1. 顯示提示信息 2. 全局參數的設置 3. 接口參數的設置 4. 顯示結果 利用設置對話過程可以避免手工輸入命令的煩瑣,但它還不能完全代替手工設置,一些非凡的設置還必須通過手工輸入的方式完成。 進入設置對話過程后,路由器首先會顯示一些提示信息: --- System Configuration Dialog --- At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any PRompt. Default settings are in square brackets '[]'. 這是告訴你在設置對話過程中的任何地方都可以鍵入“?”得到系統的幫助,按ctrl-c可以退出設置過程,缺省設置將顯示在‘[]’中。然后路由器會問是否進入設置對話: Would you like to enter the initial configuration dialog? [yes]: 假如按y或回車,路由器就會進入設置對話過程。首先你可以看到各端口當前的狀況: First, would you like to see the current interface summary? [yes]: Any interface listed with OK? value "NO" does not have a valid configuration Interface ip-Address OK? Method Status Protocol Ethernet0 unassigned NO unset up up Serial0 unassigned NO unset up up ……… ……… … …… … … 然后,路由器就開始全局參數的設置: Configuring global parameters: 1.設置路由器名: Enter host name [Router]: 2.設置進入特權狀態的密文(secret),此密文在設置以后不會以明文方式顯示: The enable secret is a one-way cryptographic secret used instead of the enable passWord when it exists. Enter enable secret: cisco 3.設置進入特權狀態的密碼(password),此密碼只在沒有密文時起作用,并且在設置以后會以明文方式顯示: The enable password is used when there is no enable secret and when using older software and some boot images. Enter enable password: pass 4.設置虛擬終端訪問時的密碼: Enter virtual terminal password: cisco 5.詢問是否要設置路由器支持的各種網絡協議: Configure SNMP Network Management? [yes]: Configure DECnet? [no]: Configure AppleTalk? [no]: Configure IPX? [no]: Configure IP? [yes]: Configure IGRP routing? [yes]: Configure RIP routing? [no]: ……… 6.假如配置的是撥號訪問服務器,系統還會設置異步口的參數: Configure Async lines? [yes]: 1) 設置線路的最高速度: Async line speed [9600]: 2) 是否使用硬件流控: Configure for HW flow control? [yes]: 3) 是否設置modem: Configure for modems? [yes/no]: yes 4) 是否使用默認的modem命令: Configure for default chat script? [yes]: 5) 是否設置異步口的PPP參數: Configure for Dial-in IP SLIP/PPP access? [no]: yes 6) 是否使用動態IP地址: Configure for Dynamic IP addresses? [yes]: 7) 是否使用缺省IP地址: Configure Default IP addresses? [no]: yes 8) 是否使用TCP頭壓縮: Configure for TCP Header Compression? [yes]: 9) 是否在異步口上使用路由表更新: Configure for routing updates on async links? [no]: y 10) 是否設置異步口上的其它協議。
接下來,系統會對每個接口進行參數的設置。 1.Configuring interface Ethernet0: 1) 是否使用此接口: Is this interface in use? [yes]: 2) 是否設置此接口的IP參數: Configure IP on this interface? [yes]: 3) 設置接口的IP地址: IP address for this interface: 192.168.162.2 4) 設置接口的IP子網掩碼: Number of bits in subnet field [0]: Class C network is 192.168.162.0, 0 subnet bits; mask is /24 在設置完所有接口的參數后,系統會把整個設置對話過程的結果顯示出來: The following configuration command script was created: hostname Router enable secret 5 $1$W5Oh$p6J7tIgRMBOIKVXVG53Uh1 enable password pass ………… 請注重在enable secret后面顯示的是亂碼,而enable password后面顯示的是設置的內容。 顯示結束后,系統會問是否使用這個設置: Use this configuration? [yes/no]: yes 假如回答yes,系統就會把設置的結果存入路由器的NVRAM中,然后結束設置對話過程,使路由器開始正常的工作。 返回目錄
三、常用命令
1. 幫助 在IOS操作中,無論任何狀態和位置,都可以鍵入“?”得到系統的幫助。 2. 改變命令狀態 任務 命令 進入特權命令狀態 enable 退出特權命令狀態 disable 進入設置對話狀態 setup 進入全局設置狀態 config terminal 退出全局設置狀態 end 進入端口設置狀態 interface type slot/number 進入子端口設置狀態 interface type number.subinterface [point-to-point multipoint] 進入線路設置狀態 line type slot/number 進入路由設置狀態 router protocol 退出局部設置狀態 exit 3. 顯示命令 任務 命令 查看版本及引導信息 show version 查看運行設置 show running-config 查看開機設置 show startup-config 顯示端口信息 show interface type slot/number 顯示路由信息 show ip router 4. 拷貝命令 用于IOS及CONFIG的備份和升級
6. 基本設置命令 任務 命令 全局設置 config terminal 設置訪問用戶及密碼 username username password password 設置特權密碼 enable secret password 設置路由器名 hostname name 設置靜態路由 ip route destination subnet-mask next-hop 啟動IP路由 ip routing 啟動IPX路由 ipx routing 端口設置 interface type slot/number 設置IP地址 ip address address subnet-mask 設置IPX網絡 ipx network network 激活端口 no shutdown 物理線路設置 line type number 啟動登錄進程 login [localtacacs server] 設置登錄密碼 password password
四、配置IP尋址
1. IP地址分類 IP地址分為網絡地址和主機地址二個部分,A類地址前8位為網絡地址,后24位為主機地址,B類地址16位為網絡地址,后16位為主機地址,C類地址前24位為網絡地址,后8位為主機地址,網絡地址范圍如下表所示: 種類 網絡地址范圍 A 1.0.0.0 到126.0.0.0有效 0.0.0.0 和127.0.0.0保留 B 128.1.0.0到191.254.0.0有效 128.0.0.0和191.255.0.0保留 C 192.0.1.0 到223.255.254.0有效 192.0.0.0和223.255.255.0保留 D 224.0.0.0到239.255.255.255用于多點廣播 E 240.0.0.0到255.255.255.254保留 255.255.255.255用于廣播 2. 分配接口IP地址 任務 命令 接口設置 interface type slot/number 為接口設置IP地址 ip address ip-address mask 掩瑪(mask)用于識別IP地址中的網絡地址位數,IP地址(ip-address)和掩碼(mask)相與即得到網絡地址。 3. 使用可變長的子網掩碼 通過使用可變長的子網掩碼可以讓位于不同接口的同一網絡編號的網絡使用不同的掩碼,這樣可以節省IP地址,充分利用有效的IP地址空間。 如下圖所示: Router1和Router2的E0端口均使用了C類地址192.1.0.0作為網絡地址,Router1的E0的網絡地址為192.1.0.128,掩碼為255.255.255.192, Router2的E0的網絡地址為192.1.0.64,掩碼為255.255.255.192,這樣就將一個C類網絡地址分配給了二個網,既劃分了二個子網,起到了節約地址的作用。
4. 使用網絡地址翻譯(NAT) NAT(Network Address Translation)起到將內部私有地址翻譯成外部合法的全局地址的功能,它使得不具有合法IP地址的用戶可以通過NAT訪問到外部Internet. 當建立內部網的時候,建議使用以下地址組用于主機,這些地址是由Network Working Group(RFC 1918)保留用于私有網絡地址分配的. l Class A:10.1.1.1 to 10.254.254.254 l Class B:172.16.1.1 to 172.31.254.254 l Class C:192.168.1.1 to 192.168.254.254 命令描述如下: 任務 命令 定義一個標準訪問列表 access-list access-list-number permit source [source-wildcard] 定義一個全局地址池 ip nat pool name start-ip end-ip {netmask netmask prefix-length prefix-length} [type rotary] 建立動態地址翻譯 ip nat inside source {list {access-list-number name} pool name [overload] static local-ip global-ip} 指定內部和外部端口 ip nat {inside outside} 如下圖所示,
路由器的Ethernet 0端口為inside端口,即此端口連接內部網絡,并且此端口所連接的網絡應該被翻譯,Serial 0端口為outside端口,其擁有合法IP地址(由NIC或服務提供商所分配的合法的IP地址),來自網絡10.1.1.0/24的主機將從IP地址池c2501中選擇一個地址作為自己的合法地址,經由Serial 0口訪問Internet。命令ip nat inside source list 2 pool c2501 overload中的參數overload,將答應多個內部地址使用相同的全局地址(一個合法IP地址,它是由NIC或服務提供商所分配的地址)。命令ip nat pool c2501 202.96.38.1 202.96.38.62 netmask 255.255.255.192定義了全局地址的范圍。 設置如下: ip nat pool c2501 202.96.38.1 202.96.38.62 netmask 255.255.255.192 interface Ethernet 0 ip address 10.1.1.1 255.255.255.0 ip nat inside ! interface Serial 0 ip address 202.200.10.5 255.255.255.252 ip nat outside ! ip route 0.0.0.0 0.0.0.0 Serial 0 access-list 2 permit 10.0.0.0 0.0.0.255 ! Dynamic NAT ! ip nat inside source list 2 pool c2501 overload line console 0 exec-timeout 0 0 ! line vty 0 4 end
五、配置靜態路由
通過配置靜態路由,用戶可以人為地指定對某一網絡訪問時所要經過的路徑,在網絡結構比較簡單,且一般到達某一網絡所經過的路徑唯一的情況下采用靜態路由。 任務 命令 建立靜態路由 ip route prefix mask {address interface} [distance] [tag tag] [permanent] Prefix :所要到達的目的網絡 mask :子網掩碼 address :下一個跳的IP地址,即相鄰路由器的端口地址。 interface :本地網絡接口 distance :治理距離(可選) tag tag :tag值(可選) permanent :指定此路由即使該端口關掉也不被移掉。
以下在Router1上設置了訪問192.1.0.64/26這個網下一跳地址為192.200.10.6,即當有目的地址屬于192.1.0.64/26的網絡范圍的數據報,應將其路由到地址為192.200.10.6的相鄰路由器。在Router3上設置了訪問192.1.0.128/26及192.200.10.4/30這二個網下一跳地址為192.1.0.65。由于在Router1上端口Serial 0地址為192.200.10.5,192.200.10.4/30這個網屬于直連的網,已經存在訪問192.200.10.4/30的路徑,所以不需要在Router1上添加靜態路由。 Router1: ip route 192.1.0.64 255.255.255.192 192.200.10.6 Router3: ip route 192.1.0.128 255.255.255.192 192.1.0.65 ip route 192.200.10.4 255.255.255.252 192.1.0.65 同時由于路由器Router3除了與路由器Router2相連外,不再與其他路由器相連,所以也可以為它賦予一條默認路由以代替以上的二條靜態路由, ip route 0.0.0.0 0.0.0.0 192.1.0.65 即只要沒有在路由表里找到去特定目的地址的路徑,則數據均被路由到地址為192.1.0.65的相鄰路由器。 返回目錄
一、HDLC
HDLC是CISCO路由器使用的缺省協議,一臺新路由器在未指定封裝協議時默認使用HDLC封裝。 1. 有關命令 端口設置 任務 命令 設置HDLC封裝 encapsulation hdlc 設置DCE端線路速度 clockrate speed 復位一個硬件接口 clear interface serial unit 顯示接口狀態 show interfaces serial [unit] 1 注:1.以下給出一個顯示Cisco同步串口狀態的例子. Router#show interface serial 0 Serial 0 is up, line protocol is up Hardware is MCI Serial Internet address is 150.136.190.203, subnet mask is 255.255.255.0 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 0:00:07, output 0:00:00, output hang never Output queue 0/40, 0 drops; input queue 0/75, 0 drops Five minute input rate 0 bits/sec, 0 packets/sec Five minute output rate 0 bits/sec, 0 packets/sec 16263 packets input, 1347238 bytes, 0 no buffer Received 13983 broadcasts, 0 runts, 0 giants 2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 2 abort 22146 packets output, 2383680 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets, 0 restarts 1 carrier transitions 2. 舉例
設置如下: Router1: interface Serial0 ip address 192.200.10.1 255.255.255.0 clockrate 1000000
Router2: interface Serial0 ip address 192.200.10.2 255.255.255.0 ! 3. 舉例使用E1線路實現多個64K專線連接. 相關命令: 任務 命令 進入controller配置模式 controller {t1 e1} number 選擇幀類型 framing {crc4 no-crc4} 選擇line-code類型 linecode {ami b8zs hdb3} 建立邏輯通道組與時隙的映射 channel-group number timeslots range1 顯示controllers接口狀態 show controllers e1 [slot/port]2
Router# show controllers e1 e1 0/0 is up. Applique type is Channelized E1 - unbalanced Framing is CRC4, Line Code is HDB3 No alarms detected. Data in current interval (725 seconds elapsed): 0 Line Code Violations, 0 Path Code Violations 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Total Data (last 24 hours) 0 Line Code Violations, 0 Path Code Violations, 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins, 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
以下例子為E1連接3條64K專線, 幀類型為NO-CRC4,非平衡鏈路,路由器具體設置如下: shanxi#wri t Building configuration...
Current configuration: ! version 11.2 no service udp-small-servers no service tcp-small-servers ! hostname shanxi ! enable secret 5 $1$XN08$Ttr8nfLoP9.2RgZhcBzkk/ enable password shanxi ! ! ip subnet-zero ! controller E1 0 framing NO-CRC4 channel-group 0 timeslots 1 channel-group 1 timeslots 2 channel-group 2 timeslots 3 ! interface Ethernet0 ip address 133.118.40.1 255.255.0.0 media-type 10BaseT ! interface Ethernet1 no ip address shutdown ! interface Serial0:0 ip address 202.119.96.1 255.255.255.252 no ip mroute-cache ! interface Serial0:1 ip address 202.119.96.5 255.255.255.252 no ip mroute-cache ! interface Serial0:2 ip address 202.119.96.9 255.255.255.252 no ip mroute-cache ! no ip classless ip route 133.210.40.0 255.255.255.0 Serial0:0 ip route 133.210.41.0 255.255.255.0 Serial0:1 ip route 133.210.42.0 255.255.255.0 Serial0:2 ! line con 0 line aux 0 line vty 0 4 password shanxi login ! end 廣域網設置:
一、HDLC
HDLC是CISCO路由器使用的缺省協議,一臺新路由器在未指定封裝協議時默認使用HDLC封裝。
1. 有關命令 端口設置 任務 命令 設置HDLC封裝 encapsulation hdlc 設置DCE端線路速度 clockrate speed 復位一個硬件接口 clear interface serial unit 顯示接口狀態 show interfaces serial [unit] 1 注:1.以下給出一個顯示Cisco同步串口狀態的例子. Router#show interface serial 0 Serial 0 is up, line protocol is up Hardware is MCI Serial Internet address is 150.136.190.203, subnet mask is 255.255.255.0 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation HDLC, loopback not set, keepalive set (10 sec) Last input 0:00:07, output 0:00:00, output hang never Output queue 0/40, 0 drops; input queue 0/75, 0 drops Five minute input rate 0 bits/sec, 0 packets/sec Five minute output rate 0 bits/sec, 0 packets/sec 16263 packets input, 1347238 bytes, 0 no buffer Received 13983 broadcasts, 0 runts, 0 giants 2 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 2 abort 22146 packets output, 2383680 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets, 0 restarts 1 carrier transitions 2. 舉例
設置如下: Router1: interface Serial0 ip address 192.200.10.1 255.255.255.0 clockrate 1000000
Router2: interface Serial0 ip address 192.200.10.2 255.255.255.0 ! 3. 舉例使用E1線路實現多個64K專線連接. 相關命令: 任務 命令 進入controller配置模式 controller {t1 e1} number 選擇幀類型 framing {crc4 no-crc4} 選擇line-code類型 linecode {ami b8zs hdb3} 建立邏輯通道組與時隙的映射 channel-group number timeslots range1 顯示controllers接口狀態 show controllers e1 [slot/port]2
Router# show controllers e1 e1 0/0 is up. Applique type is Channelized E1 - unbalanced Framing is CRC4, Line Code is HDB3 No alarms detected. Data in current interval (725 seconds elapsed): 0 Line Code Violations, 0 Path Code Violations 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs Total Data (last 24 hours) 0 Line Code Violations, 0 Path Code Violations, 0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins, 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
以下例子為E1連接3條64K專線, 幀類型為NO-CRC4,非平衡鏈路,路由器具體設置如下: shanxi#wri t Building configuration...
Current configuration: ! version 11.2 no service udp-small-servers no service tcp-small-servers ! hostname shanxi ! enable secret 5 $1$XN08$Ttr8nfLoP9.2RgZhcBzkk/ enable password shanxi ! ! ip subnet-zero ! controller E1 0 framing NO-CRC4 channel-group 0 timeslots 1 channel-group 1 timeslots 2 channel-group 2 timeslots 3 ! interface Ethernet0 ip address 133.118.40.1 255.255.0.0 media-type 10BaseT ! interface Ethernet1 no ip address shutdown ! interface Serial0:0 ip address 202.119.96.1 255.255.255.252 no ip mroute-cache ! interface Serial0:1 ip address 202.119.96.5 255.255.255.252 no ip mroute-cache ! interface Serial0:2 ip address 202.119.96.9 255.255.255.252 no ip mroute-cache ! no ip classless ip route 133.210.40.0 255.255.255.0 Serial0:0 ip route 133.210.41.0 255.255.255.0 Serial0:1 ip route 133.210.42.0 255.255.255.0 Serial0:2 ! line con 0 line aux 0 line vty 0 4 password shanxi login ! end 返回目錄
二、PPP
PPP(Point-to-Point Protocol)是SLIP(Serial Line IP protocol)的繼續者,它提供了跨過同步和異步電路實現路由器到路由器(router-to-router)和主機到網絡(host-to-network)的連接。
CHAP(Challenge Handshake Authentication Protocol)和PAP(Password Authentication Protocol) (PAP)通常被用于在PPP封裝的串行線路上提供安全性認證。使用CHAP和PAP認證,每個路由器通過名字來識別,可以防止未經授權的訪問。 CHAP和PAP在RFC 1334上有具體的說明。 1. 有關命令 端口設置 任務 命令 設置PPP封裝 encapsulation ppp1 設置認證方法 ppp authentication {chap chap pap pap chap pap} [if-needed][list-name default] [callin] 指定口令 username name password secret 設置DCE端線路速度 clockrate speed 注:1、要使用CHAP/PAP必須使用PPP封裝。在與非Cisco路由器連接時,一般采用PPP封裝,其它廠家路由器一般不支持Cisco的HDLC封裝協議。 2. 舉例 路由器Router1和Router2的S0口均封裝PPP協議,采用CHAP做認證,在Router1中應建立一個用戶,以對端路由器主機名作為用戶名,即用戶名應為router2。同時在Router2中應建立一個用戶,以對端路由器主機名作為用戶名,即用戶名應為router1。所建的這兩用戶的password必須相同。 設置如下: Router1: hostname router1 username router2 password xxx interface Serial0 ip address 192.200.10.1 255.255.255.0 clockrate 1000000 ppp authentication chap ! Router2: hostname router2 username router1 password xxx interface Serial0 ip address 192.200.10.2 255.255.255.0 ppp authentication chap !
相關調試命令: clear x25-vc show interfaces serial show x25 map show x25 route show x25 vc 3.2. 在以下實例中路由器router1和router2均通過svc與router連接,但router1和router2不通過svc直接連接,此三個路由器的串口運行RIP路由協議,使用了子接口的概念。 由于使用子接口,router1和router2均學習到了訪問對方局域網的路徑,若不使用子接口,router1和router2將學不到到對方局域網的路由。
幀中繼是一種高性能的WAN協議,它運行在OSI參考模型的物理層和數據鏈路層。它是一種數據包交換技術,是X.25的簡化版本。它省略了X.25的一些強健功能,如提供窗口技術和數據重發技術,而是依靠高層協議提供糾錯功能,這是因為幀中繼工作在更好的WAN設備上,這些設備較之X.25的WAN設備具有更可靠的連接服務和更高的可靠性,它嚴格地對應于OSI參考模型的最低二層,而X.25還提供第三層的服務,所以,幀中繼比X.25具有更高的性能和更有效的傳輸效率。 幀中繼廣域網的設備分為數據終端設備(DTE)和數據電路終端設備(DCE),Cisco路由器作為 DTE設備。 幀中繼技術提供面向連接的數據鏈路層的通信,在每對設備之間都存在一條定義好的通信鏈路,且該鏈路有一個鏈路識別碼。這種服務通過幀中繼虛電路實現,每個幀中繼虛電路都以數據鏈路識別碼(DLCI)標識自己。DLCI的值一般由幀中繼服務提供商指定。幀中繼即支持PVC也支持SVC。 幀中繼本地治理接口(LMI)是對基本的幀中繼標準的擴展。它是路由器和幀中繼交換機之間信令標準,提供幀中繼治理機制。它提供了許多治理復雜互聯網絡的特性,其中包括全局尋址、虛電路狀態消息和多目發送等功能。 2. 有關命令: 端口設置 任務 命令 設置Frame Relay封裝 encapsulation frame-relay[ietf] 1 設置Frame Relay LMI類型 frame-relay lmi-type {ansi cisco q933a}2 設置子接口 interface interface-type interface-number.subinterface-number [multipointpoint-to-point] 映射協議地址與DLCI frame-relay map protocol protocol-address dlci [broadcast]3 設置FR DLCI編號 frame-relay interface-dlci dlci [broadcast] 注:1.若使Cisco路由器與其它廠家路由設備相連,則使用Internet工程任務組(IETF)規定的幀中繼封裝格式。 2.從Cisco IOS版本11.2開始,軟件支持本地治理接口(LMI)“自動感覺”, “自動感覺”使接口能確定交換機支持的LMI類型,用戶可以不明確配置LMI接口類型。 3.broadcast選項答應在幀中繼網絡上傳輸路由廣播信息。 3. 幀中繼point to point配置實例: Router1: interface serial 0 encapsulation frame-relay ! interface serial 0.1 point-to-point ip address 172.16.1.1 255.255.255.0 frame-reply interface-dlci 105 ! interface serial 0.2 point-to-point ip address 172.16.2.1 255.255.255.0 frame-reply interface-dlci 102 ! interface serial 0.3 point-to-point ip address 172.16.4.1 255.255.255.0 frame-reply interface-dlci 104 ! Router2: interface serial 0 encapsulation frame-relay ! interface serial 0.1 point-to-point ip address 172.16.2.2 255.255.255.0 frame-reply interface-dlci 201 ! interface serial 0.2 point-to-point ip address 172.16.3.1 255.255.255.0 frame-reply interface-dlci 203 ! 相關調試命令: show frame-relay lmi show frame-relay map show frame-relay pvc show frame-relay route show interfaces serial go top 4. 幀中繼 Multipoint 配置實例:
Router1: interface serial 0 encapsulation frame-reply ! interface serial 0.1 multipoint ip address 172.16.1.2 255.255.255.0 frame-reply map ip 172.16.1.1 201 broadcast frame-reply map ip 172.16.1.3 301 broadcast frame-reply map ip 172.16.1.4 401 broadcast ! Router2: interface serial 0 encapsulation frame-reply ! interface serial 0.1 multipoint ip address 172.16.1.1 255.255.255.0 frame-reply map ip 172.16.1.2 102 broadcast frame-reply map ip 172.16.1.3 102 broadcast frame-reply map ip 172.16.1.4 102 broadcast ! 五、ISDN
1. 綜合數字業務網(ISDN) 綜合數字業務網(ISDN)由數字電話和數據傳輸服務兩部分組成,一般由電話局提供這種服務。 ISDN的基本速率接口(BRI)服務提供2個B信道和1個D信道(2B+D)。BRI的B信道速率為64Kbps,用于傳輸用戶數據。D信道的速率為16Kbps,主要傳輸控制信號。在北美和日本,ISDN的主速率接口(PRI)提供23個B信道和1個D信道,總速率可達1.544Mbps,其中D信道速率為64Kbps。而在歐洲、澳大利亞等國家,ISDN的PRI提供30個B信道和1個64Kbps D信道,總速率可達2.048Mbps。我國電話局所提供ISDN PRI為30B+D。 2. 基本命令 任務 命令 設置ISDN交換類型 isdn switch-type switch-type1 接口設置 interface bri 0 設置PPP封裝 encapsulation ppp 設置協議地址與電話號碼的映射 dialer map protocol next-hop-address [name hostname] [broadcast] [dial-string] 啟動PPP多連接 ppp multilink 設置啟動另一個B通道的閾值 dialer load-threshold load 顯示ISDN有關信息 show isdn {active history memory services status [dsl interface-type number] timers} 注:1.交換機類型如下表,國內交換機一般為basic-net3。 按區域分要害字 交換機類型 Australia basic-ts013 Australian TS013 switches Europe basic-1tr6 German 1TR6 ISDN switches basic-nwnet3 Norway NET3 switches (phase 1) basic-net3 NET3 ISDN switches (UK, Denmark, and other nations); covers the Euro-ISDN E-DSS1 signalling system primary-net5 NET5 switches (UK and Europe) vn2 French VN2 ISDN switches vn3 French VN3 ISDN switches Japan ntt Japanese NTT ISDN switches primary-ntt Japanese ISDN PRI switches North America basic-5ess AT&T basic rate switches basic-dms100 NT DMS-100 basic rate switches basic-ni1 National ISDN-1 switches primary-4ess AT&T 4ESS switch type for the U.S. (ISDN PRI only) primary-5ess AT&T 5ESS switch type for the U.S. (ISDN PRI only) primary-dms100 NT DMS-100 switch type for the U.S. (ISDN PRI only) New Zealand basic-nznet3 New Zealand Net3 switches 3. ISDN實現DDR(dial-on-demand routing)實例: 設置如下: Router1: hostname router1 user router2 password cisco ! isdn switch-type basic-net3 ! interface bri 0 ip address 192.200.10.1 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.2 name router2 572 dialer load-threshold 80 ppp multilink dialer-group 1 ppp authentication chap ! dialer-list 1 protocol ip permit !
Router2: hostname router2 user router1 password cisco ! isdn switch-type basic-net3 ! interface bri 0 ip address 192.200.10.2 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.1 name router1 571 dialer load-threshold 80 ppp multilink dialer-group 1 ppp authentication chap ! dialer-list 1 protocol ip permit ! Cisco路由器同時支持回撥功能,我們將路由器Router1作為Callback Server,Router2作為Callback Client。 與回撥相關命令: 任務 命令 映射協議地址和電話號碼,并在接口上使用在全局模式下定義的PPP回撥的映射類別。 dialer map protocol address name hostname class classname dial-string 設置接口支持PPP回撥 ppp callback accept 在全局模式下為PPP回撥設置映射類別 map-class dialer classname 通過查找注冊在dialer map里的主機名來決定回撥. dialer callback-server [username] 設置接口要求PPP回撥 ppp callback request 設置如下: Router1: hostname router1 user router2 password cisco ! isdn switch-type basic-net3 ! interface bri 0 ip address 192.200.10.1 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.2 name router2 class s3 572 dialer load-threshold 80 ppp callback accept ppp multilink dialer-group 1 ppp authentication chap ! map-class dialer s3 dialer callback-server username dialer-list 1 protocol ip permit !
Router2: hostname router2 user router1 password cisco ! isdn switch-type basic-net3 ! interface bri 0 ip address 192.200.10.2 255.255.255.0 encapsulation ppp dialer map ip 192.200.10.1 name router1 571 dialer load-threshold 80 ppp callback request ppp multilink dialer-group 1 ppp authentication chap ! dialer-list 1 protocol ip permit ! 相關調試命令: debug dialer debug isdn event debug isdn q921 debug isdn q931 debug ppp authentication debug ppp error debug ppp negotiation debug ppp packet show dialer show isdn status 舉例:執行debug dialer命令觀察router2呼叫router1,router1回撥router2的過程. router1#debug dialer router2#ping 192.200.10.1
router1# 00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:03:50: BRI0:1:PPP callback Callback server starting to router2 572 00:03:50: BRI0:1: disconnecting call 00:03:50: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down 00:03:50: BRI0:1: disconnecting call 00:03:50: BRI0:1: disconnecting call 00:03:51: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up 00:03:52: callback to router2 already started 00:03:52: BRI0:2: disconnecting call 00:03:52: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down 00:03:52: BRI0:2: disconnecting call 00:03:52: BRI0:2: disconnecting call 00:04:05: : Callback timer eXPired 00:04:05: BRI0:beginning callback to router2 572 00:04:05: BRI0: Attempting to dial 572 00:04:05: Freeing callback to router2 572 00:04:05: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up 00:04:05: BRI0:1: No callback negotiated 00:04:05: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up 00:04:05: dialer Protocol up for Vi1 00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up 00:04:06: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, chang ed state to up 00:04:11: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 572 #router1 4. ISDN訪問首都在線263網實例: 本地局部網地址為10.0.0.0/24,屬于保留地址,通過NAT地址翻譯功能,局域網用戶可以通過ISDN上263網訪問Internet。 263的ISDN電話號碼為2633,用戶為263,口令為263,所涉及的命令如下表: 任務 命令 指定接口通過PPP/IPCP地址協商獲得IP地址 ip address negotiated 指定內部和外部端口 ip nat {inside outside} 使用ppp/pap作認證 ppp authentication pap callin 指定接口屬于撥號組1 dialer-group 1 定義撥號組1答應所有IP協議 dialer-list 1 protocol ip permit 設定撥號,號碼為2633 dialer string 2633 設定登錄263的用戶名和口令 ppp pap sent-username 263 password 263 設定默認路由 ip route 0.0.0.0 0.0.0.0 bri 0 設定符合訪問列表2的所有源地址被翻譯為bri 0所擁有的地址 ip nat inside source list 2 interface bri 0 overload 設定訪問列表2,答應所有協議 access-list 2 permit any 具體配置如下: hostname Cisco2503 ! isdn switch-type basic-net3 ! ip subnet-zero no ip domain-lookup ip routing ! interface Ethernet 0 ip address 10.0.0.1 255.255.255.0 ip nat inside no shutdown ! interface Serial 0 shutdown no description no ip address ! interface Serial 1 shutdown no description no ip address ! interface bri 0 ip address negotiated ip nat outside encapsulation ppp ppp authentication pap callin ppp multilink dialer-group 1 dialer hold-queue 10 dialer string 2633 dialer idle-timeout 120 ppp pap sent-username 263 password 263 no cdp enable no ip split-horizon no shutdown ! ip classless ! ! Static Routes ! ip route 0.0.0.0 0.0.0.0 bri 0 ! ! Access Control List 2 ! access-list 2 permit any ! dialer-list 1 protocol ip permit ! ! Dynamic NAT ! ip nat inside source list 2 interface bri 0 overload snmp-server community public ro ! line console 0 exec-timeout 0 0 ! line vty 0 4 ! end 5. Cisco765M通過ISDN撥號上263 由于Cisco765的設置命令與我們常用的Cisco路由器的命令不同,所以以下列舉了通過Cisco765上263訪問Internet的具體命令行設置步驟。
>set system c765 c765> set multidestination on c765> set switch net3 c765> set ppp multilink on c765> cd lan c765:LAN> set ip routing on c765:LAN> set ip address 10.0.0.1 c765:LAN> set ip netmask 255.0.0.0 c765:LAN> set briding off c765:LAN>cd c765> set user remotenet New user remotenet being created c765:remotenet> set ip routing on c765:remotenet> set bridging off c765:remotenet> set ip framing none c765:remotenet> set ppp clientname 263 c765:remotenet> set ppp password client Enter new Password: 263 Re-Type new Password: 263 c765:remotenet> set ppp authentication out none c765:remotenet> set ip address 0.0.0.0 c765:remotenet> set ip netmask 0.0.0.0 c765:remotenet> set ppp address negotiation local on c765:remotenet> set ip pat on c765:remotenet> set ip route destination 0.0.0.0/0 gateway 0.0.0.0 c765:remotenet> set number 2633 c765:remotenet> set active 命令描述如下: 任務 命令 設置路由器系統名稱 set system c765 答應路由器呼叫多個目的地 set multidestination on 設置ISDN交換機類型為NET3 set switch net3 答應點到點間多條通道連接實現負載均衡 set ppp multilink on 關掉橋接 set briding off 建立用戶預制文件用于設置撥號連接參數- 可以設置多個用戶預制文件用于相同的物理端口對應于不同的連接。 set user remotenet 使用PPP/IPCP set ip framing none 設置上網用戶帳號 set ppp clientname 263 設置上網口令 set ppp password client Enter new Password: 263 Re-Type new Password: 263 不用PPP/CHAP或PAP做認證 set ppp authentication out none 答應地址磋商 set ppp address negotiation local on 設置地址翻譯 set ip pat on 設置默認路由 set ip route destination 0.0.0.0/0 gateway 0.0.0.0 設置ISP的電話號碼 set number 2633 激活用戶預制文件 set active
設備選用Catalyst5500交換機1臺,安裝WS-X5530-E3治理引擎,多塊WS-X5225R及WS-X5302路由交換模塊,WS-X5302被直接插入交換機,通過二個通道與系統背板上的VLAN 相連,從用戶角度看認為它是1個1接口的模塊,此接口支持ISL。在交換機內劃有3個虛擬網,分別名為default、qbw、rgw,通過WS-X5302實現虛擬網間路由。 以下加重下橫線部分,如set system name 5500C為需設置的命令。 設置如下: Catalyst 5500配置: begin set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70 set prompt Console> set length 24 default set logout 20 set banner motd ^C^C ! #system set system baud 9600 set system modem disable set system name 5500C set system location set system contact ! #ip set interface sc0 1 10.230.4.240 255.255.255.0 10.230.4.255 set interface sc0 up set interface sl0 0.0.0.0 0.0.0.0 set interface sl0 up set arp agingtime 1200 set ip redirect enable set ip unreachable enable set ip fragmentation enable set ip route 0.0.0.0 10.230.4.15 1 set ip alias default 0.0.0.0 ! #Command alias ! #vtp set vtp domain hne set vtp mode server set vtp v2 disable set vtp pruning disable set vtp pruneeligible 2-1000 clear vtp pruneeligible 1001-1005 set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 777 name rgw type ethernet mtu 1500 said 100777 state active set vlan 888 name qbw type ethernet mtu 1500 said 100888 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active bridge 0x0 stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active bridge 0x0 stp ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active parent 0 ring 0x0 mode srb aremaxhop 7 stemaxhop 7 ! #set boot command set boot config-register 0x102 set boot system Flash bootflash:cat5000-sup3.4-3-1a.bin ! #module 1 : 2-port 1000BaseLX Supervisor set module name 1 set vlan 1 1/1-2 set port enable 1/1-2 ! #module 2 : empty ! #module 3 : 24-port 10/100BaseTX Ethernet set module name 3 set module enable 3 set vlan 1 3/1-22 set vlan 777 3/23 set vlan 888 3/24 set trunk 3/1 on isl 1-1005 #module 4 empty ! #module 5 empty ! #module 6 : 1-port Route Switch set module name 6 set port level 6/1 normal set port trap 6/1 disable set port name 6/1 set cdp enable 6/1 set cdp interval 6/1 60 set trunk 6/1 on isl 1-1005 ! #module 7 : 24-port 10/100BaseTX Ethernet set module name 7 set module enable 7 set vlan 1 7/1-22 set vlan 888 7/23-24 set trunk 7/1 on isl 1-1005 set trunk 7/2 on isl 1-1005 ! #module 8 empty ! #module 9 empty ! #module 10 : 12-port 100BaseFX MM Ethernet set module name 10 set module enable 10 set vlan 1 10/1-12 set port channel 10/1-4 off set port channel 10/5-8 off set port channel 10/9-12 off set port channel 10/1-2 on set port channel 10/3-4 on set port channel 10/5-6 on set port channel 10/7-8 on set port channel 10/9-10 on set port channel 10/11-12 on #module 11 empty ! #module 12 empty ! #module 13 empty ! #switch port analyzer !set span 1 1/1 both inpkts disable set span disable ! #cam set cam agingtime 1-2,777,888,1003,1005 300 end 5500C> (enable) WS-X5302路由模塊設置: Router#wri t Building configuration... Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname Router ! enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6. ! ip subnet-zero ! interface Vlan1 ip address 10.230.2.56 255.255.255.0 ! interface Vlan777 ip address 10.230.3.56 255.255.255.0 ! interface Vlan888 ip address 10.230.4.56 255.255.255.0 ! no ip classless ! line con 0 line aux 0 line vty 0 4 password router login ! end Router# 3.1. 例二: 交換設備仍選用Catalyst5500交換機1臺,安裝WS-X5530-E3治理引擎,多塊WS-X5225R在交換機內劃有3個虛擬網,分別名為default、qbw、rgw,通過Cisco3640路由器實現虛擬網間路由。 交換機設置與例一類似。 路由器Cisco3640,配有一塊NM-1FE-TX模塊,此模塊帶有一個快速以太網接口可以支持ISL。Cisco3640快速以太網接口與交換機上的某一支持ISL的端口實現連接,如交換機第3槽第1個接口(3/1口)。 Router#wri t Building configuration... Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname Router ! enable secret 5 $1$w1kK$AJK69fGOD7BqKhKcSNBf6. ! ip subnet-zero ! interface FastEthernet1/0 ! interface FastEthernet1/0.1 encapsulation isl 1 ip address 10.230.2.56 255.255.255.0 ! interface FastEthernet1/0.2 encapsulation isl 777 ip address 10.230.3.56 255.255.255.0 ! interface FastEthernet1/0.3 encapsulation isl 888 ip address 10.230.4.56 255.255.255.0 ! no ip classless ! line con 0 line aux 0 line vty 0 4 password router login ! end Router#
