Professional Documents
Culture Documents
OSPF - Open Shortest Path First - IS-IS - Intermediate System to Intermediate System
Astuces Cisco
Par Fred le samedi, juillet 14 2007, 19:03 - Cisco - Lien permanent cisco
Voici quelques astuces appliquer sur vos routeurs Cisco: Synchroniser la console Comment rendre une interface up lorsqu'elle n'est pas branch Configurer ses bannires Utiliser des alias Modifier plusieurs interfaces simultanment Effacer la table de routage Dfinir l'adresse source d'un service Protger l'accs un quipement par une access list Modifier le niveau de log Configuration ntp pour l'heure d't Activer le debug en SSH Activer SSH Rebooter le module d'un C6500 Vrifier la consommation d'un C6500 Ajuster l'interval de calcul de charge des interfaces Filtrer la sortie show process cpu Effacer la configuration d'une interface Modifier la cl ssh d'un quipement Afficher les logs avec la date du jour Connaitre le nombre d'adresse MAC disponible et utilis Dsactiver le prompt "more"
Tous les tags Liens Outils Nemako Mon Univers Netvibes Whois Info IP Crer Htaccess Ma liste de DVDs Archives Partenaires phpFreeChat Lafraise.com S'abonner Fil des billets Fil des commentaires
Synchroniser la console
Voici deux petits pense-btes pour bien utiliser la console sur du matriel Cisco:
logging synchronous : cette directive permet de synchroniser la sortie terminal et la ligne de commande. Par
exemple, si vous tapez une ligne de commande et que le routeur affiche un message dans le terminal, votre texte va alors se rafficher. exec-timeout 0 0 : ceci permet de dsactiver le timeout en ligne de commande. Ceci peut tre utile dans le cas d'un laboratoire de test. En situation:
Router(config)# interface ethernet 0 Router(config-if)# ip address 10.0.0.1 255.255.255.0 Router(config-if)# no shutdown Router#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0 10.0.0.1 YES manual administratively down down
En utilisant la commande no keepalive:
Router(config-if)# no shutdown Router(config-if)# no keepalive Router#show ip interface brief Interface IP-Address Ethernet0 10.0.0.1
Protocol up
R1(config)# alias exec sib show ip int brief R1(config)# alias exec sir show ip route
Pour visualiser les alias:
help logout ping resume show undebug undebug where show ip int brief show ip route
converted by Web2PDFConvert.com
ip ssh source-interface gigabitEthernet 0/1 ip telnet source-interface loopback 0 ip tftp source-interface loopback 2 ip tacacs source-interface tunnel 0 logging source-interface loopback 0
ip access-list extended MGT-SSH permit tcp 10.12.0 0.0.0.255 gt 1023 host 0.0.0.0 eq 22 permit tcp 10.13.0 0.0.0.255 gt 1023 host 0.0.0.0 eq 22 deny ip any any log ! line vty 0 4 access-class MGT-SSH in transport input ssh
Routeur1#sh logging Syslog logging: enabled (12 messages dropped, 6 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) Console logging: level debugging, 1191740 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level warnings, 1 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled ... Log Buffer (4096 bytes): .Aug 12 14:24:22.476: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state
Les logs gnres par une access list ont un niveau informational, ainsi le niveau warnings configur pour le buffer ne nous permettra pas de visualiser ces logs. Pour changer le niveau de log:
Routeur1#sh logging ... Buffer logging: level informational, 2 messages logged, xml disabled, filtering disabled ... Log Buffer (4096 bytes):
ntp server 192.168.1.2 prefer ntp server 192.168.1.3 clock timezone CET 1 clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:
Debug
Visualiser les commandes debug actuellement actives:
converted by Web2PDFConvert.com
R1# sh debugging IP routing: BGP debugging is on for all address families OSPF events debugging is on IP multicast: PIM debugging is on
Dsactiver toutes les commandes debug:
Activer SSH
Router-01(config)#ip ssh version 2 Please create RSA keys to enable SSH.
Gnrer la cl RSA
Router-01(config)#crypto key generate rsa The name for the keys will be: C3845.intranet.nemako.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
Activer SSH
C3750# sh crypto key mypubkey rsa % Key pair was generated at: 14:28:12 Key name: C3750.intranet Usage: General Purpose Key Key is not exportable. Key Data: 12345678 90123456 4886F70D 01010105 1C6B0C36 DAD96A2B 93ADBDCB 12345678 B6B365EF AAAAAAAA 12345678 90123456 % Key pair was generated at: 09:22:32 Key name: C3750.intranet.server Usage: Encryption Key Key is not exportable. Key Data: 12345678 90123456 4886F70D 01010105 9CB0C35B 37508A38 6D9D1E44 12345678 B8342222 1C3CC7DB 12345678 90123456 9D2DB0D9 00000000 27E2F343 7D1D3B34
00034B00 30480241 00E344FA 6AC1EA9A 90123456 C2C9A198 CDFG0000 B409EC84 FADAEF65 CCB1D2D7 15020301 0001 UTC Jan 15 2008
converted by Web2PDFConvert.com
C3750#conf t Enter configuration commands, one per line. End with CNTL/Z. C3750(config)#crypto key zeroize rsa C3750.intranet.server % Keys to be removed are named named 'C3750.intranet.server'. % All router certs issued using these keys will also be removed. Do you really want to remove these keys? [yes/no]: yes C3750(config)#crypto key zeroize rsa C3750.intranet % Keys to be removed are named named 'C3750.intranet'. % All router certs issued using these keys will also be removed. Do you really want to remove these keys? [yes/no]: yes
Il suffit maintenant de gnrer une nouvelle cl:
C3750(config)# crypto key generate rsa The name for the keys will be: C3750.intranet Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys ...[OK] C3750(config)#
C3845-2(config)#int tun 0 C3845-2(config-if)#? ... load-interval Specify interval for load calculation for an interface C3845-2(config-if)#load-interval ? <30-600> Load interval delay in seconds
Voici une interface configur par dfaut
C3845-2#sh int gi 0/0 GigabitEthernet0/0 is up, line protocol is up ... 5 minute input rate 2140000 bits/sec, 579 packets/sec 5 minute output rate 6217000 bits/sec, 769 packets/sec
Configurer l'interval 30 secondes
C3845-2(config)#int tun 0 C3845-2(config-if)# load-interval 30 C3845-2#sh int tun 0 Tunnel0 is up, line protocol is up ...
converted by Web2PDFConvert.com
30 second input rate 1461000 bits/sec, 388 packets/sec 30 second output rate 892000 bits/sec, 368 packets/sec
C3825#sh processes cpu CPU utilization for five seconds: 1%/1%; one minute: 10%; five PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY 1 8 255 31 0.00% 0.00% 0.00% 0 2 1084 2024779 0 0.00% 0.00% 0.00% 0 3 1138252 31651957 35 0.00% 0.03% 0.02% 0 4 0 1 0 0.00% 0.00% 0.00% 0 5 4209864 1034803 4068 0.00% 0.03% 0.02% 0 6 2448 3992 613 0.00% 0.00% 0.00% 0 7 0 2 0 0.00% 0.00% 0.00% 0 8 0 168733 0 0.00% 0.00% 0.00% 0 9 0 1 0 0.00% 0.00% 0.00% 0 10 48 10123865 0 0.00% 0.00% 0.00% 0 11 52 10123865 0 0.00% 0.00% 0.00% 0 12 0 1 0 0.00% 0.00% 0.00% 0 13 0 1 0 0.00% 0.00% 0.00% 0 14 0 1 0 0.00% 0.00% 0.00% 0 15 0 1 0 0.00% 0.00% 0.00% 0 16 892 2024778 0 0.00% 0.01% 0.00% 0 17 200 170244 1 0.00% 0.00% 0.00% 0 18 0 2 0 0.00% 0.00% 0.00% 0 19 0 2 0 0.00% 0.00% 0.00% 0 20 0 1 0 0.00% 0.00% 0.00% 0 21 0 1 0 0.00% 0.00% 0.00% 0 ...
Voici donc un moyen simple de voir les process principaux utilis par votre quipement:
minutes: 5% Process Chunk Manager Load Meter OSPF-1 Hello EDDRI_MAIN Check heaps Pool Manager Timers IPC Dynamic Cach IPC Zone Manager IPC Periodic Tim IPC Deferred Por IPC Seat Manager IPC BackPressure OIR Handler Crash writer Environmental mo ARP Input ATM Idle Timer AAA high-capacit AAA_SERVER_DEADT Policy Manager
C3825#sh processes cpu | excl 0.00% 0.00% 0.00% CPU utilization for five seconds: 3%/2%; one PID Runtime(ms) Invoked uSecs 5Sec 2 1084 2024782 0 0.00% 3 1138256 31651995 35 0.00% 5 4209888 1034807 4068 0.24% 16 892 2024781 0 0.00% 37 8160276 7377317 1106 0.24% 47 2034740 170147 11958 0.00% 76 220 502 438 0.08% 99 1512248 20737241 72 0.00% 159 960 101236184 0 0.00% 265 3092 10216394 0 0.00%
minute: 1Min 0.01% 0.03% 0.04% 0.01% 0.13% 0.02% 0.01% 0.01% 0.02% 0.02%
8%; five minutes: 5% 5Min TTY Process 0.00% 0 Load Meter 0.02% 0 OSPF-1 Hello 0.02% 0 Check heaps 0.00% 0 Environmental mo 0.12% 0 Net Background 0.00% 0 Per-minute Jobs 0.00% 706 SSH Process 0.00% 0 IP Input 0.00% 0 RBSCP Background 0.05% 0 NTP
C2950# sh run int Fa1/0/35 Building configuration... Current configuration : 230 bytes ! interface FastEthernet1/0/35 switchport access vlan 7 switchport mode access speed 100 duplex full no mdix auto no cdp enable spanning-tree portfast spanning-tree bpduguard enable service-policy input POLICY_PHONE end
Et voici comment effacer toute la configuration en une seule commande:
C2950#conf t Enter configuration commands, one per line. End with CNTL/Z. C2950(config)#default interface FastEthernet1/0/35 Interface FastEthernet1/0/35 set to default configuration
converted by Web2PDFConvert.com
Le rsultat:
C2950# sh run int Fa1/0/35 Building configuration... Current configuration : 36 bytes ! interface FastEthernet1/0/35 end
R0#sh logging ... 00:59:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed
converted by Web2PDFConvert.com