Sunteți pe pagina 1din 16

Un router este un echipament electronic de retea de tip activ (adica ia decizii si influenteaza in mod major logica functionarii retelei)

,un switch normal este un echipament pasiv sau doar partial activ daca este cu management, care interconecteaza retele de calculatoare / date fiecare din ele avand clase diferite de ip-uri.Una dintre functiile de baza pe care le indeplineste un router, si pentru care intra tot mai mult in viata noastra, este faptul ca interconecteaza /distribuie/leaga calculatoarele pe care le folosim, la reteua Internet. Routerul ca aparat, este de fapt un pc/calculator / computer specializat pentru functi de routare. El are memorie RAM, unitate de memorie permanenta (memorie flash, hard disc) si un sistem de operare, care nu stie sa fac altceva decat sa routeze pachete de retea. Este un computer redus la minimum si ca functii si ca dimensiuni, pentru a indeplini functia de routare. In general pe routere de tip computer se folosesc sisteme de operare flexibile (linux), in acest caz calculatorul trebuie sa fie insa puternic, sau sisteme de operare specializate , mult mai mici si mai rapide, acestea fiind mult mai putin pretentioase la resurse .O alta categorie de routere sint cele, din comert, care sint cele hardware. Cele din gama ieftina sunt simple din punct de vedere al complexitatii si nu ofera decit functiile de baza, ceea ce adesea pentru acasa sau pentru la birou poate fi suficient. Un router poate fi folosit pentru distributia de internet fie prin cablu de retea clasic fie prin antena / wifi / wireless / radio. Practic routerul este un computer care primeste internet si care distribuie acest internet, mai departe la computerele din reteaua locale. Este util atunci cand aveti mai multe computere in casa si doriti sa aveti internet pe toate in acelasi timp, folosind doar conexiunea si ip-ul pe care le-ati avut initial. Configurarea unui router
Modurile unui router Imediat dupa initializarea IOS-ului se poate intra in unul dintre cele doua moduri EXEC: User-EXEC mode (intra automat daca nu a fost configurata o parola de login) Privileged-EXEC mode (se intra din modul User-EXEC prin comanda enable) Din Privileged-EXEC mode se poate intra in modul global de configurare. Din modul global de configurare se poate intra in unul din modurile:Interface mode,Line mode,Router mode,Subinterface mode,Controller mode. Modul global de configurare Schimbarile in configuratia unui router sunt facute din modul global de configurare Router# configure terminal Router(config)# Pot fi accesate alte moduri de configurare mai specifice

Promptul routerului se schimba in functie de modul de configurare in care se opereaza Exit va aduce routerul in modul global de configurare Configurarea numelui pentru ruter In modul global de configurare Router(config)# hostname Tokyo Tokyo(config)# Promptul se schimba si va folosi noul nume Parolele ruterului Parolele restrictioneaza accesul la ruter pentru: virtual terminal lines console line privileged EXEC Enable password si enable secret restictioneaza accesul la modul privilegiat: Enable password se foloseste cand enable secret nu esetat Enable secret realizeaza criptare cu un algoritm MD5 hash Enable password nu e criptata Este de dorit sa se cripteze parolele in output-ul comenzilor Configurarea parolelor Console password Router(config)# line console 0 Router(config-line)# password cisco Router(config-line)# login Terminal password Router(config)# line vty 0 4 Router(config-line)# password cisco Router(config-line)# login Enable password Router(config)# enable password san-fran Password encryption Router(config)# service password-encryption Router(config)# no service passwordencryption Comenzile show Folosite pentru examinarea fisierelor ruterului Folosite pentru trubleshooting show interfaces statistici pentru interfetele ruterului show controllers serial informatii specifice controlerelor hardware show flash informatii despre memoria flash si despre imaginile IOS continute show version informatii despre ruter si IOS show startup-configuration configuratia din NVRAM 2

show running-configuration configuratia care ruleaza in RAM Configurarea unei interfete seriale Se acceseaza modul global de configurare Se acceseaza modul de configurare al interfetei. Se specifica adresa interfetei si masca de retea. Se seteaza clock rate daca interfata este DCE. Daca interfata este DTE acest pas nu se aplica. Se activeaza interfata. Configurarea unei interfete ethernet Se acceseaza modul global de configurare Se acceseaza modul de configurare al intefetei Se specifica adresa interfetei si masca de retea Se activeaza interfata Comenzi pentru configurarea interfetelor In urmatoarele comenzi, argumentul type poate fi: serial, ethernet, fastethernet, token ring si altele Router(config)#interface type port Router(config)#interface type port/slot Urmatoarea comanda este folosita pentru a opri o interfata: Router(config-if)# shutdown Urmatoarea comanda este folosita pentru a reactiva o interfata care este oprita Router(config-if)# no shutdown Urmatoarea comanda este folosita pentru a iesi din modul curent de configurare a interfetei Router(config-if)# exit Router(config)# Schimbarea configuratiei Afisarea configuratiei: Router# show running-config Router# show startup-config Stergerea configuratiei: Router# erase startup-config Router# reload Salvarea configuratiei: Router#copy running-config startup-config Router#copy running-config startup-config Descrierea interfetei Folosita pentru identificarea unor informatii: Un ruter aflat la distanta Un numar de circuit 3

Un segment de retea Descrierea are rolul unui comentariu pentru interfata Descrierea nu afecteaza operarea unui ruter

Configurarea descrierii pe interfata Se acceseaza modul global de configurare : Router# configure terminal Se acceseaza modul de configurare a interfetei : Router(config)# interface ethernet 0 Se introduce descrierea Router(config-if)# description string Exit in modul privilegiat Router(config-if)# ctrl-Z. Se salveaza schimbarile de configuratie in NVRAM Router# copy running-config startup-config Login banner Este un mesaj afisat la login Folositor pentru mesajele care ii vizeaza pe toti utilizatorii retelei Poate fi vazut de oricine Trebuie acordata atentie formularii acestor mesaje: Welcome poate fi considerat o invitatie pentru accesarea ruterului Login banner trebuie sa fie un avertizment importriva accesului neautorizat: This is a secure system, authorized access only! Configurarea login banner Se acceseaza modul global de configurare Router# configure terminal. Se executa comanda banner motd Router(config)# The message of the day Se salveaza schimbarile Router# copy running-config startup-config Host name resolution Folosit pentru a asocia un host name cu adresa IP Host names sunt semnificative numai pe masina locala Va permite administratorului sa tasteze fie host name-ul fie adresa IP pentru telnet pe host-ul respectiv Configurarea tabelelor de host-uri Se acceseaza modul global de configurare Se foloseste comanda ip host Router(config)# ip host Beirut 192.168.53.1 Se adauga toate IP-urile asociate cu ruterul respectiv Se foloseste comanda pentru fiecare ruter din retea Se salveaza configuratia in NVRAM 4

Copierea configuratiei O copie a configuratiei poate fi stocata pe un server TFTP: Router# copy running-config tftp Un fisier de configurare din retea poate fi folosit pentru configurarea ruterului Router# copy tftp running-config Exemplu concret de cofigurare a unui router din seria 12000 CISCO Figura 1 reprezinta topologia in diagrame ce arata interfete de tip Packetover-SONET/SDH (POS).

Figura 2 reprezinta topologia cu adrese

Tabele utile:

Configuratia de baza pentru P3


RP/0/0/CPU0:P3# show running-config hostname P3 interface MgmtEth0/0/CPU0/0 ! interface MgmtEth0/0/CPU0/1 !

interface ! interface ! interface ! interface ! interface ! interface ! interface ! interface ! end

MgmtEth0/0/CPU0/2 MgmtEth0/1/CPU0/0 MgmtEth0/1/CPU0/1 MgmtEth0/1/CPU0/2 POS0/3/0/0 POS0/3/0/1 POS0/3/0/2 POS0/4/0/0

Configuratia initiala de retea implica configuratia a urmatoarelor elemente: Data and time Management Ethernet interfaces Virtual IP addresses (IPv4), consisting of: 172.21.116.12 on P1 172.21.116.17 on P2 172.21.116.22 on P3 172.21.116.27 on P4 172.21.116.32 on P5 172.21.116.37 on P6 Loopback0 addresses POS interfaces

Configuratia initiala afisata la show running-config vazuta la routerul P3 (172.21.116.22) arata interfete Management Ethernet, POS, si adrese IP .
RP/0/0/CPU0:P3# show run hostname P3 telnet ipv4 domain ipv4 domain ipv4 domain ipv4 domain ipv4 domain ipv4 server max-servers 5 host p1 172.21.116.12 host p2 172.21.116.17 host p4 172.21.116.27 host p5 172.21.116.32 host p6 172.21.116.37

ipv4 virtual address 172.21.116.22 255.255.255.192 interface loopback0 ipv4 address 100.10.20.3 255.255.255.255 ! interface MgmtEth0/0/CPU0/0 ipv4 address 172.21.116.20 255.255.255.192 ! interface MgmtEth0/0/CPU0/1 ! interface MgmtEth0/0/CPU0/2 ! interface MgmtEth0/1/CPU0/0 ipv4 address 172.21.116.21 255.255.255.192 ! interface MgmtEth0/1/CPU0/1 ! interface MgmtEth0/1/CPU0/2 ! interface POS0/3/0/0 ipv4 address 142.50.4.3 255.255.255.0 ! interface POS0/3/0/1 ipv4 address 142.50.24.3 255.255.255.0 ! interface POS0/3/0/2 ipv4 address 142.50.12.3 255.255.255.0 ! interface POS0/4/0/0 ipv4 address 142.50.16.3 255.255.255.0 ! controller SONET0/3/0/0 ! controller SONET0/3/0/1 ! controller SONET0/3/0/2 ! controller SONET0/4/0/0 ! route ipv4 0.0.0.0/0 172.21.116.1 end

Securitatea pusa routerului:


RP/0/0/CPU0:P3# show run hostname P3 logging console telnet ipv4 server max-servers 6 domain ipv4 host p1 172.21.116.12 domain ipv4 host p2 172.21.116.17 domain ipv4 host p4 172.21.116.27 domain ipv4 host p5 172.21.116.32 domain ipv4 host p6 172.21.116.37 taskgroup igpadmin task write rib task write isis task write ospf ! taskgroup routeadmin

task write bgp inherit taskgroup igpadmin ! usergroup igp_admin taskgroup igpadmin ! usergroup route_admin taskgroup routeadmin ! username raoul password 7 030F5E05 group igp_admin ! username duke group route_admin ! ipv4 virtual address 172.21.116.22 255.255.255.192 ipv4 access-list blockacl 100 deny ip 134.1.1.0 0.0.0.255 any 200 deny ip 134.1.2.0 0.0.0.255 any 300 deny ip 134.1.3.0 0.0.0.255 any 400 deny ip 134.1.4.0 0.0.0.255 any 500 deny ip 134.1.5.0 0.0.0.255 any 550 deny ip 134.1.6.0 0.0.0.255 any 600 deny ip 135.1.5.0 0.0.0.255 any 700 deny ip 135.1.4.0 0.0.0.255 any 800 deny ip 135.1.3.0 0.0.0.255 any 900 deny ip 135.1.2.0 0.0.0.255 any 1000 deny ip 135.1.1.0 0.0.0.255 any 1100 deny ip 136.1.1.0 0.0.0.255 any 1200 deny ip 136.1.2.0 0.0.0.255 any 1300 deny ip 136.1.3.0 0.0.0.255 any 1400 deny ip 136.1.4.0 0.0.0.255 any 1500 permit ip any any ! ipv4 access-list blockacl2 100 deny ip 134.1.1.0 0.0.0.255 any 200 deny ip 134.1.2.0 0.0.0.255 any 300 deny ip 134.1.3.0 0.0.0.255 any 400 deny ip 134.1.4.0 0.0.0.255 any 500 deny ip 134.1.5.0 0.0.0.255 any 550 deny ip 134.1.6.0 0.0.0.255 any 600 deny ip 135.1.5.0 0.0.0.255 any 700 deny ip 135.1.4.0 0.0.0.255 any 800 deny ip 135.1.3.0 0.0.0.255 any 900 deny ip 135.1.2.0 0.0.0.255 any 1000 deny ip 135.1.1.0 0.0.0.255 any 1100 deny ip 136.1.1.0 0.0.0.255 any 1200 deny ip 136.1.2.0 0.0.0.255 any 1300 deny ip 136.1.3.0 0.0.0.255 any 1400 deny ip 136.1.4.0 0.0.0.255 any 1500 permit ip any any !

[Repeated show running-config output deleted.]


end

10

Urmatoarea sectiune contine iesire P3 cu IS-IS configurata (show run router isis). Un user in grupul numit igpadmin are permisiunea de a activa protocoalele Routing Information Base (RIB), IS-IS, and OSPF.
RP/0/0/CPU0:P3# show run router isis router isis lab is-type level-1 net 49.0001.0000.0000.0003.00 nsf ietf interface Loopback0 passive address-family ipv4 unicast ! ! interface POS0/3/0/1 hello-password text encrypted 05080F1C2243 address-family ipv4 unicast ! ! interface POS0/3/0/2 hello-password text encrypted 01100F175804 address-family ipv4 unicast ! ! interface POS0/4/0/0 hello-password text encrypted 030752180500 address-family ipv4 unicast

Aceasta sectiune contine show run router ospf , iesirea routerului P3 cu OSPF configurat .
RP/0/0/CPU0:P3# show run router ospf router ospf 60000 router-id Loopback0 nsf ietf area 0 authentication message-digest message-digest-key 1 md5 encrypted 01100F175804 interface Loopback0 passive enable ! interface POS0/3/0/1 ! interface POS0/3/0/2 ! interface POS0/4/0/0

Au mai fost configurate iBGP, Multicast, MPLS. Sumar a intregii retele configurate:
RP/0/0/CPU0:P3# show running-config hostname P3 logging console telnet ipv4 server max-servers 6 domain ipv4 host p1 172.21.116.12

11

domain ipv4 host p2 172.21.116.17 domain ipv4 host p3 172.21.116.22 domain ipv4 host p4 172.21.116.27 domain ipv4 host p5 172.21.116.32 domain ipv4 host p6 172.21.116.37 taskgroup igpadmin task write rib task write isis task write ospf ! taskgroup routeadmin task write bgp inherit taskgroup igpadmin ! usergroup igp_admin taskgroup igpadmin ! usergroup route_admin taskgroup routeadmin ! username raoul secret 5 $1$8Gwd$WFGLQa09SGl9A/WlrBiJM0 group route_admin ! username duke secret 5 $1$EAp8$hWPK3CpBYSL50apOLQmlF0 group operator ! username classious secret 5 $1$BzAl$yKAqOdOC02vn5xgXmy5Eu/ group igp_admin ! ipv4 virtual address 172.21.116.22 255.255.255.192 ipv4 access-list blockacl 10 deny ip 134.1.1.0 0.0.0.255 any 20 deny ip 134.1.2.0 0.0.0.255 any 30 deny ip 134.1.3.0 0.0.0.255 any 40 deny ip 134.1.4.0 0.0.0.255 any 50 deny ip 134.1.5.0 0.0.0.255 any 55 deny ip 134.1.6.0 0.0.0.255 any 60 deny ip 135.1.1.0 0.0.0.255 any 70 deny ip 135.10.2.0 0.0.0.255 any 80 deny ip 135.1.3.0 0.0.0.255 any 90 deny ip 135.1.4.0 0.0.0.255 any 110 deny ip 136.1.1.0 0.0.0.255 any 120 deny ip 136.1.2.0 0.0.0.255 any 130 deny ip 136.1.3.0 0.0.0.255 any 140 deny ip 136.1.4.0 0.0.0.255 any 150 permit ip any any ! ipv4 access-list blockacl2 10 deny ip 134.1.1.0 0.0.0.255 any 20 deny ip 134.1.2.0 0.0.0.255 any 30 deny ip 134.1.3.0 0.0.0.255 any 40 deny ip 134.1.4.0 0.0.0.255 any 50 deny ip 134.1.5.0 0.0.0.255 any 60 deny ip 135.1.1.0 0.0.0.255 any 80 deny ip 135.1.3.0 0.0.0.255 any 90 deny ip 135.1.4.0 0.0.0.255 any

12

! interface Loopback0 ipv4 address 100.10.20.3 255.255.255.255 ! interface tunnel-te1 ipv4 unnumbered Loopback0 priority 0 0 bandwidth 1000 autoroute announce destination 100.10.20.1 path-option 1 dynamic ! interface tunnel-te2 ipv4 unnumbered Loopback0 priority 0 0 bandwidth 1000 autoroute announce destination 100.10.20.2 path-option 1 dynamic ! interface tunnel-te4 ipv4 unnumbered Loopback0 priority 0 0 bandwidth 1000 autoroute announce destination 100.10.20.4 path-option 1 dynamic ! interface tunnel-te5 ipv4 unnumbered Loopback0 priority 0 0 bandwidth 1000 autoroute announce destination 100.10.20.5 path-option 1 dynamic ! interface tunnel-te6 ipv4 unnumbered Loopback0 priority 0 0 bandwidth 1000 autoroute announce destination 100.10.20.6 path-option 1 dynamic ! interface MgmtEth0/0/CPU0/0 ipv4 address 172.21.116.20 255.255.255.192 ! interface MgmtEth0/0/CPU0/1 shutdown ! interface MgmtEth0/0/CPU0/2 shutdown ! interface MgmtEth0/1/CPU0/0

110 120 130 140 150

deny ip 136.1.1.0 deny ip 136.1.2.0 deny ip 136.1.3.0 deny ip 136.1.4.0 permit ip any any

0.0.0.255 0.0.0.255 0.0.0.255 0.0.0.255

any any any any

13

ipv4 address 172.21.116.21 255.255.255.192 ! interface MgmtEth0/1/CPU0/1 shutdown ! interface MgmtEth0/1/CPU0/2 shutdown ! interface POS0/3/0/0 ipv4 address 142.50.4.3 255.255.255.0 ipv4 access-group blockacl ingress ! interface POS0/3/0/1 ipv4 address 142.50.24.3 255.255.255.0 ! interface POS0/3/0/2 ipv4 address 142.50.12.3 255.255.255.0 ! interface POS0/3/0/3 shutdown ! interface POS0/4/0/0 ipv4 address 142.50.16.3 255.255.255.0 ! controller SONET0/3/0/0 ! controller SONET0/3/0/1 ! controller SONET0/3/0/2 ! controller SONET0/3/0/3 ! controller SONET0/4/0/0 ! route ipv4 0.0.0.0/0 172.21.116.1 ! router bgp 65000 address-family ipv4 unicast network 0.0.0.0/0 ! neighbor-group internal remote-as 65000 password encrypted 13061E010803 update-source Loopback0 address-family ipv4 unicast ! ! neighbor 100.10.20.1 use neighbor-group internal description P1 ! neighbor 100.10.20.2 use neighbor-group internal description P2 ! neighbor 100.10.20.4 use neighbor-group internal description P4

14

! rsvp interface POS0/3/0/1 bandwidth ! interface POS0/3/0/2 bandwidth ! interface POS0/4/0/0 bandwidth ! ! mpls traffic-eng interface POS0/3/0/1 ! interface POS0/3/0/2 ! interface POS0/4/0/0 ! ! mpls ldp router-id Loopback0 discovery hello holdtime 30 discovery hello interval 15 graceful-restart interface POS0/3/0/1 ! interface POS0/3/0/2 ! interface POS0/4/0/0 ! ! router pim address-family ipv4 auto-rp mapping-agent Loopback0 scope 16 interval 60 auto-rp candidate-rp Loopback0 scope 16 group-list 224/4 interval 60 ! multicast-routing address-family ipv4 interface tunnel-te1 disable ! interface tunnel-te2 disable ! interface tunnel-te4 disable ! interface tunnel-te5 disable ! interface tunnel-te6

! neighbor 100.10.20.5 use neighbor-group internal description P5 ! neighbor 100.10.20.6 use neighbor-group internal description P6 !

15

! end

disable ! interface all enable

16