Cisco Router Setting
advertisement
Cisco 7513 Router 운영자 Manual
Cisco 7513 Router
운영자 Manual
Cisco 7513 Router 운영자 Manual
1. Cisco 7513 Router 에 접속하는 방법.
처음 구성하는 경우 IP 주소를 입력하기 위해 반드시 Console 을 사용하여 연결하여야 하며
이미 IP 주소가 입력되어 있으면 Telnet 을 이용하여 접속할 수 있다.
Console 을 이용하는 경우.
Cisco 2501 Router 의 Console Port 에 Console Cable 을 PC 나 Notebook 에 연결하여 터미널
에뮬레이터(하이퍼터미널, 이야기 등등)을 실행시킨다. 이때 에뮬레이터의 Setting 은 9600,
Data bit 8, No parity 로 설정한다.
Telnet 을 이용하는 경우.
telnet 기능을 이용하는 에뮬레이터(가상단말기, NetTerm, telnet 등등)을 이용하여 Cisco
2501 Router 에 설정되어 있는 각 인터페이스의 IP 를 사용하여 접속할 수 있다.
접속시 화면은 다음과 같다. (telnet 210.181.152.254 로 한 경우)
이 암호는 telnet 을 이용하여 접속하기 위한 Password 를 지정한다. 현재 Password 는
router 이다. 이 상태에서는 설정을 수정할 수는 없고 확인만 가능하다.
위와 같이 enable 을 하고 Password 를 router 로 입력하면 아래 #이 표시된 프롬프트가 출
력된다. 이 상태에서는 설정값을 변경할 수 있다.
2. 현재 설정되어 있는 configuration 을 보는 방법
Router#show configuration
Using 881 out of 32762 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname kdnet
!
enable secret 5 $1$rGET$/3ctkC.ZT.u.DKjgOqvO5/
enable password kdnet
Cisco 7513 Router 운영자 Manual
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 211.106.168.254 255.255.255.224
ip directed-broadcast
no ip mroute-cache
!
interface Serial0
ip address 172.16.146.146 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
!
interface Serial1
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.146.145
ip route 211.106.168.128 255.255.255.192 211.106.168.226
ip route 211.106.168.224 255.255.255.224 172.16.146.145
!
snmp-server community public RO
snmp-server community enable RO
snmp-server community string RO
!
line con 0
transport input none
line aux 0
line vty 0 4
password kdnet
login
Cisco 7513 Router 운영자 Manual
!
end
Router#
위에서 각각의 메뉴 체계는 디렉토리와 같은 체계로서 전단의 메뉴로 들어가서 이후의 명령
어를 수행한다. 입력은 상기의 내용대로 입력해주면 된다.
3. 라우터의 각 인터페이스가 정상인지 확인하는 방법.
Router#show interface
Ethernet0/0 is up, line protocol is up
Hardware is cxBus Ethernet, address is 0002.7d3a.c000 (bia 0002.7d3a.c000)
Internet address is 211.106.168.254/27
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 4/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1w3d
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 26000 bits/sec, 18 packets/sec
5 minute output rate 173000 bits/sec, 23 packets/sec
6116417 packets input, 3367265000 bytes, 0 no buffer
Received 256549 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
7036587 packets output, 588476731 bytes, 0 underruns
0 output errors, 435096 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Ethernet0/1 is up, line protocol is up
Hardware is cxBus Ethernet, address is 0002.7d3a.c001 (bia 0002.7d3a.c001)
Internet address is 211.106.168.158/27
Cisco 7513 Router 운영자 Manual
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 7/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1w3d
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 472000 bits/sec, 81 packets/sec
5 minute output rate 277000 bits/sec, 83 packets/sec
21088848 packets input, 224389000 bytes, 0 no buffer
Received 757284 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
13127732 packets output, 3796394307 bytes, 0 underruns
0 output errors, 569625 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial4/0/0 is up, line protocol is up
Hardware is cyBus Serial
Description: ** 512K **
Internet address is 172.16.146.146/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 81/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 2507
Queueing strategy: weighted fair
Output queue: 7/1000/64/2507 (size/max total/threshold/drops)
Conversations
5/179/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 433000 bits/sec, 107 packets/sec
5 minute output rate 495000 bits/sec, 98 packets/sec
19042391 packets input, 2715970219 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
8287 input errors, 7557 CRC, 0 frame, 76 overrun, 0 ignored, 654 abort
Cisco 7513 Router 운영자 Manual
25074709 packets output, 1801158254 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 output buffer failures, 14550555 output buffers swapped out
0 carrier transitions
RTS up, CTS up, DTR up, DCD up, DSR up
Serial4/0/1 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Serial4/0/2 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Cisco 7513 Router 운영자 Manual
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Serial4/0/3 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Serial4/0/4 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Cisco 7513 Router 운영자 Manual
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Serial4/0/5 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Cisco 7513 Router 운영자 Manual
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Serial4/0/6 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Serial4/0/7 is administratively down, line protocol is down
Hardware is cyBus Serial
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, crc 16, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w3d
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
Cisco 7513 Router 운영자 Manual
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
RTS down, CTS down, DTR down, DCD down, DSR down
Router#
4. 라우팅이 정상적으로 되는지 확인하는 방법.
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is 172.16.146.145 to network 0.0.0.0
172.16.0.0/30 is subnetted, 1 subnets
C
172.16.146.144 is directly connected, Serial4/0/0
211.106.168.0/27 is subnetted, 3 subnets
C
211.106.168.128 is directly connected, Ethernet0/1
S
211.106.168.160 [1/0] via 211.106.168.226
C
211.106.168.224 is directly connected, Ethernet0/0
S*
0.0.0.0/0 [1/0] via 172.16.146.145Router#
5. 라우터의 소프트웨어 버전을 확인하는 방법
Router#show version
Cisco Internetwork Operating System Software
Cisco 7513 Router 운영자 Manual
IOS (tm) RSP Software (RSP-JSV-M), Version 12.0(7), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 13-Oct-99 22:56 by phanguye
Image text-base: 0x60010930, data-base: 0x60EE4000
ROM: System Bootstrap, Version 11.1(8)CA1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc
1)
BOOTFLASH: RSP Software (RSP-BOOT-M), Version 12.0(8)S, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
kdnet uptime is 1 week, 3 days, 1 hour, 30 minutes
System restarted by reload
System image file is "slot0:rsp-jsv-mz.120-7"
cisco RSP4 (R5000) processor with 131072K/2072K bytes of memory.
R5000 processor, Implementation 35, Revision 2.1 (512KB Level 2 Cache)
Last reset from power-on
G.703/E1 software, Version 1.0.
G.703/JT2 software, Version 1.0.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
Bridging software.
TN3270 Emulation software.
Chassis Interface.
1 EIP controller (2 Ethernet).
1 VIP2 R5K controller (8 Serial).
2 Ethernet/IEEE 802.3 interface(s)
8 Serial network interface(s)
123K bytes of non-volatile configuration memory.
20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).
8192K bytes of Flash internal SIMM (Sector size 256K).
No slave installed in slot 3.
Configuration register is 0x102
Router
Cisco 7513 Router 운영자 Manual
6. Router 의 기본적인 사용
7. 장애 진단 및 응급조치
진단 순서
라우터에
접속
점검 사항
Telnet 사용
enable mode enable password 를 알아야 한다.
조치사항
telnet <IP Address>
enable
password::XXXX
Cisco 7513 Router 운영자 Manual
회선 상태 protocol 이 UP 인가?
를 본다. Error 가 발생했나?
회선을 clear 한다.
회선 시험
을 한다. PING Test 를 한다.
장애 원인
파악
down 이면 장비 및 회선 점검을 한다.
회선 Error 인가 Router Error 인가?
clear counter <port number>
100% 성공인가? 확인
100%가 아닐경우 회선 상태를 보고 원
인 파악
LINE DOWN
장비와 전송로가 바르게 연결되어 있
는지 확인
Protocol DOWN
구간 구간 loopback 시험으로 잘못된
구간을 찾는다.
PING Test 안됨
IP Adreess 가 맞는지 확인하고 Protocol
이 UP 되어 있나 확인한다.
상태에 문제가 없으면 회선에 부하가
많거나 Router 성능이 나쁘다.
PING Test 시 100% 성공 못한 경 Error 및 CRC 에 문제가 있는 경우 전
우는 라우터 상태를 확인한다.
송로 및 장비를 점검한다.
collision, frame 등에 문제가 있으면 라
우터를 점검한다.
위의 TEST 를 반복한다(시험시 회선 clear 를 한후 다시 한다.)
8. 명령어
가. Show Command
(1) sh Process : Router CPU 점유율 확인
sh process [eigrp]
(2) sh ip traffic : Traffic 을 확인
(3) sh buffer : 전체 또는 각 port 별 buffer 확인
sh buffer [{e|s} <port number>]
(가) Big Model 인경우 Size 가 1524Byte(Min 40, Max 400)
(나) 어떤 data 가 1524byte 가 넘으면 buffer 에 쌓인다. 만약
data 가 계속 들어와 400 개가 다 찬다면 creat 수치가 count 되며
buffer 가 생성된다 반대로 data 가 줄어들면 trim 수치가
count 되면서 buffer size 가 줄어든다.
(다) no memory 수치가 증가하면 Router 의 buffer
memory 가 모자란다는 뜻으로 Router 가 정상적으로 동작하지
못한다. 이때는 reload 해 주어야 한다.
(4) sh ver : Version 확인 및 Router Up time 확인
Cisco 7513 Router 운영자 Manual
(5) sh log : system log 를 확인한다.
sh log command 를 사용하기 위해서는 config 에 logging buffered 가
설정되어 있어야 한다.
(6) sh config : configuration 을 확인한다.
(7) sh ip route [static] : 「static] routing 경로를 보여줌
(8) sh ip arp : 접속된 Network 장비의 MAC 와 IP Address 를 나타냄
(9) sh ip int <port number> : port 의 상세 명세(access-list 가
설정되었는지 알수 있음)
(10) sh access-list : access-list 설정을 보여줌
(11) sh ip accouting : config 의 interface 에 ip accounting 명령이
수행되었을때 각 ip 별 접속상태를 보여줌
나. Config Command
(1) hold-queue : 특정 Port 의 Queue Size 조정
hold-queue <0~999:Queue length> {in|out}
예) hold queue 80 out
(2) passive-interface : 해당 Port 로 Routing Infomation 을 보내지
보내지 않음
router {eigrp|igrp} <network number>
passive-interface {e|s} <port number>
☞ sh ip protocol 로 확인할 수 있다.
(3) secondary ip 설정
ip address x.x.x.x m.m.m.m [secondary
ip address x.x.x.x m.m.m.m [secondary
ip address x.x.x.x m.m.m.m [secondary ...]]]
(4) buffer size 설정
buffer {{small {max-free|min-free|inital|permanent}}|
{middle {max-free|min-free|inital|permanent}}|
{large {max-free|min-free|inital|permanent}}|
{huge {max-free|min-free|inital|permanent}}|
{big {max-free|min-free|inital|permanent}}}
예) 일반적으로 small 은 20(Min) ~ 250(Max), middle 은 10 ~ 200,
large 는 0 ~ 30 이다.
(7) hostname <hostname> : hostname 을 설정
(8) Access-List 설정(※ ACCESS-LIST 는 기술된 순서에 우선한다.)
(가) Interface Sub Command
access-group <accesslist-number> {in|out}
Cisco 7513 Router 운영자 Manual
in : 해당 port 로 input access
out : 해당 port 로 output access
(나) Global Command
① access-list 기본형
access-list <1~99> {deny|permit} {출발지-ip 출발지-wildcard}}
출발지-ip : 출발지의 network or host
출발지-wildcard 를 생략하는 경우 0.0.0.0 의 의미와 같다.
② access-list 확장형
access-list <100~199> {deny|permit} <protocol> {출발지-ip [출발지-wildcard]} {목적지-ip
[목적지-wildcard]} [precedence precedence] [tos tos]
출발지-ip,출발지 ip,목적지-ip,목적지-wildcard 부에 any 라는 명령을 쓸수 있다.
any 는 출발지-ip,출발지 ip,목적지-ip,목적지-wildcard 부가 0.0.0.0 255.255.255.255 0.0.0.0
255.255.255.255 와 동일
③ ICMP 확장형
access-list <100~199> {deny|permit} ICMP {출발지-ip [출발지-wildcard]} {목적지-ip [목적지wildcard]} [icmp-type] [icmp-message] [precedence precedence] [tos tos]
④ IGMP 확장형
access-list <100~199> {deny|permit} IGMP {출발지-ip [출발지-wildcard]} {목적지-ip [목적지wildcard]} [igmp-type] [precedence precedence] [tos tos]
⑤ TCP 확장형
access-list <100~199> {deny|permit} TCP {출발지-ip [출발지-wildcard] [operator-port [port]]}
{목적지-ip [목적지-wildcard] [operator-port [port]]} [established] [precedence precedence]
[tos tos]
⑥ UDP 확장형
access-list
<100~199>
{deny|permit}
UDP
{출발지-ip
[출발지eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, udp or
wildcard]
0~255 사이의 ip protocol number
[operatorport [port]]}
{목적지-ip
[목적지wildcard]
[operator-
Cisco 7513 Router 운영자 Manual
port [port]]}
[precedence
precedence]
[tos
tos]]
Protocol
Operator
lt(less than), gt(great then), eq(equal), neq(not equal)
Port
TCP ot UDP port 의 정수 또는 이름
Precedence
Name
critical, flash, flash-overide, immediate, internet,network,
priority, routine
TCP
Name
bgp, chargen, daytime, discard, domain, echo, finger, ftp,
Port ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp,
pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet,
time, uucp, whois, www
UDP
Name
biff, bootpc, bootps, discard, dns, dnsix, echo, mibile-ip,
Port nameserver, netbios-dgm, netbios-ns, ntp, rip, snmp,
snmptrap, sunrpc, syslog, tatacs-ds, talk, tftp, time, who,
xdmcp
TCP
Port
Numbe
7
9
23
79
1993
2001
4001
6001
Method of access
ECHO
DISCARD
TELNET
FINGER
SNMP OVER TCP
AUX PORT
AUX
PORT(STREAM)
AUX
PORT(BINARY)
Application
layer
Protocol
KNOWN
Port
Transport
layer
protoccol
FTP
TELNET
SMTP
SMTP
TFTP
SNMP
21
23
25
25
69
161
TCP
TCP
TCP
UDP
UDP
UDP
(다) 실제 응용
① access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255
= access-list 102 permit tcp any 128.88.0.0 0.0.255.255
② access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq 25
= access-list 102 permit tcp any 128.88.1.2 0.0.0.0 eq smtp
③ 응용 1
int s 0
ip access-group 102 in
access-list 102 permit tcp any any eq domain
access-list 12 permit 192.89.55.0 0.0.0.255
access-list 1 permit 36.48.0.3 = access-list 1 permit 36.48.0.3 0.0.0.0
④ 응용 2 :s1 에서는 icmp 는 허용하면서 tcp port number 5555 이상은 허용하고
5555 미만은 access 금지
※ tn3270 은 5555 이상을 사용하고 telnet, rlogin 등은 5555 미만을 사용
Cisco 7513 Router 운영자 Manual
int s 1
ip access-group 101 in
access-list 101 permit tcp any any gt 5555
access-list 101 deny tcp any any lt 5555
access-list permit icmp any any
⑤ 응용 3 : 해당 network 만 특정 IP Address Access 금지
interface Fddi0
ip address 100.80.9.1 255.255.255.0
ip access-group 100 in
!
access-list 100 permit ip 100.80.11.0 0.0.0.255 host 100.80.11.1
access-list 100 permit ip 100.80.11.0 0.0.0.255 88.0.0.0 0.255.255.255
access-list 100 deny ip 100.80.11.0 0.0.0.255 any
access-list 100 permit ip any any
(9) log file 에 시간 추가
service timestamps log datetime
(10) router booting address 바꾸기
config-reg 0xvalue
0x101, 0x2101
boot from ROM
0x102, 0x2102
boot from Flash
0x10F
manual boot from flash
예) config-reg 0x2102(flash 로 booting 하기)
(11) boot system 및 falsh file 변경
boot system {flash [filename]|mop|rcp|rom|tftp}
(12) 회선 부하시 우회설정
☞ 라우터내 두회선중 한 회선이 부하가 심하여 속도가 지연된다고 하면 부하가
심하지 않은 다른 회선으로 부하 분산을 시키는 명령어.
int s0
backup int s 1 ← s1 을 백업으로 설정
backup load 25 5 ← load 가 25%이상이면 ebable 되고 5%이하면 disable
backup delay 10 60
int s1
backup int s 0
backup load 25 5
backup delay 10 60
(가) backup interface {interface number}
(나) backup load {enable-threshold|never} {disable-load|never}
① enable-threshold : primary line 이 이용할 수 있는 bandwidth 의 %
② disable-load : primary line 이 이용할 수 있는 bandwidth 의 %
③ never : secondary line 은 traffic load 로 변화하지 않는다.
Cisco 7513 Router 운영자 Manual
(다) backup delay {enable-delay|never} {disable-delay|never}
① enable-delay : primary line 이 down 되고 secondary line 으로 전환하는데
걸리는 초 설정
② disable-delay : primary line 이 up 되고 secondary line 으로 전환하는데
걸리는 초 설정
③ never : 전환에 필요한 delay 없이 바로 전환
(13) ip accounting output-packets : sh ip accounting 명령으로 접속상태를 알수 있음
(14) password <password> : login password 설정
line vty 0 4 ←가상 Terminal 0~4 에 대한 Setting
exec-timeout 120 0 ← 아무 입력도 하지 않을시 자동 logout 120 분 0 초
password slic ← login password 설정
enable password dasom ← enable password 설정
(15) exec-timeout <min> <sec> : 아무 입력도 하지 않을시 자동 logout
(16) service password-encryption : password 가 암호화되어 나타난다.
다. 기타
(1) copy tftp flash : tftp server 로부터 flash memory 로 copy 한다.
(2) flash rom check
>b flash
(3) 날자/시간 설정
clock set hh:mm:ss [day month year]
예) clock set 11:30:40 19 November 1996
(4) test interface <port number> : interface testing
(5) clear counter {all | int <port number>} : 해당 port or 모든 interface 의
counter 를 clear
