Cisco IOS命令参考

ip subset-zero

show ip route

<C-a> 跳转到开头 <C-e> 跳转到结尾 <C-z> 退出特权模式

• 设置主机名 hostname Router

• 设置banner banner motd 登录时显示 banner exec 创建vty连接时显示 banner login 在motd之后显示

• 设置密码

1. 设置enable时的密码的 enable secret 设置启用密码 enable password 设置启用加密密码（优先级高于启用密码）
2. 设置用户模式的密码 line console 0 控制器端口的用户模式密码 line aux 0 辅助端口密码 line vty 0 15 Telnet连接到路由器的密码

Router(config)#line console 0
Router(config-line)#password console
Router(config-line)#login

exec-timeout <minutes> <seconds> 会话的超时时间 logging synchronous 输出不会中断输入

• 设置域名 ip domain-name xxx.com

• 配置ssh登录

Router(config)#hostname r1           
r1(config)#ip domain-name barrygates.cn
r1(config)#crypto key generate rsa
The name for the keys will be: r1.barrygates.cn
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

r1(config)#
*Feb 14 11:42:15.394:  RSA key size needs to be atleast 768 bits for ssh version 2
r1(config)#
*Feb 14 11:42:15.402: %SSH-5-ENABLED: SSH 1.5 has been enabled
r1(config)#ip ssh version 2
Please create RSA keys to enable SSH (and of atleast 768 bits for SSH v2).
r1(config)#line vty 0 15
r1(config-line)#transport input ssh
r1(config-line)#

• 对密码加密 默认情况下只有启用加密密码是加密的，如果要让所有的密码都加密 service password-encryption。

• 端口描述

r1(config)#int fastEthernet 0/0
r1(config-if)#ip address 172.16.0.1 255.255.0.0
r1(config-if)#description for test
r1(config-if)#exit
r1(config)#do show interfaces description
Interface                      Status         Protocol Description
Fa0/0                          admin down     down     for test
r1(config)#

辅助IP地址

r1(config-if)#ip address 172.16.1.1 255.255.0.0 secondary

• 管道

r1#sh run | ?
  append    Append redirected output to URL (URLs supporting append operation
            only)
  begin     Begin with the line that matches
  count     Count number of lines which match regexp
  exclude   Exclude lines that match
  format    Format the output using the specified spec file
  include   Include lines that match
  redirect  Redirect output to URL
  section   Filter a section of output
  tee       Copy output to URL

• 保存配置

copy running-config startup-config

• 删除配置

erase startup-config

• 重置端口计数器

clear counters e0/0

show protocols 接口1、2层情况，IP地址 show controllers 物理接口情况

DHCP设置

IOU1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
IOU1(config)#ip dhcp pool MyNetwork
IOU1(dhcp-config)#network 192.168.10.0 255.255.255.0
IOU1(dhcp-config)#default-router 192.168.10.1
IOU1(dhcp-config)#dns-server 8.8.8.8
IOU1(dhcp-config)#lease 3 12 15

上面表示创建了一个192.168.10.0/24下的地址池，DNS服务器为8.8.8.8，默认网关为192.168.10.1，排除两个地址，地址租期为3天12小时15分钟。

DHCP中继

如果不配置，路由器默认情况对DHCP广播丢弃。

IOU1(config)#int f0/0
IOU1(config-if)#ip helper-address 10.10.10.254

将DHCP广播转发到10.10.10.254。

对于DHCP的信息验证

show ip dhcp binding 已分配的IP状态

show ip dhcp pool [poolname] IP地址池情况

show ip dhcp server statistics DHCP统计情况

show ip dhcp conflict 冲突情况

NTP

IOU1(config)#ntp server 172.16.10.1 version 4
IOU1(config)#ntp master
IOU1#show ntp status
IOU1#show ntp associations

CDP

show cdp会显示CDP定时器、CDP信息在表中的保持时间

• cdp holdtime
• cdp timer no cdp run 关闭cdp show cdp neighbors显示直连设备的信息，cdp不会穿越思科交换机。详细信息包括show cdp entry *和show cdp neighbors detail。