Setup Mode Configuration File Interractive setup Routersetup Setup

Setup Mode Configuration File이 없는 경우, 자동으로 나타나 Interractive한 라우터 설정을 가능하게 한다. #setup 명령을 통해서도 가능하다. Router#setup <= Setup Mode에서는 Basic Configuratin만 가능하다. Continue with configuration dialog? [yes/no]: y Enter host name [Router]: Router 01 Enter enable secret [<Use current secret>]: sk <= Enable Password 대신 사용한다. Enter enable password [password]: telecom <= Enable Secret이 설정된 경우 무의미하다. Enter virtual terminal password [password]: password <= Telnet 등으로 접속시 Password이다. Configure SNMP Network Management? [yes]: y Community string [public]: public 2 Configure IP? [yes]: y Configure IGRP routing? [yes]: n Configure RIP routing? [no]: y Configuring interface Ethernet 0: Is this interface in use? [yes]: y Configure IP on this interface? [yes]: y IP address for this interface [128. 1. 51. 254]: 128. 1. 51. 254 Number of bits in subnet field [0]: 8 Class B network is 128. 1. 0. 0, 8 subnet bits; mask is /24 Configuring interface Serial 0: Is this interface in use? [no]: n Configuring interface Serial 1: Is this interface in use? [no]: n Use this configuration? [yes/no]: y <= 설정이 RAM과 NVRAM에 동시에 저장된다. Building configuration. . . [OK] Use the enabled mode 'configure' command to modify this configuration. 4

CLI(Command-Line Interface) Router>enable Router#disable Router>logout - Privileged Mode에서 빠져 나오는 명령은 disable을 사용한다. - Privileged Mode에서 Logout 상태로 한번에 빠져 나오기 위해서는 logout 또는 exit명령을 사용한다. 5

Routrer Mode Exec Mode : Command를 입력할 수 있는 Mode이다. User Exec Mode Non-Destructive Command, Basic Test, System Information을 볼 수 있다. > 프롬프트가 나타난다. Previleged Exec Mode configure Command, Debug Command를 사용할 수 있다. # 프롬프트가 나타난다. >enable 명령을 사용하여 들어간다. >disable 명령으로 빠져 나온다. Global Configuration Mode Router 전반에 걸친 사항을 Configuration하는 Mode이다. config term 명령을 사용하여 들어간다. (config)# 프롬프트가 나타난다. exit, Ctrl+Z으로 빠져 나온다. Exit 명령은 중첩된 모드인 경우, 한단계를 빠져 나오며 ctrl+z은 일거에 빠져 나온다. 6

Config 명령 Router#config ? memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP network host terminal Configure from the terminal <cr> 7

Interface Mode Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#interface ? Async interface BVI Bridge-Group Virtual Interface Dialer interface Ethernet IEEE 802. 3 Group-Async Group interface Lex interface Loopback interface Null interface Serial Tunnel interface Virtual-Template Virtual Template interface Router. A(config)#interface ethernet 0 Router. A(config-if)#ip address 192. 168. 0. 254 255. 0 8

Subinterface Mode Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int s 0. ? <0 -4294967295> Serial interface number Router(config)#int s 0. 1 Router(config-subif)#ip address 192. 168. 1. 254 255. 0 9

Line Mode Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line ? <0 -6> First Line number aux Auxiliary line console Primary terminal line vty Virtual terminal Router. A(config)#line console 0 Router. A(config-line)#login Router. A(config-line)#password passwd 1 10

Router Mode Router. A#config t Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#router rip Router. A(config-router)#network 192. 168. 0. 0 Router. A(config-router)# 11

Editing and Help Features Router. A#? Exec commands: <1 -99> Session number to resume access-enable Create a temporary Access-List entry access-template Create a temporary Access-List entry bfe For manual emergency modes setting clear Reset functions clock Manage the system clock configure Enter configuration mode connect Open a terminal connection copy Copy configuration or image data debug Debugging functions (see also 'undebug') disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands erase Erase flash or configuration memory exit Exit from the EXEC help Description of the interactive help system lock Lock the terminal login Log in as a particular user logout Exit from the EXEC 12

Router. A#show clock detail 19: 58: 05. 431 UTC Tue Dec 19 2000 Time source is user configuration Router. A#clock ? set Set the time and date Router. A#clock set ? hh: mm: ss Current Time Router. A#clock set 20: 00 ? <1 -31> Day of the month MONTH Month of the year Router. A#clock set 20: 00 19 ? MONTH Month of the year Router. A#clock set 20: 00 19 nov ? <1993 -2035> Year Router. A#clock set 20: 00 19 nov 2000 Router. A#show clock detail 20: 09. 183 UTC Sun Nov 19 2000 Time source is user configuration 13

Auto Completion 명령어의 부분을 입력후 Tab 키를 누른다. Message Router. A#clock set 20: 00 % Incomplete command. Router. A(config)#show version ^ % Invalid input detected at '^' marker. Router. A#sh te % Ambiguous command: "sh te" Router. A#sh te? tech-support terminal 14

15

16

Router. A#sh history clock set 19: 56: 00 19 dec 2000 sh clock show clock detail clock set 20: 00 19 nov 2000 show clock detail clock set 20: 00 show k config term sh te sh history 17

Router. A#sh terminal Line 2, Location: "", Type: "ANSI" Length: 27 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: Ready, Active, No Exit Banner Capabilities: none Modem state: Ready Special Chars: Escape Hold Stop Start Disconnect Activation ^^x none - none Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch 00: 10: 00 never none not set Idle Session Disconnect Warning never Modem type is unknown. Session limit is not set. Time since activation: never Editing is enabled. History is enabled, history size is 10. Full user help is disabled Allowed transports are pad v 120 telnet rlogin mop. Preferred is telnet. No output characters are padded No special data dispatching characters 18

Router. A#terminal history size 25 Router. A#sh terminal … History is enabled, history size is 25. … 19

Gathering Basic Routing Information Router. A#sh version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C 2500 -D-L), Version 11. 2(3)P, SHARED PLATFORM, RELEASE S OFTWARE (fc 1) Copyright (c) 1986 -1996 by cisco Systems, Inc. Compiled Tue 31 -Dec-96 17: 11 by tamb Image text-base: 0 x 0302 A 498, data-base: 0 x 00001000 ROM: System Bootstrap, Version 11. 0(10 c), SOFTWARE ROM: 3000 Bootstrap Software (IGS-BOOT-R), Version 11. 0(10 c), RELEASE SOFTWARE ( fc 1) Router. A uptime is 1 hour, 0 minutes System restarted by power-on at 19: 17: 08 UTC Sun Nov 19 2000 System image file is "flash: 80135003. bin", booted via flash cisco 2500 (68030) processor (revision N) with 2048 K/2048 K bytes of memory. Processor board ID 06164964, with hardware revision 0000 Bridging software. X. 25 software, Version 2. 0, NET 2, BFE and GOSIP compliant. 1 Ethernet/IEEE 802. 3 interface(s) 2 Serial network interface(s) 32 K bytes of non-volatile configuration memory. 8192 K bytes of processor board System flash (Read ONLY) Configuration register is 0 x 2102 20

Setting the Passwords Enable Secret & Enable Password Router. A#config t Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#enable secret wsyang Router. A(config)#enable password wsyang The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password. Auxiliary Password Router. A#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line aux ? <0 -0> First Line number Router. A(config)#line aux 0 Router. A(config-line)#login Router. A(config-line)#password wsyang 21

Console Password Router. A#config t Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line console ? <0 -0> First Line number Router. A(config)#line console 0 Router. A(config-line)#login Router. A(config-line)#password wsyang Other Console Port Command Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line console 0 Router. A(config-line)#logging synchronous (logging synchronous : stop console messages from overwriting command-line input) Router. A#config t Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line console 0 Router. A(config-line)#exec-timeout 0 0 (Console Timeout을 없앤다. ) 22

Telnet Password / Timeout Router. A#config t Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line vty ? <0 -4> First Line number Router. A(config)#line vty 0 4 Router. A(config-line)#login Router. A(config-line)#password wsyang Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#line vty 0 4 Router. A(config-line)#no login - no login을 사용하면 Password 없이 로그인 한다. Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line vty 0 4 Router(config-line)#exec-timeout 0 0 (Telnet Time-out을 제거한다. ) 23

Password Encryption Router. A#config t Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#service password-encryption Banners 1. banner motd #를 입력하고 Enter를 누른다. 2. Message를 입력한다. 3. #을 입력하고 Enter를 누른다. 4. 라우터에 로그인시 Display 된다. Router. A(config)#banner ? LINE c banner-text c, where 'c' is a delimiting character exec Set EXEC process creation banner incoming Set incoming terminal line banner login Set login banner motd Set Message of the Day banner Router(config)#banner motd # Enter TEXT message. End with the character '#'. Accounting Department # 24

Configuring IP Address on Interface and Bringup, Shutdown Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#int serial 1 Router. A(config-if)#ip address 192. 168. 5. 1 255. 0 Router. A(config-if)#no shutdown Router. A(config-if)#shutdown Secondary IP Address on Interface Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#int ethernet 0 Router. A(config-if)#ip address 192. 168. 10. 1 255. 0 secondary 25

Configuring Serial Line 1. DCE로 사용시에만 Clock Speed를 명시한다. 디폴트는 T 1 라인의 Clock Speed이다. 2. Bandwidth를 K 단위로 명시한다. 디폴트는 T 1 라인의 Bandwidth이다. (1544 K) # show controller s 0 명령으로 확인할 수 있다. Router#config term Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int s 0 Router(config-if)#bandwidth 128 Router(config-if)#^Z Router#sh int s 0 Serial 0 is down, line protocol is down Hardware is HD 64570 MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Router#sh controller s 0 (Interface의 Hardware 설정을 본다. ) HD unit 0, idb = 0 x 906 F 8, driver structure at 0 x 94338 buffer size 1524 HD unit 0, No cable, clockrate 56000 cpb = 0 x 11, eda = 0 x 4940, cda = 0 x 4800 RX ring with 16 entries at 0 x 114800 26

DCE로 설정 Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#int s 1 Router. A(config-if)#clock rate 64000 Router. A#sh controllers s 1 HD unit 1, idb = 0 x. A 0 A 6 C, driver structure at 0 x. A 46 B 0 buffer size 1524 HD unit 1, No cable, clockrate 64000 cpb = 0 x 22, eda = 0 x 3140, cda = 0 x 3000 RX ring with 16 entries at 0 x 223000 27

Router 이름 설정 Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#hostname Seoul Interface에 대한 설명 Router(config)#interface ethernet 0 Router(config-if)#description Engineering LAN, Bldg. 18 - show running-config, show interfaces 명령에서 확인할 수 있다. 28

Viewing and Saving Configurations Seoul#show running-config Seoul#show startup-config Seoul#copy running-config startup-config Verifying Configuration Show Interface : the hard-ware address, logical address, encapsulation method, statistics on collisions. Seoul#sh int e 0 Ethernet 0 is up, line protocol is up Hardware is Lance, address is 00 e 0. 1 ea 9. 4 f 8 c (bia 00 e 0. 1 ea 9. 4 f 8 c) Internet address is 192. 168. 0. 254/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04: 00 Last input 00: 00: 00, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo 29 Output queue 0/40, 0 drops; input queue 1/75, 0 drops

Clearing Counter : Clears the statistics from an interface Seoul#clear counters ? Ethernet IEEE 802. 3 Null interface Serial <cr> Seoul#clear counters s 0 Clear "show interface" counters on this interface [confirm] Show Controllers : physical interface, type of serial cable Seoul#sh controllers s 0 HD unit 0, idb = 0 x 9923 C, driver structure at 0 x 9 CE 80 buffer size 1524 HD unit 0, V. 35 DTE cable 30

ping, trace(traceroute), telnet을 사용하여 Configuration을 확인한다. ping과 trace는 Extended 사용법이 있다. Seoul#ping Protocol [ip]: Target IP address: 192. 168. 0. 1 Repeat count [5]: 3 Datagram size [100]: 36 Timeout in seconds [2]: 1 Extended commands [n]: y Source address or interface: Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0 x. ABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 3, 36 -byte ICMP Echos to 192. 168. 0. 1, timeout is 1 seconds: !!! Success rate is 100 percent (3/3), round-trip min/avg/max = 1/3/4 ms 31

시스코 라우터의 구성 IOS(Internetworking Operating System) : 라우터의 Operating System이다. ROM (Read Only Memory) : Power-on Diagnostics, Bootstrap Program을 보유하며, Cisco 2500, 4000, 4500은 IOS의 Subset(Small IOS) 을 갖고 있다. (Small IOS is used only During Maintenance or Emergencies. )Cisco 7000, 7500은 IOS를 ROM에 보유한다. ROM Chip교환으로 IOS 교체가 가능하다. Flash Memory (Erasable, Programmable Read-Onle Memory) : Cisco 2500 시리즈는 플래쉬 메모리 에 IOS를 갖고 있다. IOS Update가 가능하다. NVRAM(Non. Volatile Memory) : 라우터 설정파일을 갖고 있다. RAM(Random Access Memory) - Main Memory : 작동중인 IOS, Router Running Configuration , ARP Cache를 보유한다. -Shared Memory : 패킷을 임시로 저장하는 Buffer로 사용한다. Interface : 네트워크를 연결하는 Ethernet, Serial Port로 각각 하나의 IP Address가 할당되어야 한다. 라우터에 따라, Ethernet, Token. Ring, FDDI, Serial, ISDN BRI, ATM Interface등을 제공한다. Console Port : Console Cable로 Terminal에 연결하여 라우터를 설정할 수 있다. Auxiliary Port : Console Port 대용으로도 사용가능 하며, Modem연결등을 통하여 Remote User가 라우터를 설정할 수 있으며, Analog 회선을 사용한 Router Backup Line등으로 사용할 수 있다. 32

33

34

Router Status show version RAM NVRAM Flash Internetwork Operating System Programs show processes Dynamic Configuration Information show running-config Backup(Startup) Configuration File Routing Tables and Buffers Operating System Inter. Faces show startup-config show mem show ip route 기타 : #show buffer (Buffer 상황표시), #show arp (Arp Cache 표시) show flash show interfaces 35

Router Boot Sequence 1. The router performs a POST. The POST tests the hardware to verify that all components of the device are operational and present. For example, the POST checks for the different interfaces on the router. The POST is stored in and run from ROM. 2. The bootstrap looks for and loads the Cisco IOS software. The boot-strap is a program in ROM that is used to execute programs. The bootstrap program is responsible for finding where each IOS program is located and then loading the file. By default, the IOS software is loaded from flash memory in all Cisco routers. 3. The IOS software looks for a valid configuration file stored in NVRAM. This file is called startup-config and is only there if an administrator copies the runningconfig file into NVRAM. 36

Router#sh version Cisco Internetwork Operating System Software IOS (tm)C 2600 Software (C 2600 -I-M), Version 12. 0(3)T 3, RELEASE SOFTWARE (fc 1) [output cut ] Configuration register is 0 x 2102 37

Cisco 2500, 4000 라우터 Enable Security Password 복구하기 - # show version 확인하여 (일반 Mode에서도 명령 가능하다. ) Configuration register is 0 x 2102 를 기록한다. - Router Power Down 후 Router Power ON 한다. - Break Command (Ctrl+Break) 를 누른다. - > o/r 0 x 2142 를 입력한다. ( 0 x 2142는 NVRAM 설정을 무시하고 Flash Memory에서 Boot 한다. . ) - > i ( Initialization, Rebooting 한다. ) - Initial Configuration dialog? No - > enable 하면 # Prompt로 바로 들어 갈 수 있다. # copy startup-config running-config - Password를 변경한 후 저장한다. Router 02#config term Router 02(config)#enable secret korea Router 02#copy running startup Router 02#config term Router 02(config)# config-register 0 x 2102 Router 02# reload Save ? Yes reload ? <Enter> - # show version으로 Register 값을 확인한다. 38

Verifying Flash Memory Router. B#sh flash System flash directory: File Length Name/status 1 9524828 c 2500 -js-l. 113 -9. T [9524892 bytes used, 7252324 available, 16777216 total] 16384 K bytes of processor board System flash (Read ONLY) 39

Backing Up the Cisco IOS Router#copy flash tftp System flash directory: File Length Name/status 1 8121000 c 2500 -js-l. 112 -18. bin [8121064 bytes used, 8656152 available, 16777216 total ] Address or name of remote host [255. 255 ]? 192. 168. 0. 120 Source file name? c 2500 -js-l. 112 -18. bin Destination file name [c 2500 -js-l. 112 -18. bin ]? (press enter) Verifying checksum for 'c 2500 -js-l. 112 -18. bin')file #1). . . OK Copy '/c 2500 -js-l. 112 -18'from Flash to server as '/c 2500 -js-l. 112 -18'? [yes/no ]y !!!!!!!!!!!!!!!!!!!!!!!!!!!!![output cut ] Upload to server done Flash copy took 00: 02: 30 [hh: mm: ss ] 40

Restoring or Upgrading the Cisco Router IOS Router#copy tftp flash ****NOTICE **** Flash load helper v 1. 0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. ----****---- 41

- Verifying the Current Configuration Seoul#sh running-config - Verifying the Stored Configuration Seoul#sh startup-config - Copying the Current Configuration to NVRAM Router#copy run start - Copying the Configuration to a TFTP Host Router. B#copy running-config tftp -Restoring the Cisco Router Configuration Router. B#copy tftp running-config - Erasing the Configuration Router. B#erase startup-config 42

라우터 초기화 하기 Router 01#erase startup-config Building configuration. . . [OK] Router 01#reload Proceed with reload? [confirm] y %SYS-5 -RELOAD: Reload requested System Bootstrap, Version 5. 2(8 a), RELEASE SOFTWARE Copyright (c) 1986 -1995 by cisco Systems 2500 processor with 1024 Kbytes of main memory 43

CDP (Cisco Discovery Protocol) Cisco Router에 직접 연결된 Cisco Router의 정보를 볼 수 있게 하는 프로토콜이다. Datalink Layer에서 작동한다. Physical Layer는 LAN, WAN(Frame Relay, SMDS, ATM)등을 지원한다. 상위 프로토콜(IP, IPX, Appletalk)에 상관 없이 작동한다. Cisco Router, Switch, Access Server간에 도 작동한다. Router. B#sh cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Router. B#config term Enter configuration commands, one per line. End with CNTL/Z. Router. B(config)#cdp timer 120(Update Time) Router. B(config)#cdp holdtime 240( CDP Packet 보유시간) 등의 명령으로 파라미터를 조정할 수 있다. router#config term router(config)#no cdp run <= 전체적으로 Disable 시킨다. router#config term router(config)#int e 0 router(config-if)#no cdp enable <= Interface별로 Disable 시킨다. 44

Router. B#sh cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Router. A Local Intrfce Holdtme Ser 0 121 R Capability Platform Port ID 2500 Ser 0 45

Router. B#sh cdp neighbors detail ------------Device ID: Router. A Entry address(es): IP address: 192. 168. 1. 254 Platform: cisco 2500, Capabilities: Router Interface: Serial 0, Port ID (outgoing port): Serial 0 Holdtime : 149 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C 2500 -D-L), Version 11. 2(3)P, SHARED PLATFORM, RELEASE OFTWARE (fc 1) Copyright (c) 1986 -1996 by cisco Systems, Inc. Compiled Tue 31 -Dec-96 17: 11 by tamb Router. B#sh cdp entry * ------------Device ID: Router. A Entry address(es): IP address: 192. 168. 1. 254 Platform: cisco 2500, Capabilities: Router Interface: Serial 0, Port ID (outgoing port): Serial 0 Holdtime : 168 sec Version : Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C 2500 -D-L), Version 11. 2(3)P, SHARED PLATFORM, RELEASE S OFTWARE (fc 1)Copyright (c) 1986 -1996 by cisco Systems, Inc. Compiled Tue 31 -Dec-96 17: 11 by tamb 46

- show cdp traffic 명령으로 송수신된 cdp packet 수 등 cdp Traffic을 볼수 있다. Router. B#sh cdp traffic CDP counters : Packets output: 281, Input: 255 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 - show cdp interface명령으로 라우터 인터페이스의 CDP 상태를 보여준다. Router. B#sh cdp interface Ethernet 0 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 120 seconds Holdtime is 240 seconds Serial 0 is up, line protocol is up Encapsulation PPP Sending CDP packets every 120 seconds Holdtime is 240 seconds Serial 1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 120 seconds Holdtime is 240 seconds 47

Using Telnet 2501 B#config t Enter configuration commands, one per line. End with CNTL/Z. 2501 B(config)#line vty 0 4 2501 B(config-line)#login 2501 B(config-line)#password todd Telnetting into Multiple Devices Simultaneously 텔넷으로 다른 라우터에 접속한 후 Ctrl+Shift+6후 X 를 누르면 이전의 라우터로 돌 아 온다. 다시 Enter를 두번 치면 텔넷 접속으로 전환된다. 48

Checking Telnet Connections Todd 2509#sh sessions Conn Host Address Byte Idle Conn Name 1 172. 16. 10. 2 0 0 172. 16. 10. 2 *2 192. 168. 0. 148 0 0 192. 168. 0. 148 현재 라우터에서 원격 장비에 대한 연결을 보여준다. *는 마지막 연결을 나타낸다. Todd 2509#disconnect 1 Closing connection to 172. 16. 10. 2 [confirm ] 49

Checking Telnet Users 2501 B#sh users Line User Host(s)Idle Location *0 con 0 idle 0 1 aux 0 idle 0 2 vty 0 idle 0 172. 16. 10. 1 현재 라우터에 대한 다른 장비의 연결을 보여주며 *는 현재 화면의 터미널을 나타낸 다. Closing Telnet Sessions 2501 B#clear line 2 [confirm ] [OK ] 2501 B#sh users Line User Host(s)Idle Location *0 con 0 idle 0 1 aux 0 idle 1 50

Building a Host Table Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#ip host router. B 192. 168. 1. 253 Router. A(config)#ip host Linux 211. 168. 27. 41 Router. A(config)#^Z Router. A#sh hosts Default domain is not set Name/address lookup uses domain service Name servers are 255 Host router. B Linux Flags Age Type Address(es) (perm, OK) 0 IP 192. 168. 1. 253 (perm, OK) 0 IP 211. 168. 27. 41 51

Using DNS to Resolve Names Router. A#config term Enter configuration commands, one per line. End with CNTL/Z. Router. A(config)#ip domain-lookup Router. A(config)#ip name-server 211. 168. 27. 41 Router. A(config)#ip domain-name sktelecom. com Router. A#sh hosts Default domain is sktelecom. com Name/address lookup uses domain service Name servers are 211. 168. 27. 41 Host router. B Linux Flags Age Type Address(es) (perm, OK) 0 IP 192. 168. 1. 253 (perm, OK) 0 IP 211. 168. 27. 41 52

Access List IP 트래픽에 대한 필터링 기능을 수행한다. Standard IP Access List와 Extended IP Access List가 있다. Standard IP Access List 송신지의 IP Address만으로 Access를 통제한다. Access List 번호 1 -99번을 사용한다. Extended IP Access List 송신지의 IP Address, Port Address 도착지의 IP Address, Port Address를 사용하여 Access를 통제 한다. Access List 번호 100 -199를 사용한다. 53

Router. A(config)#access-list ? <1 -99> <100 -199> IP standard access list IP extended access list <1000 -1099> IPX SAP access list <1100 -1199> Extended 48 -bit MAC address access list <1200 -1299> IPX summary address access list <200 -299> Protocol type-code access list <300 -399> DECnet access list <600 -699> Appletalk access list <700 -799> 48 -bit MAC address access list <800 -899> IPX standard access list <900 -999> IPX extended access list 54

56

- any = 0. 0 255 -Wildcard Mask가 생략되면 0. 0을 의미한다. - 131. 104. 7. 11 0. 0 = host 131. 104. 7. 11 57

• 외부에서 X로 메일만 보낼 수 있게 할때 !router. A access-list 100 permit tcp any 128. 88. 1. 0. 0. 255 established access-list 100 permit tcp any host 128. 88. 1. 2 eq smtp interface ethernet 1 ip access-group 100 in • 외부에서 X로 메일만 보내게 하고, 128. 88. 0. 0/16으로 nslookup 및 ping을 허용하려고 할때 • !router. A access-list 100 permit tcp any 128. 88. 0. 0. 255 established access-list 100 permit tcp any host 128. 88. 1. 2 eq smtp access-list 100 permit udp any eq domain access-list 100 permit tcp any eq domain access-list 100 permit icmp any any echo-reply interface serial 0 ip access-group 100 in 58

• configuration 결과 !router access-list 101 permit tcp any 203. 252. 1. 0 0. 0. 0. 255 established access-list 101 permit tcp any host 203. 252. 1. 202 eq smtp access-list 101 permit tcp any host 203. 252. 1. 202 eq www access-list 101 permit udp any host 203. 252. 1. 202 eq domain access-list 101 permit tcp any host 203. 252. 1. 202 eq domain access-list 101 permit udp any 203. 252. 1. 0 0. 0. 0. 255 gt 1023 interface ethernet 0 ip access-group 101 out 59

60

61

Virtual Terminal Aceess 제한 Router(config)#access-list 50 permit 192. 89. 55. 0 0. 0. 0. 255 Router(config)#line vty 0 4 Router(config-line)#access-class 50 in - Standard Access-List는 Destination에 가깝게, Extended Access-List는 Source에 가깝게 적용시키는 것이 바람직하다. 63

Monitoring IP Access Lists show access-list Displays all access lists and their parameters con-figured on the router. This command does not show you which interface the list is set on. show access-list 110 Shows only the parameters for the access list 110. This command does not show you the interface the list is set on. show ip access-list Shows only the IP access lists configured on the router. show ip interface Shows which interfaces have access lists set. show running-config Shows the access lists and which interfaces have access lists set. 64

Helper - Address 라우터와 Broadcast Address에는 제한된 Broadcast(255. 255), Local Subnet Broadcast, Remote Subnet Broadcast등이 있는데 라우터의 Default 설정의 경우, Remote Subnet Broadcast만 해당 네트워크로 Forwarding된다. Helper-Address를 설정하면 제한된 Broadcast, Local Subnet Broadcast도 Forwarding 할 수 있다. 제한된 Broadcast(255. 255)는 통상 DHCP Broadcast의 경우처럼 해당 호스트의 IP Address가 설정이 안된 경우등 제한된 경우에 발생한다. Ip helper-address를 설정하면 기본적으로 8개의 Default UDP Port만 자동으로 Enable된다. TFTP(69), DNS(53), Time(37), Netbios Name Service(137), Netbios Datagram Service(138), Boot. P/DHCP Server(67), Boot. P/DHCP Client(68), TACACS(49) Default UDP Port가 아닌 경우는 개별적으로 Enable 시켜 주어야 한다. Default UDP Port중 Disable 시킬 Port는 개별적으로 Disable 시킨다. 이를 위해 (no) ip forward-protocol udp명령을 사용한다. 65

Helper - Address 144. 253. 1. 0 A e 0 144. 253. 1. 1 e 1 144. 253. 2. 0 Router 144. 253. 1. 1 144. 253. 2. 2 Server Interface e 0 ip address 144. 253. 1. 1 255. 0 ip helper-address 144. 253. 2. 2 ( Broadcast => Unicast) ( e 0에 도착하는 Broadcast를 144. 253. 2. 2로 Unicast 한다. ) Interface e 0 ip address 144. 253. 1. 1 255. 0 ip helper-address 144. 253. 2. 2 ip forward-protocol udp 3000 no ip forward-protocol udp 69 Interface e 0 ip address 144. 253. 1. 1 255. 0 ip helper-address 144. 253. 2. 255 (Broadcast => Broadcast) ( e 0에 도착하는 Broadcast를 144. 253. 2. 255로 Broadcast한다. ) 66