计算机硬件及网络博科三层交换机ppt课件

The Essentials,1,The Essentials,The Essentials,2,Objectives,Upon completion of this module the student will be able to: Configure Foundry products with the Command Line Interface. Determine port settings from front panel LEDs List the contents of Flash Move contents between Flash and a TFTP Server Determine the Layer 2 or 3 configuration of the product. Control User Access,The Essentials,3,Console Port,DB-9 male interface. VT-100 terminal - straight-through cable (female to female not a null-modem). The VT-100 configuration is: 9600 Baud 8 Data Bits Parity = None Stop Bits = 1 Flow Control = None For MODEM Cross-Over cable (typically a DB-9F to DB-25F cable),The Essentials,4,Chassis Layout,Slot 1: Management Blade Slot 2: Interface Blade Slot 3: Interface Blade Slot 4: Interface Blade,Blade Model Number,Slots are numbered from top down or left to right beginning with slot #1.,Console port,Power Supply,The Essentials,5,Stackables Layout,The Essentials,6,Configure via character-based terminal/session Direct Connect to the Serial Port or Telnet to the System “?” at any prompt shows available commands SW-FI4802-PREM? enable Enter Privileged mode fastboot Select fast-reload option ping Ping IP node show Display system information stop-traceroute Stop current TraceRoute traceroute TraceRoute to IP Node Commands can be abbreviated SW-FI4802-PREM,s? show Display system information stop-traceroute Stop current TraceRoute SW-FI4802-PREM stop-traceroute,Command Line Interface (CLI) Basics,? SW-FI4802-PREM stop-traceroute , can be used for “?”,The Essentials,7,Privileged Level Enter through the “enable” command Can be password protected View detailed information (Show) Execute System-wide features (boot system),CLI Basics Command Tree,Levels of CLI commands: User Level View basic information Verify connectivity (Ping command),Privileged Level,Configuration Level,Configuration Level Enter through the “configure terminal” command Make global or local system changes (VLANs) Save changes with “write memory”,The Essentials,8,Different prompts indicate the level you are at: User = “” Privileged =“#” Configuration = “(config)#”,CLI Basics,enable Password:,SW-FastIron# ?,The Essentials,9,CLI Basics - CONFIG commands,SW-FastIron enable No password has been assigned yet. SW-FastIron# configure terminal SW-FastIron(config)#,Notice the CONFIG prompt:,?,The Essentials,10,CLI Basics,Privilege level NetIron enable superuser password NetIron# Executing system-wide commands Show Information Reload the system Copy image files or configuration files Set the system clock CONFIG Level BigIron# conf t (stands for “configure terminal”) BigIron(config)# Configure the System Assign system IP address Setup the Interfaces Setup DNS information (DNS server, domain) Indicate IP address of Time Server (NTP) or RADIUS server,The Essentials,11,CLI Basics,Interface Level SW-ServerIron(config)# int e1 (e1 = ethernet port #1) SW-ServerIron(config-if-1)# Port parameters ( type “?” at prompt for options) SW-ServerIron(config-if-1)# ? enable disable dhcp-gateway-list port-name mac monitor qos-priority speed-duplex ipg10 ipg100 ipg1000 ip-policy phy-mode spanning-tree flow-control auto-gig Current Context is shown by prompt SW-FastIron(config-if-e100-1)# (Interface #1) TurboIron(config-vif-1)# (Virtual Interface #1 - applies to routers only) NetIron(config-vlan-3)# (Virtual LAN #3) SW-ServerIron(config-tc-CacheFour)# (Transparent Cache named “CacheFour”) SW-ServerIron(config-vs-VIP1)# (Virtual Server named “VIP1”),The Essentials,12,Move back up the menu tree using “exit” SW-ServerIron(config-rs-c1)# exit SW-ServerIron(config)# exit SW-ServerIron# exit SW-ServerIron Use “end” or Cntl-Z to return to “#” prompt Display the running-config SW-ServerIron# write terminal SW-ServerIron# show running-config Display the saved startup-config SW-ServerIron# show config Erase the Startup-Config SW-ServerIron# erase startup-config The CLI supports up / down arrow for access to the last commands entered SW-ServerIron(config)# ping Invalid input - ping Type ? for a list SW-ServerIron(config)#exit SW-ServerIron#,In your terminal emulation program, press the “up” arrow,CLI Basics,The Essentials,13,Identifying Software Images,Foundry products run one of three types of flash images: Router Code Switch Code ServerIron Code View the Current Running Image BigIron#,BigIron# show version SW: Version 07.5.01T23 Copyright (c) 1996-2001 Foundry Networks, Inc. Compiled on Jun 04 2001 at 15:50:59 labeled as VM1R07501 (2852369 bytes) from Primary vm1r07501.bin HW: Chassis 4000 Router, SYSIF version 21,The Essentials,14,Image Nomenclature BIRxxyzz.BIN B2Rxxyzz.BIN Router code (The “2” indicates redundant management) _ BIPxxyzz.BIN B2Pxxyzz.BIN IP-only router code _ BISxxyzz.BIN B2Sxxyzz.BIN Switch code (The “2” indicates redundant management) _ BBRxxyzz.bin Switch code with basic Layer 3 support _ FWSxxyzz.BIN Switch code _ NBRxxyzz.bin Switch code with basic Layer 3 support _ SLBxxyzz.BIN Server Iron Code _ N8Rxxyzz.BIN Router code (for Stackable devices with three LEDs per port) _ BL3xxyzz.BIN 4802 or any chassis based FastIron _ m2bxxyzz.BIN Boot Image for BigIron,Identifying Software Images Cont.,xx = Major Release, y = Minor release, zz=Maintenance Release,The Essentials,15,Software Options and Filenames,xxyzz T X Y,NetIronshow flash,Code Flash Type: AMD 29F016, Size: 32 * 65536 = 2097152, Unit: 1,Boot Flash Type: AMD 29F010, Size: 8 * 16384 = 131072,Compressed Primary Code size = 583323, Version 07.5.01T53,Compressed Secondary Code size = 584847, Version 07.5.02T53,Boot Image Version 03.02.50,Monitor Image Version 1, for DRAM size 2097152,NetIron,The Essentials,16,File Management,Two Image Storage Areas Primary & Secondary View the Flash: BigIron Router#sho flash Active management module: Code Flash Type: AMD 29F032B, Size: 64 * 65536 = 4194304, Unit: 2 Boot Flash Type: AMD 29F040, Size: 8 * 65536 = 524288 Compressed Pri Code size = 3485205, Version 07.5.01T53 (b2r07501.bin) Compressed Sec Code size = 3494253, Version 07.5.02T53 (b2r07502.bin) Maximum Code Image Size Supported: 3866112 (0x003afe00) Boot Image size = 149324, Version 07.02.01 (m2b07201.bin),The Essentials,17,Specify where to boot from: Primary Flash Secondary Flash TFTP Server BootP Server Where you enter the command also dictates when to load,abbreviated but unique command line,File Management (continued),Flash Primary Flash Secondary,System,TFTP Server,Image Code,Management Module,PRIVILEGED level - IMMEDIATE reboot/reload SW-FastIron# boot system flash secondary SW-FastIron# b s f s,CONFIG level - Load at next scheduled reboot or BigIron#(config)# boo sy f s BigIron#(config)# wri mem BigIron# reload at 06:00:00 01-19-04,The Essentials,18,File Copy commands,From/To TFTP Servers From/To Primary or Secondary Flash Exec Privileged Level: NetIron# copy tftp flash 4 vm1r07501.bin secondary Copies from the TFTP server the file “vm1r07501.bin ” and stores it to the secondary flash area.,NetIron# copy flash tftp 4 vm1r07501.bin secondary Copies the system image from the secondary flash area and stores it to the TFTP server as filename “vm1r07501.bin”.,TurboIron# copy flash flash ? primary Copy secondary to primary secondary Copy primary to secondary TurboIron# copy flash flash primary Copies the system image from the secondary flash area to the primary.,SW-FastIron# copy running-config tftp 4 new.cfg Copies from the current running config (not the stored config) and writes it to the TFTP server as filename “new.cfg”. NetIron# copy tftp flash 4 nib06007.bin boot Copies the boot image from tftp server to the boot memory location of flash.(“boot” is a hidden parameter),Management Module,Flash Primary Flash Secondary,System,The Essentials,19,Upgrading to 7.602 and Beyond,Management Module,Flash Primary Flash Secondary,System,B2R07.5.0.X,Boot Code Image Code,M2R07.5.0.X,Step 3 reload,Step 5 reload,To upgrade a FI-4802 or a chassis from a pre-07.6.01 release to release 07.6.02, do the following: 1. Upgrade the boot code to version 07.6.02. 2. Upgrade the flash code to version 07.6.01 3. reload the system 4. Upgrade the flash code to version 07.6.02 5. reload the system,Upgrading directly from pre-7.601 to 7.602 is not possible due the required compression algorithm.,The Essentials,20,Most configuration changes take effect immediately. To make permanent (i.e., persistent after a re-boot) save the changes to FLASH: TurboIron# write memory To see the running configuration: SW-FastIron# write terminal or SW-FastIron# show running-config To see the start-up configuration file: NetIron# show configuration Note: The running config and stored config (startup config) may or may not be the same. The running config is lost during a power cycle.,Write/Show Config commands,Running Config,Startup Config,write memory,reload,show running-config,show configuration,The Essentials,21,Show Commands - Switch & Router,Switch and Router show commands: show version Software version and uptime show interface Interf status (up or down etc.) show stat Interface statistics show ip IP info (address, mask etc.) show span Spanning tree info show mac-address MAC forwarding table show mac-address stat # of MACs learned per port show flash Flash memory images show vlan Configured VLANs show telnet IP addr of active telnet sessions show trunk Configd and active trunk groups show tech-support Shows technical details for assistance in troubleshooting issues when working with technical support.,The Essentials,22,Show Commands - Router only,Router-only show commands: NetIron# show arp ARP cache NetIron# show ip interface ip interface information NetIron# show ip cache IP host/MAC table NetIron# show ip ospf OSPF information NetIron# show ip route IP routes and their status NetIron# show ip traffic IP (ICMP, UDP, TCP, RIP) traffic statistics NetIron# show ip dvmrp DVMRP information NetIron# show ipx cache Summary of IPX information NetIron# show ipx interface IPX interface information NetIron# show ipx routes IPX route information NetIron# show ipx servers IPX servers defined for the router NetIron# show ipx traffic IPX traffic statistics Many of the above commands have several branches. An example is NetIron# show ip ospf neighbor Neighbor router information Reference the manual for a complete list of all commands.,The Essentials,23,Clear Commands,Clearing forwarding and route tables Switch / Router clear commands:(SW-FastIron, TurboIron, BigIron) TurboIron# clear arp Clears ARP table TurboIron# clear mac-address Clears the MAC forwarding tables TurboIron# clear statistics Clears all statistic counters. NetIron# clear logging Clears the system log Router-only clear commands:(NetIron, TurboIron, BigIron) NetIron# clear ip route Clears IP route tables. NetIron# clear ip cache Clears IP host/MAC tables NetIron# clear ipx route Clears IPX route tables. NetIron# clear ipx cache Clears IPX cache Clearing Individual Entries The mac parameter clears only the entries that match the specified address and mask. The vlan parameter clears only the entries that match the specified VLAN. clear mac-address Removes learned MAC address entries from the MAC address table. EXAMPLE: BigIron# clear mac-address ethernet 1/1,The Essentials,24,Ping Command,Helpful when trying to verify connectivity Cannot be entered when in “configure” mode A few sample PING commands: SW-FastIron ping 0 SW-FastIron# ping 0 count 100 SW-FastIron ping 0 size 1200 SW-FastIron# ping 0 ttl 5 c 10 s 200 Issues 10 pings with a time to live of 5 and each ping is 200 bytes long Use “?” after the address for other options Syntax: ping | source count timeout ttl size quiet numeric no-fragment verify data brief,The Essentials,25,Configuring CLI Banners,SW-FI4802-PREM(config)#banner motd $ Enter TEXT message, End with the character $.,Telnet 5 Education Services Welcomes you SW-telnetFI4802-PREM,Education Services Welcomes you $ SW-FI4802-PREM(config)#,A greeting message can be configured on users terminals when they enter the Privileged EXEC CLI level or access the device through Telnet.,Telnet Banner,SW-FI4802-PREM(config)#banner motd # Enter TEXT message, End with the character #.,Get back to work Local Admin! # SW-FI4802-PREM(config)#,CLI Banner,The Essentials,26,User Access Control (Overview),LAN,IP Add: 5,Telnet 5 Telnet password:Tel_Passwd SW-FI4802enable En_password SW-FI4802#,Locally Defined Passwords Enable Password (three levels) Telnet Password Web Password (SNMP Community String) Username / Password lists,SW-FI4802enable En_password SW-FI4802#,The Essentials,27,CLI Basics - Passwords,Factory Default = no Enable passwords Passwords can be up to 32 characters long Multiple levels of “Enable” password access Access depends on which password you use Super User - Unlimited access, can change all parameters Configure Port - Change interface level parameters Read Only - View only, no changing allowed BigIron(config)# enable super-user-password SuPswd BigIron(config)# enable port-config-password PCPswd BigIron(config)# enable read-only-password ROPswd BigIron enable PCPswd or BigIron enable Password: If the system password is not yet set, the system warns you BigIron enable No password has been assigned yet.,The Essentials,28,Password Examples,Defining the Super-User (Enable) password SW-ServerIron(config)#enable super-user-password SuPswd SW-ServerIron(config)#quit SW-ServerIron enable SuPswd Port Config (Enable) password accesses a limited set of commands SW-ServerIron(config)#enable port-config-password PCPswd SW-ServerIronenable PCPswd SW-ServerIron#conf t SW-ServerIron(config)#? end exit quit no show interface Read Only Password Limits user to Exec User and Exec Privileged levels SW-ServerIron(config)#enable read-only-password ROPswd SW-ServerIronenable ROPswd SW-ServerIron#? exit quit ping show telnet,The Essentials,29,CLI Basics - Passwords, recovering,You can recover from a forgotten password Requires direct access to the Serial Port and a System Reset Have terminal session plugged into serial port, then: Reboot the system Within 2 seconds, enter b to initiate the boot monitor BOOT MONITOR no password (cannot be abbreviated) BOOT MONITOR boot system flash primary This bypasses the system password check SW-FastIron enable No password has been assigned yet SW-FastIron# Reassign Super-User password & save config SW-FastIron(config)#enab super-user NewPassword (assigns a new password) SW-FastIron(config)#write memory,The Essentials,30,Also specify passwords for: Telnet Access SW-FastIron(config)#enable telnet password TelNetPswd Where Passwords can be changed from SW-FastIron(config)#password-change serial-port-only options: Usernames / Password combinations Specify Username, Password and Privilege Level (config)#username BigKahuna priv 0 password BKpswd Privilege level: 0=Super-User, 4=Port-Config, 5=Read-only A Super-User account (or Super-User enable password) must be set before you can create lower-access accounts Passwords are stored in Config File ENCRYPTED (default) or you can turn off encryption (config)# no service password-encryption Username Lists are applied with AAA commands,CLI Basics - Passwords,The Essentials,31,Passwords - aaa authentication types,Authentication for the following access types Syntax: aaa authentication default aaa authentication what type of access default how to validate,aaa authentication snmp-server . SNMP applications - IronView, HPOV, Spectrum, etc. aaa authentication web-server . Web Browser to Foundry Switches and Routers aaa authentication enable . “enable” command to gain Privileged and CONFIG level access aaa authentication login . TELNET access to the Foundry Switch/Router,The Essentials,32,Passwords - aaa authentication methods,Athentication methods Syntax: aaa authentication default If a validation method is NOT configured, use next method,TACACS, TACACS+, RADIUS Query a TACACS, TACACS+ or RADIUS server for username/password local Use locally defined username/password combinations line Use the TELNET access password enable Use the “enable” passwords (super-user, port-config, read-only),The Essentials,33,Remote Access Server,Telnet 5 Telnet password:Tel_Passwd SW-FI4802enable En_password SW-FI4802#,IP Add: 5,TACACS Server,AAA Example Type of Access Validation Method