Sa1ka's Shelter

Cisco IOS命令参考

Word count: 836Reading time: 4 min
2019/12/06 Share

ip subset-zero

show ip route

跳转到开头
跳转到结尾
退出特权模式

  • 设置主机名
    hostname Router

  • 设置banner
    banner motd 登录时显示
    banner exec 创建vty连接时显示
    banner login 在motd之后显示

  • 设置密码

  1. 设置enable时的密码的
    enable secret 设置启用密码
    enable password 设置启用加密密码(优先级高于启用密码)
  2. 设置用户模式的密码
    line console 0 控制器端口的用户模式密码
    line aux 0 辅助端口密码
    line vty 0 15 Telnet连接到路由器的密码
1
2
3
Router(config)#line console 0
Router(config-line)#password console
Router(config-line)#login

exec-timeout <minutes> <seconds> 会话的超时时间
logging synchronous 输出不会中断输入

  • 设置域名
    ip domain-name xxx.com

  • 配置ssh登录

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    Router(config)#hostname r1           
    r1(config)#ip domain-name barrygates.cn
    r1(config)#crypto key generate rsa
    The name for the keys will be: r1.barrygates.cn
    Choose the size of the key modulus in the range of 360 to 4096 for your
    General Purpose Keys. Choosing a key modulus greater than 512 may take
    a few minutes.

    How many bits in the modulus [512]:
    % Generating 512 bit RSA keys, keys will be non-exportable...
    [OK] (elapsed time was 0 seconds)

    r1(config)#
    *Feb 14 11:42:15.394: RSA key size needs to be atleast 768 bits for ssh version 2
    r1(config)#
    *Feb 14 11:42:15.402: %SSH-5-ENABLED: SSH 1.5 has been enabled
    r1(config)#ip ssh version 2
    Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
    r1(config)#line vty 0 15
    r1(config-line)#transport input ssh
    r1(config-line)#

  • 对密码加密
    默认情况下只有启用加密密码是加密的,如果要让所有的密码都加密
    service password-encryption

  • 端口描述

    1
    2
    3
    4
    5
    6
    7
    8
    9
    r1(config)#int fastEthernet 0/0
    r1(config-if)#ip address 172.16.0.1 255.255.0.0
    r1(config-if)#description for test
    r1(config-if)#exit
    r1(config)#do show interfaces description
    Interface Status Protocol Description
    Fa0/0 admin down down for test
    r1(config)#

辅助IP地址

1
r1(config-if)#ip address 172.16.1.1 255.255.0.0 secondary
  • 管道

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    r1#sh run | ?
    append Append redirected output to URL (URLs supporting append operation
    only)
    begin Begin with the line that matches
    count Count number of lines which match regexp
    exclude Exclude lines that match
    format Format the output using the specified spec file
    include Include lines that match
    redirect Redirect output to URL
    section Filter a section of output
    tee Copy output to URL

  • 保存配置

    1
    copy running-config startup-config
  • 删除配置

    1
    erase startup-config
  • 重置端口计数器

    1
    clear counters e0/0

show protocols 接口1、2层情况,IP地址
show controllers 物理接口情况

DHCP设置

1
2
3
4
5
6
IOU1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
IOU1(config)#ip dhcp pool MyNetwork
IOU1(dhcp-config)#network 192.168.10.0 255.255.255.0
IOU1(dhcp-config)#default-router 192.168.10.1
IOU1(dhcp-config)#dns-server 8.8.8.8
IOU1(dhcp-config)#lease 3 12 15

上面表示创建了一个192.168.10.0/24下的地址池,DNS服务器为8.8.8.8,默认网关为192.168.10.1,排除两个地址,地址租期为3天12小时15分钟。

DHCP中继

如果不配置,路由器默认情况对DHCP广播丢弃。

1
2
IOU1(config)#int f0/0
IOU1(config-if)#ip helper-address 10.10.10.254

将DHCP广播转发到10.10.10.254。

对于DHCP的信息验证

show ip dhcp binding 已分配的IP状态

show ip dhcp pool [poolname] IP地址池情况

show ip dhcp server statistics DHCP统计情况

show ip dhcp conflict 冲突情况

NTP

1
2
3
4
IOU1(config)#ntp server 172.16.10.1 version 4
IOU1(config)#ntp master
IOU1#show ntp status
IOU1#show ntp associations

CDP

show cdp会显示CDP定时器、CDP信息在表中的保持时间

  • cdp holdtime
  • cdp timer
    no cdp run 关闭cdp
    show cdp neighbors显示直连设备的信息,cdp不会穿越思科交换机。详细信息包括show cdp entry *show cdp neighbors detail
CATALOG
  1. 1. DHCP设置
    1. 1.1. DHCP中继
    2. 1.2. 对于DHCP的信息验证
  2. 2. NTP
  3. 3. CDP