Configurazione Router Cisco per HDSL e Backup isdn
(Redirected from Configurazione Router Cisco per HDSL)
Preparazione
- Impostare un programma di comunicazione seriale a 9600 N 8 1
- Collegare il router con il cavo Cisco alla seriale ed aprire il collegamento
- Inserire la password
- Entrare in modo configurazione, utilizando l'apposita password con il comando
enable
- Cancellare la configurazione esistente:
lmrouter01#erase startup-config Erasing the nvram filesystem will remove all files! Continue? [confirm] *Mar 1 01:53:27.167: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Configurazione base
- Riavviare il router:
lmrouter01#reload Proceed with reload? [confirm] *Mar 1 01:54:37.115: %SYS-5-RELOAD: Reload requested by console.
- Il router si riavvia:
System Bootstrap, Version 12.2(1r)XE1, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
Copyright (c) 2001 by cisco Systems, Inc.
C1700 platform with 131072 Kbytes of main memory
program load complete, entry point: 0x80008000, size: 0x918b7c
Self decompressing the image : ################################################]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) C1700 Software (C1700-SV8Y-M), Version 12.2(11)T7, RELEASE SOFTWARE ()
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 28-Feb-03 12:27 by dchih
Image text-base: 0x80008124, data-base: 0x81136984
cisco 1751 (MPC860P) processor (revision 0x300) with 117965K/13107K bytes of me.
Processor board ID FOC073123ZL (1457091729), with hardware revision 0000
MPC860P processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
- Al termone inizia il menù diconfigurazione:
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:yes
- Si configura ora il management del router:
At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system Would you like to enter basic management setup? [yes/no]: yes
- Impostare il nome del router:
Configuring global parameters: Enter host name [Router]: lmrouter01
Impostare il secret per l'enable:
The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: ciscosecret
Impostare la password di enable:
The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: ciscoenable
Impostare la password per il collegamento in terminale:
The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: ciscoterminal
Non impostare la configurazione snmp:
Configure SNMP Network Management? [yes]: no
Ora viene mostrata la schermata di summary per la configurazione delle interfacce installate:
Interface IP-Address OK? Method Status Prol FastEthernet0/0 unassigned NO unset up up Serial0/0 unassigned NO unset up dow Serial0/1 unassigned NO unset down dow BRI1/0 unassigned NO unset up dow BRI1/0:1 unassigned YES unset down dow BRI1/0:2 unassigned YES unset down dow
Configurazione Ethernet
Configuriamo ora l'interfaccia di managemente:
Enter interface name used to connect to the
management network from the above interface summary: FastEthernet0/0
Configuring interface FastEthernet0/0:
Use the 100 Base-TX (RJ-45) connector? [yes]:
Operate in full-duplex mode? [no]: y
Configure IP on this interface? [yes]: y
IP address for this interface: 192.168.1.17
Subnet mask for this interface [255.255.255.0] :
Class C network is 192.168.1.0, 24 subnet bits; mask is /24
Vengono ora mostrati i comandi di configurazione generati:
The following configuration command script was created: hostname lmrouter01 enable secret 5 $1$knzX$5LdGH1VJfPst5XZhlJXho. enable password ciscoenable line vty 0 4 password ciscoterminal no snmp-server ! no ip routing ! interface FastEthernet0/0 no shutdown media-type 100BaseX full-duplex ip address 192.168.1.17 255.255.255.0 ! interface Serial0/0 shutdown no ip address ! interface Serial0/1 shutdown no ip address ! end
Salvare la configurazione:
[0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]:
Verrà compilata òa configurazione, dopodichè, premendo invio, si arriverà al prompt del router:
Building configuration... Use the enabled mode 'configure' command to modify this configuration. Press RETURN to get started! *Mar 1 00:00:04.575: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state p *Mar 1 00:00:05.583: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherp *Mar 1 00:00:10.487: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 00:00:10.491: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down *Mar 1 00:00:11.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0p *Mar 1 00:00:11.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1n *Mar 1 00:00:11.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherp *Mar 1 00:01:06.327: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0n *Mar 1 00:01:08.331: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0p *Mar 1 00:01:28.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0n *Mar 1 00:07:19.159: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down *Mar 1 00:07:30.239: %LINK-5-CHANGED: Interface Serial0/0, changed state to adn *Mar 1 00:07:30.303: %LINK-5-CHANGED: Interface Serial0/1, changed state to adn *Mar 1 00:07:40.795: %LINK-5-CHANGED: Interface BRI1/0, changed state to adminn *Mar 1 00:07:41.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0, cn *Mar 1 00:07:51.731: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-SV8Y-M), Version 12.2(11)T7, RELEASE SOFTWARE () TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Fri 28-Feb-03 12:27 by dchih *Mar 1 00:07:51.755: %SNMP-5-COLDSTART: SNMP agent on host lmrouter01 is undert *Mar 1 00:07:55.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern *Mar 1 00:08:03.479: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherp lmrouter01>
Entrare in modalità enable, con la password di enable secret:
lmrouter01>enable Password: ciscosecret lmrouter01#
Cambia il prompt.
Visualizzare la configurazione corrente tramite il comando show running-config.
E' possibile terminare i comandi con il TAB o usare anche le abbreviazioni. Qualora si desiderasse aiuto, digitare comando ?
lmrouter01#sh run Building configuration... Current configuration : 863 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname lmrouter01 ! enable secret 5 $1$knzX$5LdGH1VJfPst5XZhlJXho. enable password ciscoenable ! ip subnet-zero no ip routing ! ! ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! interface FastEthernet0/0 ip address 192.168.1.17 255.255.255.0 no ip route-cache speed auto full-duplex ! interface Serial0/0 no ip address no ip route-cache shutdown ! interface Serial0/1 no ip address no ip route-cache shutdown ! interface BRI1/0 no ip address no ip route-cache shutdown ! ip classless no ip http server ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 password ciscoterminal login ! no scheduler allocate end
Abilitiamo ora la richiesta di password per il collegamento da console o telnet:
Entriamo in modalità configurazione:
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z.
Selezioniamo la console 0:
lmrouter01(config)#line console 0 lmrouter01(config-line)#
Impostiamo la password per la console:
lmrouter01(config-line)#password ciscoconsole lmrouter01(config-line)#login
Terminiamo con CTRL-Z:
lmrouter01(config-line)#^Z lmrouter01# *Mar 1 00:19:05.255: %SYS-5-CONFIG_I: Configured from console by console lmrouter01#
Usciamo con exit, e al ricollegamento chiederà la password:
User Access Verification Password: ciscoconsole
Configurazione interfaccia Seriale
Entriamo nel menù di configurazione fino al prompt dell'interfaccia (aiutiamoci con il TAB):
lmrouter01>enable Password:ciscosecret lmrouter01#configure terminal Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#interface Serial 0/0 lmrouter01(config-if)#
Incolliamo i comandi di configurazione:
Seleziona l'interfaccia
interface Serial0/0
Senza ip:
no ip address
Dichiara il tipo di linea:
encapsulation frame-relay IETF
E' così:
no fair-queue
Tipo linea ANSI (non cisco)
frame-relay lmi-type ansi
Linea di commento
!
Ora si configura l'interfaccia vera e propria:
interface Serial0/0.1 point-to-point
Descrizione:
description connected to Internet
Indirizzi ip associati (sarà l'ip pubblico associato alla seriale, raggiungibile anche in caso di zottamento della ethernet):
ip address 83.211.14.110 255.255.255.252
Si associano quattro indirizzi IP:
- Network: 83.211.14.108 - Ip altro router in centrale: 83.211.14.109 - Ip Seriale: 83.211.14.110 - Broadcast: 83.211.14.111
Eventuale Access list
ip access-group 101 in
Eventuale nat
ip nat outside
Tipo linea:
frame-relay interface-dlci 20 IETF
Commento: !
Ecco i comandi:
interface Serial0/0 no ip address encapsulation frame-relay IETF no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.1 point-to-point description connected to Internet ip address 83.211.14.110 255.255.255.252 frame-relay interface-dlci 20 IETF ! interface Serial0/1 no ip address shutdown !
Eccoli incollati:
lmrouter01(config-if)#interface Serial0/0 lmrouter01(config-if)# no ip address lmrouter01(config-if)# encapsulation frame-relay IETF lmrouter01(config-if)# no fair-queue lmrouter01(config-if)# frame-relay lmi-type ansi lmrouter01(config-if)#! lmrouter01(config-if)#interface Serial0/0.1 point-to-point lmrouter01(config-subif)# description connected to Internet lmrouter01(config-subif)# ip address 83.211.14.110 255.255.255.252 lmrouter01(config-subif)# frame-relay interface-dlci 20 IETF lmrouter01(config-fr-dlci)#! lmrouter01(config-fr-dlci)#interface Serial0/1 lmrouter01(config-if)# no ip address lmrouter01(config-if)# shutdown
Attivare la sotto-interfaccia:
lmrouter01(config-if)#no shutdown lmrouter01(config-if)# *Mar 1 01:00:49.023: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
Se si sono messi i co0mandi di ip e access-group, disabilitarli precedendoli con no<spazio>
Salvare la configurazione con CTRL-Z e veificarla:
lmrouter01(config-if)#^Z *Mar 1 01:02:55.855: %SYS-5-CONFIG_I: Configured from console by console lmrouter01#show running-config Building configuration... Current configuration : 1151 bytes ! version 12.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname lmrouter01 ! enable secret 5 $1$knzX$5LdGH1VJfPst5XZhlJXho. enable password ciscoenable ! ip subnet-zero no ip routing ! ! ! ! ! voice call carrier capacity active ! ! ! ! ! ! ! ! ! mta receive maximum-recipients 0 ! ! ! interface FastEthernet0/0 ip address 192.168.1.17 255.255.255.0 no ip route-cache speed auto full-duplex ! interface Serial0/0 no ip address encapsulation frame-relay IETF no ip route-cache no ip mroute-cache shutdown no fair-queue frame-relay lmi-type ansi ! interface Serial0/0.1 point-to-point description connected to Internet ip address 83.211.14.110 255.255.255.252 no ip route-cache frame-relay interface-dlci 20 IETF ! interface Serial0/1 no ip address no ip route-cache ! interface BRI1/0 no ip address no ip route-cache shutdown ! ip classless no ip http server ! ! ! call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! line con 0 password ciscoconsole login line aux 0 line vty 0 4 password ciscoterminal login ! no scheduler allocate end
Se il router è un "voice:
conf t no call rsvp-sync
Attivare anche l'interfaccia Serial0:
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#interface Serial 0/0 lmrouter01(config-if)#no shutdown lmrouter01(config-if)#^Z *Mar 1 01:10:04.087: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down *Mar 1 01:10:04.543: %SYS-5-CONFIG_I: Configured from console by console
Verificare lo stato delle interfacce in maniera riassuntiva:
lmrouter01#show ip interface brief Interface IP-Address OK? Method Status Prol FastEthernet0/0 192.168.1.17 YES manual up up Serial0/0 unassigned YES manual down dow Serial0/0.1 83.211.14.110 YES manual down dow Serial0/1 unassigned YES manual down dow BRI1/0 unassigned YES unset administratively down dow BRI1/0:1 unassigned YES unset administratively down dow BRI1/0:2 unassigned YES unset administratively down dow
Colleghiamo ora con il cavo CAB-SS-V35MT il DCE o un altro router configurato con l'ip giusto ed un cavo femmina CAB-V35FC m.3; noteremo che l'interfaccia seriale va in up e si accende la lucinaCONN dietro la scheda:
*Mar 1 00:55:18.203: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 00:55:29.203: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up
Impostiamo la default route ed Attiviamo il routing:
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0.1 lmrouter01(config)#ip routing lmrouter01(config)#^Z *Mar 1 01:28:12.115: %SYS-5-CONFIG_I: Configured from console by console
Pinghiamo il router in centrale:
lmrouter01#ping 83.211.14.109 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 83.211.14.109, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Configuriamo ora l'interfaccia ISDN:
! interface BRI1/0 description connected to Internet no ip address encapsulation ppp dialer pool-member 1 isdn switch-type basic-net3 isdn tei-negotiation first-call isdn point-to-point-setup no cdp enable ppp authentication pap chap callin ppp multilink !
Seleiona la scheda
interface BRI1/0
Descrizione
description connected to Internet
Nessun ip per la scheda:
no ip address
Usa Ppp
encapsulation ppp
Così
dialer pool-member 1
ISDN Europea
isdn switch-type basic-net3 isdn tei-negotiation first-call
Punto punto
isdn point-to-point-setup
???
no cdp enable
Autenticaione ppp anche per dialin vi isdn
ppp authentication pap chap callin
Aggrega i due canali
ppp multilink
Eccoli:
lmrouter01(config)#interface BRI1/0 lmrouter01(config-if)# description connected to Internet lmrouter01(config-if)# no ip address lmrouter01(config-if)# encapsulation ppp lmrouter01(config-if)# dialer pool-member 1 lmrouter01(config-if)# isdn switch-type basic-net3 lmrouter01(config-if)# isdn tei-negotiation first-call lmrouter01(config-if)# isdn point-to-point-setup lmrouter01(config-if)# no cdp enable lmrouter01(config-if)# ppp authentication pap chap callin lmrouter01(config-if)# ppp multilink lmrouter01(config-if)# *Mar 1 01:17:14.543: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:1,n *Mar 1 01:17:14.547: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2,n
Configuriamo ora la connessione isdn:
Selezioniamo la connessione:
interface Dialer1
Descrizione
description connected to Internet
PRende ip in dhcp
ip address negotiated
Eventiuale nat in uscita
ip nat outside
Protocollo PPP
encapsulation ppp
??
no ip split-horizon
Crea un pool 1
dialer pool 1
Nome descrittivo remoto
dialer remote-name Backup-EDT
Timeout connesione 1 secondo
dialer idle-timeout 1
Numero da fare
dialer string 7021010742
??
dialer load-threshold 1 either
Fa parte del watch group 1 (vedi dopo)
dialer watch-group 1
Gruppo 1
dialer-group 1
??
no cdp enable
Valido per dialin
ppp authentication chap pap callin
Nome da inviare per l'autenzicazione chap:
ppp chap hostname ca0000@livecom.it
Passowrd del collegamento non cifrata:
ppp chap password 0 pippo
Dati autenticazione pap
ppp pap sent-username ca0000@livecom.it password 0 pippo
Usa multilink
ppp multilink
Solo dopo 30 secondi on demand
ppp timeout multilink link add 30
Termina multilink dopo 30 sec on demand
ppp timeout multilink link remove 30
Eccoli:
interface Dialer1 description connected to Internet ip address negotiated ip nat outside encapsulation ppp no ip split-horizon dialer pool 1 dialer remote-name Backup-EDT dialer idle-timeout 1 dialer string 7021010742 dialer load-threshold 1 either dialer watch-group 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname ca0000@livecom.it ppp chap password 0 pippo ppp pap sent-username ca0000@livecom.it password 0 pippo ppp multilink ppp timeout multilink link add 30 ppp timeout multilink link remove 30
Attiviamo la config:
lmrouter01(config)#interface Dialer1 lmrouter01(config-if)# description connected to Internet lmrouter01(config-if)# ip address negotiated lmrouter01(config-if)# ip nat outside lmrouter01(config-if)# encapsulation ppp lmrouter01(config-if)# no ip split-horizon lmrouter01(config-if)# dialer pool 1 lmrouter01(config-if)# dialer remote-name Backup-EDT lmrouter01(config-if)# dialer idle-timeout 1 lmrouter01(config-if)# dialer string 7021010742 lmrouter01(config-if)# dialer load-threshold 1 either lmrouter01(config-if)# dialer watch-group 1 lmrouter01(config-if)# dialer-group 1 lmrouter01(config-if)# no cdp enable lmrouter01(config-if)# ppp authentication chap pap callin lmrouter01(config-if)# ppp chap hostname ca0000@livecom.it lmrouter01(config-if)# ppp chap password 0 pippo lmrouter01(config-if)# ppp pap sent-username ca0000@livecom.it password 0 pippo lmrouter01(config-if)# ppp multilink lmrouter01(config-if)# ppp timeout multilink link add 30 lmrouter01(config-if)# ppp timeout multilink link remove 30 lmrouter01(config-if)#^Z *Mar 1 01:44:39.399: %SYS-5-CONFIG_I: Configured from console by console
Configuriamo ora il watch list, cioè il modo in cui il router cpisce se la connessione seriale hdsl è morta:
Controlla gli ip della route relativa alla seriale:
dialer watch-list 1 ip 83.211.14.108 255.255.255.252
Attendi 2 minuti prima di switchare su isdn:
dialer watch-list 1 delay connect 120
Quando ritorna attiva la seriale, aspetta due minuti prima di riconnetterti:
dialer watch-list 1 delay disconnect 20
???? dialer-list 1 protocol ip deny
dialer watch-list 1 ip 83.211.14.108 255.255.255.252 dialer watch-list 1 delay connect 120 dialer watch-list 1 delay disconnect 20 dialer-list 1 protocol ip deny
Eccoli:
lmrouter01#configure terminal Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#dialer watch-list 1 ip 83.211.14.108 255.255.255.252 lmrouter01(config)#dialer watch-list 1 delay connect 120 lmrouter01(config)#dialer watch-list 1 delay disconnect 20 lmrouter01(config)#dialer-list 1 protocol ip deny lmrouter01(config)#^Z *Mar 1 01:49:27.151: %SYS-5-CONFIG_I: Configured from console by console
Ora assegniamo uan default route anche alla isdn, con metrica 100, che apparirò solo quando sparisce quella della Seriale e sale la isdn:
ip route 0.0.0.0 0.0.0.0 Dialer1 100
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1 100 lmrouter01(config)#^Z *Mar 1 01:51:39.063: %SYS-5-CONFIG_I: Configured from console by console
Impostiamo i parametri generali ISDN:
isdn switch-type basic-net3 isdn tei-negotiation first-call
Eccoli:
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#isdn switch-type basic-net3 lmrouter01(config)#isdn tei-negotiation first-call Reload router to activate new configuration lmrouter01(config)#^Z *Mar 1 01:55:00.675: %SYS-5-CONFIG_I: Configured from console by console
NOTARE IL MESSAGGIO CHE INTIMA DI RIAVIARE PER CAMBIARE LA CONFIGURAZIONE ISDN !!! Se non si riavvia, la isdn si collegherà, ma non si riuscirà a pingare !!
Controlliamo lo stato del Dialer che deve essere UP:
lmrouter01#sh ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.17 YES manual up up Serial0/0 unassigned YES manual up up Serial0/0.1 83.211.14.110 YES manual up up Serial0/1 unassigned YES manual down down BRI1/0 unassigned YES manual administratively down down BRI1/0:1 unassigned YES unset administratively down down BRI1/0:2 unassigned YES unset administratively down down Dialer1 unassigned YES manual up up
Guardiamo lo stato della seriale:
lmrouter01#show interfaces serial 0/0
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY IETF, loopback not set
Keepalive set (10 sec)
LMI enq sent 205, LMI stat recvd 204, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 117/0, interface broadcasts 80
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 00:57:58
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
291 packets input, 18657 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
12 input errors, 1 CRC, 9 frame, 0 overrun, 0 ignored, 2 abort
331 packets output, 20575 bytes, 0 underruns
0 output errors, 0 collisions, 28 interface resets
0 output buffer failures, 0 output buffers swapped out
47 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Il BW 1544 Kbit indica la banda configurata.
Verifichiamo la routing table:
lmrouter01#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
83.0.0.0/30 is subnetted, 1 subnets
C 83.211.14.108 is directly connected, Serial0/0.1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Serial0/0.1
Colleghiamo il cavo ISDN.
Attiviamo l'interfaccia:
interface bri 1/0 no shutdown
Eccolo:
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#interface bri 1/0 lmrouter01(config-if)#no shut lmrouter01(config-if)#no shutdown *Mar 1 02:06:10.359: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to down *Mar 1 02:06:10.363: %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to down *Mar 1 02:06:22.055: %SYS-5-CONFIG_I: Configured from console by console
Salviamo la configurazione:
write memory
lmrouter01#write memory Building configuration... [OK]
RIAVVIAMO IL ROUTER PER IMPOSTARE LA CONFIGURAIONE ISDN !!!!
lmrouter01#reload Proceed with reload? [confirm]y *Mar 1 02:49:19.515: %SYS-5-RELOAD: Reload requested by console.
Al riavvio si avrà:
*Mar 1 00:00:04.595: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state p *Mar 1 00:00:05.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherp *Mar 1 00:00:10.511: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 00:00:10.515: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down *Mar 1 00:00:11.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0p *Mar 1 00:00:11.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1n *Mar 1 00:00:11.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherp *Mar 1 00:00:12.959: %SYS-5-CONFIG_I: Configured from memory by console *Mar 1 00:00:13.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:1,n *Mar 1 00:00:13.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2,n *Mar 1 00:00:13.419: %LINK-3-UPDOWN: Interface BRI1/0, changed state to up
La spia ISDN deve essere su accendersi su OK e poi spegnersi.
Verifica operatività backup isdn
Colleghiamo il cavo isdn
Proviamo a fare una chiamta di test ad un numero isdn:
lmrouter01#isdn test call interface bri1/0:1 7020005034 *Mar 1 00:14:32.935: %ISDN-6-LAYER2UP: Layer 2 for Interface BR1/0, TEI 66 changed to up *Mar 1 00:14:34.299: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to up *Mar 1 00:14:34.439: %ISDN-6-CONNECT: Interface BRI1/0:1 is now connected to 7020005034 milano-nas *Mar 1 00:14:34.591: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to down *Mar 1 00:14:46.323: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR1/0, TEI 66 changed to down *Mar 1 00:14:57.019: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI1/0, TEI 66 changed to down
Se invece non c'è la linea, non succede nulla.
Stacchiamo la seriale:
*Mar 1 02:01:30.011: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down *Mar 1 02:01:31.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to
, la scheda sente la linea e diventa disponibile la route di nbackup:
lmrouter01#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Dialer1
Attendiamo 120 secondi:
*Mar 1 02:10:42.687: %ISDN-6-LAYER2UP: Layer 2 for Interface BR1/0, TEI 65 changed to up *Mar 1 02:10:44.115: %LINK-3-UPDOWN: Interface BRI1/0:1, changed state to up *Mar 1 02:10:44.115: %DIALER-6-BIND: Interface BR1/0:1 bound to profile Di1 *Mar 1 02:10:45.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:1, changed state to p *Mar 1 02:10:48.391: %LINK-3-UPDOWN: Interface BRI1/0:2, changed state to up *Mar 1 02:10:48.391: %DIALER-6-BIND: Interface BR1/0:2 bound to profile Di1 *Mar 1 02:10:48.391: %ISDN-6-CONNECT: Interface BRI1/0:1 is now connected to 7021010742 padova-ns *Mar 1 02:10:49.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI1/0:2, changed state to p *Mar 1 02:10:54.395: %ISDN-6-CONNECT: Interface BRI1/0:2 is now connected to 7021010742 padova-ns
Verifichiamo che la route di default nuova sia attiva:
lmrouter01#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
62.0.0.0/32 is subnetted, 2 subnets
C 62.94.58.81 is directly connected, Dialer1
C 62.94.178.199 is directly connected, Dialer1
S* 0.0.0.0/0 is directly connected, Dialer1
Proviamo a pingare:
ping 62.94.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 62.94.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/48/48 ms
Riattacchiamo la seriale:
*Mar 1 00:08:44.959: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up *Mar 1 00:08:45.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0p ... *Mar 1 00:09:51.283: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BRI1/0, TEI 65 changed to down
Scende la ISDN e risale la Seriale.
Opzioni di debug
- Se si vogliono debuggare gli eventi isdn a console:
debug isdn events
- Debuggare la composizione del numero:
debug dialer events
- Stoppare tutti i messaggi di debug:
no debug all
Abilitazione encryption password
Se si stampa la configurazione, le password sono in chiaro. Per eviotarlo:
service password-encryption
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#service password-encryption lmrouter01(config)#^Z *Mar 1 00:18:14.055: %SYS-5-CONFIG_I: Configured from console by console
Infatti:
lmrouter01# sh run ... enable secret 5 $1$knzX$5LdGH1VJfPst5XZhlJXho. enable password 7 094F471A1A0A121C0A0E082F password 7 094F471A1A0A141D051F0B262E ... password 7 060506324F411D1C171A1B050D08 ...
Si può anche eliminare la enable pasword, lasciando la secret:
no enable-password
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#no enable password lmrouter01(config)#^Z *Mar 1 00:21:23.927: %SYS-5-CONFIG_I: Configured from console by console
Esempio di access list
Si possono attivare semplici regole di firewalling.
Limitare l'accesso dal lato lan
Le access list sono organizzate in questo modo:
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#acc lmrouter01(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL abolute timer rate-limit Simple rate-limit specific access list
A noi servono le 100-199
E di questi tipi:
lmrouter01(config)#access-list 100 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment
PEr protocollo:
lmrouter01(config)#access-list 100 permit ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol
Per queste source :
lmrouter01(config)#access-list 100 permit ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol igrp Cisco's IGRP routing protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol
Con queste netmask (al contrario in questo caso i primi 4 ip sono validi):
lmrouter01(config)#access-list 100 permit ip 192.168.1.0 ? A.B.C.D Source wildcard bits
Verso queste destination:
lmrouter01(config)#access-list 100 permit ip 192.168.1.0 0.0.0.8 ? A.B.C.D Destination address any Any destination host host A single destination host
Nel nostro caso basta:
access-list 100 permit ip 192.168.1.0 0.0.0.8 any
Si può ancora fare "?" ...
Mettiamo la seconda che blocca tutto il resto: deny ip any any
Decidiamo ora dove applicare l'acl, sulla interfaccia lan per i pacchetti in ingresso:
access-list 100 ip access-group 100 in
lmrouter01#conf t Enter configuration commands, one per line. End with CNTL/Z. lmrouter01(config)#interface FastEthernet 0/0 lmrouter01(config-if)#ip access-group 100 in lmrouter01(config-if)#^Z
Elenchiamo le regole:
lmrouter01#sh ip access-lists Extended IP access list 100 permit ip 192.168.1.0 0.0.0.8 any deny ip any any (16 matches)
Non sarà possibile pingare l'ethernet lan !!!
Cancelliamo l'access list:
... lmrouter01(config)#no access-list 100 ... lmrouter01#sh access-lists "<empty>"
Backup della configurazione via TFP
Per backuppare su un server TFP:
lmrouter01#copy running-config tftp: Address or name of remote host []? 192.168.1.22 Destination filename [lmrouter01-confg]? lmrouter01-conf2 .!! 2274 bytes copied in 5.712 secs (398 bytes/sec)