기타 라우터 교육자료

라우터 교육 자료

1. 라우터 접속 방법 및 사용 모드

1.1 라우터 접속 방법

○ Console : 1 포트

○ Auxiliary : 1 포트

○ Telnet : 보통5개의 connection 지원 (VTY 0 ～ 4)

- 경우에 따라서는 수를 더 늘릴 수도 있음(현재 수원의 경우 11개로 세팅).

1.2 라우터 모드

○ User mode

- 라우터에 대해서 제한된 명령어만 사용 가능 (프롬프트 : Router>)

○ Privileged EXEC mode

- 라우터에 대해서 모든 명령어 사용 가능 (프롬프트 : Router#)

1.3 CLI로 들어 가는 방법

○ Console 포트 또는 Telnet 포트 이용시

-console에 케이블을 물리거나 telnet으로 라우터에 접속하면 다음과 같은 메시지가 나타남.

User Access Verification

Password : xxxxxxx

- User mode로 들어가는 패스워드를 입력

SUWON_SO_4500>enable

Password : xxxxxxxx

- Privileged EXEC mode로 들아가는 패스워드

그러면 다음과 같이 프로프트가 나타남.

SUWON_SO_4500#

○ 현재 사용중인 CLI 인터페이스의 수를 알아보는 방법

SUWON_SO_4500#sh line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns

0 CTY - - - - - 0 3 0/0

1 AUX 9600/9600 - - - - - 0 0 0/0

* 2 VTY - - - - 10 112 0 0/0

3 VTY - - - - 10 27 0 0/0

4 VTY - - - - 10 13 0 0/0

5 VTY - - - - 10 6 0 0/0

6 VTY - - - - 10 0 0 0/0

7 VTY - - - - - 0 0 0/0

8 VTY - - - - - 0 0 0/0

9 VTY - - - - - 0 0 0/0

10 VTY - - - - - 0 0 0/0

11 VTY - - - - - 0 0 0/0

12 VTY - - - - - 0 0 0/0

- CTY : console 포트를 나타냄.

- AUX : 모뎀으로 접속되는 포트를 나타냄.

- VTY : 바로 telnet으로 접속되는 포트를 나타내면 위에서 11개가 있는데, 맨위부터 VTY 0 ～ VTY 10이 됨

- 위에서처럼 각 줄의 앞에 * 가 있는 포트가 현재 누군가가 접속해서 사용하고 있는 포트임.

SUWON_SO_4500#sh user

Line User Host(s) Idle Location

* 2 vty 0 tndnjsopman idle 00:00:00 int104.hanarotel.co.kr

- 실제 2개의 포트를 누가 쓰고 있는지를 알 수 있음. ip가 표시됨.

2. 라우터 구성 정보 확인

SUWON_SO_4500#sh run

- 현재 라우터에 어떠한 세팅들이 사용되도록 되어 있는가를 알아볼 때 사용. 따라서 이 sh run만 보면 라우터의 구성을 어떻게 설정해놓았는지를 한 눈에 알 수 있음. 실제 다른 모든에서 작업하다가 확실하지 않으면 다시 sh run을 이용해서 필요한 파라미터를 확인하면 됨.

Building configuration...

Current configuration:

!

version 11.3

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname SUWON_SO_4500

!

aaa new-model

aaa authentication login default local

enable secret 5 $1$gHSi$rcm4YJWkMSBkIE.0O.UUC/

enable password 7 095F5B071E02121C0E

!

username tjdnfopman password 7 094A450D171D1D0318003621

username tjdnfrltnf password 7 01150D0055130C1E32407C02

username tndnjsopman password 7 01150D0055130C1E32407C02

ip host CMTS 210.94.10.74

ip host dhcp 210.94.10.76

ip name-server 210.94.0.7

ip name-server 210.220.163.82

ip name-server 210.94.6.67

frame-relay switching

!

!

interface Serial0

ip address 210.94.10.66 255.255.255.252

encapsulation frame-relay IETF

ip ospf network point-to-point

no ip mroute-cache

bandwidth 1984

timeslot 1-31

crc4

ts16

frame-relay lmi-type ansi

!

interface Serial1

ip address 210.220.72.82 255.255.255.252

encapsulation frame-relay IETF

ip ospf network point-to-point

bandwidth 1984

timeslot 1-31

crc4

ts16

frame-relay lmi-type ansi

!

interface Serial2

ip address 210.94.10.70 255.255.255.252

encapsulation frame-relay IETF

ip ospf network point-to-point

bandwidth 1984

timeslot 1-31

crc4

ts16

frame-relay lmi-type ansi

!

interface Serial3

ip address 210.220.72.86 255.255.255.252

encapsulation frame-relay IETF

ip ospf network point-to-point

bandwidth 1984

timeslot 1-31

crc4

ts16

frame-relay lmi-type ansi

!

interface ATM0

no ip address

load-interval 30

atm ds3-scramble

!

interface ATM0.2 point-to-point

description This ATM port is set to point-to-point mode because the IOS on thi.

ip address 210.94.10.146 255.255.255.252

bandwidth 44200

atm pvc 1 1 35 aal5snap

!

interface FastEthernet0

ip address 210.94.10.73 255.255.255.248

ip access-group 110 out

no ip directed-broadcast

full-duplex

no mop enabled

!

router ospf 100

redistribute connected subnets

redistribute static subnets

network 210.94.10.64 0.0.0.3 area 10

network 210.94.10.68 0.0.0.3 area 10

network 210.94.10.144 0.0.0.3 area 10

network 210.220.72.80 0.0.0.3 area 10

network 210.220.72.84 0.0.0.3 area 10

!

ip classless

ip route 0.0.0.0 0.0.0.0 210.94.10.145

ip route 0.0.0.0 0.0.0.0 210.94.10.65 120

ip route 0.0.0.0 0.0.0.0 210.94.10.69 120

ip route 0.0.0.0 0.0.0.0 210.220.72.81 120

ip route 0.0.0.0 0.0.0.0 210.220.72.85 120

ip route 210.217.165.0 255.255.255.0 210.94.10.74

ip route 210.217.166.0 255.255.255.0 210.94.10.74

ip route 211.44.66.0 255.255.255.0 210.94.10.74

ip route 211.44.67.0 255.255.255.0 210.94.10.74

ip route 211.44.74.0 255.255.255.0 210.94.10.74

ip route 211.58.95.0 255.255.255.0 210.94.10.74

ip route 211.108.66.0 255.255.255.0 210.94.10.74

ip route 211.108.244.0 255.255.255.0 210.94.10.74

ip route 211.108.245.0 255.255.255.0 210.94.10.74

access-list 10 permit 210.94.2.53

access-list 10 permit 210.94.2.51

access-list 10 permit 210.94.1.0 0.0.0.255

access-list 110 permit tcp 210.94.1.0 0.0.0.255 host 210.94.10.76 eq telnet

access-list 110 permit tcp 210.94.1.0 0.0.0.255 host 210.94.10.76 eq ftp

access-list 110 deny tcp any host 210.94.10.76 eq telnet log

access-list 110 deny tcp any any eq ftp log

access-list 110 deny tcp any any eq www log

access-list 110 permit ip any any

snmp-server community catv2000 RO

!

!

line con 0

line aux 0

line vty 0 4

access-class 10 in

exec-timeout 0 0

line vty 5 10

password 7 13141C001F0100

!

end

SUWON_SO_4500#sh ?

WORD Flash device information - format <dev:>[partition]

access-expression List access expression

access-lists List access lists

accounting Accounting data for active sessions

aliases Display alias commands

--- 중간 생략 ---

x29 X.29 information

xns XNS information

xremote XRemote statistics

3. 라우터의 인터페이스 상태 확인 및 설정

3.1 인터페이스 전체에 대한 상태 요약

SUWON_SO_4500#show ip interface brief (또는 sh ip int b )

Interface IP-Address OK? Method Status Protocol

ATM0 unassigned YES unset up up

ATM0.2 210.94.10.146 YES manual up up

FastEthernet0 210.94.10.73 YES NVRAM up up

Serial0 210.94.10.66 YES manual up up

Serial1 210.220.72.82 YES manual up up

Serial2 210.94.10.70 YES manual up up

Serial3 210.220.72.86 YES manual up up

- 위처럼 정상으로 서비스중인 포트는 Status, Protocol이 모두 Up으로 되어 있어야 함. 만약에 현재 serial 0,serial 1을 사용하고 있는데 위명령어로 보니까 serial 0의 Protocol이 다운되어 있으면 실제로 그 라인은 사용하지 못하고 있음으로 장애상태임.

- status up은 layer1에서는 정상인 것으로 만약 E1 회선이 죽거나 하면 당연이 down으로 됨

- protocol up은 layer2에서는 정상인 것으로, 회선은 살아있는데 frame relay등의 프로토콜이 안살 경우에는 down됨

3.2 Serial Line 인터페이스 상태

SUWON_SO_4500#sh int s2

Serial2 is up, line protocol is up

Hardware is HD64570

Internet address is 210.94.10.70/30

MTU 1500 bytes, BW 1984 Kbit, DLY 20000 usec, rely 255/255, load 1/255

Encapsulation FRAME-RELAY IETF, loopback not set, keepalive set (10 sec)

LMI enq sent 337752, LMI stat recvd 337742, LMI upd recvd 0, DTE LMI up

LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0

LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE

FR SVC disabled, LAPF state down

Broadcast queue 0/64, broadcasts sent/dropped 894864/1884, interface broadcasts 896748

Last input 00:00:02, output 00:00:02, output hang never

Last clearing of "show interface" counters 5w4d

Input queue: 0/75/555 (size/max/drops); Total output drops: 23078

Queueing strategy: weighted fair

Output queue: 0/1000/64/23078 (size/max total/threshold/drops)

Conversations 0/182/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

5 minute input rate 1000 bits/sec, 0 packets/sec

5 minute output rate 1000 bits/sec, 0 packets/sec

4183074 packets input, 1033163438 bytes, 75 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

46191 input errors, 46185 CRC, 2732 frame, 0 overrun, 0 ignored, 93 abort

18928184 packets output, 717942901 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 output buffer failures, 0 output buffers swapped out

226 carrier transitions

DCD up, BER inactive, NELR inactive, FELR inactive

- 위에서 Bold type으로 된 내용을 주로 보게됨. 나머지는 참고로 알면 됨

각 파라미터의 의미는 다음과 같음.

Serial... is {up | down}

..is administratively down

Indicates whether the interface hardware is currently active (whether carrier detect is present) or if

it has been taken down by an administrator.

line protocol is {up | down}

Indicates whether the software processes that handle the line protocol consider the line usable (that

is, whether keepalives are successful) or if it has been taken down by an administrator.

Hardware is Specifies the hardware type.

Internet address is Specifies the Internet address and subnet mask.

MTU Maximum transmission unit of the interface.

BW Indicates the value of the bandwidth parameter that has been configured for the interface (in kilobits per second). The bandwidth parameter is used to compute IGRP metrics only. If the interface is attached to a serial line with a line speed that does not match the default (1536 or 1544 for T1 and 56 for a standard synchronous serial line), use the bandwidth command to specify the correct line

speed for this serial line.

DLY Delay of the interface in microseconds.

rely Reliability of the interface as a fraction of 255 (255/255 is 100% reliability), calculated as an exponential average over 5 minutes.

load Load on the interface as a fraction of 255 (255/255 is completely saturated), calculated as an exponential average over 5 minutes.

Encapsulation Encapsulation method assigned to interface.

loopback Indicates whether loopback is set or not.

keepalive Indicates whether keepalives are set or not.

Last input Number of hours, minutes, and seconds since the last packet was successfully received by an interface. Useful for knowing when a dead interface failed.

Last output Number of hours, minutes, and seconds since the last packet was successfully transmitted by an interface.

output hang Number of hours, minutes, and seconds (or never) since the interface was last reset because of a transmission that took too long. When the number of hours in any of the "last" fields exceeds 24 hours, the number of days and hours is printed. If that field overflows, asterisks are printed.

Output queue, drops

input queue, drops Number of packets in output and input queues. Each number is followed by a slash, the maximum size of the queue, and the number of packets dropped due to a full queue.

5 minute input rate Average number of bits and packets transmitted per second in the last 5 minutes.

5 minute output rate The 5-minute input and output rates should be used only as an approximation of traffic per second during a given 5-minute period. These rates are exponentially weighted averages with a time constant of 5 minutes. A period of four time constants must pass before the average will be within two percent of the instantaneous rate of a uniform stream of traffic over that period.

packets input Total number of error-free packets received by the system.

bytes Total number of bytes, including data and MAC encapsulation, in the error-free packets received by the system.

no buffer Number of received packets discarded because there was no buffer space in the main system. Compare with ignored count. Broadcast storms on Ethernet networks and bursts of noise on serial lines are often responsible for no input buffer events.

Received... broadcasts Total number of broadcast or multicast packets received by the interface.

runts Number of packets that are discarded because they are smaller than the medium's minimum packet size.

giants Number of packets that are discarded because they exceed the medium's maximum packet size.

input errors Total number of no buffer, runts, giants, CRCs, frame, overrun, ignored, and abort counts. Other input-related errors can also increment the count, so that this sum might not balance with the other counts.

CRC Cyclic redundancy checksum generated by the originating station or far-end device does not match the checksum calculated from the data received. On a serial link, CRCs usually indicate noise, gain hits, or other transmission problems on the data link.

frame Number of packets received incorrectly having a CRC error and a noninteger number of octets. On a serial line, this is usually the result of noise or other transmission problems.

overrun Number of times the serial receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver's ability to handle the data.

ignored Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. Broadcast storms and bursts of noise can cause the ignored count to be increased.

abort Illegal sequence of one bits on a serial interface. This usually indicates a clocking problem between the serial interface and the data link equipment.

carrier transitions Number of times the carrier detect signal of a serial interface has changed state. For example, if data carrier detect (DCD) goes down and comes up, the carrier transition counter will increment two times. Indicates modem or line problems if the carrier detect line is changing state often.

packets output Total number of messages transmitted by the system.

bytes output Total number of bytes, including data and MAC encapsulation, transmitted by the system.

underruns Number of times that the transmitter has been running faster than the router can handle. This might never be reported on some interfaces.

output errors Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. Note that this might not balance with the sum of the enumerated output errors, as some datagrams can have more than one error, and others can have errors that do not fall into any of the specifically tabulated categories.

collisions Number of messages retransmitted due to an Ethernet collision. This usually is the result of an overextended LAN (Ethernet or transceiver cable too long, more than two repeaters between stations, or too many cascaded multiport transceivers). Some collisions are normal. However, if your collision rate climbs to around 4 or 5%, you should consider verifying that there is no faulty equipment on the segment and/or moving some existing stations to a new segment. A packet that collides is counted only once in output packets.

interface resets Number of times an interface has been completely reset. This can happen if packets queued for transmission were not sent within several seconds' time. On a serial line, this can be caused by a malfunctioning modem that is not supplying the transmit clock signal, or by a cable problem. If the system notices that the carrier detect line of a serial interface is up, but the line protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when an interface is looped back or shut down.

restarts Number of times the controller was restarted because of errors.

alarm indications, remote alarms, rx LOF, rx LOS

Number of CSU/DSU alarms, and number of occurrences of receive loss of frame and receive loss of signal.

BER inactive, NELR inactive, FELR inactive

Status of G.703-E1 counters for bit error rate (BER) alarm, near-end loop remote (NELR), and far-end loop remote (FELR). Note that you cannot set the NELR or FELR.

3.3 Fastethernet 상태 확인

SUWON_SO_4500#sh int f 0

FastEthernet0 is up, line protocol is up

Hardware is DEC21140, address is 0010.7b6e.cb49 (bia 0010.7b6e.cb49)

Internet address is 210.94.10.73/29

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 31/255

Encapsulation ARPA, loopback not set, keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters 5w4d

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 67 drops

5 minute input rate 1716000 bits/sec, 1443 packets/sec

5 minute output rate 12507000 bits/sec, 1938 packets/sec

53495679 packets input, 616432882 bytes, 0 no buffer

Received 116237 broadcasts, 0 runts, 0 giants, 1 throttles

0 input errors, 0 CRC, 0 frame, 5 overrun, 0 ignored, 0 abort

0 watchdog, 0 multicast

0 input packets with dribble condition detected

2002445083 packets output, 817445218 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

각 파라미터의 의미는 다음과 같음.

FastEthernet0 is ... is up ...is administratively down

Indicates whether the interface hardware is currently active and if it has been taken down by an administrator.

line protocol is Indicates whether the software processes that handle the line protocol consider the line usable or if it has been taken down by an administrator.

Hardware Hardware type (for example, MCI Ethernet, SCI, cBus Ethernet) and address.

Internet address Internet address followed by subnet mask.

MTU Maximum Transmission Unit of the interface.

BW Bandwidth of the interface in kilobits per second.

DLY Delay of the interface in microseconds.

rely Reliability of the interface as a fraction of 255 (255/255 is 100% reliability), calculated as an exponential average over 5 minutes.

load Load on the interface as a fraction of 255 (255/255 is completely saturated), calculated as an exponential average over 5 minutes.

Encapsulation Encapsulation method assigned to interface.

ARP type: Type of Address Resolution Protocol assigned.

loopback Indicates whether loopback is set or not.

keepalive Indicates whether keepalives are set or not.

Last input Number of hours, minutes, and seconds since the last packet was successfully received by an interface. Useful for knowing when a dead interface failed.

output Number of hours, minutes, and seconds since the last packet was successfully transmitted by the interface. Useful for knowing when a dead interface failed.

output hang Number of hours, minutes, and seconds (or never) since the interface was last reset because of a transmission that took too long. When the number of hours in any of the "last" fields exceeds 24 hours, the number of days and hours is printed. If that field overflows, asterisks are printed.

Last clearing Time at which the counters that measure cumulative statistics (such as number of bytes transmitted and received) shown in this report were last reset to zero. Note that variables that might affect routing (for example, load and reliability) are not cleared when the counters are cleared.

*** indicates the elapsed time is too large to be displayed.

0:00:00 indicates the counters were cleared more than 231ms (and less than 232ms) ago.

Output queue, input queue, drops

Number of packets in output and input queues. Each number is followed by a slash, the maximum size of the queue, and the number of packets dropped due to a full queue.

5 minute input rate, 5 minute output rate

Average number of bits and packets transmitted per second in the last 5 minutes. If the interface is not in promiscuous mode, it senses network traffic it sends and receives (rather than all network traffic).

The 5-minute input and output rates should be used only as an approximation of traffic per second during a given 5-minute period. These rates are exponentially weighted averages with a time constant of 5 minutes. A period of four time constants must pass before the average will be within two percent of the instantaneous rate of a uniform stream of traffic over that period.

packets input Total number of error-free packets received by the system.

bytes Total number of bytes, including data and MAC encapsulation, in the error free packets received by the system.

no buffer Number of received packets discarded because there was no buffer space in the main system. Compare with ignored count. Broadcast storms on Ethernets and bursts of noise on serial lines are often responsible for no input buffer events.

Received ... broadcasts

Total number of broadcast or multicast packets received by the interface.

runts Number of packets that are discarded because they are smaller than the medium's minimum packet size. For instance, any Ethernet packet that is less than 64 bytes is considered a runt.

giants Number of packets that are discarded because they exceed the medium's maximum packet size. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.

input errors Includes runts, giants, no buffer, CRC, frame, overrun, and ignored counts. Other input-related errors can also cause the input errors count to be increased, and some datagrams may have more than one error; therefore, this sum may not balance with the sum of enumerated input error counts.

CRC Cyclic redundancy checksum generated by the originating LAN station or far-end device does not match the checksum calculated from the data received. On a LAN, this usually indicates noise or transmission problems on the LAN interface or the LAN bus itself. A high number of CRCs is usually the result of collisions or a station transmitting bad data.

frame Number of packets received incorrectly having a CRC error and a noninteger number of octets. On a LAN, this is usually the result of collisions or a malfunctioning Ethernet device.

overrun Number of times the receiver hardware was unable to hand received data to a hardware buffer because the input rate exceeded the receiver's ability to handle the data.

ignored Number of received packets ignored by the interface because the interface hardware ran low on internal buffers. These buffers are different than the system buffers mentioned previously in the buffer description. Broadcast storms and bursts of noise can cause the ignored count to be increased.

abort Number of packets whose receipt was aborted.

watchdog Number of times watchdog receive timer expired. It happens when receiving a packet with length greater than 2048.

multicast Number of multicast packets received.

input packets with dribble condition detected

Dribble bit error indicates that a frame is slightly too long. This frame error counter is incremented just for informational purposes; the router accepts the frame.

packets output Total number of messages transmitted by the system.

bytes Total number of bytes, including data and MAC encapsulation, transmitted by the system.

underruns Number of times that the transmitter has been running faster than the router can handle. This may never be reported on some interfaces.

output errors Sum of all errors that prevented the final transmission of datagrams out of the interface being examined. Note that this may not balance with the sum of the enumerated output errors, as some datagrams may have more than one error, and others may have errors that do not fall into any of the specifically tabulated categories.

collisions Number of messages retransmitted due to an Ethernet collision. This is usually the result of an overextended LAN (Ethernet or transceiver cable too long, more than two repeaters between stations, or too many cascaded multiport transceivers). A packet that collides is counted only once in output packets.

interface resets Number of times an interface has been completely reset. This can happen if packets queued for transmission were not sent within several seconds. On a serial line, this can be caused by a malfunctioning modem that is not supplying the transmit clock signal, or by a cable problem. If the system notices that the carrier detect line of a serial interface is up, but the line protocol is down, it periodically resets the interface in an effort to restart it. Interface resets can also occur when an interface is looped back or shut down.

restarts Number of times a Type 2 Ethernet controller was restarted because of errors.

babbles The transmit jabber timer expired.

late collision Number of late collisions. Late collision happens when a collision occurs after transmitting the preamble.

deferred Deferred indicates that the chip had to defer while ready to transmit a frame because the carrier was asserted.

lost carrier Number of times the carrier was lost during transmission.

no carrier Number of times the carrier was not present during the transmission. output buffer failures Number of failed buffers and number of buffers swapped out.

3.4 인터페이스의 현재 성능을 측정하는 방법

SUWON_SO_4500#p

Protocol [ip]:

Target IP address: 1 211.44.66.38

Repeat count [5]: 1000

Datagram size [100]: 100

Timeout in seconds [2]: 1

Extended commands [n]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 1000, 100-byte ICMP Echos to 211.44.66.38, timeout is 1 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (1000/1000), round-trip min/avg/max = 8/12/36 ms

- ! : ping response가 제대로 온 것을 의미.

- . : ping response가 제대로 안온 것을 의미.

- U : destination unreachable로 라우팅을 할 수 없을 때, 나타나는 메시지

4. 라우팅 정보 확인

SUWON_SO_4500#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

U - per-user static route, o - ODR

Gateway of last resort is 210.94.0.66 to network 0.0.0.0

SUWON_SO_4500#sh ip route ospf

O E2 210.205.30.0/24 [110/20] via 210.94.10.145, 01:26:59, ATM0.2

O E2 211.58.224.0/24 [110/20] via 210.94.10.145, 01:26:58, ATM0.2

O E2 211.44.241.0/24 [110/20] via 210.94.10.145, 01:26:59, ATM0.2

---- 중간 생략 ---

O E2 211.37.121.0 [110/20] via 210.94.10.145, 01:27:00, ATM0.2

O E2 211.37.121.64 [110/20] via 210.94.10.145, 01:27:00, ATM0.2

211.58.104.0/24 is variably subnetted, 5 subnets, 2 masks

O E2 211.58.104.128/26 [110/20] via 210.94.10.145, 01:27:00, ATM0.2

O* : default route를 가리킴. 반드시 있어야 함.

SUWON_SO_4500#sh ip ospf ?

<1-4294967295> Process ID number

border-routers Border and Boundary Router Information

database Database summary

interface Interface information

neighbor Neighbor list

request-list Link state request list

retransmission-list Link state retransmission list

summary-address Summary-address redistribution Information

virtual-links Virtual link information

<cr>

SUWON_SO_4500#sh ip ospf interface

ATM0 is up, line protocol is up

OSPF not enabled on this interface

ATM0.2 is up, line protocol is up

Internet Address 210.94.10.146/30, Area 10

Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 2

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:05

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 210.94.6.27

Suppress hello for 0 neighbor(s)

FastEthernet0 is up, line protocol is up

OSPF not enabled on this interface

Serial0 is up, line protocol is up

Internet Address 210.94.10.66/30, Area 10

Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:02

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 210.94.6.20

Suppress hello for 0 neighbor(s)

Serial1 is up, line protocol is up

Internet Address 210.220.72.82/30, Area 10

Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:00

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 210.94.6.28

Suppress hello for 0 neighbor(s)

Serial2 is up, line protocol is up

Internet Address 210.94.10.70/30, Area 10

Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:09

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 210.94.6.20

Suppress hello for 0 neighbor(s)

Serial3 is up, line protocol is up

Internet Address 210.220.72.86/30, Area 10

Process ID 100, Router ID 210.94.10.73, Network Type POINT_TO_POINT, Cost: 50

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:08

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 210.94.6.28

Suppress hello for 0 neighbor(s)

SUWON_SO_4500# sh ip route static

S 210.217.165.0/24 [1/0] via 210.94.10.74

S 211.44.74.0/24 [1/0] via 210.94.10.74

S 210.217.166.0/24 [1/0] via 210.94.10.74

S 211.108.245.0/24 [1/0] via 210.94.10.74

S 211.58.95.0/24 [1/0] via 210.94.10.74

S 211.108.244.0/24 [1/0] via 210.94.10.74

S 211.44.66.0/24 [1/0] via 210.94.10.74

S 211.108.66.0/24 [1/0] via 210.94.10.74

S 211.44.67.0/24 [1/0] via 210.94.10.74

S* 0.0.0.0/0 [1/0] via 210.94.10.145

SUWON_SO_4500#sh ip route con

210.220.72.0/24 is variably subnetted, 41 subnets, 2 masks

C 210.220.72.84/30 is directly connected, Serial3

C 210.220.72.80/30 is directly connected, Serial1

210.94.10.0/24 is variably subnetted, 21 subnets, 2 masks

C 210.94.10.144/30 is directly connected, ATM0.2

C 210.94.10.68/30 is directly connected, Serial2

C 210.94.10.64/30 is directly connected, Serial0

C 210.94.10.72/29 is directly connected, FastEthernet0

5. 라우터 configuration 변경 방법

5.1 interface configuration 변경 방법

SEL-DJ-4500#conf t

☞ 라우터에 대한 configuration을 변경하고자 할 때 항상 위 명령어를 먼저 쳐야 한다.

Enter configuration commands, one per line. End with CNTL/Z.

SEL-DJ-4500(config)#int s0 #interface serial 1에 대한 configuration을 변경할 때#

SEL-DJ-4500(config-if)# #Prompt가 왼쪽처럼 바뀌면 interface에 대한 변경모드로 들어와 있다는 것을 말함#

SEL-DJ-4500(config-if)#no ip address 210.94.10.254 255.255.255.252

SEL-DJ-4500(config-if)#ip address 210.94.10.5 255.255.255.252

#ip address를 다른 것으로 변경할 때, 기존에 있던 것은 no 라는 명령어를 이용하여 정보를 지운다음 새 ip 주소를 넣는다. 다른 명령어의 경우에도 기존 것을 먼저 no를 이용하여 지우고 새로 바꾸면 됨#

SEL-DJ-4500(config-if)#Ctrl+z #control+Z를 치면 다시 global configuration으로 빠진다#

SEL-DJ-4500#sh run

..........

- 위에서 처럼 어떤 세팅을 바꾸고 나면 반드시 sh run을 해서 제대로 바뀌어 있는지 확인을 해야 함.

SEL-DJ-4500#copy runing-config startup-config(or copy run st)

- 제대로 바뀐 것을 확인했으면 위에서처럼 RAM에 있는 구성정보를 ROM으로 옮겨야 함. 그래야 라우터의 파워를 껐다 켜더라도 새로 바뀐 것으로 update가 됨

SEL-DJ-4500#? #interface 관련된 명령어가 무엇이 있는지 알고자 할 때#

Interface configuration commands:

access-expression Build a bridge boolean access expression

apollo Apollo interface subcommands

appletalk Appletalk interface subcommands

arp Set arp type (arpa, probe, snap) or timeout

asp ASP interface subcommands

autodetect Autodetect Encapsulations on Serial interface

backup Modify dial-backup parameters

................

5.2 라우팅을 변경하는 방법

5.2.1 Static routing을 변경

SEL-DJ-4500#conf t

SEL-DJ-4500(config)#no ip route 210.94.10.0 255.255.255.0 210.94.0.2

SEL-DJ-4500(config)#ip route 210.94.10.0 255.255.255.0 210.94.1.2 #기존에 설정된 static route를 지우고 새로 설정하는 방법#

- 즉, C Class로 된 210.94.10.0이라는 네트워크를 갈려면 210.94.1.2로 가면 된다고 라우터에 알려 줌

SEL-DJ-4500(config)#ip route 0.0.0.0 0.0.0.0 210.94.1.2 #default route를 static으로 설정하는 방법#

- 즉, 이도 저도 알수 없는 네트워크는 전부 210.94.1.2로 가면 된다고 알려줌.

5.2.2 Dynamic routing을 변경

SEL-DJ-4700#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SEL-DJ-4700(config)#router ospf 100

SEL-DJ-4700(config-router)#?

Router configuration commands:

area OSPF area parameters

default Set a command to its defaults

default-information Control distribution of default information

default-metric Set metric of redistributed routes

distance Define an administrative distance

distribute-list Filter networks in routing updates

..............................

timers Adjust routing timers

traffic-share Algorithm for computing traffic share for alternate

routes

SEL-DJ-4700(config-router)#network 210.94.0.0 0.0.0.255 area 10

SEL-DJ-4700(config-router)#redistribute connected subnets

SEL-DJ-4700(config-router)#redistribute static subnets

※ 실제로 라우터를 개통을 하지 않고 그냥 이미 개통된 라우터를 운용할 때는 위에서 처럼 OSPF와 관련된 명령어는 사용할 기회가 거의 없음. 그냥 참고로만 알면 됨.

6. 기타

6.1 라우터에 대한 telnet 접속을 제한

※ 모토롤라의 Trusted IP와 비슷한 기능으로 간주하면 됨.

SEL-DJ-4700#conf t

SEL-DJ-4700(config)#access-list 12 permit 210.94.1.0 0.0.0.255

- 210.94.1.0에 대한 네크워크만 허가를 할 때

- 0.0.0.255는 wild mask로 허가를 할 거냐 말거냐를 결정할 때, 0은 틀리면 안되고, 1은 틀려도 됨.

SEL-DJ-4700(config)#^Z

SEL-DJ-4700#conf t

SEL-DJ-4700(config)#line vty 0 4 #telnet line 5개 모두 설정#

SEL-DJ-4700(config-line)#access-class 12 in

- 이렇게 하면 이 라우터에 telnet으로 접속할 때, 210.94.1.0 네트워크만 허가되고 나머지는 들어올 수 없음.

6.2 라우터에 대한 중요 정보의 로그를 볼 때

SUWON_SO_4500#sh log (show logging)

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

Console logging: level debugging, 19516 messages logged

Monitor logging: level debugging, 0 messages logged

Trap logging: level informational, 19524 message lines logged

Buffer logging: level debugging, 19516 messages logged

Log Buffer (8192 bytes):

ACCESSLOGP: list 110 denied tcp 165.229.28.196(1426) -> 211.44.66.10(21), 3 packets

*Jun 4 22:54:01: %SEC-6-IPACCESSLOGP: list 110 denied tcp 211.50.36.89(1297) -> 211.108.245.97(21), 1 packet

---- 중간 생략 ----

*Jun 5 02:14:05: %SEC-6-IPACCESSLOGP: list 110 denied tcp 211.44.174.2(1375) -> 211.108.245.97(21), 3 packets

SEL-DJ-4500#sh logging

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

Console logging: level debugging, 18747 messages logged

Monitor logging: level debugging, 458 messages logged

Trap logging: level informational, 18335 message lines logged

Buffer logging: level debugging, 18747 messages logged

Log Buffer (8192 bytes):

_I: Configured from console by console

...................

(210.94.1.116)

*Mar 25 05:07:11.054: %SYS-5-CONFIG_I: Configured from console by vty1 (210.94.1.116)

*Mar 27 03:34:03.846: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5, changed state to down

*Mar 27 03:40:34.186: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5, changed state to up

*Mar 27 22:29:20.493: %SYS-5-CONFIG_I: Configured from console by vty1 (210.94.1.118)

- 위에서 처럼 어떤 시간에 어느 인터페이스가 죽었다가 살아났다는 것을 알 수 있음.