the RFC 1334.
Configure
Port setting
Task command
Set PPP package encapsulation PPP1
Set authentication method PPP Authentication {Chap | Chap PAP | PAP CHAP | PAP} [if-needed] [list-name | default] [Callin]
Specify Password Username Name Password Secret
Set DCE Direction Circuit Speed ClockRate Speed
Note: 1, you must use a PPP package using CHAP / PAP. When connected to non-Cisco routers, a PPP package is generally used, and other manufacturers routers generally do not support Cisco's HDLC package protocol.
2. Example
The S0 ports of routers Router1 and Router2 encapsulate PPP protocols, using CHAP to do authentication, and a user should establish a user in Router1, as a user name, that is, the username should be Router2. At the same time, one user should be established in Router2, as the user name, that is, the username should be router1. The Password of the two users built must be the same.
Set as follows:
Router1:
Hostname Router1
UserName Router2 Password XXX
Interface serial0
IP Address 192.200.10.1 255.255.255.0
ClockRate 1000000
PPP Authentication CHAP
!
Router2:
Hostname Router2
Username Router1 Password XXX
Interface serial0
IP Address 192.200.10.2 255.255.255.0
PPP Authentication CHAP
!
Back to Contents
Third, X.25
1. X25 technology
The X.25 specification corresponds to the three layers of the OSI three, and the third layer of X.25 describes the format of the packet and the process of packet exchange. The second layer of X.25 is implemented by LAPB (Link Access Procedure, Balanced), which defines the frame format for DTE / DCE connection. The first layer of X.25 defines electrical and physical port characteristics.
X.25 Network Devices are divided into data terminal devices (DTE), data circuit terminal devices (DCE), and packet swap devices (PSE). DTE is the end system of X.25, such as terminals, computer or network hosts, typically located at the client, and the Cisco router is a DTE device. DCE devices are dedicated communication devices such as modems and packet switches. PSE is a trunk switch for a public network.
X.25 defines the telephone network of the data communication, each with the X.25 port assigned to the user has an X.121 address, and when the user applied is an SVC (exchange virtual circuit), the user at one end of X.25 is in When accessing the other end, first, the call is the other party X.121 address, and then receives one end of the call can accept or reject. If the request is received, the connection is established to implement data transmission, and the connection is hung up when there is no data transmission, the entire call process Similar to us, the same is different, the X.25 can achieve a point to multi-point connections. The X.121 address, HTC must be the same as the parameters assigned to the X.25 service provider. X.25 PVC (permanent virtual circuit), there is no call to the process, similar to the DDN line. 2. Related to commands:
Task command
Set X.25 package Encapsulation x25 [DCE]
Set X.121 Address X25 Address X.121-Address
Set up an address map of remote sites x25 map protocol address [protocol2 address [... [protocol9 address9]] x121-address [option]
Set the maximum number of two-way virtual circuits x25 HTC CITCUIT-NUMBER1
Set up the number of virtual circuits that can be established at the same time X25 NVC Count2
Set X25 Waiting Cycle before Clearing Idle Deficiency Circuit X25 Idle Minutes
Restart X25, or clear an SVC, start a PVC related parameter clear x25 {serial number | cmns-interface mac-address} [vc-number] 3
Qing X25 virtual circuit CLEAR X25-VC
Display interface and x25 Related Information Show Interfaces Serial Show X25 Interface Show X25 Map SHOW X25 VC
Note: 1. The virtual circuit number from 1 to 4095, the Cisco router defaults to 1024, and the domestic is generally assigned to 16.
2, the virtual circuit count ranges from 1 to 8, default is 1.
3. After changing the related parameters of the X.25 layers, the X25 should be restarted (using the Clear X25 {Serial Number | CMNS-Interface Mac-Address} [VC-Number] or Clear X25-VC command), otherwise the new settings The parameters may not take effect. At the same time, the service provider is configured to configure the relevant parameters of the router for the settings of the X.25 switch port. If the parameter mismatch can cause a connection failure or other accidents.
3. Example:
3.1. Accessions are implemented through the SVC in each of the two routers in the following examples.
The router is set as follows:
Router1:
Interface serial0
Encapsulation x25
IP Address 192.200.10.1 255.255.255.0
X25 Address 110101
X25 HTC 16
X25 NVC 2
X25 MAP IP 192.200.10.2 110102 Broadcast
X25 MAP IP 192.200.10.3 110103 Broadcast
!
Router2:
Interface serial0
Encapsulation x25
IP Address 192.200.10.2 255.255.255.0
X25 Address 110102
X25 HTC 16
X25 NVC 2
X25 MAP IP 192.200.10.1 110101 Broadcast
X25 MAP IP 192.200.10.3 110103 Broadcast
!
Router:
Interface serial0
Encapsulation x25
IP Address 192.200.10.3 255.255.255.0x25 Address 110103
X25 HTC 16
X25 NVC 2
X25 MAP IP 192.200.10.1 110101 Broadcast
X25 MAP IP 192.200.10.2 110102 Broadcast
!
Related debug commands:
Clear X25-VC
Show Interfaces Serial
Show X25 MAP
SHOW X25 ROUTE
Show x25 vc
3.2. In the following examples, routers Router1 and Router2 are connected to the Router, but Router1 and Router2 do not directly connect through SVC. The serial port of this three routers runs the RIP routing protocol, using the concept of sub-interface. Due to the use of sub-interfaces, Router1 and Router2 have learned the path to access the other party network. If the sub-interface is not used, Router1 and Router2 will not learn the route of the other party network.
Subinterface is a plurality of virtual interfaces on a physical interface that can be used to connect multiple networks on the same physical interface. We know that in order to avoid routing loops, the router supports Split Horizon rules, which only allows routing updates to be assigned to other interfaces of the router without reassigning routing updates back to this route received interface.
In any case, use the connection-based interface (like X.25 and Frame Relay) in a wide area network environment. When the same interface is connected to multiple remote routers through the virtual circuit (VC), the route update information from the same interface cannot be sent again. Back to the same interface, unless the separate physical interface is used to connect different routers. Cisco provides subinterface as a separate interface. You can logically connect the router to different sub-interfaces of the same physical interface, so route updates from different sub-interfaces can be assigned to other sub-interfaces while meeting the Split Horizon rule.
Router1:
Interface serial0
Encapsulation x25
IP Address 192.200.10.1 255.255.255.0
X25 Address 110101
X25 HTC 16
X25 NVC 2
X25 MAP IP 192.200.10.3 110103 Broadcast
!
Router rip
NetWork 192.200.10.0
!
Router2:
Interface serial0
Encapsulation x25
IP Address 192.200.11.2 255.255.255.0
X25 Address 110102
X25 HTC 16
X25 NVC 2
X25 MAP IP 192.200.11.3 110103 Broadcast
!
Router rip
NetWork 192.200.11.0
!
Router:
Interface serial0
Encapsulation x25
X25 Address 110103
X25 HTC 16
X25 NVC 2
!
Interface Serial0.1 Point-to-Point
IP Address 192.200.10.3 255.255.255.0
X25 MAP IP 192.200.10.1 110101 Broadcast
!
Interface serial0.2 point-to-point
IP Address 192.200.11.3 255.255.255.0
X25 MAP IP 192.200.11.2 110102 Broadcast
!
Router rip
NetWork 192.200.10.0
NetWork 192.200.11.0
!
Returning to the directory frame relay is a high-performance WAN protocol that runs in the physical layer and data link layer of the OSI reference model. It is a packet switching technology that is a simplified version of X.25. It saves some strong features of X.25, such as providing window technology and data resend techniques, but relying on high-level protocols to provide error correction functions, because frame relays are working on better WAN devices, these devices are compared The WAN device of the X.25 has a more reliable connection service and higher reliability, which strictly corresponds to the least two layers of the OSI reference model, and X.25 also provides a third-level service, so the frame relay than X.25 has higher performance and more efficient transmission efficiency.
The device of the frame relay wide area network is divided into a data terminal device (DTE) and a data circuit terminal device (DCE), and the Cisco router is used as the DTE device.
Frame relay technology provides communication for connection-oriented data link layers, and there is a defined communication link between each pair of devices, and the link has a link identification code. This service is implemented by the frame relay, and each frame relays the virtual circuit identifies yourself with a data link identification code (DLCI). The value of DLCI is generally specified by the frame relay service provider. Frame relay supports PVC also supports SVC.
Frame Relay Local Management Interface (LMI) is an extension of basic frame relay standards. It is the signaling standard between the router and the frame relay switch, providing a frame relay management mechanism. It provides a number of characteristics that manage complex internet networks, including global addressing, virtual circuit status messages, and multi-purpose transmission.
2. Related to commands:
Port setting
Task command
Set Frame Relay Encapsulation Frame-Relay [IETF] 1
Set Frame Relay LMI Type Frame-Relay Lmi-Type {ANSI | Cisco | Q933A} 2
Set sub-interface interface interface-type interface-number.subinterface-number [multipoint | Point-to-point]
Map Protocol Address and DLCI Frame-Relay Map Protocol Protocol-Address DLCI [Broadcast] 3
Set Fr DLCI Number FRAME-Relay Interface-DLCI DLCI [Broadcast]
Note: 1. If the Cisco Router is connected to other manufacturers, the frame relay package format specified by the Internet Engineering Task Group (IETF) is used in the INTERNET Engineering Task Group.
2. Starting from Cisco IOS 11.2, the software supports the local management interface (LMI) "Auto Feel", "Automatic Feeling" enables the interface to determine the LMI type supported by the switch, and the user can unclear the Type of LMI interface.
The 3.Broadcast option allows the route broadcast information to be transmitted on the frame relay network.
3. Frame Relay Point To Point Configuration Instance:
Router1:
Interface Serial 0
ENCAPSULATION FRAME-RELAY
!
Interface Serial 0.1 Point-to-Point
IP Address 172.16.1.1 255.255.255.0
Frame-reply interface-dlci 105
!
Interface Serial 0.2 Point-to-Point
IP Address 172.16.2.1 255.255.255.0
Frame-reply interface-dlci 102
!
Interface Serial 0.3 Point-To-Point
IP Address 172.16.4.1 255.255.255.0
Frame-reply interface-dlci 104
!
Router2:
Interface Serial 0ENCAPSULATION FRAME-RELAY
!
Interface Serial 0.1 Point-to-Point
IP Address 172.16.2.2 255.255.255.0
Frame-Reply Interface-DLCI 201
!
Interface Serial 0.2 Point-to-Point
IP Address 172.16.3.1 255.255.255.0
Frame-reply interface-dlci 203
!
Related debug commands:
Show Frame-Relay LMI
Show Frame-Relay Map
Show Frame-Relay PVC
Show Frame-Relay Route
Show Interfaces Serial
Go TOP
4. Frame Relay MultiPoint Configuration Instance:
Router1:
Interface Serial 0
Encapsulation Frame-Reply
!
Interface Serial 0.1 MultiPoint
IP Address 172.16.1.2 255.255.255.0
Frame-reply map ip 172.16.1.1 201 Broadcast
Frame-Reply Map IP 172.16.1.3 301 Broadcast
Frame-Reply Map IP 172.16.1.4 401 Broadcast
!
Router2:
Interface Serial 0
Encapsulation Frame-Reply
!
Interface Serial 0.1 MultiPoint
IP Address 172.16.1.1 255.255.255.0
Frame-Reply Map IP 172.16.1.2 102 Broadcast
Frame-Reply Map IP 172.16.1.3 102 Broadcast
Frame-Reply Map IP 172.16.1.4 102 Broadcast
!
Five, ISDN
1. Integrated Digital Service Network (ISDN)
Integrated Digital Service Network (ISDN) is composed of two parts: digital telephone and data transmission service, which is generally provided by the telephone bureau. ISDN's Basic Rate Interface (Bri) service provides 2 B channels and 1 D channel (2B D). The B channel rate of the Bri is 64kbps for transmitting user data. The rate of D channel is 16kbps, mainly transmitting control signals. In North America and Japan, ISDN's Main Rate Interface (PRI) provides 23 B channels and 1 D channel with a total rate of 1.544 Mbps, where the D channel rate is 64kbps. In Europe, Australia and other countries, ISDN's PRI provides 30 B channels and 1 64kbps D channel with a total rate of 2.048Mbps. The ISDN PRI provided by my country's telephone bureau is 30b D.
2. Basic order
Task command
Set ISDN Exchange Type ISDN SWITCH-TYPE SWITCH-TYPE1
Interface Bri 0
Set PPP package encapsulation PPP
Set the protocol address and the phone number Map Dialer Map Protocol Next-Hop-Address [name hostname] [Broadcast] [Dial-string]
Start PPP Multiple Connection PPP MultiLink
Set the threshold of another B channel Dialer Load-Threshold Load
Display ISDN Related Information Show Isdn {Active | History | Memory | Services | Status [DSL | Interface-Type Number] | TIMERS} Note: 1. The switch type is as follows, and domestic switches are generally Basic-Net3.
By zone keyword switch type
Australia
Basic-TS013 Australian TS013 Switches
Europe
Basic-1TR6 German 1TR6 isDN Switches
Basic-NWNet3 Norway Net3 Switches (Phase 1)
Basic-Net3 Net3 ISDN Switches (UK, Denmark, And Other Nations); Covers The Euro-Isdn E-DSS1 Signalling System
PRIMARY-NET5 NET5 SWITCHES (UK and Europe)
VN2 French VN2 ISDN SWITCHESS
VN3 French VN3 ISDN SWITCHESSES
Japan
NTT Japanese NTT ISDN SWITCHESS
PRIMARY-NTT Japanese Isdn Pri Switches
North America
Basic-5ss AT & T Basic Rate Switches
Basic-DMS100 NT DMS-100 Basic Rate Switches
Basic-Ni1 National ISDN-1 Switches
PRIMARY-4ESS AT & T 4ss Switch Type for the u.s. (ISDN PRI ONLY)
PRIMARY-5ESS AT & T 5ers Switch Type for the u.s. (isDN Pri ONLY)
PRIMARY-DMS100 NT DMS-100 Switch Type for the U.S. (ISDN PRI ONLY)
New Zealand
Basic-Nznet3 New Zealand Net3 Switches
3. ISDN implements DDR (Dial-on-Demand Routing) instance:
Set as follows:
Router1:
Hostname Router1
User Router2 Password Cisco
!
ISDN Switch-Type Basic-Net3
!
Interface bri 0
IP Address 192.200.10.1 255.255.255.0
ENCAPSULATION PPP
DiALER MAP IP 192.200.10.2 Name Router2 572
Dialer Load-Threshold 80
PPP MultiLink
Dialer-group 1
PPP Authentication CHAP
!
Dialer-List 1 Protocol IP permit
!
Router2:
Hostname Router2
User Router1 Password Cisco
!
ISDN Switch-Type Basic-Net3
!
Interface bri 0
IP Address 192.200.10.2 255.255.255.0
ENCAPSULATION PPP
Dialer Map IP 192.200.10.1 Name Router1 571
Dialer Load-Threshold 80
PPP MultiLink
Dialer-group 1
PPP Authentication CHAP
!
Dialer-List 1 Protocol IP permit
!
The Cisco Router also supports the callback feature, and we use the router Router1 as a Callback Server, Router2 as a Callback Client. And callback related commands:
Task command
Map Protocol Address and Phone Number and use the map of PPP-backups defined in global mode on the interface. Dialer Map Protocol Address Name Hostname Class ClassName Dial-String
Set the interface to support PPP callback PPP Callback Accept
Turn the Map Class Map-Class Dialer ClassName in global mode
Direction is decided by looking for the host name registered in the Dialer Map. Dialer Callback-Server [username]
Setting the interface requires PPP callback PPP Callback Request
Set as follows:
Router1:
Hostname Router1
User Router2 Password Cisco
!
ISDN Switch-Type Basic-Net3
!
Interface bri 0
IP Address 192.200.10.1 255.255.255.0
ENCAPSULATION PPP
DiALER MAP IP 192.200.10.2 Name Router2 Class S3 572
Dialer Load-Threshold 80
PPP Callback ACCEPT
PPP MultiLink
Dialer-group 1
PPP Authentication CHAP
!
Map-Class Dialer S3
Dialer Callback-Server UserName
Dialer-List 1 Protocol IP permit
!
Router2:
Hostname Router2
User Router1 Password Cisco
!
ISDN Switch-Type Basic-Net3
!
Interface bri 0
IP Address 192.200.10.2 255.255.255.0
ENCAPSULATION PPP
Dialer Map IP 192.200.10.1 Name Router1 571
Dialer Load-Threshold 80
PPP Callback Request
PPP MultiLink
Dialer-group 1
PPP Authentication CHAP
!
Dialer-List 1 Protocol IP permit
!
Related debug commands:
Debug Dialer
Debug isdn Event
Debug ISDN Q921
Debug isdn Q931
Debug PPP Authentication
Debug PPP Error
Debug PPP Negotiation
Debug PPP Packet
Show Dialer
Show isdn status
Example: Execute the debug dialer command to observe the process of Router2 call Router1 and Router1 callback Router2.
Router1 # Debug Dialer
Router2 # ping 192.200.10.1
Router1 #
00:03:50:% LINK-3-UPDOWN: Interface Bri0: 1, Changed State to Up
00:03:50: Bri0: 1pp Callback Callback Server Starting to Router2 572
00:03:50: Bri0: 1: Disconnecting Call
00:03:50:% LINK-3-UPDOWN: Interface Bri0: 1, Changed State to Down
00:03:50: Bri0: 1: Disconnecting Call
00:03:50: Bri0: 1: Disconnecting Call
00:03:51:% LINK-3-Updown: Interface Bri0: 2, Changed State To Up
00:03:52: Callback to router2 already start
00:03:52: Bri0: 2: Disconnecting Call
00:03:52:% LINK-3-UPDOWN: Interface Bri0: 2, Changed State to Down
00:03:52: Bri0: 2: Disconnecting Call
00:03:52: Bri0: 2: Disconnecting Call
00:04:05:: Callback Timer Expired
00:04:05: Bri0: Beginning Callback to router2 572
00:04:05: Bri0: Attempting to Dial 572
00:04:05: Freeing Callback to router2 572
00:04:05:% LINK-3-UPDOWN: Interface Bri0: 1, Changed State To Up
00:04:05: Bri0: 1: No Callback Negotiated
00:04:05:% LINK-3-UPDOWN: Interface Virtual-Access1, Changed State To Up
00:04:05: Dialer Protocol Up for vi1
00:04:06:% LineProto-5-Updown: Line Protocol on Interface Bri0: 1, Changed State
To UP
00:04:06:% LineProto-5-Updown: Line Protocol on Interface Virtual-Access1, Chang
ED State to Up
00:04:11:% ISDN-6-Connect: Interface Bri0: 1 Is New Connected To 572
# router1
4. ISDN Access the capital online 263 network instance:
The local local network address is 10.0.0.0/24, which is a reserved address, translated through the NAT address, and the LAN user can access the Internet through the iSDN 263 network. 263 ISDN phone number is 2633, the user is 263, the password is 263, the commands involved are as follows:
Task command
Specify the interface to obtain the IP address IP address Negotiated interface via PPP / IPCP address
Specify internal and external port IP nat {inside | outside}
Authentication PPP Authentication Pap Callin using PPP / PAP
The specified interface belongs to the dial group 1 Dialer-group 1
Defining Dial Group 1 Allows All IP Protocol Dialer-List 1 Protocol IP Permit
Set dial, number is 2633 Dialer String 2633
Set the user name and password of login 263 and password PPP PAP Sent-Username 263 Password 263
Set the default route IP Route 0.0.0.0 0.0.0.0 Bri 0
Set all source addresses for access list 2 Translated into BRI 0 地址 地址 n n 网 n 0 OverLoad
Set access list 2, allow all protocol Access-List 2 permit ANY
The specific configuration is as follows:
Hostname Cisco2503
!
ISDN Switch-Type Basic-Net3
!
IP Subnet-Zerono IP Domain-Lookup
IP routing
!
Interface Ethernet 0
IP Address 10.0.0.1 255.255.255.0
IP Nat INSIDE
No Shutdown
!
Interface Serial 0
Shutdown
No Description
No ip address
!
Interface Serial 1
Shutdown
No Description
No ip address
!
Interface bri 0
IP Address Negotiated
IP Nat Outside
ENCAPSULATION PPP
PPP Authentication PAP Callin
PPP MultiLink
Dialer-group 1
Dialer Hold-Queue 10
Dialer String 2633
Dialer IDLE-TIMEOUT 120
PPP Pap Sent-UserName 263 Password 263
NO CDP Enable
No IP Split-Horizon
No Shutdown
!
IP classless
!
Static routes
!
IP Route 0.0.0.0 0.0.0.0 Bri 0
!
ACCESS Control List 2
!
Access-list 2 permit ANY
!
Dialer-List 1 Protocol IP permit
!
Dynamic Nat
!
IP Nat INSIDE SOURCE LIST 2 Interface Bri 0 overload
SNMP-Server Community Public Ro
!
Line Console 0
EXEC-TIMEOUT 0 0
!
Line Vty 0 4
!
end
5. Cisco765m Dial 263 via Isdn
Since the set command of the Cisco765 is different from the command of the Cisco router we use, the specific command line setting steps of accessing the Internet are listed on the Cisco765 263.
> set system c765
C765> SET MULTIDESTINATION ON
C765> SET SWITCH NET3
C765> Set PPP MultiLink on
C765> CD LAN
C765: LAN> Set ip routing on
C765: LAN> Set IP Address 10.0.0.1
C765: LAN> Set IP Netmask 255.0.0.0
C765: LAN> Set Briding off
C765: LAN> CD
C765> SET User Remotenet
New user remote being created
C765: Remotenet> Set ip routing on
C765: Remotenet> Set Bridging Off
C765: RemoteNet> Set IP Framing None
C765: Remotenet> Set PPP ClientName 263
C765: Remotenet> Set PPP Password Client
Enter New Password: 263
RE-TYPE New Password: 263
C765: Remotenet> Set PPP Authentication Out None
C765: Remotenet> SET IP Address 0.0.0.0
C765: Remotenet> SET IP Netmask 0.0.0.0
C765: Remotenet> Set PPP Address Negotiation Local Onc765: RemoteNet> Set IP Pat on
C765: Remotenet> Set IP Route Destination 0.0.0.0.0 Gateway 0.0.0.0
C765: Remotenet> SET NUMBER 2633
C765: Remotenet> Set Active
The order is described as follows:
Task command
Set the router system name Set System C765
Allow routers to call multiple destination SET MULTIDESTINATION ON
Set the ISDN switch type to Net3 Set Switch Net3
Allow points between multiple channels to connect to load balance set PPP MultiLink ON
Turn off the bridge set briding OFF
Establishing a user prefabricated file for setting a dial-up connection parameter - a plurality of user prefabricated files can be set for different connections. Set User Remotenet
Use PPP / IPCP SET IP FRMING NONE
Set the Internet User Account Set PPP ClientName 263
Setting up the net password set PPP Password Client Enter New Password: 263 RE-TYPE New Password: 263
Do not have PPP / Chap or PAP to do certification set PPP Authentication Out None
Allow Address Consultation Set PPP Address Negotiation Local on
Set the address translation set IP Pat on
Set the default route set ip route destination 0.0.0.0.0 Gateway 0.0.0.0
Set ISP phone number Set Number 2633
Activate user prefabricated files set ACTIVE
Back to Contents
Sixth, PSTN
Telephone network (PSTN) is currently the highest popularity and lowest cost communication network, which also has a wide range of applications in network interconnect. The application of telephone networks can generally be divided into two types, one is a function of interconnect between the same level mechanism to be dial (DDR) on demand, one is the function of the remote access service provided by the Dial-Up Network for the user.
1. Remote access
1.1. Access Server Basic Settings:
Select Cisco2511 as an access server, dynamically assign addresses with IP address pools. The remote workstation implements connections using the Win95 dial-up network.
Global Settings:
Task command
Set user name and password Username Username Password Password
Set user's IP address pool IP local pool {default | pool-name low-ip-address [high-ip-address]}
Specifies how to work IP address-pool [dhcp-proxy-client | local]
Basic Interface Settings Command:
Task command
Set package form for PPP encapsulation PPP
Start the routing function of asynchronous port async default routing
Set the PPP mode of the asynchronous port async mode {dedicated | interactive}
Set user's IP address peer default ip address {ip-address | dhcp | pool [pool-name]}
Set the IP address with Ethernet0 same IP Unnumbered Ethernet0
LINE Dial line settings:
Task command
Set MODEM Mode Mode Modem {inout | Dialin}
Automatic configuration modem type MODEM AutoConfig Discovery
Set the communication rate of dial line Speed Speed
Set the flow control method of communication line flowware [lock] [in | out] | hardware [in | out]} Automand AutoCommand Command automatically
The access server is set as follows:
Router:
Hostname Router
Enable Secret 5 $ EFQU $ TYLJLRYNNUKZE4BX6FMH //
!
Interface Ethernet0
IP Address 10.111.4.20 255.255.255.0
!
Interface async1
IP unnumbered Ethernet0
ENCAPSULATION PPP
Keepalive 10
Async mode interactive
Peer Default IP Address Pool Cisco2511-Group-142
!
IP Local Pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
!
Line Con 0
EXEC-TIMEOUT 0 0
Password Cisco
!
LINE 1 16
Modem inout
Modem AutoConfigure Discovery
FlowControl Hardware
!
LINE AUX 0
TRANSPORT INPUT ALL
Line Vty 0 4
Password Cisco
!
end
Related debug commands:
Show Interface
Show line
1.2. Access Server implements secure authentication through the TACACS server:
Using a Windows NT server as a TACACS server, the address is 10.111.4.2, and the Easy ACS 1.0 software running Cisco2511 randomly implements user authentication.
Related settings:
Task command
AAA Access Control AAA New-Model
When the user logs in, the default is used to use Tacacs to do AAA certification AAA Authentication Login Default Taccs
Listing Name NO_TACACS Using Enable Password Make Certification AAA Authentication Login No_TACACS ENABLE
Use TACACS to authenticate AAA Authentication PPP DEFAULT TACACS on the serial line running PPP
Authorized by TACACS Server Run EXEC AAA Authorization Exec Tacs
Authorized by TACACS servers and network-related service requests. AAA Authorization Network Tacs
Run account for Exec sessions. The process starts and ends to the TACACS server. AAA Accounting Exec Start-Stop Taccs
Run accounting for the network-related service requirements, including SLIP, PPP, PPP NCPS, ARAP, and the like. When the process starts and ends, it will be advertised to the TACACS server. AAA Accounting Network Start-Stop TacACS
Specify TACACS server address TACACS-Server Host 10.111.4.2
In the TACACS server and access server setting shared keywords, access the server and TACACS servers use this keyword to encrypt passwords and response information. Here, TAC is used as a keyword. TACACS-Server Key Tac
The access server is set as follows:
Hostname Router
!
AAA New-Model
AAA Authentication Login Default Tacacs
AAA Authentication Login No_Tacacs Enable
AAA Authentication PPP DEFAULT TACACS
AAA Authorization EXEC TACACS
AAA Authorization Network Tacs
AAA Accounting Exec Start-Stop Taccs
AAA Accounting Network Start-Stop TacACS
Enable Secret 5 $ KN4G $ cvs4d2.rjzwntcn/ 0HVE0
!
Interface Ethernet0
IP Address 10.111.4.20 255.255.255.0
!
Interface serial0
No ip address
Shutdown
Interface serial1
No ip address
Shutdown
!
Interface group-async1
IP unnumbered Ethernet0
ENCAPSULATION PPP
Async mode interactive
Peer Default IP Address Pool Cisco2511-Group-142
NO CDP Enable
Group-Range 1 16
!
IP Local Pool Cisco2511-Group-142 10.111.4.21 10.111.4.36
Tacacs-Server Host 10.111.4.2
TACACS-Server Key Tac
!
Line Con 0
EXEC-TIMEOUT 0 0
Password Cisco
Login Authentication NO_TACACS
LINE 1 16
Login Authentication Taccs
Modem inout
Modem AutoConfigure Type USR_COURIER
AutoCommand PPP
TRANSPORT INPUT ALL
STOPBITS 1
RxSpeed 115200
TXSPEED 115200
FlowControl Hardware
LINE AUX 0
TRANSPORT INPUT ALL
Line Vty 0 4
Password Cisco
!
end
2. DDR (Dial-On-Demand Routing) instance
This example implements an asynchronous dial DDR connection through the AUX port of the Cisco 2500 Series Router. Router1 dial-up is connected to Router2. Among them, PPP / CHAP is used to do safety certification, and one user should establish a user name in Router1, which is the username, ie the username should be router2. At the same time, one user should be established in Router2, as the user name, that is, the username should be router1. The Password of the two users built must be the same.
The relevant commands are as follows:
Task command
Set the router and modem interface instructions Chat-script script-name expect send expect send (etc.)
Set the port before hanging Dialer IDle-Timeout Seconds
Set the protocol address and the phone number Map Dialer Map Protocol Next-Hop-Address [Name Hostname] [Broadcast] [MODEM-Script modem-regexp] [system-script system-regexp] [Dial-string]
Set phone number Dialer String Dial-string
Chat-script script {dialer | reset} script-name used by default use of router under specific lines
Router1:
Hostname Router1
!
Enable Secret 5 $ qki7 $ wxjpfqc74vdaykbumallw /!
Username Router2 Password Cisco
Chat-script cisco-default "" "AT" Timeout 30 OK "ATDT / T" Timeout 30 Connect / C
!
Interface Ethernet0
IP Address 10.0.0.1 255.255.255.0
!
Interface async1
IP Address 192.200.10.1 255.255.255.0
ENCAPSULATION PPP
Async default routing
Async mode dedicated
Dialer In-Band
Dialer IDLE-TIMEOUT 60
DiALER MAP IP 192.200.10.2 Name Router2 Modem-Script Cisco-Default 573
Dialer-group 1
PPP Authentication CHAP
!
IP ROUTE 10.0.1.0 255.255.255.0 192.200.10.2
Dialer-List 1 Protocol IP permit
!
Line Con 0
LINE AUX 0
Modem inout
Modem AutoConfigure Discovery
FlowControl Hardware
Router2:
Hostname Router2
!
Enable Secret 5 $ f6evu8puznt2 / o9g.t56pxho.
!
UserName Router1 Password Cisco
!
Interface Ethernet0
IP Address 10.0.1.1 255.255.255.0
!
Interface async1
IP Address 192.200.10.2 255.255.255.0
ENCAPSULATION PPP
Async default routing
Async mode dedicated
Dialer In-Band
Dialer IDLE-TIMEOUT 60
Dialer Map IP 192.200.10.1 Name Router1
Dialer-group 1
PPP Authentication CHAP
!
IP ROUTE 10.0.0.0 255.255.255.0 192.200.10.1
Dialer-List 1 Protocol IP permit
!
Line Con 0
LINE AUX 0
Modem inout
Modem AutoConfigure Discovery
FlowControl Hardware
!
Related debug commands:
Debug Dialer
Debug PPP Authentication
Debug PPP Error
Debug PPP Negotiation
Debug PPP Packet
Show Dialer
3. Asynchronous dial backup DDN line:
This case is the main connection with the DDN line, the backup line is telephone dial. When the DDN is connected to normal, the main port S0 state is UP. LINE PROTOCOL is also UP, then the backup line status is Standby, line protocol is Down, and all communications are performed through the main interface. When the primary interface connection fails, the port state is DOWN, activates the backup interface, and complete the data communication. This method is not suitable for making backups for X.25. Because the interface to the X.25 is configured as long as the connection between the connection between the X.25 switches is also UP, it does not consider the status of the router that needs to be communicated with it else, so if The local router status is normal, and the other router connection does not activate the backup line even if it is faulty. Example 4 will describe how to dial backups for X.25. The following is the relevant command:
Task command
After specifying the primary line change, the delay time of the secondary line status changes backup delay {enable-delay | never} {disable-delay | never}
Specify an interface as a backup interface Backup Interface Type Number
Hostname C2522RB
!
Enable Secret 5 $ J5V $ CEYDE2FWPHRZI6QSIZ6G0
Enable Password Cisco
!
UserName C4700 Password 0 Cisco
IP Subnet-Zero
Chat-script cisco-default "" "AT" Timeout 30 OK "ATDT / T" Timeout 30 Connect / C
Chat-script reset ATZ
!
Interface Ethernet0
IP Address 16.122.51.254 255.255.255.0
NO ip mroute-cache
!
Interface serial0
Backup delay 10 10
Backup Interface Serial2
IP Address 16.250.123.18 255.255.255.252
NO ip mroute-cache
NO FAIR-Queue
!
Interface serial1
No ip address
NO ip mroute-cache
Shutdown
!
Interface serial2
Physical-layer async
IP Address 16.249.123.18 255.255.255.252
ENCAPSULATION PPP
Async mode dedicated
Dialer In-Band
Dialer IDLE-TIMEOUT 60
Dialer Map IP 16.249.123.17 Name C4700 6825179
Dialer-group 1
PPP Authentication CHAP
!
Interface serial3
No ip address
Shutdown
NO CDP Enable
!
Interface serial4
No ip address
Shutdown
NO CDP Enable
!
Interface serial5
No ip address
NO ip mroute-cache
Shutdown
!
Interface serial6
No ip address
NO ip mroute-cache
Shutdown
!
Interface serial7
No ip address
NO ip mroute-cache
Shutdown
!
Interface serial8
No ip address
NO ip moute-cacheshutdown
!
Interface serial9
No ip address
NO ip mroute-cache
Shutdown
!
Interface bri0
No ip address
NO ip mroute-cache
Shutdown
!
Router EIGRP 200
NetWork 16.0.0.0
!
IP classless
!
Dialer-List 1 Protocol IP permit
!
Line Con 0
Line 2
Script Dialer Cisco-Default
Script Reset Reset
Modem inout
Modem AutoConfigure Discovery
RxSpeed 38400
TXSPEED 38400
FlowControl Hardware
LINE AUX 0
Line Vty 0 4
Password Cisco
login
!
end
C2522RB #
4. Asynchronous dial backup X.25:
Setting the X.25 dial backup, first X.25 connected ports must run the dynamic routing protocol, and the asynchronous dial port must use a static route. This example selects EIGRP as the routing protocol, set the value of the static route to 200, due to EIGRP's default metric is 90, so when there are two paths to the same network segment, where the path to the Metric value takes effect, and when the X.25 connection occurs, the router cannot learn the routing table by routing protocol, then At this time, the static route takes effect, and the access is implemented through the dial port. When the X.25 connection returns to normal, the router can learn the routing table, and the static route automatically route is replaced due to the different metric values, so that the function of the backup is realized.
The router Router1 is configured as follows:
Hostname Router1
!
Enable Secret 5 $ UTVDYIY2XSRMXHUDCYEHN.Y.
Enable Password Cisco
!
Username Router2 Password Cisco
IP Subnet-Zero
Chat-script cisco-default "" "AT" Timeout 30 OK "ATDT / T" Timeout 30 Connect / C
Chat-script reset ATZ
Interface Ethernet0
IP Address 202.96.38.100 255.255.255.0
!
Interface serial0
IP Address 202.96.0.1 255.255.255.0
Encapsulation x25
X25 Address 10112227
X25 HTC 16
X25 MAP IP 202.96.0.2 10112225 Broadcast
!
Interface serial1
No ip address
Shutdown
!
!
Interface async 1
IP Address 202.96.1.1 255.255.255.252
ENCAPSULATION PPP
Dialer In-Band
Dialer IDLE-TIMEOUT 60
Dialer Map IP 202.96.1.2 Name Router2 Modem-Script Cisco-Default 2113470
Dialer-group 1
PPP Authentication CHAP
!
Router EIGRP 200
Redistribute Connected
NetWork 202.96.0.0
!
IP ROUTE 202.96.37.0 255.255.255.0 202.96.1.2 200
Dialer-List 1 Protocol IP permit
Line Con 0line Aux 0
Script Dialer Cisco-Default
Script Reset Reset
Modem inout
Modem AutoConfigure Discovery
TRANSPORT INPUT ALL
RxSpeed 38400
TXSPEED 38400
FlowControl Hardware
Line Vty 0 4
Password Cisco
login
!
end
Router Router2 is configured as follows:
Hostname Router2
!
Enable Secret 5 $ T4IUCIQAK8F / E4UG6DLT0K.J0
Enable Password Cisco
!
UserName Router1 Password Cisco
IP Subnet-Zero
Chat-script cisco-default "" "AT" Timeout 30 OK "ATDT / T" Timeout 30 Connect / C
Chat-script reset ATZ
!
Interface Ethernet0
IP Address 202.96.37.100 255.255.255.0
!
Interface serial0
IP Address 202.96.0.2 255.255.255.0
NO ip mroute-cache
Encapsulation x25
X25 Address 10112225
X25 HTC 16
X25 MAP IP 202.96.0.1 10112227 Broadcast
!
Interface serial1
No ip address
Shutdown
!
Interface async1
IP Address 202.96.1.2 255.255.255.252
ENCAPSULATION PPP
Keepalive 30
Async default routing
Async mode dedicated
Dialer In-Band
Dialer IDLE-TIMEOUT 60
Dialer Wait-for-Carrier-Time 120
Dialer Map IP 202.96.1.1 Name Router1 Modem-Script Cisco-Default 2113469
Dialer-group 1
PPP Authentication CHAP
!
Router EIGRP 200
Redistribute static
NetWork 202.96.0.0
!
NO ip classless
IP ROUTE 202.96.38.0 255.255.255.0 202.96.1.1 200
Dialer-List 1 Protocol IP permit
!
Line Con 0
EXEC-TIMEOUT 0 0
LINE AUX 0
Script Reset Reset
Modem inout
Modem AutoConfigure Discovery
TRANSPORT INPUT ALL
RxSpeed 38400
TXSPEED 38400
FlowControl Hardware
Line Vty 0 4
Password Cisco
login
!
end
Routing Protocol:
First, RIP protocol
Rip (ROUTING INFORMATION Protocol) is an earlier, using a preferred internal gateway protocol (Interior Gateway Protocol, referred to as IGP), for small similar networks, is a typical distance vector (Distance-Vector) protocol. The documentation shows RFC1058, RFC1723.
RIP switches routing information through broadcast UDP packets, and sends a routing information update every 30 seconds. RIP provides a hop count as a scale to measure routing distance, and the jump count is a number of routers that must be passed by a package to reach the target. If there is two routers that do not equally or different bandwidths, the jump count is the same, then the RIP believes that the two routes are equal. RIP supports up to 15, that is, the number of most routers to pass through the source and destination network is 15, and the number of hops is not reached. Configure
Task command
Specify Router Rip using RIP protocol
Specify RIP version Version {1 | 2} 1
Specifies network network network network network network network connected to the router
Note: 1.Cisco's RIP version 2 supports verification, key management, routing, free domain routing (CIDR), and changing subnet mask (VLSMS)
2. Example
Router1:
Router rip
Version 2
NetWork 192.200.10.0
NetWork 192.20.10.0
!
Related debug commands:
Show IP Protocol
Show ip route
Back to Contents
Second, IGRP protocol
IGRP (Interior Gateway Routing Protocol) is a dynamic distance vector routing protocol, which is designed by Cisco's 1980s. Use a combined user configuration scale, including delay, bandwidth, reliability, and load.
By default, IGRP sends a route update broadcast every 90 seconds, within 3 update cycles (ie 270 seconds), no route is not accessible from the first router from the routing. After 7 update cycles, 630 seconds, Cisco IOS software clears the route from the routing table.
Configure
Task command
Specify ROUTER IGRP Autonomous-System1 using RIP protocol
Specifies network network network network network network network connected to the router
Specifies Node Address Node Address Node Address NEIGHBOR IP-AddRess
Note: 1. Autonomous-System can build at will, not in the actual sense of autonomous-system, but the router running IGRP wants to swap routing update information It is the same.
2. Example
Router1:
Router IGRP 200
NetWork 192.200.10.0
NetWork 192.20.10.0
!
Third, OSPF protocol
OSPF (Open Shortest Path First) is an internal gateway protocol (IGP) for interior Gateway Protocol, for decision route in a single autonomous system (AS). As opposed to RIP, OSPF is a link status road with protocol, and RIP is a distance vector routing protocol.
The link is another statement of the router interface, so OSPF is also called an interface status routing protocol. OSPF creates a link status database through the status of the network interface between the router, generates the shortest path tree, and each OSPF router uses these shortest path to construct the routing table.
See RFC2178 in the document.
1. Command
Global Settings
Task command
Specify the use of an OSPF protocol Router OSPF Process-id1
Specifies network network address wildcard-mask area alla-id2 with the router
Specifies Node Address Node Address Node Address NEIGHBOR IP-AddRess
Note: 1. OSPF Routing Process Process-ID must specify within 1-65535, multiple OSPF processes can be configured on the same router, but it is best not to do so. Multiple OSPF processes require a copy of multiple OSPF databases that must run a copy of multiple shortest path algorithms. The Process-ID only works within the router, and the Process-ID of different routers can be different. 2, Wildcard-Mask is the counter code of the subnet mask, the decimal number of the network area ID area-ID in 0-4294967295, or X.x.x.x with IP address format. When the network area ID is 0 or 0.0.0.0, it is the main domain. The routers of different network areas are routing information through the main sanctuary.
2. Basic configuration example:
Router1:
Interface Ethernet 0
IP Address 192.1.0.129 255.255.255.192
!
Interface Serial 0
IP Address 192.200.10.5 255.255.255.252
!
Router OSPF 100
NetWork 192.200.10.4 0.0.0.3 Area 0
NetWork 192.1.0.128 0.0.0.63 Area 1
!
Router2:
Interface Ethernet 0
IP Address 192.1.0.65 255.255.255.192
!
Interface Serial 0
IP Address 192.200.10.6 255.255.255.252
!
Router OSPF 200
NetWork 192.200.10.4 0.0.0.3 Area 0
NetWork 192.1.0.64 0.0.0.63 Area 2
!
Router3:
Interface Ethernet 0
IP Address 192.1.0.130 255.255.255.192
!
Router OSPF 300
NetWork 192.1.0.128 0.0.0.63 Area 1
!
Router4:
Interface Ethernet 0
IP Address 192.1.0.66 255.255.255.192
!
Router OSPF 400
NetWork 192.1.0.64 0.0.0.63 Area 1
!
Related debug commands:
Debug ip OSPF Events
Debug ip ospf packet
Show ip OSPF
Show ip OSPF Database
Show ip OSPF Interface
Show ip ospf neighbor
Show ip route
3. Use authentication
For security reasons, we can enable authentication on the router of the same OSPF area, with only the routers of the same area that have been authenticated to notify each other.
By default, OSPF does not use zone verification. Authentication feature, plain text authentication and message summary (MD5) authentication can be enabled by two ways. Plain text authentication The authentication password is plain text, which will be determined by the network detector, so it is not safe, not recommended. And Message Summary (MD5) Authentication To encrypt your password before transferring authentication password, so it is generally recommended to use this method for authentication.
When using authentication, all router interfaces in the area must use the same authentication method. For the trial authentication, you must configure the password for each router interface for the area in the router interface configuration mode.
Task command
Specify authentication area-id authentication [message-digest]
Use plain text authentication IP OSPF Authentication-Key Password
Using Message Summary (MD5) Authentication IP OSPF Message-Digest-Key KeyID MD5 KEY The following examples are listed below, and examples of the network distribution and address allocation environments are the same as the above basic configuration, just in Router1 and Router2 area 0 The function of authentication is used. :
Example 1. Using plain text authentication
Router1:
Interface Ethernet 0
IP Address 192.1.0.129 255.255.255.192
!
Interface Serial 0
IP Address 192.200.10.5 255.255.255.252
IP OSPF Authentication-Key Cisco
!
Router OSPF 100
NetWork 192.200.10.4 0.0.0.3 Area 0
NetWork 192.1.0.128 0.0.0.63 Area 1
Area 0 Authentication
!
Router2:
Interface Ethernet 0
IP Address 192.1.0.65 255.255.255.192
!
Interface Serial 0
IP Address 192.200.10.6 255.255.255.252
IP OSPF Authentication-Key Cisco
!
Router OSPF 200
NetWork 192.200.10.4 0.0.0.3 Area 0
NetWork 192.1.0.64 0.0.0.63 Area 2
Area 0 Authentication
!
Example 2. Message Summary (MD5) Authentication:
Router1:
Interface Ethernet 0
IP Address 192.1.0.129 255.255.255.192
!
Interface Serial 0
IP Address 192.200.10.5 255.255.255.252
IP OSPF MESSAGE-DIGEST-Key 1 MD5 Cisco
!
Router OSPF 100
NetWork 192.200.10.4 0.0.0.3 Area 0
NetWork 192.1.0.128 0.0.0.63 Area 1
Area 0 Authentication Message-Digest
!
Router2:
Interface Ethernet 0
IP Address 192.1.0.65 255.255.255.192
!
Interface Serial 0
IP Address 192.200.10.6 255.255.255.252
IP OSPF MESSAGE-DIGEST-Key 1 MD5 Cisco
!
Router OSPF 200
NetWork 192.200.10.4 0.0.0.3 Area 0
NetWork 192.1.0.64 0.0.0.63 Area 2
Area 0 Authentication Message-Digest
!
Related debug commands:
Debug ip ospf adj
Debug ip OSPF Events
Back to Contents
Fourth, reassign the route
In actual work, we will encounter a network that uses multiple IP route protocols. In order to make the entire network work normally, a successful route must be reassigned between multiple routing protocols.
The following examples are exemplified by reassigning routing between OSPF and RIP:
Router1 Serial 0 port and Router2's Serial 0 port runs OSPF, running RIP 2, Router3 running RIP2, Router2, Router2, Router2, Router2, using default static routing. You need to redistribute OSPF and RIP routing between Router1 and Router3, reassign the static route and direct routes on Router2. Ordend involved in the example
Task command
Route Route Redistribute Connected
Redistribute static routing redistribute static
Redistribute OSPF Routing Redistribute OSPF Process-ID Metric Metric-Value
Re-allocate RIP Route Redistribute Rip Metric Metric-Value
Router1:
Interface Ethernet 0
IP Address 192.168.1.1 255.255.255.0
!
Interface Serial 0
IP Address 192.200.10.5 255.255.255.252
!
Router OSPF 100
Redistribute Rip Metric 10
NetWork 192.200.10.4 0.0.0.3 Area 0
!
Router rip
Version 2
Redistribute OSPF 100 Metric 1
NetWork 192.168.1.0
!
Router2:
Interface loopback 1
IP Address 192.168.3.2 255.255.255.0
!
Interface Ethernet 0
IP Address 192.168.0.2 255.255.255.0
!
Interface Serial 0
IP Address 192.200.10.6 255.255.255.252
!
Router OSPF 200
Redistribute Connected Subnet
Redistribute Static Subnet
NetWork 192.200.10.4 0.0.0.3 Area 0
!
IP ROUTE 192.168.2.0 255.255.255.0 192.168.0.1
!
Router3:
Interface Ethernet 0
IP Address 192.168.1.2 255.255.255.0
!
Router rip
Version 2
NetWork 192.168.1.0
!
Router4:
Interface Ethernet 0
IP Address 192.168.0.1 255.255.255.0
!
Interface Ethernet 1
IP Address 192.168.2.1 255.255.255.0
!
IP Route 0.0.0.0 0.0.0.0 192.168.0.2
!
V. IPX protocol settings
IPX protocols and IP protocols are two different network layer protocols, and their routing protocols are different. The IPX routing protocol is unlike IP's routing protocol, so it is relatively simple. However, the IPX protocol must specify the package in the Ethernet.
1. Command
Start IPX Routing IPX Routing
Set IPX Network and Ethernet Packaging Form IPX Network Network [Encapsulation Encapsulation-Type] 1
Specifies the routing protocol, default is Rip IPX Router {EIGRP Autonomous-System-Number | NLSP [Tag] | RIP}
Note: 1.Network range is 1 to FFFFFFD.IPx Package Type List
Interface Type Package Type IPX Frame Type
Ethernet Novell-Ether (default) Arpa SAP Snap Ethernet_802.3 Ethernet_ii Ethernet_802.2 ethernet_snap
Token Ring SAP (default) Snap token-ring token-ring_snap
FDDI SNAP (default) SAP Novell-FDDI FDDI_SNAP FDDI_802.2 FDDI_RAW
Example:
In this case, the WAN's IPX network is 3A00. The local area network IPX network number connected to Router1 is 2A00. There is a Novell server in this LAN, the IPX network number is also 2A00, the IPX network number of the router interface must be with Novell in the same network. The IPX network number set on the server is the same. The router establishes a known service and its own network address table by listening to SAP, and sends its own SAP table every 60 seconds.
Router1:
IPX Routing
Interface Ethernet 0
IPX Network 2a00 Encapsulation SAP
!
Interface Serial 0
IPX Network 3a00
!
IPX Router EIGRP 10
NetWork 3a00
NetWork 2a00
!
Router2:
IPX Routing
Interface Ethernet 0
IPX Network 2B00 Encapsulation SAP
!
Interface Serial 0
IPX Network 3a00
!
IPX Router EIGRP 10
Network 2B00
NetWork 3a00
!
Related debug commands:
Debug ipx packet
Debug ipx routing
Debug IPX SAP
Debug ipx spoof
Debug IPX SPX
Show ipx EIGRP Interfaces
Show ipx eigrp neighbors
Show IPX EIGRP TOPOLOGY
SHOW IPX Interface
SHOW ipx route
Show ipx servers
Show ipx spx-spoof
V. IPX protocol settings
IPX protocols and IP protocols are two different network layer protocols, and their routing protocols are different. The IPX routing protocol is unlike IP's routing protocol, so it is relatively simple. However, the IPX protocol must specify the package in the Ethernet.
1. Command
Start IPX Routing IPX Routing
Set IPX Network and Ethernet Packaging Form IPX Network Network [Encapsulation Encapsulation-Type] 1
Specifies the routing protocol, default is Rip IPX Router {EIGRP Autonomous-System-Number | NLSP [Tag] | RIP}
Note: 1.Network range is 1 to FFFFFFD.
IPX package type list
Interface Type Package Type IPX Frame Type
Ethernet Novell-Ether (default) Arpa SAP Snap Ethernet_802.3 Ethernet_ii Ethernet_802.2 ethernet_snap
Token Ring SAP (default) Snap token-ring token-ring_snap
FDDI SNAP (default) SAP Novell-FDDI FDDI_SNAP FDDI_802.2 FDDI_RAW
Example:
In this case, the WAN's IPX network is 3A00. The local area network IPX network number connected to Router1 is 2A00. There is a Novell server in this LAN, the IPX network number is also 2A00, the IPX network number of the router interface must be with Novell in the same network. The IPX network number set on the server is the same. The router establishes a known service and its own network address table by listening to SAP, and sends its own SAP table every 60 seconds. Router1:
IPX Routing
Interface Ethernet 0
IPX Network 2a00 Encapsulation SAP
!
Interface Serial 0
IPX Network 3a00
!
IPX Router EIGRP 10
NetWork 3a00
NetWork 2a00
!
Router2:
IPX Routing
Interface Ethernet 0
IPX Network 2B00 Encapsulation SAP
!
Interface Serial 0
IPX Network 3a00
!
IPX Router EIGRP 10
Network 2B00
NetWork 3a00
!
Related debug commands:
Debug ipx packet
Debug ipx routing
Debug IPX SAP
Debug ipx spoof
Debug IPX SPX
Show ipx EIGRP Interfaces
Show ipx eigrp neighbors
Show IPX EIGRP TOPOLOGY
SHOW IPX Interface
SHOW ipx route
Show ipx servers
Show ipx spx-spoof
4,, chapter service quality and access control
First, protocol priority settings
1. Command
Task command
Set Priority Table Project Priority-List List-Number Protocol Protocol {High | Medium | Normal | Low} Queue-Keyword Keyword-Value
Use the specified priority table priority-group list-number
2. Example
Router1:
Priority-List 1 Protocol ip high TCP Telnet
Priority-List 1 Protocol IP Low TCP FTP
Priority-List 1 Default Normal
Interface Serial 0
Priority-group 1
Back to Contents
Second, the queue customization
1. Command
Task command
Set queue list included protocol Queue-List List-Number Protocol Protocol-Name Queue-Number Queue-Keyword Keyword-Value
Set queue size Queue-list list-number queueueue-number byte-count byte-count-number queueue-count-number
Use the specified queue table Custom-Queue-List LIST
2. Example
Router1:
Queue-List 1 Protocol IP 0 TCP Telnet
Queue-List 1 Protocol IP 1 TCP WWW
Queue-List 1 Protocol IP 2 TCP FTP
Queue-List 1 Queue 0 byte-count 300
Queue-list 1 Queue 1 byte-count 200
Queue-List 1 Queue 2 byte-count 100
Interface Serial 0
Custom-Queue-List 1
Back to Contents
Third, access control
1. Command
Task command
Set access table item access-list list {permit | Deny} Address Mask Setup queue Queueue-list list-number queueue-list list-number queueueue-number byte-count Byte-Count-Number
Use the specified access table IP Access-group list {in | out}
2. Example
Router1:
Access-List 1 deny 192.1.3.0 0.0.0.255
Access-list 1 permit ANY
Interface Serial 0
IP Access-Group 1 in
Back to Contents
Virtual LAN (VLAN) route
First, virtual local area network (VLAN)
The backbone network technology currently used in our constructor network is generally based on exchange and virtual networks. Exchange technology change the shared medium to exclusive media, greatly improves the network speed. Virtual network technology breaks the constraints of geographical environments, can arbitrarily move the workstation between the workstation or subnets, the workstation, and improve the operational performance of the information system, and improve the operational performance of the information system, and improve the operational performance of the information system. Balanced network data traffic, reasonable hardware and information resources. At the same time, using virtual network technology, it greatly reduces the burden on network management and maintenance, and reduces network maintenance costs. With the application of virtual network technology, it will inevitably produce how communication between virtual networks.
Back to Contents
Second, the Switching Link (ISL) protocol
ISL (Interior Switching Link) protocol is used to implement VLAN relay between switches. It is a packet tag protocol that consists of a frame transmitted on the ISL interface, consists of a standard Ethernet frame and related VLAN information. As shown in the figure below, data from different VLANs can be transmitted on the interface that supports ISL.
Third, the virtual local area network (VLAN) routing instance
3.1. Example:
Equipment selection 1 Catalyst5500 switch, install the WS-X5530-E3 management engine, multiple WS-X5225R and WS-X5302 routing switch modules, WS-X5302 is directly inserted into the switch, connected to the VLAN on the system backplane through two channels, From the user's perspective, it is considered that it is a 1 interface module that supports ISL. There are 3 virtual networks in the switch, named DEFAULT, QBW, RGW, and realize virtual network routes via WS-X5302.
The following increases the lower horizontal portion, such as the set system name 5500c for the command to be set.
Set as follows:
Catalyst 5500 configuration:
Begin
Set Password $ FMFQ $ HFZR5DUSZVHIRHRZ4H6V70
Set EnablePass $ FMFQ $ HFZR5DUSZVHIRHRZ4H6V70
Set Prompt Console>
Set Length 24 Default
Set logout 20
Set banner motd ^ c ^ c
!
#System
Set system baud 9600
Set System Modem Disable
Set System Name 5500C
Set System Location
Set System Contact
!
#ip
SET Interface SC0 1 10.230.4.240 255.255.255.0 10.230.4.255
Set Interface SC0 UP
Set Interface SL0 0.0.0.0 0.0.0.0
Set Interface SL0 UP
SET ARP AGINGTIME 1200
Set ip redirect enable
SET IP Unreachable Enable
Set IP Fragmentation Enable
Set IP Route 0.0.0.0 10.230.4.15 1
Set ip alias default 0.0.0.0
!
#Command alias
!
#vtp
Set VTP Domain HNE
Set VTP Mode Server
SET VTP V2 Disable
Set vtp pruning disable
SET VTP PruneEliGible 2-1000
Clear vtp pruneEligible 1001-1005
Set Vlan 1 Name Default Type Ethernet MTU 1500 Said 100001 State Active
SET VLAN 777 Name RGW Type Ethernet MTU 1500 Said 100777 State Active
Set VLAN 888 Name QBW Type Ethernet MTU 1500 Said 100888 State Active
SET VLAN 1002 Name FDDI-Default Type FDDI MTU 1500 Said 101002 State Active
SET VLAN 1004 Name FDDINET-Default Type FDDINET MTU 1500 SAID 101004 State Active Bridge 0x0 STP IEEE
Set VLAN 1005 Name Trnet-Default Type Trbrf MTU 1500 Said 101005 State Active Bridge 0x0 STP IBM
SET VLAN 1003 Name token-Ring-Default Type Trcrf MTU 1500 Said 101003 State Active Parent 0 Ring 0x0 Mode SRB Aremaxhop 7 STEMAXHOP 7
!
#set boot command
SET Boot Config-Register 0x102
SET Boot System Flash Bootflash: Cat5000-Sup3.4-3-1a.bin
!
#Module 1: 2-Port 1000Baselx Supervisor
Set Module Name 1
SET VLAN 1 1 / 1-2
SET port enable 1 / 1-2
!
#Module 2: EMPTY
!
#Module 3: 24-Port 10 / 100Basetx Ethernet
Set Module Name 3
Set module enable 3
SET VLAN 1 3 / 1-22
Set VLAN 777 3/23
SET VLAN 888 3/24
Set trunk 3/1 on ISL 1-1005
#Module 4 EMPTY
!
#Module 5 EMPTY
!
#Module 6: 1-Port Route Switch
Set Module Name 6
Set Port Level 6/1 Normal Normal
Set port trap 6/1 disable
SET port name 6/1
SET CDP Enable 6/1
SET CDP Interval 6/1 60
Set trunk 6/1 on ISL 1-1005
!
#Module 7: 24-Port 10 / 100Basetx Ethernet
Set Module Name 7
SET MODULE ENABLE 7
SET VLAN 1 7 / 1-22
SET VLAN 888 7 / 23-24
Set trunk 7/1 on ISL 1-1005
Set trunk 7/2 on ISL 1-1005
!
#Module 8 EMPTY
!
#Module 9 EMPTY
!
#Module 10: 12-Port 100Basefx MM EthernetSet Module Name 10
Set module enable 10
SET VLAN 1 10 / 1-12
Set Port Channel 10 / 1-4 OFF
Set Port Channel 10 / 5-8 OFF
Set Port Channel 10 / 9-12 OFF
Set Port Channel 10 / 1-2 on
Set Port Channel 10 / 3-4 on
Set Port Channel 10 / 5-6 ON
Set Port Channel 10 / 7-8 ON
Set Port Channel 10 / 9-10 ON
Set Port Channel 10 / 11-12 ON
#Module 11 EMPTY
!
#Module 12 EMPTY
!
#Module 13 EMPTY
!
#Switch Port Analyzer
! set span 1 1/1 Both INPKTS DISABLE
Set span disable
!
#cam
Set Cam AgingTime 1-2, 777, 888, 1003, 1005 300
end
5500C> (enable)
WS-X5302 Routing Module Setting:
Router # WRI T
Building configuration ...
CURRENT Configuration:
!
Version 11.2
No Service Password-Encryption
No Service UDP-Small-Servers
No Service TCP-Small-Servers
!
Hostname Router
!
Enable Secret 5 $ W1kk $ AJK69FGOD7BQKHKCSNBF6.
!
IP Subnet-Zero
!
Interface VLAN1
IP Address 10.230.2.56 255.255.255.0
!
Interface VLAN777
IP Address 10.230.3.56 255.255.255.0
!
Interface VLAN888
IP Address 10.230.4.56 255.255.255.0
!
NO ip classless
!
Line Con 0
LINE AUX 0
Line Vty 0 4
Password Router
login
!
end
Router #
3.1. Example 2:
The switching device still uses a Catalyst5500 switch, installs the WS-X5530-E3 management engine, multi-piece WS-X5225R has 3 virtual networks in the switch, named Default, QBW, RGW, realized virtual network route through the Cisco3640 router . Switch settings and examples.
The router Cisco3640 is equipped with an NM-1FE-TX module that provides ISL with a fast Ethernet interface. The Cisco3640 Quick Ethernet interface is connected to a support ISL port on the switch, such as the third slot of the switch (3/1 port).
Router # WRI T
Building configuration ...
CURRENT Configuration:
!
Version 11.2
No Service Password-Encryption
No Service UDP-Small-Servers
No Service TCP-Small-Servers
!
Hostname Router
!
Enable Secret 5 $ W1kk $ AJK69FGOD7BQKHKCSNBF6.
!
IP Subnet-Zero
!
Interface FasteThernet1 / 0!
Interface Fastethernet1 / 0.1
Encapsulation ISL 1
IP Address 10.230.2.56 255.255.255.0
!
Interface FasteThernet1 / 0.2
Encapsulation ISL 777
IP Address 10.230.3.56 255.255.255.0
!
Interface Fastethernet1 / 0.3
Encapsulation ISL 888
IP Address 10.230.4.56 255.255.255.0
!
NO ip classless
!
Line Con 0
LINE AUX 0
Line Vty 0 4
Password Router
login
!
end
Router #
Back to Contents
Reference reference:
1, Cisco Routor Delivery Recovery
When the password of the Cisco router is incorrectly modified or forgotten, you can follow the steps:
1. Press
2. Press the O command to read the original value of the configuration register.
> o General value is 0x2102
3. Take the following settings to ignore NVRAM boots
> o / r0x ** 4 * Cisco2500 series command
ROMMON 1> confreg 0x ** 4 * Cisco2600, 1600 series command
General normal value is 0x2102
4. Restart the router
> I
Rommon 2> Reset
5. In the "Setup" mode, answer NO for all questions
6. Enter privileged model
Router> enable
7. Download NVRAM
Router> Configure Memory
8. Restore the original configuration register value and activate all ports
Hostname #Configure Terminal
"Hostname" (config) # config-register 0x "Value"
"Hostname" (config) #interface xx
"Hostname" (config) #no shutdown
9. Query and record the lost password
"Hostname" #SHOW Configuration (Show Startup-Config)
10. Modify the password
"Hostname" #configure te
