martes, 25 de agosto de 2009

Router, configuración administrativa y básica de una interfase

Vamos a ver la configuración básica de un router, en este caso un ISR Cisco 2811, para poner un nombre, los passwords de consola, de telnet, de ssh, el enable secret; y haremos la configuración de una interfase serial WIC-1T como DCE para comunicarse al  router 1841 que tenemos conectado.
Es importante saber que un entorno de prueba, donde hay dos routers conectados back-to-back, uno de ellos debe proporcionar la señal de reloj (clock rate).
Comenzamos reiniciando el router, que no tiene configuración de arranque, por lo que nos preguntará si queremos ejecutar el asistente, pero haremos la configuración manualmente, (configuración para Packet Tracer v5.1 aquí)

ios



ISR_2811#reload
Proceed with reload? [confirm]y
%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory


Self decompressing the image :
########################################################################## [OK]
Restricted Rights Legend


Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.


cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706



Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
Image text-base: 0x400A925C, data-base: 0x4372CE20


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.


A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html


If you require further assistance please contact us by sending email to
export@cisco.com.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
2 Low-speed serial(sync/async) network interface(s)
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team




--- System Configuration Dialog ---


Continue with configuration dialog? [yes/no]: n




Press RETURN to get started!






Router>en
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname 2811
2811(config)#
2811(config)#
2811(config)#interface serial 0/0/0
2811(config-if)#encapsulation hdlc
2811(config-if)#clock rate 128000
-----es importante notar que la velocidad de reloj está en bits por segundo

2811(config-if)#bandwidth 128
-----el ancho de banda está en kilobits por segundo

2811(config-if)#ip address 10.10.10.1 255.255.255.252
2811(config-if)#description WAN to 1841 (DCE BW 128k)
2811(config-if)#no shutdown


%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
2811(config-if)#exit
-----hasta aquí hemos configurado la int serial 0/0/0 de manera básica

2811(config)#line vty ? 

<0-15> First Line number
-----invocamos la yuda para saber cuantas líneas vty hay disponible y configurar el password

2811(config)#line vty 0 15
2811(config-line)#password telnet
2811(config-line)#login
2811(config-line)#exit
-----ahora el password de consola

2811(config)#line console 0
2811(config-line)#password console
2811(config-line)#logging synchronous
2811(config-line)#login
2811(config-line)#
%SYS-5-CONFIG_I: Configured from console by console
2811#
2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
2811(config)#
-----el password para SSH

2811(config)#ip domain-name testing.net
2811(config)#crypto key generate rsa
% You already have RSA keys defined named ISR_2811.testing.com .
% Do you really want to replace them? [yes/no]: y
The name for the keys will be: 2811.testing.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

2811(config)#line vty 0 15
2811(config-line)#transport input ssh
2811(config-line)#exit
2811(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
-----Guardamos la configuración

2811#write mem
Building configuration...
[OK]
-----podemos usar cualquiera de las dos formas
2811#copy running-config startup-config
Destination filename [startup-config]? startup-config
Building configuration...
[OK]
2811#
2811#reload
Proceed with reload? [confirm]y
%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory

Self decompressing the image :
########################################################################## [OK]
Restricted Rights Legend

[cortado por brevedad]

%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
 %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up

Press RETURN to get started!

User Access Verification

Password: cisco

Password: telnet
Password: password
Password: telnet
% Bad passwords
----- porque pusimos como password de consola: console
Press RETURN to get started!

User Access Verification

Password:
Password: console

2811>enable
password:enable
 2811#
-----probamos la conectividad primero a la interfase de nuestro router y luego a la interfase de nuestro 1841
2811#ping 10.10.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 62/62/63 ms

2811#ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 31/31/32 ms

2811#show int serial 0/0/0
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Description: WAN to 1841 (DCE BW 128k)
Internet address is 10.10.10.1/30
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
[cortado por brevedad]

2811#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES manual administratively down down
FastEthernet0/1 unassigned YES manual administratively down down
Serial0/0/0 10.10.10.1 YES manual up up
Serial0/0/1 unassigned YES manual administratively down down
Vlan1 unassigned YES manual administratively down down
2811#
2811#show runn
Building configuration...

Current configuration : 710 bytes
!
version 12.4
no service password-encryption
!
hostname 2811
!
!
!
!
!
ip ssh version 1
ip domain-name testing.net
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description WAN to 1841 (DCE BW 128k)
bandwidth 128
ip address 10.10.10.1 255.255.255.252
clock rate 128000
!
interface Serial0/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
line con 0
password console
logging synchronous
login
line vty 0 4
password telnet
login
transport input ssh
line vty 5 15
password telnet
login
transport input ssh
!
!
end

2811#
Ahora la configuración de nuestro 1841:


1841(config)#do show runn
Building configuration...

Current configuration : 702 bytes
!
version 12.4
no service password-encryption
!
hostname 1841
! nombre de nuestro router
!
enable secret 5 $1$mERr$M8hiclNzJMod27zv5MBjW.
! el password enable secret que configuramos
!
!
!
ip ssh version 1
!
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0/0
 description WAN to 2811 s0/0/0 w/HDLC DTE V.35
 ip address 10.10.10.2 255.255.255.252
!


! la interfase conectada a nuestro 2811

!
interface Serial0/0/1
 no ip address
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
!
!
! passwords de consola, telnet y SSH
!
line con 0
 history size 20
 exec-timeout 15 30
 password console
 logging synchronous
 login
line vty 0 4
 password telnet
 login
line vty 5 15
 password telnet
 login
!
!
end

at
Labels: , , , , , , , ,

2 comentarios :

Suscribirse a: Comentarios de la entrada ( Atom )