Scribd
Upload
151 views

CISCO Gyakorlati Segédlet

This document provides instructions for configuring basic Cisco router settings including: 1. Configuring hostnames, passwords, usernames, and enabling SSH. 2. Configuring Ethernet and serial interfaces with IP addresses. 3. Configuring PPP, CHAP, and PAP authentication. 4. Configuring routing protocols like RIP, OSPF, EIGRIP. 5. Commands for viewing configurations, backing up configs, restoring configs. 6. Configuring DHCP server and helper addresses. 7. Configuring NAT and access control lists.

Uploaded by

GergelyHorváth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
151 views

CISCO Gyakorlati Segédlet

This document provides instructions for configuring basic Cisco router settings including: 1. Configuring hostnames, passwords, usernames, and enabling SSH. 2. Configuring Ethernet and serial interfaces with IP addresses. 3. Configuring PPP, CHAP, and PAP authentication. 4. Configuring routing protocols like RIP, OSPF, EIGRIP. 5. Commands for viewing configurations, backing up configs, restoring configs. 6. Configuring DHCP server and helper addresses. 7. Configuring NAT and access control lists.

Uploaded by

GergelyHorváth
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

CISCO gyakorlati segdlet

1. Forgalomirnytk konfigurlsa
Hostname megadsa: (config)#hostname LAB_A Konzol s telnet kapcsolatok jelszavainak megadsa: (config)#line con 0 (config-line)#password cisco (config-line)#login (config-line)#exit (config)#line vty 0 5 (config-line)#password cisco (config-line)#login (config-line)#exit Felhasznli nvvel val belps (a i !5-"s s#inten van$ ena%le &els#' n(l )l is erre a s#intre er)l)* (config)# +sername admin privilege !5 secret cisco (config)#line vty 0 !5 (config-line)#privilege level !5 (config-line)#login local Privilegizlt ( ! C" #zemm$d jelszavnak (class" megadsa: (config)#ena%le secret 0 class SSH engedlyezse (config)#hostname ro+ter! (config)#ip domain-name tes#t,h+ (config)#crypto ey generate rsa vagy* (config)#crypto ey generate rsa general- eys mod+l+s !0-. (config)#ip ssh version ! / esetleg m(g* (config)#ip ssh time-o+t 00 (mp-%en megadva) (config)#ip ssh a+thentication-retries (config)#+sername admin privilege !5 password 0 cisco (config)#line vty 0 !5 (config-line)#login local (config-line)#transport inp+t ssh (config-line)#privilege level !5 1+lcs t"rl(se* (config)#crypto ey #eroi#e rsa IP %tvlaszts engedlyezse:

(config)#ip ro+ting Inter&sz kon&ig'rci$ ( t(ernet) soros *C s *+ inter&sz": (config)#interface 2thernet 0 (config-if)#ip address !35,--0,!-4,! -55,-55,-55,0 (config-if)#description LA5- apcsolat (config-if)#no sh+tdown (config-if)#exit (config)#interface 6erial 0 (config-if)#ip address !34,!55,!.5,- -55,-55,-55,0 (config-if)#encaps+lation hdlc (config-if)#cloc rate 0.000 (config-if)#no sh+tdown (config-if)#exit (config)#interface 6erial ! (config-if)#ip address !77,!5,80,! -55,-55,-55,0 (config-if)#encaps+lation hdlc (config-if)#no sh+tdown (config-if)#exit PPP (iteles,ts (P-P" (config)#hostname egyi _ro+ter (config)#+sername masi _ro+ter password paptito (config)#interface 6erial ! (config-if)#ip address !77,!5,80,! -55,-55,-55,0 (config-if)#encaps+lation ppp (config-if)#ppp a+thentication pap (config-if)#ppp pap sent-+sername egyi _ro+ter password paptito (config-if)#no sh+tdown PPP (iteles,ts (CH-P" (config)#hostname egyi _ro+ter (config)#+sername masi _ro+ter password chaptito (config)#interface 6erial ! (config-if)#ip address !77,!5,80,! -55,-55,-55,0 (config-if)#encaps+lation ppp (config-if)#ppp a+thentication chap (config-if)#no sh+tdown Mindkt mdszernl a msik routeren hasonlan, de a megfelel adatokkal (hostnevek, jelszavak) kell eljrni. .rame/0elay 1ell,tsa

(config-if)#encaps+lation frame-relay 9 ietf : (config-if)#%andwidth !-7 (kbit/se rtkben) (config-if)#frame-relay lmi-type cisco / ansi / ;344a #show frame-relay map / pvc / lmi Alinterf(s#e l(treho#<sa* Pont-pont (2-2 router van azonos alhlzaton): (config)# int s0=0=0 (config-if)#encap frame-relay (config-if)#no ip address (config)#int s0=0=0,!0- point-to-point (config-if)#ip address x,y (config-if)#frame-relay interface-dlci !0Multipoint (tbb router is azonos alhlzaton van): (config)# int s0=0=0 (config-if)#encap frame-relay (config-if)#no ip address (config)#int s0=0=0,! m+ltipoint (config-if)#ip address x,y (config-if)#frame-relay interface-dlci !0(config-if)#frame-relay interface-dlci !04

Irnyt protokollok belltsa:


0IP protokoll: (config)#ro+ter rip ha !"#M$re is sz%ksg van& (config-ro+ter)#version (config-ro+ter)#no a+to-s+mmary (config-ro+ter)#networ !35,--0,!-4,0 (config-ro+ter)#networ !34,!55,!.5,0 (config-ro+ter)#networ !77,!5,80,0 (config-ro+ter)#exit Ha egy inter&szen nem akar'nk k#ldeni &riss,tseket) csak &ogadni: (config-ro+ter)#passive-interface >0=0 OSP. protokoll: (config)#ro+ter ospf !!5 (config-ro+ter)#log-ad&acency-changes (config-ro+ter)#networ !35,--0,!-4,0 0,0,0,-55 area 0 (config-ro+ter)#networ !34,!55,!.5,0 0,0,0,-55 area 0 (config-ro+ter)#networ !77,!5,80,0 0,0,0,-55 area 0 (config-ro+ter)#exit Router-azonost megadsa: (config-ro+ter)#ro+ter-id -00,0,0,!

Interfsz prioritsnak megadsa (ha ! nem "esz rszt a #R$%#R "&aszts'an(: (config-if)#ip ospf priority !00 )*&tsgrtk mdostsa: (config-if)#ip ospf cost !00 (az rtk '$()) lehet) +oop'a,k interfsz &trehozsa: (config)#interface loop%ac 0 (config-if)#ip address -00,0,0,! -55,-55,-55,-55 -ite&ests .e&sz"a&: (config-ro+ter)#area 0 a+thentication (config-if)#ip ospf a+thentication- ey tito -ite&ests /#0 segtsg"e&: (config-ro+ter)#area 0 a+thentication message-digest (config-if)#ip ospf message-digest- ey ! md5 tito !-4 1&&en2rzs: #sh ip ospf interface #sh ip ospf neigh%o+r 9detail: #de%+g ip ospf ad& / events -e&&o s ha&ott id2zt2k 'e&&tsa: (config-if)#ip ospf hello-interval !5 (config-if)#ip ospf dead-interval 50 3&aprte&mezett 4t"ona& hirdetse: (config-ro+ter)# defa+lt-information originate I20P protokoll 3&ap'e&&ts: (config)#ro+ter eigrp !!! (config-ro+ter)#no a+to-s+mmary (config-ro+ter)#networ !3-,!07,!,0 (config-ro+ter)#networ -00,0,0,0 -55,-55,-55,-5(config-ro+ter)#networ -0!,!,!,0 0,0,0,4 -laprtelmezett %tvonal (irdetse: (config-ro+ter)#redistri%+te static 3em egyenl4 k5ltsg6 %tvonalakon val$ ter(elseloszts: (config-ro+ter)#variance 5 (ekkor a legjo11 %tvonalnl 7/sz5r rossza11 k5ltsg6 %tvonalakat is 1evonja az irny,t$t1l1a"

K5zvetlen#l kapcsol$d$ (l$zatok 1evonsa az irny,tsi &olyamat1a (ezek1e nem k#ld I20P csomagokat": (config-ro+ter)#redistri%+te connected 8tvonal5sszevons: (config-if)#ip s+mmary-address eigrp !!! !3-,!07,0,0 -55,-55,0,0 llen4rz4 parancsok: show ip eigrp neigh%ors show ip eigrp topology 9all-lin s: de%+g eigrp fsm / pac ets

2. Konfigurci lekrde se! mentse s t"rlse


Kon&ig'rci$ lekrdezse: #show r+nning-config #show start+p-config Kon&ig'rci$ mentse az 390-:/1a: #copy r+nning-config start+p-config Kon&ig'rci$ mentse +.+P szerverre: #copy r+nning-config tftp Kon&ig'rci$ visszat5ltse +.+P szerverr4l: #copy tftp r+nning-config Kon&ig'rci$ t5rlse az 390-:/1$l: #erase start+p-config 8jraind,tsi parancs: #reload (*+M$ban lv fut konfigur i) (,!*+M$ban lv mentett konfigur i)

#. $%&' s er(er belltsa


(config)#ip dhcp excl+ded-address !3-,!07,0,! !3-,!07,0,!0 (config)#ip dhcp pool lan! (config-dhcp)#networ !3-,!07,0,0 -55,-55,-55,0 (config-dhcp)#defa+lt-ro+ter !3-,!07,0,! (config-dhcp)#dns-server !,-,4,. -a a #-56 szer"er msik h&zati szegmensen "an! akkor a #-56 #I75891R-t fogad interfszen meg ke&& adni a #-56 szer"er ,mt:

(config-if)# ip helper-address !3-,!07,!0,!

). *+, belltsa a forgalomirnytkon


- 1els4 oldal(oz tartoz$ inter&sz megjel5lse: (config)#interface ethernet 0 (config-if)#ip nat inside - k#ls4 oldal(oz tartoz$ inter&sz megjel5lse: (config)#interface serial 0 (config-if)#ip nat o+tside - 3-+ sza1ly megadsa glo1lis kon&ig'rci$s m$d1an:
(config)#ip nat inside so+rce list ! interface 6erial 0 overload

-C; sza1ly az engedlyezni k,vnt 1els4 (l$zatok 3-+/ols(oz:


(config)#access-list ! permit !35,--0,!-4,0 0,0,0,-55

-laprtelmezett %tvonal megadsa a k#lvilg elrs(ez:


(config)#ip ro+te 0,0,0,0 0,0,0,0 !34,!55,!.5,! permanent

-. +&. /+ccess &ontrol .ist0 listk megadsa


3orml -C; a <=>?@@7?<A?AB@C cl(l$zat(oz: (config)#access-list ! permit !34,--5,!0,0 0,0,0,-55 3orml -C; egy szm,t$gp tilts(oz: (config)#access-list ! deny host !35,!.0,!00,5 Kiterjesztett -C; szintaktikja: (config)#access-list s#<m permit/deny proto oll forr<s helyettes?t@mas# c(l helyettes?t@-mas# 9e; port 9esta%lished:: - pd1an tiltj'k a <=7?@@A?A?AB<D (l$zat &el4l a H++P (EA/as port" krseket 1rmilyen cl(l$zat &el: (config)#access-list !0! deny tcp !35,--0,0,0 0,0,-55,-55 0,0,0,0 0,0,0,0 e; 70

-F -C; de&inilsa 'tn az -C;/t inter&sz(ez kell rendelni? .ontos megadni) (ogy kimen4 vagy 1ej5v4 inter&sz(ez rendelj#k/eG (config)#interface 6erial 0 (config-if)#ip access-gro+p ! o+t (config)#interface 2thernet 0 (config-if)#ip access-gro+p !0! in

1. 2%34 parancsok:
#show r+nning-config #show start+p-config #show interfaces #show ip ro+te #show access-lists #show ip interface #show ip protocols #show version #show cdp neigh%ors #show ip nat translations #show ip dhcp %inding 5apl'#<s* Ao+ter(config)# Ao+ter(config)# Ao+ter(config)# Ao+ter(config)# Ao+ter(config)# 65BC %e<ll?t<sa* Ao+ter(config)#snmp-server Ao+ter(config)#snmp-server Ao+ter(config)#snmp-server Ao+ter(config)#snmp-server comm+nity olvashat ro comm+nity irhatis rw location 6#om%athely contact Cisti e logging on logging host syslog_szerver_ipcme logging trap de%+gging logging +serinfo 9 no : logging console R3/-'an &"2 fut konfigur,i meg.enetse <9R3/-'an tro&t konfigur,i meg.e&entse Interfszek &&apotainak meg.e&entse I6 4t"&aszt t'&a meg.e&entse 35+ &istk meg.e&entse I6 a&ap4 interfsz protoko&& 'e&&tsok meg.e&entse 3kt" irn=t protoko&&ok &&apotait .e&enti meg 7zoft"er s hard"er "erzi inform,ik 5#6 protoko&& &ta& fe&fedezett szomszdos forga&omirn=t adatainak meg.e&entse I6 <3> a&ap4 ,mfordtssa& kap,so&atos inform,ik meg.e&entse #-56 szer"er &ta& kiadott ,mek adatai

IO

!ezelse

/ents >@>6 szer"erre: Ao+ter#copy flash tftp B<sol<s (friss?t(s) D>DC s#erverr@l* Ao+ter#copy tftp flash -a t*'' I87 "an a @&ash-'en! megadhat! me&=iket indtsa &egk*ze&e'': Ao+ter(config)# %oot system flash c!7.!-advipservices 3-m#,!-.-!5,%in I87 frissts R8/ monitor md'an: rommon !E tftpdnld 3 meg.e&en2 inform,ik a&ap.n k*rn=ezeti "&tozkka& ke&& 'e&&tani a router I6 adatait (a &egkise'' sorszm4 @ast1thernet interfszre rtend2(! "a&amint a >@>6 szer"er adatait! ma.d ezutn 4.ra ad.uk ki a t&tpdnld paran,sotA F2L6GHIJ66GAKLLLDK6 Ao+teren* %ekap,so&s utn r*"idde& a -=per>ermin&'an 5>R+B%reak megn=omsa -C rommonitor md confreg -!. %oot a router 'et*&ti az I87-t s t&pi az indt konfigur,is f.&t! ezutn 'e&phetDnk ena'&e md'a! ma.d g&o'&is konfig'a Ao+ter(config)#copy start r+n Ao+ter(config)#ena%le secret sa&at&els#o Ao+ter(config)#config-register 0x-!0 Ao+ter(config)#do wr E.raindts utn az eredeti konfigur,i"a&! de mr az 4. .e&sz"a& indu& 6witch-en* %ekap,so&s utn r*"idde& fo&=amatosan n=omni ke&& a /ode gom'ot! mg fo&=amatos z*&den nem "i&gt! ekkor e&engedni 3 ,s*kkentett Dzemmd'an ki ke&& adni e&2sz*r a &las(Hinit! ma.d a loadH(elper paran,sot 3 f&ash-'en &"2 onfig.te-t f.&t t ke&& ne"ezni! hog= ne ta&&.a meg az I87: rename flash*config,text flash*c,text 1oot paran,s kiadsa utn a sFit,h 'et*&ti az I87-t! 'e tudunk &pni g&o'&is konfig md'a: switch(config)#copy flash*c,txt r+nning-config switch(config)#ena%le secret sa&at&els#o switch(config)#do wr E.raindts utn az eredeti konfigur,i"a&! de mr az 4. .e&sz"a& indu&

Kapcsolk konfigurlsa
zemmdok:
&el(asznl$i H"&ts: ena%le (en(! I"&ts: exit privilegizlt H"&ts: ,onfigure termina& (,onf t(! I"&ts: eJit glo1lis kon&ig'rci$s H"&ts: "&toz! I"&ts: eJit! end specilis kon&ig'rci$s: vonali, interfsz, VLAN st1? I"&ts: eJit! end

25g 6as nlata:


K shoF K shK ki&istzza az *sszes! adott Dzemmd'an haszn&hat paran,sot ki&istzza a shoF paran,s paramtereit ki&istzza az *sszes sh-"a& kezd2d2 paran,sot

26o7 parancsok:
parancs arp f&ash: hosts interfa,es ma,-addr port-se,urit= startup-,onfig running-,onfig users "ersion "&an mit listz 3R6 t'&zat tarta&ma 3 f&ash memria tarta&ma az &&omst'&a (I6-,mek s ne"ek *sszerende&se( kap,so&portok &&apotadatai /35 ,mt'&a tarta&ma port'iztonsg adatai (meg ke&& adni az interfszt is! p&A fa $L( indt! 'ooto&skor akt" konfigur,i akt"! fut konfigur,i 'e.e&entkezett fe&haszn&k adatai az I87 adatai! memriafog&a&tsg 3 9+3<-ok adatai

Konfigurci mentse:
7Fit,h# copy r+n start "ag= 7Fit,h# wr

8llomsn( belltsa:
7Fit,h(,onfig(# hostname apcsolo_neve

Kon ol9els belltsa:


7Fit,h(,onfig(# line console 0 7Fit,h(,onfig-&ine(# password &els#o 7Fit,h(,onfig-&ine(# login

:nable 9els belltsa:


7Fit,h(,onfig(# ena%le password &els#o

:nable titkos 9els /e a ;er<sebb=0:


7Fit,h(,onfig(# ena%le secret &els#o

>els titkosts bekapcsolsa:


7Fit,h(,onfig(# service passwod-encryption

?irtulis terminlok 9els a(ainak belltsa:


7Fit,h(,onfig(# line vty 0 !5 7Fit,h(,onfig-&ine(# password &els#o 7Fit,h(,onfig-&ine(# login

*api @ enet belltsa /el(las t karakter pl. a A 0:


7Fit,h(,onfig(# %anner motd #Belepes csa engedellyelM#

27itc6 portok belltsa:


7Fit,h(,onfig(#interface >ast2thernet 0=7Fit,h(,onfig-if(#d+plex a+to / half / f+ll 7Fit,h(,onfig-if(#speed a+to / !0 / !00

B+&Ccm statikus megadsa adott port6o :


7Fit,h(,onfig(#mac-address-ta%le static 0!-4,.508,73AB vlan ! int fa0=!

B+&Ccmtbla t"rlse:
7Fit,h#clear mac-address-ta%le dynamic

'ortbi tonsg konfigurlsa:


7Fit,h(,onfig(#int fa0=! 7Fit,h(,onfig-if(#switchport mode access 7Fit,h(,onfig-if(#switchport port-sec+rity mac-address stic y "ag= &ta&unk megadott ,mme&: 7Fit,h(,onfig-if(#switchport port-sec+rity mac-address 0!-4,.508,73AB 7Fit,h(,onfig-if(#switchport port-sec+rity violation sh+tdown ha nem szeretnnk, hogy letiltson: 6witch(config-if)#switchport port-sec+rity violation 9 protect / restrict :

'ortbi tonsg miatt letiltott port 59raengedlye se:


7Fit,h(,onfig(#int fa0=! 7Fit,h(,onfig-if(#sh+tdown 7Fit,h(,onfig-if(#no sh+t

'ort6o lers! meg9egy se fD se:


7Fit,h(,onfig(#int fa0=-. L

7Fit,h(,onfig-if(#description 1apcsoloport a s#erverhe#

Fel@gyeleti I'Ccm adsa a kapcsolnak:


7Fit,h(,onfig(#int vlan ! 7Fit,h(,onfig-if(#ip address !0,0,0,! -55,0,0,0 7Fit,h(,onfig-if(#no sh+t

+laprtelme ett t9r megadsa:


7Fit,h(,onfig(#ip defa+lt-gateway !0,0,0,-5.

8llomstbla "s elltsa /ellen<r se: sho" hosts0:


7Fit,h(,onfig(#ip host alfa !0,0,0,! 7Fit,h(,onfig(#ip host %eta !0,0,0,-

?.+*Cok ltre6o sa:


1&s2 mdszer: 7Fit,h#vlan data%ase 7Fit,h("&an(#vlan !0 name alfa 9+3< L added: <ame: a&fa 7Fit,h("&an(#vlan !00 name %eta 9+3< L added: <ame: 'eta /sodik mdszer: 7Fit,h(,onfig(#vlan -5 7Fit,h(,onfig-"&an(#name gamma

'ortok 6o rendelse adott ?.+*C6o :


7Fit,h(,onfig(#int fa0=! 7Fit,h(,onfig-if(#switchport mode access 7Fit,h(,onfig-if(#switchport access vlan !0

:gys erre t"bb port 6o rendelse:


7Fit,h(,onfig(#int range fa $L - L0 7Fit,h(,onfig-if-range(#sFit,hport mode a,,ess 7Fit,h(,onfig-if-range(#sFit,hport a,,ess "&an 20

,r"nkport belltsa:
7Fit,h(,onfig(#int fa0=-. 7Fit,h(,onfig-if(#switchport mode tr+n

#at$v %&'# bell$tsa (a trn! (in)!t v*n (e* !ell a)ni+):


6witch(config-if)#switchport tr+n native vlan 33

,n*e)l-ezett %&'#-o! (e*a)sa a trn!n:


6witch(config-if)#switchport tr+n : allowed vlan 9 except - / 4$. / all

,r"nk llapotnak ellen<r se:


7Fit,h# show interfaces tr+n

Fut konfigurci mentse ,F,'Cs er(erre:


7Fit,h#copy r+nning-config tftp 3ddress or name of remote host MNK !0,0,0,!0 #estination fi&ename M7Fit,h-,onfgNK OO M8) - L04L '=tesN

Indt konfigurci let"ltse ,F,'Cs er(err<l:


7Fit,h#copy tftp start+p-config 3ddress or name of remote host MNK !0,0,0,!0 7our,e fi&ename MNK 6witch-confg #estination fi&ename Mstartup-,onfigNK +oading 7Fit,h-,onfg from L A A AL : O M8) - L04L '=tesN

?,' /(irtulis tr"nkprotokoll0 konfigurlsa


1&s2 mdszer (sFit,hportot is tmogat routereken ,sak ez mPk*dik(: 7Fit,h# vlan data%ase 7Fit,h("&an(# vtp domain tartomnynv Qe&sz 'e&&tsa: 7Fit,h("&an(#vtp password jelsz 6rotoko&& "erzi.nak 'e&&tsa: 7Fit,h("&an(# vtp v--mode 1szk*z Dzemmd.nak 'e&&tsa (a&apeset'en szer"erknt mPk*dik! a k&iens ,sak fogad.a a mdostsokat! a transzparens tengedi a 9>6-t s t2&e fDgget&enD& mPk*dtethet sa.t 9+3<-okat(: 7Fit,h("&an(# vtp mode server / client / transparent /sodik mdszer (g&o'&is konfig md'an mPk*dik(: 7Fit,h(,onfig(# vtp domain tartom<nyn(v 7Fit,h(,onfig(# vtp password &els#' 7Fit,h(,onfig(# vtp version 7Fit,h(,onfig(# vtp mode server / client / transparent

?,' ellen<r se:


7Fit,h# show vtp stat+s 6witch# show vtp password

?,' pruning:
3 kap,so&k nem to"''t.k a tr*nk t4&s fe&re o&=an 9+3<-ok adatait! amik'e tartoz &&omsok nem &teznek a t4&o&da&on! ez&ta& kise'' &esz a f*&*s&eges h&zati forga&omA L

7Fit,h(,onfig(# vtp pr+ning

Spanning Tree Protocol (STP)


+ kialakult llapot meg9elentse:
7Fit,h# show spanning-tree 9detail / s+mmary / vlan x :

E emmd belltsa /norml F gyors0


7Fit,h(,onfig(#spanning-tree mode pvst / rapid-pvst

%dpriorits belltsa /a rtk GC11))G k" "tt le6et! )GH1Cos lpsekkel0:


7Fit,h(,onfig(#spanning-tree vlan ! priority .030 i&&et"e (akr 9+3<-onknt(: 7Fit,h(,onfig(#spanning-tree vlan ! root 9 primary / secondary :

%o frsi portok gyorsto(bbt @ emmdba lltsa:


7Fit,h(,onfig(#spanning-tree portfast defa+lt interf(s#en (nt* 6witch(config-if)#spanning-tree portfast

You might also like