foundry交换机路由器.docx
- 文档编号:28573064
- 上传时间:2023-07-19
- 格式:DOCX
- 页数:27
- 大小:358.07KB
foundry交换机路由器.docx
《foundry交换机路由器.docx》由会员分享,可在线阅读,更多相关《foundry交换机路由器.docx(27页珍藏版)》请在冰豆网上搜索。
foundry交换机路由器
1.基本配置
主机名R(config)#hostnamehost-name
接口地址R(config-if-e1000-1/1)#ipaddressx.x.x.x/24
时区R(config)#clocktimezone
时钟:
R#clocksethh:
mm:
ssmm-dd-yy
用户账户R(config)#enablepasswordpassword
静态路由R(config)#iproutex.x.x.xx.x.x.x(mask){next-hop|out-interface}
802.1DSTP
802.1wRSTP
802.1sMSTP
·给端口命名R(config-if-e100-1/1)#port-nameport-name
·查看端口R#showinterfacebrief
·保存配置文件R#writememory
·Displaytherunning-configR#writeterminal|showrunning-config
·Displaythesavedstartup-configR#showconfiguration
·Erasethestartup-configR#erasestartup-config
·IdentifyingSoftwareImages:
RouterCode,SwitchCode,ServerIronCode//showversion
·FileManagement
-----TwoImageStorageArea
--------------Primary&Secondary
----------Theflashmemoryisdividedintotwodifferentstorageareas.Thisallowsyoutohavetwodifferentsoftwareimageversionsstoredintheflashmemory:
SecondaryFlashisstoragespaceforUpgradeCode:
a)Putnewcodeinsecondaryflash
b)Scheduleareloadtobootsecondaryflashduringlowtrafficperiods.Unsuccessfulreloadswillcausethesystemtorevertbacktoprimaryflash.
c)Whenconfidenceisestablishedinupgradecode,executea“copyflashflashprimary”tooverwriteoldsoftwareimagewithupgradeimageinprimaryflash.
R#bootsystemflashsecondary
-----ViewtheFlash:
R#showflash
·ping命令:
--ping
[quiet][numeric][no-fragment][verify][data<1-to-4bytehex>][brief]
·Multiple“enable”password:
SuperUser,PortConfiguration,ReadOnly
----SuperUser-Allowscompletereadandwriteaccesstothesystem.Thisisgenerallyforsystemadministratorsandistheonlypasswordlevelthatallowsyoutoconfigurepasswords.
----PortConfiguration-Allowsreadandwriteaccessforspecificportsbutnotforglobal(system-wide)parameters.
----ReadOnly—allowsaccesstotheprivilegedmodeandCONFIGmodebutonlywithreadaccess.
·Passwordrecoving
----youcanrecoverfromaforgottenpassword,requiresdirectaccesstotheSerialPortandaSystemReset
----havetheterminalsessionpluggedintoserialport,then:
a)Rebootthesystem
b)Within2seconds,enter‘b’toinitiatethebootmonitor
BOOTMONITOR>nopassword
BOOTMONITOR>bootsystemflashprimary
Then,enterthesystemandsetanewpassword
2.CLIBASICPassword:
a)telnetaccess:
R(config)#enabletelnetpasswordpassword
--wherepasswordscanbechangedform
R(config)#password-changeserial-port-only|telnet-only|any
b)Usernames/passwordcombination
---SpecifyUsername,passwordandprivilegelevel
R(config)#usernameuser_nameprivilegepri_levelpasswordpassword
Pri_level:
0,4,5
---0:
super-user
---4port-config
---5Read-Only
*Asuper-useraccount(orsuper-userenablepassword)mustbesetbeforeyoucancreatelower-accessaccounts
*passwordsarestoredinconfigfileENCRYPTED(default),oryoucanturnoffencryption:
R(config)#noservicepassword-encryption
*UsernamelistsareappliedwithAAAcommands
c)passwordaaaauthenticatetype
aaaauthentication
aaaauthentication{whattypeofaccess}default{howtovalidate}
●howtovalidate
Whenyouconfigureanauthenticationmethodlistforanaccesslevel,youcanspecifyuptosevenauthenticationmethods.Ifthefirstauthenticationmethodissuccessful,thesoftwaregrantsaccessandstopstheauthenticationprocess.Iftheaccessisrejectedbythefirstauthenticationmethod,thesoftwaredeniesaccessandstopchecking.However,ifanerroroccurswithanauthenticationmethod,thesoftwaretriesthenextmethodonthelist,andsoon.
-----forexample,ifthefirstauthenticationmethodisRADIUSserverbutthelinktotheserverisdownmthesoftwarewilltrythenextauthenticationmethodinthelist.Ifanapplicationmethodisworkingproperlyandthepassword(anduser_name,ifapplicable)isnotknowntothatmethod,thisisnotasystemerror.Theauthenticationattemptstops,andtheuserisdeniesaccess.Thesoftwarewillcontinuethisprocessuntileitherauthenticationmethodispassedorthesoftwarereachestheendofthemethodlist.Ifthesuper-userpasswordisnotrejectedafterallaccessmethodsinthelisthavebeentried,accessisgranted.
●Method
enableUseenablepasswordforauthentication
lineUseline(telnet)passwordforauthentication
localUselocaluserforauthentication
noneNOauthentication
radiusUseRADIUSauthentication
tacacsUseTACACSauthentication
tacacs+UseTACACS+authentication
·TACACS,TACACS+,RADIUS
------QuueryaTACACS,TACACS+,orRADIUSserverfor
username/password
·local
-----uselocallydefinedusername/passwordcombinations
·Line
-----usetheTELNETaccesspassword
·Enable
-----usethe“enable”Passwords
(super-user,port-config,read-only)
3.SNMPconfiguration
4.ospfneighbors形成需要匹配以下所有项:
(helloprotocol)
SubnetMask、Hello/DeadIntervals、Area-ID、Auth.Password
StubAreaflag
Helloprotocol的作用:
决定邻居是如何发现的;通告了形成邻居所必须的几个参数;hello包作为邻居间的存活消息;确保邻居之间的双向通信;在广播网络中选举DR和BDR
5.Foundry产品启用ospf路由协议:
1enableospfglobally
R(config)#routerospf
2configospfareaunderroutermode
R(config-ospf-router)#areaarea-id
3enterthemodeofinterfaceplacetheinterfaceinanareaconfig
R(config-if-e1000-1/1)#ipospfareaarea-id
注意:
必须先在路由模式下定义area,否则将不能再接口模式下将接口加入ospf协议中
6.foundry产品ospf中的计时器:
helloInterval、RouterDeadInterval、Retransmit-interval、Transmit-delay、SPFTimers、SPFDelay、SPFholdtime
SPFTimers:
Whentherouterreceivesatopologychange,thesoftwarewaitsbeforeitstartssSPFcalculation.Bydefault,thesoftwaits5s.ifyousetSPFdelayto0s,thesoftwareimmediatelybeginstheSPFcalculationafterreceivingatopologychange.
R(config-ospf-router)#timersspfspf-timersspf-hold-time
7.
DesignatedRouterElection
HighestPriorityWinsIftheneighborssharethesamepriority,therouterwiththehighestRouter-IDisdesignatedrouter(DR).(bydefault,theFoundryrouter-IDistheipaddressonthelowestnumberedloopbackinterface).ifthereisnoloopbackinterface,thentherouter-IDisthelowestnumberedipaddressconfiguredonthedevice.
8.BGP
BGPrunsonthetopofTCP,theportis179
1TworoutersformaTCPconnectiontoexchangeBGP
Prefixes(network/subnetmask)
2PrefixesareplacedinBGProutingtable,wherethebestpathtoeachprefixischosen&installedintheiproutingtable
3NoRoutesareadvertisedbydefault.Anetworkstatementorredistributionadvertisesaroute.
---WithBGPconnectionsbetweenASs,therouterdoesn’tadvertiseanyroutesbydefault.Tomakeitadvertiseroutes,youspecifyaroutetoadvertiseusingthenetworkstatementoruseredistribution.
---AS(AutonomousSystem)isasetofroutersunderasingletechnicaladministration,usinganinteriorgatewayprotocolandcommonmetricstoroutepacketswithintheASandusinganexteriorgatewayprotocoltoroutepacketstootherAS’s.
4BGProuteswithdrawn
--AspecificrouteadvertisedtoaBGPpeerisconsideredvaliduntiladvertisedasnolongervalid,ortheBGPsessionislost.IfBGPsessionislost,bothpeersstopusingroutinginformationtheylearnedfromtheotherpeer.
Privateaddresspool
----itisdifficulttogetaregisteredASnumberfromARIN.NET.instead,theprovidercangivethecustomeranASnumberfromtheprivatepoolofAss(64512-65535),andstrip(剥去)theseASsoutoftheroutingpathinformationwhenadvertisingthecustomer’sroutestowardsthecoreoftheinternetwork.
5WhyMulti-home?
---Needforredundancy,loadsharing,andlowertariffsatparticulartimesofthedayornightarereasonswhysomenetworkadministratorsconnecttheirenterprisetotwodifferentISPs.
6Multi-homealwaysmeansBGP?
---NO,ifyouhaveabackuplinkforredundancy,youcanuseacombinationofstaticanddefaultroutesinsteadofBGP.
7PreventingRoutingLoopswithBGP
---EachBGProuteraddshisASnumbertotheASPATHattribute.
---IfarouterseesitsASnumberintheASPATH,Itdropsthepackets
8BGPisaPathVectorprotocol
·ASpathVector---BGPusesapathvectormethodofoperation.Asnetworkreachabilityinformation(routes)movesthroughBGP,eachAStagstheinformationwithitsASnumber.
·ASPathlength---Thefartheryougetfromtheorigin,thelongertheASpathwillbe.ThisisroughlyanalogoustothehopcountinRIP,exceptthedeviceithopsisanentireAS,andthereisnomaximumASpathlengthaswithRIP.
*Basically,aprefixlearnedfromIBGPneighborcannotbeadvertisedtoanotherIBGPneighbor.ThispreventsloopingroutingannouncementsinanAS.
9WHYFullMesh?
----anIBGPneighborcannotre-advertiseroutesithaslearnfromanotherIBGPneighbor,sotheremustbeaIBGPsessiondirectlybetweeneachrouterandeveryotherrouter(fullmesh).
WhyuseInternalBGP?
---IBGP
·IBGPislikeatunnelthroughanASfromoneEBGProutertoanotherEBGProuter
·ShieldsIGPinternalroutersfromtheloadofexternalrouting
updates[internetroutingtable]
·IBGPallowsyoutousepoliciestochooseexit&entrancepointsforyoudatatraffic;IGPscan’t.
Note:
*IGPisusedtoestablishrequiredreachability.IBGPpeerswillneverestablishunlessthereisIPconnectivitybetweenthetwopeers.
10EBGPVSIBGP
·EBGP,noroutes-----bydefault,aBrocaderouteradvertisesnothingtoanEBGPpeer.Youneedtoconfigureittoadvertisespecificnetworkswiththe“network”statementunderrouterbgp,oruseredistribution(notrecommendedifyouhaveafullinternetroutetable)
·IBGP,almostallroutes---ifarouterhasmultipleroutesforanetwork,itwills
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- foundry 交换机 路由器