Arhivarea configuratiilor intr-un router CISCO

MUlti stiu, putini cunosc cat de usor se poate configura un kron
astfel incat, la intervale stabilite de voi
sa se salveze configuratia unui router intr-o
locatie aleasa.

De exemplu, avem nevoie ca respectiva configuratie sa fie salvata la
fiecare 2500 de minute:

archive
path disk0:/config-archive
maximum 14
time-period 2500
log config
notify syslog

FTP Kron Policy

kron occurrence ftpconfig_occur in 1:0:0 recurring
policy-list ftpconfig
!
kron policy-list ftpconfig
cli copy running-config
ftp://192.168.1.74/configs/router.cfg //IP e ales aleator... se poate
inlocui cu IP-ul unui
 server de ftp agreat de voi

Router#show archive
There are currently 3 archive configurations saved.
The next archive file will be named disk0:/config-archive-4
Archive # Name
0
1 disk0:/config-archive-1
2 disk0:/config-archive-2
3 disk0:/config-archive-3
…

Router#show kron schedule
Kron Occurrence Schedule
ftpconfig_occur inactive, will run again in 0 days 23:54:17

 

Cand nu protejezi bine un router…

… poti sa ai probleme. Cam asa se intampla cu Telefonica, una dintre cele mai mari companii de comunicatii din lume, care, culmea, imprumuta si configureaza routere pentru diverse alte companii…

Sa vedem cam cum arata configuratia unuia dintre routerele lor:

Using 5298 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ibemnapacc
!
boot-start-marker
boot-end-marker
!
logging buffered 100000 debugging
no logging console
enable secret 5 $1$u1X7$fFHQopGMm7UVDpXOvTnPE1
enable password 7 04480E0F0135484B
!
clock timezone MET 1
clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa session-id common
ip subnet-zero
ip cef
!
!
!
!
ip ftp source-interface Loopback400
ip ips po max-events 100
ip tftp source-interface Loopback400
no ip domain lookup
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key ADSLREMOTA address 172.99.1.1
crypto isakmp keepalive 30
!
!
crypto ipsec transform-set IBER esp-3des esp-sha-hmac
!
crypto map ADSLREMOTA local-address Loopback20
crypto map ADSLREMOTA 10 ipsec-isakmp
set peer 172.99.1.1
set transform-set IBER
match address 110
!
!
!
interface Loopback20
ip address 172.99.1.254 255.255.255.255
!
interface Loopback400
description Gestion InterLAN
ip address 172.30.153.130 255.255.255.255
!
interface ATM0
description ADSL: 948258057
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
description Conexion con NRI: 31712712 dlci 69
ip address 172.55.3.78 255.255.255.252
crypto map ADSLREMOTA
pvc 8/32
encapsulation aal5snap
!
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 89.31.29.1 255.255.255.248 secondary
ip address 89.102.10.60 255.255.0.0
shutdown
speed auto
!
router eigrp 1
network 89.0.0.0
network 172.55.0.0
network 172.99.0.0
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
ip tacacs source-interface Loopback400
!
!
access-list 3 permit 89.0.4.164
access-list 50 remark GESTION SNMP SOLO LECTURA
access-list 50 permit 172.24.7.128 0.0.0.63
access-list 50 permit 213.0.254.0 0.0.0.63
access-list 50 permit 213.0.190.192 0.0.0.63
access-list 50 permit 213.0.187.192 0.0.0.63
access-list 51 remark GESTION PERMISO ESCRITURA Y TFTP
access-list 51 permit 172.24.7.128 0.0.0.63
access-list 51 permit 213.0.254.0 0.0.0.63
access-list 51 permit 213.0.190.192 0.0.0.63
access-list 51 permit 213.0.187.192 0.0.0.63
access-list 52 permit 172.55.3.77
access-list 52 remark ACCESO TELNET
access-list 52 permit 172.24.7.128 0.0.0.63
access-list 52 permit 213.0.254.0 0.0.0.63
access-list 52 permit 213.0.190.192 0.0.0.63
access-list 52 permit 213.0.187.192 0.0.0.63
access-list 53 remark ACCESO NTP
access-list 53 permit 172.24.7.128 0.0.0.63
access-list 53 permit 213.0.254.0 0.0.0.63
access-list 53 permit 213.0.190.192 0.0.0.63
access-list 53 permit 213.0.187.192 0.0.0.63
access-list 110 permit ip 89.102.0.0 0.0.255.255 any
access-list 110 permit ip 89.31.29.0 0.0.0.7 any
snmp-server community GESTION RO 50
snmp-server community ESCRITO RW 51
snmp-server community IBERMUTUA RO 3
snmp-server ifindex persist
snmp-server trap-source Loopback400
snmp-server location IBERMUTUAMUR –> Sancho Ramirez 15   bj IRUQA NAVARRA
snmp-server enable traps snmp linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps atm pvc
snmp-server host 172.24.7.174 GESTION
snmp-server host 89.0.4.164 IBERMUTUA
snmp-server tftp-server-list 51
tacacs-server host 172.24.7.171
tacacs-server timeout 3
tacacs-server directed-request
tacacs-server key 7 132435312F29220D
!
control-plane
!
banner motd ^CC
********************************************************************
********************************************************************
********************************************************************
**    Esta usted accediendo a una maquina privada propiedad de    **
**                     TELEFONICA DATA ESPAQA S.A.          ,
**   sin autorizacion, podra estar incurriendo en una violacion   **
**  que podria suponer la posible comision de una falta o delito  **
********************************************************************
**                  Telefonica Data España S.A.                   **
********************************************************************
**          Grupo de Gestion Servicio InterLAN de TDE             **
********************************************************************
********************************************************************^C
!
line con 0
exec-timeout 5 0
password 7 1044081100161E
line aux 0
access-class 52 in
exec-timeout 5 0
password 7 045205130C29435D
modem InOut
no exec
stopbits 1
flowcontrol hardware
line vty 0 4
!
end

Router#

Router#

Nu intrebati cum am obtinut-o, bine?

 

Cisco si DDNS

Daca tot beneficiem de avantajele unui router serios, nu pocnitorile pe care ni le baga pe gat providerii de internet, atunci musai sa configuram si un DDNS. Dar sa incepem cu inceputul.
Ce este un DDNS?
Dynamic Domain Name System – adica un protocol sau un serviciu de retea care ofera posibilitatea notificarii unui sistem DNS de schimbarile, in timp real, survenite in configuratiile de retea. Mai pe romaneste, cum multi dintre noi avem IP dinamic, e ceva mai dificil sa configuram un server de web de exemplu, pentru ca se va schimba IP-ul si nu vom mmai avea acces la el. Drept urmare, avem nevoie de un sistem dinamic care sa trimita noua adresa IP serverelor de DNS si sa asocieze adresa cu serverul de web pe care il ave (sau mail, ftp…etc.)
Clar, exista DynDNS, NO-IP si multe alte servicii similare, care ne rezolva problema intr-un mod destul de facil. Dar, ce-ar fi daca am avea posibilitatea sa configuram un astfel de sistem dinamic direct in router? Pentru pocnitorile oferite de IPS-uri e destul de simplu, pentru ca, de obicei, au functia implementata. Ce facem insa cu un router CISCO?
Clar…il configuram…

Hai sa vedem si cum:
Presupunem ca vom folosi serviciile celor de la No-IP ca metoda de update al IP-ului si de asociere al unui nume de domeniu (ex.: domeniulmeu.com)

Intram in modul privilegiat, introducand o paraola daca e cazul (daca nu inseamna ca sunteti tampiti si nu merita sa aveti un router Cisco )
Router> enable

Modul de configurare este urmatorul pas:
Router# configure terminal

Mai departe trebuie sa specificam modul de update al configuratiei de retea si clar, al schimbarilor de IP:
Router(config)# ip ddns update method unnumeoarecare
Router(DDNS-update-method)# ddns

Specifica daca un cache intern va fi folosit ca mod de update:
Router(DDNS-update-method)# internal mycache altnumeoarecare

Specificam HTTP-ul ca mod de updatesi introducem url-ul de la No-IP (de exemplu…):
Router(DDNS-update-method)# http
Router(DDNS-HTTP)# add http://username:password%40dynupdate.no-
ip.com/nic/update%3Fhostname=domeniulmeu.com

Configuram si intervalul maxim de update(serviciul trebuie sa citeasca datele la un interval de timp, astfel incat sa nu apara itreruperi datorita schimbarilor de IP):
Router(DDNS-HTTP)# interval maximum 0 0 1 1 //(unde fiecare cifra reprezinta, in ordine, zile, ore, minute si secunde)

Bun… pana acum am configurat serviciul de update. In continuare trebuie sa-l asociem unei interfete:
Router(DDNS-HTTP)# exit
Router(DDNS-update-method)# exit
Router(config)# interface ethernet 1
Router(config-if)# ip ddns update hostname domeniultau.com
Router(config-if) ip ddns update unnumeoarecare (adica ala de la a treia linie de configurare)
Router(config)# exit

Serviciul ar trebui sa fie functional…
Succes!

 

Cum sa gasesti IOS-uri cu Google

Am primit cateva mail-uri in care mi se cereau diferite variante de IOS. Asa cum am scris si in respectivele mailuri, va spun si voua ca IOS-urile nu sunt gratuite. Sunt sisteme proprietare si e normal sa coste bani, in functie de caracteristici si implementari.

Totusi, daca vrei sa inveti cate ceva despre CISCO, un simulator nu iti este intotdeauna suficient. Asa ca apelezi la routere fizice sau la emulatoare tip GNS3. IAr pentru ele ai nevoie de IOS-uri.

Nu incurajez pirateria, ci doar ofer cateva sugestii, cum ar fi de exemplu amicul nostru Google, suficient de destept incat sa gaseasca ce ai nevoie…

De ex., o cautare generala dupa IOS ar putea avea urmatoarea sintaxa:

intitle:index.of ios parent directory bin

Bineinteles ca poti cauta si ceva mai specific, cum ar fi o anumita generatie de IOS-uri:

intitle:index.of c7200*.bin -site:cisco.com

sau

intitle:index.of c3640*.bin -site:cisco.com

Sa nu uitam nici de firewall:

intitle:index.of cisco pix*.bin -site:cisco.com

Sper ca v-am fost de ajutor!

 

Cisco router folosit ca primary DNS server

Incepand cu versiunea  12.3 de IOS, majoritatea routerelor Cisco pot fi folosite ca  primary DNS servers.

Configuratia e relativ simpla, folosindu-ne de o comanda numita  ip dns primary :

ip dns server
ip dns primary siteultau.com soa ns.siteultau.com
admin@siteultau.com 86400 3600 1209600 86400

Urmatorul pas ar fi acela de a defini nameserverul primar si secundar pentru domeniu tau, folosind comanda ip host ns :

ip host siteultau.com ns ns.siteultau.com
ip host siteultau.com ns ns.isp.com

La fel de usor poti defini si routarea mailului pentru domaniul tau cu ajutorul comenzii  ip host mx :

ip host siteultau.com mx 10 mail.siteultau.com
ip host siteultau.com mx 20 mail.isp.com

A nu se uita ca, la final, trebuie sa definim si hosturile domeniului :

ip host ns.siteultau.com 192.168.0.1 ! adresa IP a routerului
ip host www.siteultau.com 192.168.1.1
ip host siteultau.com 192.168.1.1 ! alternativa pentru www.siteul.com
ip host mail.siteultau.com 192.168.1.2

SUCCES!!!

 

Parole default pentru routere

De multe ori m-am lovit de necesitatea de a reseta un router la valorile de fabrica, urmand apoi o cautare acerba a parolei de acces. Drept urmare, m-am gandit sa impart cu voi cateva parole default pentru anumite marci de routere:

3Com:
Username: admin Password: synnet
Username: read Password: synnet
Username: write Password: synnet
Username: monitor Password: monitor
Username: manager Password: manager
Username: security Password: security

3Com Office Connect 5×0 ISDN Routers:
Password: PASSWORD

3Com AccessBuilder 7000 BRI:
SNMPRead: public SNMPWrite: private

3Com CellPlex 7000:
Username: tech Password: tech

3Com CoreBuilder 7000/6000/3500/2500:
Username: debug Password: synnet
Username: tech Password: tech
SNMPRead: public SNMPWrite: private

3Com HiPerARC v4.1.x:
Username: adm Password: <blank>

3Com LANplex 2500:
Username: debug Password: synnet
Username: tech Password: tech

3Com LinkSwitch 2000/2700:
Username: tech Password: tech

3com SuperStackII Switch:
Username: 2200 Password: debug
Username: 2700 Password: tech

Alteon ACEswitch 180e (web):
Username: admin Password: admin

Alteon ACEswitch 180e (telnet):
Username: admin Password: <blank>

Alteon Web Systems
Username: none Password: admin
Username: none Password: l4admin
SNMPWrite: public

Ascom Timeplex Routers
Telnet to router and send repeated CTRL-D’s.
This will drop you to a debug prompt allowing you to modify router setup.

ACC (Ericsson):
Username: netman Password: netman

ADC Kentrox Pacesetter Router:
Username: n/a Password: secret

Accelerated DSL CPE and DSLAM:
Username: sysadm Password: anicust

Arrowpoint:
Username: admin Password: system

Adtran MX2800:
Password: adtran

All Zyxel equipment:
Username: n/a Password: 1234

AT&T 3B2 firmware:
Username: n/a Password: mcp

AXIS 200/240 [netcam]:
Username: root pass

AXIS NPS 530:
Username: root pass

Bay routers:
Username: Manager Password: <blank>
Username: User Password: <blank>

Bay 350T Switch:
Password: NetICs

Bay SuperstackII:
Username: security Password: security

BRASX/I01 (DataCom):
Password: letmein

BreezeCOM adapters 2.x (console only):
Password: laflaf

BreezeCOM adapters 3.x (console only):
Password: Master

BreezeCOM adapters 4.x (console only):
Password: Super

Cabletron (routers & switches):
Username: <blank> Password: <blank>

CableTron Netgear modem/router and SSR:
Username: netman Password: <blank>

Cisco:
Password: c(Cisco 2600s)
Password: cisco
Username: enable Password: cisco
Password: Cisco router

Cayman DSL:
Password: <blank>

Crystalview outsideview32:
Password: crystal

digiCorp:
Password: BRIDGE
Password: password

DECserver
Password: ACCESS
Password: SYSTEM

DLink hub/switches:
Username: D-Link Password: D-Link

D-Link DI-604 (Cable/DSL router):
Username: admin
Password:
where means literally a blank password.

Dupont Digital Water Proofer:
Username: root Password: par0t

Dynix (The library software, not the UNIXOS):
Username: later

Erpepe:
Username: chochete Password: tiabuena

Flowpoint DSL installed by Covad:
Password: password

Flowpoint DSL2000:
Username: admin Password: admin

Hewlett Packard HP Jetdirect:
Username: none Password: none

Hewlett Packard MPE-XL:
Username: HELLO Password: MANAGER.SYS
Username: HELLO Password: MGR.SYS
Username: HELLO Password: FIELD.SUPPORT
Username: HELLO Password: HPUNSUP
Username: HELLO Password: SUPPORT
Username: HELLO Password: HP
Username: HELLO Password: OP.OPERATOR
Username: MGR Password: CAROLIAN
Username: MGR Password: CCC
Username: MGR Password: CNAS
Username: MGR Password: CONV
Username: MGR Password: COGNOS
Username: MGR Password: HPDESK
Username: MGR Password: HPWORD
Username: MGR Password: HPP187
Username: MGR Password: HPP189
Username: MGR Password: HPP196
Username: MGR Password: INTX3
Username: MGR Password: ITF3000
Username: MGR Password: NETBASE
Username: MGR Password: REGO
Username: MGR Password: RJE
Username: MGR Password: ROBELLE
Username: MGR Password: SECURITY
Username: MGR Password: SYS
Username: MGR Password: TELESUP
Username: MGR Password: WORD
Username: MGR Password: XLSERVER
Username: MGR Password: HPONLY
Username: MGR Password: HPOFFICE
Username: OPERATOR Password: COGNOS
Username: OPERATOR Password: DISC
Username: OPERATOR Password: SYS
Username: OPERATOR Password: SYSTEM
Username: OPERATOR Password: SUPPORT
Username: MGE Password: VESOFT
Username: MGE Password: VESOFT
Username: MANAGER Password: COGNOS
Username: MANAGER Password: HPOFFICE
Username: SPOOLMAN Password: HPOFFICE
Username: ADVMAIL Password: HPOFFICE
Username: WP Password: HPOFFICE
Username: MANAGER Password: ITF3000
Username: MANAGER Password: SECURITY
Username: MANAGER Password: SYS
Username: MANAGER Password: TCH
Username: MANAGER Password: TELESUP
Username: FIELD Password: HPWORD
Username: FIELD Password: HPP187
Username: FIELD Password: SERVICE
Username: FIELD Password: SUPPORT
Username: PCUSER Password: SYS
Username: RSBCMON Password: SYS
Username: MAIL Password: HPOFFICE
Username: MAIL Password: MAIL
Username: MAIL Password: TELESUP
Username: SYS Password: TELESUP

Username: OPERATOR Password: COGNOS
Username: MANAGER Password: HPOFFICE

IBM AS/400:
Username: qsecofr Password: qsecofr
Username: qsysopr Password: qsysopr
Username: qpgmr Password: qpgmr
Username: ibm Password: password
Username: ibm Password: 2222
Username: ibm Password: service
Username: qsecofr Password: 1111111
Username: qsecofr Password: 2222222
Username: qserv Password: qserv
Username: qsvr Password: qsvr
Username: secofr Password: secofr
Username: qsrv Password: ibmce1

IBM NetCommerce PRO 3.2:
Username: ncadmin Password: ncadmin

Microrouter (Cisco):
Username: – Password: letmein

Multi-Tech RASExpress Server 5.30a:
Username: guest Password: none

Microplex print server:
Username: root Password: root

Motorola Cablerouter:
Username: cablecom Password: router

Microsoft SQL Server:
Username: sa Password: -

Nanoteq NetSeq firewall:
Username: admin Password: NetSeq

Netgear RH348 / ISDN-Router RH348:
Username: – Password: 1234

Netopia R7100, 7100, 455:
Username: <blank> Password: <blank>

Netopia 9500:
Username: netopia Password: netopia

Nortel Meridian 1 PBX:
Username: 0000 Password: 0000

Oracle DB:
Username: sys Password: change_on_install

Jetform design:
Username: Jetform Password: n/a

Lantronics Terminal server port:
Username: 7000 Password: n/a

Linksys DSL:
Password: admin

Livingston IRX router:
Username: !root Password: <blank>

Livingston officerouter:
Username: !root Password: <blank>

Livingston portmaster 2/3:
Username: !root Password: <blank>

Orbitor console:
Password: password

Orbitor console:
Password: BRIDGE

Osicom (Datacom):
Username: sysadm Password: sysadm

Raidzone raid arrays:
Password: raidzone

Shiva:
Username: root Password: <blank>
Username: Guest Password: <blank>
Username: hello Password: hello

Speedstream DSL (Efficient):
Username: n/a Password: admin

Spider Systems M250 / M250L:
Username: – Password: hello

SysKonnect 6616:
Username: default.password

Terayon TeraLink Getaway / 1000 Controller:
Username: admin Password: password
Username: user Password: password

UClinux for UCsimm:
Username: root Password: uClinux

USR TOTALswitch:
Username: none Password: amber

Webramp:
Username: wradmin Password: trancell

NETPrint (all):
Password: sysadm

Xylan Omniswitch / Omnistack:
Username: admin Password: switch
Username: admin Password: password
Username: diag Password: switch

Zyxel ISDN-Router Prestige 1000 / prestige 300 series:
Username: – Password: 1234

 

Configurare SSH pe un router CISCO

PEntru ca am citit aici un articol interesant despre remote admin, unde se amintea si de setarea SSH pe un router CISCO, m-am gandit ca n-ar fi rau sa vedem cum se configureaza. Dupa cum bine stiti, toti CCNA-istii invata cum se configureaza un acces telnet, care insa nu ofera nivelul de siguranta necesar unei retele corporative.

SSH (Secure Shell) ofera doua tipuri de versiuni de conectare, numite simplu SSH 1 si SSH 2. De mentionat ca sunt doua protocoale de comunicatie total diferite, motiv pentru care recomand versiunea 2, care ofera mult mai multa securitate. In orice caz, trebuie sa mentionam ca toate IOS-urile mai mari de versiunea 12 au suport pentru SSH1, dar SSH2 suporta doar 12.3—12.3(4)T, 12.2(25)S, 12.3(7)JA sau mai noi, care suporta 3DES.

Haideti sa vedem si ce avem de facut pentru ca routerul nostru sa poata comunica:

Router(config)# hostname Routerulmeu
Routerulmeu(config)#
TR-Router(config)# ip domain-name Domeniulmeu.com
TR-Router(config)#
Routerulmeu(config)# crypto key generate rsa
The name for the keys will be: routerulmeu.Domeniulmeu.com
Choose the size of the key modulus in the range of 360 to 2048
for your General Purpose Keys. Choosing a key modulus greater than
512 may take a few minutes.

How many bits in the modulus [512]: 512
% Generating 512 bit RSA keys ...[OK]

TR-Router(config)#
*Mar  1 00:17:13.337: %SSH-5-ENABLED: SSH 1.5 has been enabled
TR-Router(config)#

SSH 1.5 este conventia folosita deCISCO pentru SSH1. Daca apare SSH 1.99 inseamna ca routerul suporta ambele versiuni de SSH.

Succes!!

 

Routere CISCO – Configuratie initiala III

Sa mergem mai departe cu configuratia initiala a unui router:

Configuratia unei interfete de retea:

configurare interfata de retea

ca de obicei, click pe imagine.

haideti sa vedem si comenzile si explicatia lor (daca e cazul):

RouterA> enable
RouterA# config terminal
RouterA(config)# interface fastethernet 0/0 * (intra in Submodul de Configuratie de Interfata)
RouterA(config-if)# ip address 192.168.0.1 255.255.255.0 (configureaza  IP-ul interfetei)
RouterA(config-if)# no shutdown (activeaza interfata)
RouterA(config-if)# description lan (aloca un nume interfetei)
RouterA(config-if)# exit
RouterA(config)#

* Tineti minte ca interfata poate fi  Ethernet sau Fast Ethernet si ca numarul poate fi 0, 1, 0/0, 0/1, etc. Datele variaza conform modelului de router…

La fel se configureaza si interfetele seriale ca DTE

In cazul DCE situatia e putin schimbata, dar nu cu mult:

RouterB> enable
RouterB# config terminal
RouterB(config)# interface serial 0/1
RouterB(config-if)# ip address 10.0.0.2 255.0.0.0
RouterB(config-if)# clock rate 56000 (configureaza sincronizarea intre link-uri)
RouterB(config-if)# no shutdown
RouterB(config-if)# description lan
RouterB(config-if)# exit
RouterB(config)#

Haideti sa vedem si explicatiile. In primul rand, va trebui sa ne lamurim ce este DTE si DCE.

Presupunem urmatoarea configuratie de retea:

dce+dte

Pentru comunicatiile pe distanta mare, WAN-urile utilizeaza transmisiunile seriale(bitii de date se transmit pe un singur canal). Acest tip de transmisie reprezinta o conexiune sigura, pe un rang specific de frecvente electromagnetice sau optice.

Pentru un router CISCO exista 2 tipuri de conexiuni seriale.

Daca respectiva conexiune se face direct cu providerul de internet sau prin intermediul unui dispozitiv care ofera semnal de temporizare, atunci routerul se numeste Terminal de Date (DTE).

Clar, exista si cea de-a doua varianta, si anume aceea in care routerul este cel care ofera temporizarea, caz in care se numeste DCE.

In concluzie, in situtia in care avem 2 routere conectate intre ele printr-un cablu serial, unul trebuie sa ofere temporizarea, caz in care folosim configuratia de mai sus.

Bun, daca am ajuns aici, atunci va propun pentru data viitoare un mic scenariu, si anume acela de a crea o arhitectura de retea care sa cuprinda vlan-uri, servere, routere, switch-uri, etc, intr-o formula complicata la prima vedere, dar pe masura ce vor exista si explicatiile, vom vedea ca este chiar simplu.

Respectivul scenariu va fi construit initial cu ajutorul PacketTracer (simulatorul celor de la Cisco) urmand ca pe viitor, aceeasi retea sa fie construita si in GNS3, cu masini virtuale, DMZ, firewall, etc.

Succes!

 

ACL – the easy way!

Una dintre principalele probleme de care se lovesc studentii CCNA este legata de ACL ( Acces List) acele comenzi care se introduc in router si care permit sau refuza traficul dintre anumite masini si pe anumite porturi.

Pentru cei care au avut sau au probleme cu ACL, le recomand urmatorul link:

http://www.garethevans.info

unde vor gasi un mic program (demo, din pacate) care te ajuta la construirea si simularea unor liste de acces.

 

Routere CISCO – configuratie initiala

Reluam seria de posturi legate de configurarea unui router cisco folosind un simulator numit Packet Tracer. Asta ca sa nu-mi sterg tot timpul configuratia routerului pe care il folosesc acasa, si anume un 827.

Va spuneam in articolul anterior cum se conecteaza routerul la calculator, precum si care este mesajul initial, cel care ne arata ca totul functioneaza OK.

Ultima fraza era :

System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2620 (MPC860) processor (revision 0×200) with 60416K/5120K bytes of memory

Self decompressing the image :
########################################################################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang

cisco 2620 (MPC860) processor (revision 0×200) with 60416K/5120K bytes of memory
.
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

— System Configuration Dialog —

Continue with configuration dialog? [yes/no]: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2620 (MPC860) processor (revision 0×200) with 60416K/5120K bytes of memory

Self decompressing the image :
########################################################################## [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software – Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang

cisco 2620 (MPC860) processor (revision 0×200) with 60416K/5120K bytes of memory
.
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

— System Configuration Dialog —

Continue with configuration dialog? [yes/no]: n

Press RETURN to get started!

Ceea ce si facem!!!

Asta ne va duce la urmatorul pas:

Router>

Ajunsi aici, routerul ne spune ca este in asteptare. De aici mai departe avem doua optiuni: Modul  – utilizator - si Modul  – Configurare – , fiecare dintre ele avand o serie de privilegii care tie, ca administrator, iti permite sa executi o serie de comenzi.

Primul dintre ele – modul utilizator – iti permite sa executi comenzi simple sau sa vizualizezi diferitele configuratii ale routerului, dar nu sa configurezi interfate, liste de acces, NAT-uri, etc.:

Mod - utilizator

Comanda este enable. Dupa cum observati din imagine, simbolul routerului s-a schimbat.

Cel de-al doilea mod se activeaza cu comanda configure terminal sau, pe scurt, conf t:

Mod configurare

Data viitoare vom vedea cum se intra in modul de configurare de interfata si cum putem aloca o directie IP, o masca de retea si o ruta de acces…