IT Japan
시스코 라우터 교육 자료 본문
1. 라우터 접속 방법 및 사용 모드
1.1 라우터 접속 방법
○ Console : 1 포트
○ Auxiliary : 1 포트
○ Telnet : 보통5개의 connection 지원 (VTY 0 ∼ 4)
- 경우에 따라서는 수를 더 늘릴 수도 있음(현재 수원의 경우 11개로 세팅).
1.2 라우터 모드
○ User mode
- 라우터에 대해서 제한된 명령어만 사용 가능 (프롬프트 : Router>)
○ Privileged EXEC mode
- 라우터에 대해서 모든 명령어 사용 가능 (프롬프트 : Router#)
1.3 CLI로 들어 가는 방법
○ Console 포트 또는 Telnet 포트 이용시
-console에 케이블을 물리거나 telnet으로 라우터에 접속하면 다음과 같은 메시지가 나타남.
User Access Verification
Password : xxxxxxx
- User mode로 들어가는 패스워드를 입력
SUWON_SO_4500>enable
Password : xxxxxxxx
- Privileged EXEC mode로 들아가는 패스워드
그러면 다음과 같이 프로프트가 나타남.
SUWON_SO_4500#
○ 현재 사용중인 CLI 인터페이스의 수를 알아보는 방법
SUWON_SO_4500#sh line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
0 CTY - - - - - 0 3 0/0
1 AUX 9600/9600 - - - - - 0 0 0/0
* 2 VTY - - - - 10 112 0 0/0
3 VTY - - - - 10 27 0 0/0
4 VTY - - - - 10 13 0 0/0
5 VTY - - - - 10 6 0 0/0
6 VTY - - - - 10 0 0 0/0
7 VTY - - - - - 0 0 0/0
8 VTY - - - - - 0 0 0/0
9 VTY - - - - - 0 0 0/0
10 VTY - - - - - 0 0 0/0
11 VTY - - - - - 0 0 0/0
12 VTY - - - - - 0 0 0/0
- CTY : console 포트를 나타냄.
- AUX : 모뎀으로 접속되는 포트를 나타냄.
- VTY : 바로 telnet으로 접속되는 포트를 나타내면 위에서 11개가 있는데, 맨위부터 VTY 0 ∼ VTY 10이 됨
- 위에서처럼 각 줄의 앞에 * 가 있는 포트가 현재 누군가가 접속해서 사용하고 있는 포트임.
SUWON_SO_4500#sh user
Line User Host(s) Idle Location
* 2 vty 0 tndnjsopman idle 00:00:00 int104.hanarotel.co.kr
- 실제 2개의 포트를 누가 쓰고 있는지를 알 수 있음. ip가 표시됨.
2. 라우터 구성 정보 확인
SUWON_SO_4500#sh run
- 현재 라우터에 어떠한 세팅들이 사용되도록 되어 있는가를 알아볼 때 사용. 따라서 이 sh run만 보면 라우터의 구성을 어떻게 설정해놓았는지를 한 눈에 알 수 있음. 실제 다른 모든에서 작업하다가 확실하지 않으면 다시 sh run을 이용해서 필요한 파라미터를 확인하면 됨.
Building configuration...
Current configuration:
!
version 11.3
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname SUWON_SO_4500
!
aaa new-model
aaa authentication login default local
enable secret 5 $1$gHSi$rcm4YJWkMSBkIE.0O.UUC/
enable password 7 095F5B071E02121C0E
!
username tjdnfopman password 7 094A450D171D1D0318003621
username tjdnfrltnf password 7 01150D0055130C1E32407C02
username tndnjsopman password 7 01150D0055130C1E32407C02
ip host CMTS 210.94.10.74
ip host dhcp 210.94.10.76
ip name-server 210.94.0.7
ip name-server 210.220.163.82
ip name-server 210.94.6.67
frame-relay switching
!
!
interface Serial0
ip address 210.94.10.66 255.255.255.252
encapsulation frame-relay IETF
ip ospf network point-to-point
no ip mroute-cache
bandwidth 1984
timeslot 1-31
crc4
ts16
frame-relay lmi-type ansi
!
interface Serial1
ip address 210.220.72.82 255.255.255.252
encapsulation frame-relay IETF
ip ospf network point-to-point
bandwidth 1984
timeslot 1-31
crc4
ts16
frame-relay lmi-type ansi
!
interface Serial2
ip address 210.94.10.70 255.255.255.252
encapsulation frame-relay IETF
ip ospf network point-to-point
bandwidth 1984
timeslot 1-31
crc4
ts16
frame-relay lmi-type ansi
!
interface Serial3
ip address 210.220.72.86 255.255.255.252
encapsulation frame-relay IETF
ip ospf network point-to-point
bandwidth 1984
timeslot 1-31
crc4
ts16
frame-relay lmi-type ansi
!
interface ATM0
no ip address
load-interval 30
atm ds3-scramble
!
interface ATM0.2 point-to-point
description This ATM port is set to point-to-point mode because the IOS on thi.
ip address 210.94.10.146 255.255.255.252
bandwidth 44200
atm pvc 1 1 35 aal5snap
!
interface FastEthernet0
ip address 210.94.10.73 255.255.255.248
ip access-group 110 out
no ip directed-broadcast
full-duplex
no mop enabled
!
router ospf 100
redistribute connected subnets
redistribute static subnets
network 210.94.10.64 0.0.0.3 area 10
network 210.94.10.68 0.0.0.3 area 10
network 210.94.10.144 0.0.0.3 area 10
network 210.220.72.80 0.0.0.3 area 10
network 210.220.72.84 0.0.0.3 area 10
!
ip classless
ip route 0.0.0.0 0.0.0.0 210.94.10.145
ip route 0.0.0.0 0.0.0.0 210.94.10.65 120
ip route 0.0.0.0 0.0.0.0 210.94.10.69 120
ip route 0.0.0.0 0.0.0.0 210.220.72.81 120
ip route 0.0.0.0 0.0.0.0 210.220.72.85 120
ip route 210.217.165.0 255.255.255.0 210.94.10.74
ip route 210.217.166.0 255.255.255.0 210.94.10.74
ip route 211.44.66.0 255.255.255.0 210.94.10.74
ip route 211.44.67.0 255.255.255.0 210.94.10.74
ip route 211.44.74.0 255.255.255.0 210.94.10.74
ip route 211.58.95.0 255.255.255.0 210.94.10.74
ip route 211.108.66.0 255.255.255.0 210.94.10.74
ip route 211.108.244.0 255.255.255.0 210.94.10.74
ip route 211.108.245.0 255.255.255.0 210.94.10.74
access-list 10 permit 210.94.2.53
access-list 10 permit 210.94.2.51
access-list 10 permit 210.94.1.0 0.0.0.255
access-list 110 permit tcp 210.94.1.0 0.0.0.255 host 210.94.10.76 eq telnet
access-list 110 permit tcp 210.94.1.0 0.0.0.255 host 210.94.10.76 eq ftp
access-list 110 deny tcp any host 210.94.10.76 eq telnet log
access-list 110 deny tcp any any eq ftp log
access-list 110 deny tcp any any eq www log
access-list 110 permit ip any any
snmp-server community catv2000 RO
!
!
line con 0
line aux 0
line vty 0 4
access-class 10 in
exec-timeout 0 0
line vty 5 10
password 7 13141C001F0100
!
end
SUWON_SO_4500#sh ?
WORD Flash device information - format <dev:>[partition]
access-expression List access expression
access-lists List access lists
accounting Accounting data for active sessions
aliases Display alias commands
--- 중간 생략 ---
x29 X.29 information
xns XNS information
xremote XRemote statistics
3. 라우터의 인터페이스 상태 확인 및 설정
3.1 인터페이스 전체에 대한 상태 요약
SUWON_SO_4500#show ip interface brief (또는 sh ip int b )
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES unset up up
ATM0.2 210.94.10.146 YES manual up up
FastEthernet0 210.94.10.73 YES NVRAM up up
Serial0 210.94.10.66 YES manual up up
Serial1 210.220.72.82 YES manual up up
Serial2 210.94.10.70 YES manual up up
Serial3 210.220.72.86 YES manual up up
- 위처럼 정상으로 서비스중인 포트는 Status, Protocol이 모두 Up으로 되어 있어야 함. 만약에 현재 serial 0,serial 1을 사용하고 있는데 위명령어로 보니까 serial 0의 Protocol이 다운되어 있으면 실제로 그 라인은 사용하지 못하고 있음으로 장애상태임.
- status up은 layer1에서는 정상인 것으로 만약 E1 회선이 죽거나 하면 당연이 down으로 됨
- protocol up은 layer2에서는 정상인 것으로, 회선은 살아있는데 frame relay등의 프로토콜이 안살 경우에는 down됨
3.2 Serial Line 인터페이스 상태
SUWON_SO_4500#sh int s2
Serial2 is up, line protocol is up
Hardware is HD64570
Internet address is 210.94.10.70/30
MTU 1500 bytes, BW 1984 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation FRAME-RELAY IETF, loopback not set, keepalive set (10 sec)
LMI enq sent 337752, LMI stat recvd 337742, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
FR SVC disabled, LAPF state down
Broadcast queue 0/64, broadcasts sent/dropped 894864/1884, interface broadcasts 896748
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 5w4d
Input queue: 0/75/555 (size/max/drops); Total output drops: 23078
Queueing strategy: weighted fair
Output queue: 0/1000/64/23078 (size/max total/threshold/drops)
Conversations 0/182/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 1000 bits/sec, 0 packets/sec
5 minute output rate 1000 bits/sec, 0 packets/sec
4183074 packets input, 1033163438 bytes, 75 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
46191 input errors, 46185 CRC, 2732 frame, 0 overrun, 0 ignored, 93 abort
18928184 packets output, 717942901 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
226 carrier transitions
DCD up, BER inactive, NELR inactive, FELR inactive
- 위에서 Bold type으로 된 내용을 주로 보게됨. 나머지는 참고로 알면 됨
각 파라미터의 의미는 다음과 같음.
Serial... is {up | down}
..is administratively down
Indicates whether the interface hardware is currently active (whether carrier detect is present) or if
it has been taken down by an administrator.
line protocol is {up | down}
Indicates whether the software processes that handle the line protocol consider the line usable (that
is, whether keepalives are successful) or if it has been taken down by an administrator.
Hardware is Specifies the hardware type.
Internet address is Specifies the Internet address and subnet mask.
MTU Maximum transmission unit of the interface.
BW Indicates the value of the bandwidth parameter that has been configured for the interface (in kilobits per second). The bandwidth parameter is used to compute IGRP metrics only. If the interface is attached to a serial line with a line speed that does not match the default (1536 or 1544 for T1 and 56 for a standard synchronous serial line), use the bandwidth command to specify the correct line
speed for this serial line.
DLY Delay of the interface in microseconds.
rely Reliability of the interface as a fraction of 255 (255/255 is 100% reliability), calculated as an exponential average over 5 minutes.
load Load on the interface as a fraction of 255 (255/255 is completely saturated), calculated as an exponential average over 5 minutes.
Encapsulation Encapsulation method assigned to interface.
loopback Indicates whether loopback is set or not.
keepalive Indicates whether keepalives are set or not.
Last input Number of hours, minutes, and seconds since the last packet was successfully received by an interface. Useful for knowing when a dead interface failed.
Last output Number of hours, minutes, and seconds since the last packet was successfully transmitted by an interface.
output hang Number of hours, minutes, and seconds (or never) since the interface was last reset because of a transmission that took too long. When the number of hours in any of the "last" fields exceeds 24 hours, the number of days and hours is printed. If that field overflows, asterisks are printed.
Output queue, drops
input queue, drops Number of packets in output and input queues. Each number is followed by a slash, the maximum size of the queue, and the number of packets dropped due to a full queue.
5 minute input rate Average number of bits and packets transmitted per second in the last 5 minutes.
5 minute output rate The 5-minute input and output rates should be used only as an approximation of traffic per second during a given 5-minute period. These rates are exponentially weighted averages with a time constant of 5 minutes. A period of four time constants must pass before the average will be within two percent of the instantaneous rate of a uniform stream of traffic over that period.
packets input Total number of error-free packets received by the system.
bytes Total number of bytes, including data and MAC encapsulation, in the error-free packets received by the system.
no buffer Number of received packets discarded because there was no buffer space in the main system. Compare with ignored count. Broadcast storms on Ethernet networks and bursts of noise on serial lines are often responsible for no input buffer events.
Received... broadcasts Total number of broadcast or multicast packets received by the interface.
runts Number of packets that are discarded because they are smaller than the medium's minimum packet size.
giants Number of packets that are discarded because they exceed the medium's maximum packet size.
input errors Total number of no buffer, runts, giants, CRCs, frame, overrun, ignored, and abort counts. Other input-related errors can also increment the count, so that this sum might not balance with the other counts.
CRC Cyclic redundancy checksum generated by the originating station or far-end device does not match the checksum calculated from the data received. On a serial link, CRCs usually indicate noise, gain hits, or other transmission problems on the data link.
frame Number of packets received incorrectly having a CRC error and a noninteger number of octets. On a serial line, this is usually the result of noise or other transmission problems.
overrun Number of times the serial receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver's ability to handle the data.
ignored Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. Broadcast storms and bursts of noise can cause the ignored count to be increased.
abort Illegal sequence of one bits on a serial interface. This usually indicates a clocking problem between the serial interface and the data link equipment.
carrier transitions Number of times the carrier detect signal of a serial interface has changed state. For example, if data carrier detect (DCD) goes down and comes up, the carrier transition counter will increment two times. Indicates modem or line problems if the carrier detect line is changing state often.
packets output Total number of messages transmitted by the system.
bytes output Total number of bytes, including data and MAC encapsulation, transmitted by the system.
underruns Number of times that the transmitter has been running faster than the router can handle. This might never be reported on some interfaces.
output errors Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. Note that this might not balance with the sum of the enumerated output errors, as some datagrams can have more than one error, and others can have errors that do not fall into any of the specifically tabulated categories.
collisions Number of messages retransmitted due to an Ethernet collision. This usually is the result of an overextended LAN (Ethernet or transceiver cable too long, more than two repeaters between stations, or too many cascaded multiport transceivers). Some collisions are normal. However, if your collision rate climbs to around 4 or 5%, you should consider verifying that there is no faulty equipment on the segment and/or moving some existing stations to a new segment. A packet that collides is counted only once in output packets.
interface resets Number of times an interface has been completely reset. This can happen if packets queued for transmission were not sent within several seconds' time. On a serial line, this can be caused by a malfunctioning modem that is not supplying the transmit clock signal, or by a cable problem. If the system notices that the carrier detect line of a serial interface is up, but the line protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when an interface is looped back or shut down.
restarts Number of times the controller was restarted because of errors.
alarm indications, remote alarms, rx LOF, rx LOS
Number of CSU/DSU alarms, and number of occurrences of receive loss of frame and receive loss of signal.
BER inactive, NELR inactive, FELR inactive
Status of G.703-E1 counters for bit error rate (BER) alarm, near-end loop remote (NELR), and far-end loop remote (FELR). Note that you cannot set the NELR or FELR.
3.3 Fastethernet 상태 확인
SUWON_SO_4500#sh int f 0
FastEthernet0 is up, line protocol is up
Hardware is DEC21140, address is 0010.7b6e.cb49 (bia 0010.7b6e.cb49)
Internet address is 210.94.10.73/29
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 31/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 5w4d
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 67 drops
5 minute input rate 1716000 bits/sec, 1443 packets/sec
5 minute output rate 12507000 bits/sec, 1938 packets/sec
53495679 packets input, 616432882 bytes, 0 no buffer
Received 116237 broadcasts, 0 runts, 0 giants, 1 throttles
0 input errors, 0 CRC, 0 frame, 5 overrun, 0 ignored, 0 abort
0 watchdog, 0 multicast
0 input packets with dribble condition detected
2002445083 packets output, 817445218 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
각 파라미터의 의미는 다음과 같음.
FastEthernet0 is ... is up ...is administratively down
Indicates whether the interface hardware is currently active and if it has been taken down by an administrator.
line protocol is Indicates whether the software processes that handle the line protocol consider the line usable or if it has been taken down by an administrator.
Hardware Hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.
Internet address Internet address followed by subnet mask.
MTU Maximum Transmission Unit of the interface.
BW Bandwidth of the interface in kilobits per second.
DLY Delay of the interface in microseconds.
rely Reliability of the interface as a fraction of 255 (255/255 is 100% reliability), calculated as an exponential average over 5 minutes.
load Load on the interface as a fraction of 255 (255/255 is completely saturated), calculated as an exponential average over 5 minutes.
Encapsulation Encapsulation method assigned to interface.
ARP type: Type of Address Resolution Protocol assigned.
loopback Indicates whether loopback is set or not.
keepalive Indicates whether keepalives are set or not.
Last input Number of hours, minutes, and seconds since the last packet was successfully received by an interface. Useful for knowing when a dead interface failed.
output Number of hours, minutes, and seconds since the last packet was successfully transmitted by the interface. Useful for knowing when a dead interface failed.
output hang Number of hours, minutes, and seconds (or never) since the interface was last reset because of a transmission that took too long. When the number of hours in any of the "last" fields exceeds 24 hours, the number of days and hours is printed. If that field overflows, asterisks are printed.
Last clearing Time at which the counters that measure cumulative statistics (such as number of bytes transmitted and received) shown in this report were last reset to zero. Note that variables that might affect routing (for example, load and reliability) are not cleared when the counters are cleared.
*** indicates the elapsed time is too large to be displayed.
0:00:00 indicates the counters were cleared more than 231ms (and less than 232ms) ago.
Output queue, input queue, drops
Number of packets in output and input queues. Each number is followed by a slash, the maximum size of the queue, and the number of packets dropped due to a full queue.
5 minute input rate, 5 minute output rate
Average number of bits and packets transmitted per second in the last 5 minutes. If the interface is not in promiscuous mode, it senses network traffic it sends and receives (rather than all network traffic).
The 5-minute input and output rates should be used only as an approximation of traffic per second during a given 5-minute period. These rates are exponentially weighted averages with a time constant of 5 minutes. A period of four time constants must pass before the average will be within two percent of the instantaneous rate of a uniform stream of traffic over that period.
packets input Total number of error-free packets received by the system.
bytes Total number of bytes, including data and MAC encapsulation, in the error free packets received by the system.
no buffer Number of received packets discarded because there was no buffer space in the main system. Compare with ignored count. Broadcast storms on Ethernets and bursts of noise on serial lines are often responsible for no input buffer events.
Received ... broadcasts
Total number of broadcast or multicast packets received by the interface.
runts Number of packets that are discarded because they are smaller than the medium's minimum packet size. For instance, any Ethernet packet that is less than 64 bytes is considered a runt.
giants Number of packets that are discarded because they exceed the medium's maximum packet size. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.
input errors Includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts. Other input-related errors can also cause the input errors count to be increased, and some datagrams may have more than one error; therefore, this sum may not balance with the sum of enumerated input error counts.
CRC Cyclic redundancy checksum generated by the originating LAN station or far-end device does not match the checksum calculated from the data received. On a LAN, this usually indicates noise or transmission problems on the LAN interface or the LAN bus itself. A high number of CRCs is usually the result of collisions or a station transmitting bad data.
frame Number of packets received incorrectly having a CRC error and a noninteger number of octets. On a LAN, this is usually the result of collisions or a malfunctioning Ethernet device.
overrun Number of times the receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver's ability to handle the data.
ignored Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different than the system buffers mentioned previously in the buffer description. Broadcast storms and bursts of noise can cause the ignored count to be increased.
abort Number of packets whose receipt was aborted.
watchdog Number of times watchdog receive timer expired. It happens when receiving a packet with length greater than 2048.
multicast Number of multicast packets received.
input packets with dribble condition detected
Dribble bit error indicates that a frame is slightly too long. This frame error counter is incremented just for informational purposes; the router accepts the frame.
packets output Total number of messages transmitted by the system.
bytes Total number of bytes, including data and MAC encapsulation, transmitted by the system.
underruns Number of times that the transmitter has been running faster than the router can handle. This may never be reported on some interfaces.
output errors Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. Note that this may not balance with the sum of the enumerated output errors, as some datagrams may have more than one error, and others may have errors that do not fall into any of the specifically tabulated categories.
collisions Number of messages retransmitted due to an Ethernet collision. This is usually the result of an overextended LAN (Ethernet or transceiver cable too long, more than two repeaters between stations, or too many cascaded multiport transceivers). A packet that collides is counted only once in output packets.
interface resets Number of times an interface has been completely reset. This can happen if packets queued for transmission were not sent within several seconds. On a serial line, this can be caused by a malfunctioning modem that is not supplying the transmit clock signal, or by a cable problem. If the system notices that the carrier detect line of a serial interface is up, but the line protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when an interface is looped back or shut down.
restarts Number of times a Type 2 Ethernet controller was restarted because of errors.
babbles The transmit jabber timer expired.
late collision Number of late collisions. Late collision happens when a collision occurs after transmitting the preamble.
deferred Deferred indicates that the chip had to defer while ready to transmit a frame because the carrier was asserted.
lost carrier Number of times the carrier was lost during transmission.
no carrier Number of times the carrier was not present during the transmission. output buffer failures Number of failed buffers and number of buffers swapped out.
3.4 인터페이스의 현재 성능을 측정하는 방법
SUWON_SO_4500#p
Protocol [ip]:
Target IP address: 1 211.44.66.38
Repeat count [5]: 1000
Datagram size [100]: 100
Timeout in seconds [2]: 1
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 211.44.66.38, timeout is 1 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 8/12/36 ms
- ! : ping response가 제대로 온 것을 의미.
- . : ping response가 제대로 안온 것을 의미.
- U : destination unreachable로 라우팅을 할 수 없을 때, 나타나는 메시지
4. 라우팅 정보 확인
SUWON_SO_4500#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 210.94.0.66 to network 0.0.0.0
SUWON_SO_4500#sh ip route ospf
O E2 210.205.30.0/24 [110/20] via 210.94.10.145, 01:26:59, ATM0.2
O E2 211.58.224.0/24 [110/20] via 210.94.10.145, 01:26:58, ATM0.2
O E2 211.44.241.0/24 [110/20] via 210.94.10.145, 01:26:59, ATM0.2
---- 중간 생략 ---
O E2 211.37.121.0 [110/20] via 210.94.10.145, 01:27:00, ATM0.2
O E2 211.37.121.64 [110/20] via 210.94.10.145, 01:27:00, ATM0.2
211.58.104.0/24 is variably subnetted, 5 subnets, 2 masks
O E2 211.58.104.128/26 [110/20] via 210.94.10.145, 01:27:00, ATM0.2
O* : default route를 가리킴. 반드시 있어야 함.
SUWON_SO_4500#sh ip ospf ?
<1-4294967295> Process ID number
border-routers Border and Boundary Router Information
database Database summary
interface Interface information
neighbor Neighbor list
request-list Link state request list
retransmission-list Link state retransmission list
summary-address Summary-address redistribution Information
virtual-links Virtual link information
<cr>
SUWON_SO_4500#sh ip ospf interface
ATM0 is up, line protocol is up
OSPF not enabled on this interface
ATM0.2 is up, line protocol is up
Internet Address 210.94.10.146/30, Area 10
Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 2
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 210.94.6.27
Suppress hello for 0 neighbor(s)
FastEthernet0 is up, line protocol is up
OSPF not enabled on this interface
Serial0 is up, line protocol is up
Internet Address 210.94.10.66/30, Area 10
Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 210.94.6.20
Suppress hello for 0 neighbor(s)
Serial1 is up, line protocol is up
Internet Address 210.220.72.82/30, Area 10
Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:00
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 210.94.6.28
Suppress hello for 0 neighbor(s)
Serial2 is up, line protocol is up
Internet Address 210.94.10.70/30, Area 10
Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 210.94.6.20
Suppress hello for 0 neighbor(s)
Serial3 is up, line protocol is up
Internet Address 210.220.72.86/30, Area 10
Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 210.94.6.28
Suppress hello for 0 neighbor(s)
SUWON_SO_4500# sh ip route static
S 210.217.165.0/24 [1/0] via 210.94.10.74
S 211.44.74.0/24 [1/0] via 210.94.10.74
S 210.217.166.0/24 [1/0] via 210.94.10.74
S 211.108.245.0/24 [1/0] via 210.94.10.74
S 211.58.95.0/24 [1/0] via 210.94.10.74
S 211.108.244.0/24 [1/0] via 210.94.10.74
S 211.44.66.0/24 [1/0] via 210.94.10.74
S 211.108.66.0/24 [1/0] via 210.94.10.74
S 211.44.67.0/24 [1/0] via 210.94.10.74
S* 0.0.0.0/0 [1/0] via 210.94.10.145
SUWON_SO_4500#sh ip route con
210.220.72.0/24 is variably subnetted, 41 subnets, 2 masks
C 210.220.72.84/30 is directly connected, Serial3
C 210.220.72.80/30 is directly connected, Serial1
210.94.10.0/24 is variably subnetted, 21 subnets, 2 masks
C 210.94.10.144/30 is directly connected, ATM0.2
C 210.94.10.68/30 is directly connected, Serial2
C 210.94.10.64/30 is directly connected, Serial0
C 210.94.10.72/29 is directly connected, FastEthernet0
5. 라우터 configuration 변경 방법
5.1 interface configuration 변경 방법
SEL-DJ-4500#conf t
☞ 라우터에 대한 configuration을 변경하고자 할 때 항상 위 명령어를 먼저 쳐야 한다.
Enter configuration commands, one per line. End with CNTL/Z.
SEL-DJ-4500(config)#int s0 #interface serial 1에 대한 configuration을 변경할 때#
SEL-DJ-4500(config-if)# #Prompt가 왼쪽처럼 바뀌면 interface에 대한 변경모드로 들어와 있다는 것을 말함#
SEL-DJ-4500(config-if)#no ip address 210.94.10.254 255.255.255.252
SEL-DJ-4500(config-if)#ip address 210.94.10.5 255.255.255.252
#ip address를 다른 것으로 변경할 때, 기존에 있던 것은 no 라는 명령어를 이용하여 정보를 지운다음 새 ip 주소를 넣는다. 다른 명령어의 경우에도 기존 것을 먼저 no를 이용하여 지우고 새로 바꾸면 됨#
SEL-DJ-4500(config-if)#Ctrl+z #control+Z를 치면 다시 global configuration으로 빠진다#
SEL-DJ-4500#sh run
..........
- 위에서 처럼 어떤 세팅을 바꾸고 나면 반드시 sh run을 해서 제대로 바뀌어 있는지 확인을 해야 함.
SEL-DJ-4500#copy runing-config startup-config(or copy run st)
- 제대로 바뀐 것을 확인했으면 위에서처럼 RAM에 있는 구성정보를 ROM으로 옮겨야 함. 그래야 라우터의 파워를 껐다 켜더라도 새로 바뀐 것으로 update가 됨
SEL-DJ-4500#? #interface 관련된 명령어가 무엇이 있는지 알고자 할 때#
Interface configuration commands:
access-expression Build a bridge boolean access expression
apollo Apollo interface subcommands
appletalk Appletalk interface subcommands
arp Set arp type (arpa, probe, snap) or timeout
asp ASP interface subcommands
autodetect Autodetect Encapsulations on Serial interface
backup Modify dial-backup parameters
................
5.2 라우팅을 변경하는 방법
5.2.1 Static routing을 변경
SEL-DJ-4500#conf t
SEL-DJ-4500(config)#no ip route 210.94.10.0 255.255.255.0 210.94.0.2
SEL-DJ-4500(config)#ip route 210.94.10.0 255.255.255.0 210.94.1.2 #기존에 설정된 static route를 지우고 새로 설정하는 방법#
- 즉, C Class로 된 210.94.10.0이라는 네트워크를 갈려면 210.94.1.2로 가면 된다고 라우터에 알려 줌
SEL-DJ-4500(config)#ip route 0.0.0.0 0.0.0.0 210.94.1.2 #default route를 static으로 설정하는 방법#
- 즉, 이도 저도 알수 없는 네트워크는 전부 210.94.1.2로 가면 된다고 알려줌.
5.2.2 Dynamic routing을 변경
SEL-DJ-4700#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SEL-DJ-4700(config)#router ospf 100
SEL-DJ-4700(config-router)#?
Router configuration commands:
area OSPF area parameters
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
..............................
timers Adjust routing timers
traffic-share Algorithm for computing traffic share for alternate
routes
SEL-DJ-4700(config-router)#network 210.94.0.0 0.0.0.255 area 10
SEL-DJ-4700(config-router)#redistribute connected subnets
SEL-DJ-4700(config-router)#redistribute static subnets
※ 실제로 라우터를 개통을 하지 않고 그냥 이미 개통된 라우터를 운용할 때는 위에서 처럼 OSPF와 관련된 명령어는 사용할 기회가 거의 없음. 그냥 참고로만 알면 됨.
6. 기타
6.1 라우터에 대한 telnet 접속을 제한
※ 모토롤라의 Trusted IP와 비슷한 기능으로 간주하면 됨.
SEL-DJ-4700#conf t
SEL-DJ-4700(config)#access-list 12 permit 210.94.1.0 0.0.0.255
- 210.94.1.0에 대한 네크워크만 허가를 할 때
- 0.0.0.255는 wild mask로 허가를 할 거냐 말거냐를 결정할 때, 0은 틀리면 안되고, 1은 틀려도 됨.
SEL-DJ-4700(config)#^Z
SEL-DJ-4700#conf t
SEL-DJ-4700(config)#line vty 0 4 #telnet line 5개 모두 설정#
SEL-DJ-4700(config-line)#access-class 12 in
- 이렇게 하면 이 라우터에 telnet으로 접속할 때, 210.94.1.0 네트워크만 허가되고 나머지는 들어올 수 없음.
6.2 라우터에 대한 중요 정보의 로그를 볼 때
SUWON_SO_4500#sh log (show logging)
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 19516 messages logged
Monitor logging: level debugging, 0 messages logged
Trap logging: level informational, 19524 message lines logged
Buffer logging: level debugging, 19516 messages logged
Log Buffer (8192 bytes):
ACCESSLOGP: list 110 denied tcp 165.229.28.196(1426) -> 211.44.66.10(21), 3 packets
*Jun 4 22:54:01: %SEC-6-IPACCESSLOGP: list 110 denied tcp 211.50.36.89(1297) -> 211.108.245.97(21), 1 packet
---- 중간 생략 ----
*Jun 5 02:14:05: %SEC-6-IPACCESSLOGP: list 110 denied tcp 211.44.174.2(1375) -> 211.108.245.97(21), 3 packets
SEL-DJ-4500#sh logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 18747 messages logged
Monitor logging: level debugging, 458 messages logged
Trap logging: level informational, 18335 message lines logged
Buffer logging: level debugging, 18747 messages logged
Log Buffer (8192 bytes):
_I: Configured from console by console
...................
(210.94.1.116)
*Mar 25 05:07:11.054: %SYS-5-CONFIG_I: Configured from console by vty1 (210.94.1.116)
*Mar 27 03:34:03.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5, changed state to down
*Mar 27 03:40:34.186: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5, changed state to up
*Mar 27 22:29:20.493: %SYS-5-CONFIG_I: Configured from console by vty1 (210.94.1.118)
- 위에서 처럼 어떤 시간에 어느 인터페이스가 죽었다가 살아났다는 것을 알 수 있음.