思科 模拟器路由器操作命令

2024年1月7日发(作者：)

• 配置用户user1，密码为digitalchina，使用此用户名的用户群为普通用户，不可以进入特权模式

– Router#config

Router_config#username user1 password digitalchina

– Router_config#aaa authentication for_login login local

– Router_config#line console 0

– Router_config_line#login authentication for_login

– Router_config_line#

– Router_config#enable password digitalchina level 15

实训五十八 HDLC封装

• RouterA配置

• 指定封装协议为HDLC协议

– RouterA_config#interface serial 2/0

– RouterA_config_s2/0#encapsulation hdlc

• 指定接口的IP地址以及子网掩码

– RouterA_config_s2/0#ip address 11.1.1.1 255.255.255.0

– RouterA_config_s2/0#no shut

• RouterB配置

– Router_config#interface serial 1/0

– Router_config_s1/0#encapsulation hdlc

– Router_config_s1/0#ip address 11.1.1.2 255.255.255.0

– 指定此端口（DCE端）的内时钟信号频率

– Router_config_s1/0#physical-layer speed 64000

端口状态察看

• Router#show interface serial 2/0

• Serial2/0 is up, line protocol is up

• 。。。。

• Encapsulation prototol HDLC, link check interval is 10 sec

使用PAP验证的配置

• RouterA配置

– RouterA#config

– RouterA_config#username

digitallchinaB

– RouterA_config#interface serial 2/0

– RouterA_config_s2/0#encapsulation ppp

– RouterA_config_s2/0#ppp authentication pap

– RouterA_config_s2/0#ppp pap sent-username RouterA_pap

digitalchinaA

– RouterA_config_s2/0#ip address 192.168.2.1 255.255.255.0

RouterB_pap password

• RouterB的配置

– RouterB#config

– RouterB_config#username

digitalchinaA

– RouterB_config#interface serial 1/0

– RouterB_config_s1/0#encapsulation ppp

– RouterB_config_s1/0#ppp authentication pap

– RouterB_config_s1/0#ppp pap sent-username RouterB_pap

digitalchinaB

– RouterB_config_s1/0#ip address 192.168.2.2 255.255.255.0

– RouterB_config_s1/0#physical-layer speed 64000

察看接口状态

• Serial1/0 is up, line protocol is up

• Mode=Sync DCE Speed=64000

• DTR=UP, DSR=UP, RTS=UP, CTS=UP, DCD=UP

• Interface address is 192.168.2.2/24

• MTU 1500 bytes, BW 64 kbit, DLY 2000 usec

• Encapsulation PPP, loopback not set

• Keepalive set（10 sec）

• LCP Opened

• PAP Opened, Message: 'Welcome to Digitalchina Router'

• IPCP Opened

RouterA_pap password

• 。。。。

使用CHAP验证的配置

• RouterA的配置

– RouterA_config#username

digitalchina

– RouterA_config#interface serial 2/0

– RouterA_config_s2/0#encapsulation ppp

– RouterA_config_s2/0#ppp authentication chap

– RouterA_config_s2/0#ppp chap hostname RouterA_chap

– RouterA_config_s2/0#ppp chap password digitalchina

– RouterA_config_s2/0#ip address 192.168.2.1 255.255.255.0

–

• RouterB的配置

– RouterB_config#username

digitalchina

– RouterB_config#interface serial 1/0

– RouterB_config_s1/0#encapsulation ppp

– RouterB_config_s1/0#ppp authentication chap

– RouterB_config_s1/0#ppp chap hostname RouterB_chap

– RouterB_config_s1/0#ppp chap password digitalchina

RouterA_chap password

RouterB_chap password

– RouterB_config_s1/0#physical-layer speed 64000

– RouterB_config_s1/0#ip address 192.168.2.2 255.255.255.0

察看端口状态

• Serial2/0 is up, line protocol is up

• ……

• LCP Opened

• CHAP Opened, Message: ' Welcome to Digitalchina Router'

• IPCP Opened

• ……

frame-relay封装

RouterA 的配置

• RouterA#config

• RouterA_config#interface serial 2/0

• RouterA_config_s2/0#encapsulation frame-relay

• RouterA_config_s2/0#frame-relay local-dlci 17

• RouterA_config_s2/0#frame-relay intf-type dte

• RouterA_config_s2/0#frame-relay map 192.168.2.2 pvc 17

broadcast

• RouterA_config_s2/0#ip address 192.168.2.1 255.255.255.0

•

RouterB的配置

• RouterB#config

• RouterB_config#interface serial 1/0

• RouterB_config_s1/0#encapsulation frame-relay

• RouterB_config_s1/0#frame-relay local-dlci 17

• RouterB_config_s1/0#frame-relay intf-type dce

• RouterB_config_s1/0#frame-relay map 192.168.2.1 pvc

broadcast

• RouterB_config_s1/0#physical-layer speed 64000

• RouterB_config_s1/0#ip address 192.168.2.2 255.255.255.0

察看端口状态

• Serial1/0 is up,line protocol is up

• ……

• Encapsulation Frame-relay, loopback not set

• ……

• FrameRelay DCE, LMI type is Q933A, LMI DLCI 0

• LMI DCE Link Errors 12, Protocol Errors 3, Inactives 1

• ……

17

RIP配置

• 配置路由器A的两个直接连接网段参与RIP协议进程

– RouterA#config

– RouterA_config#router rip

– RouterA_config_rip#network 192.168.2.0

– RouterA_config_rip#network 192.168.4.0

• RIP协议的运行版本为2

– RouterA_config_rip#version 2

• OSPF路由协议

• 启动路由器A中的OSPF协议进程，进程号为1

• RouterA#config

• RouterA_config# router ospf 1

• 配置路由器A的两个直连网段以区域0的方式参与OSPF协议进程

• RouterA_config_ospf_1#network 192.168.2.0 255.255.255.0

area 0

• RouterA_config_ospf_1#network 192.168.4.0 255.255.255.0

area 0

• 创建VLAN

– Console (Config)#vlan 100

– Console (Config)#vlan 200

• 将端口添加进VLAN

– Console(Config-Vlan100)#switchport

0/0/1-5

– Console(Config-Vlan200)#switchport

0/0/6-10

私有VLAN的设置步骤

• 创建私有vlan

– DCS-3926S(Config)#vlan 100

– DCS-3926S(Config-Vlan100)#private-vlan primary

– DCS-3926S(Config)#vlan 101

– DCS-3926S(Config-Vlan101)#private-vlan community

• 做VLAN 之间的关联

– DCS-3926S(Config-Vlan100)#private-vlan

101;102

• 添加端口成员

– DCS-3926S(Config-Vlan100)#switchport interface ethernet

0/0/24

association

interface ethernet

interface ethernet

链路聚合技术

• 第一步：创建port group

• switchA(Config)#port-group 1

• 验证配置：

• switchA#show port-group detail

• switchA#show port-group brief

• 第二步：手工生成链路聚合组（第二、三步任选其一操作）

• switchA(Config)#interface ethernet 0/0/1-2

• switchA(Config-Port-Range)#port-group 1 mode on

• 验证配置：

• switchA#show vlan

• switchB#show port-group brief

• 第三步： LACP动态生成链路聚合组（第二、三步任选其一操作）

• switchA(Config)#interface ethernet 0/0/1-2

• switchA(Conifg-Port-Range)#port-group 1 mode active

• 验证配置：

• switchA#show vlan

• switchB#show port-group brief

端口与地址绑定技术

• 第一步：使能端口的MAC地址绑定功能

• switch(Config)#interface ethernet 0/0/1

• switch(Config-Ethernet0/0/1)#switchport port-security

• switch(Config-Ethernet0/0/1)#

• 第二步：添加端口静态安全MAC地址，缺省端口最大安全MAC地址数为1

• switch(Config-Ethernet0/0/1)#switchport

mac-address 00-a0-d1-d1-07-ff

• 验证配置：

• switch#show port-security

• switch#show port-security address

• 第三步：在一个以太口上静态捆绑多个MAC

• Switch(Config-Ethernet0/0/1)#switchport port-security maximum

4

• Switch(Config-Ethernet0/0/1)#switchport

mac-address aa-aa-aa-aa-aa-aa

• Switch(Config-Ethernet0/0/1)#switchport

mac-address aa-aa-aa-bb-bb-bb

• 第四步：清空端口与MAC绑定

• switch(Config)#int ethernet 0/0/1

• switch(Config-Ethernet0/0/1)#no switchport port-security

port-security

port-security

port-security

• 第五步：使能端口的MAC地址绑定功能，动态学习MAC并转换

• switch(Config)#interface ethernet 0/0/1

• switch(Config-Ethernet0/0/1)#switchport port-security

• switch(Config-Ethernet0/0/1)#switchport port-security lock

• switch(Config-Ethernet0/0/1)#switchport port-security convert

• 验证测试：

• switch#show mac-address-table