CISCO 常用命令(大同小异)
CISCO 常用命令,请根据具体设备“灵活应用” 计算机命令~~~~~~~~~~
PCA login: root ;使用root用户
password: linux ;口令是linux
# shutdown -h now ;关机
# init 0 ;关机
# logout
# login
# ifconfig ;显示IP地址
# ifconfig eth0 <ip address> netmask <netmask> ;设置IP地址
# ifconfig eht0 <ip address> netmask <netmask> down ; 删除IP地址
# route add 0.0.0.0 gw <ip>
# route del 0.0.0.0 gw <ip>
# route add default gw <ip> ;设置网关
# route del default gw <ip> ;删除网关
# route ;显示网关
# ping <ip>
# telnet <ip> ;建议telnet之前先ping一下
----------------------------------------
交换机命令
~~~~~~~~~~
super password 修改特权用户密码
sysname 交换机命名
interface ethernet 0/1 进入接口视图
interface vlan x 进入接口视图
ip address 10.65.1.1 255.255.0.0
ip route-static 0.0.0.0 0.0.0.0 10.65.1.2 静态路由=网关
user-interface vty 0 4
authentication-mode password
set authentication-mode password simple 222
user privilege level 3
duplex {half|full|auto} 配置端口双工工作状态
speed {10|100|auto} 配置端口工作速率
flow-control 配置端口流控
mdi {across|auto|normal} 配置端口MDI/MDIX状态平接或扭接
port link-type {trunk|access|hybrid} 设置接口工作模式
shutdown 关闭/重起接口
quit 退出系统视图
vlan 3 创建/删除一个VLAN/进入VLAN模式
port ethernet 0/1 to ethernet 0/4 在当前VLAN增加/删除以太网接口
port access vlan 3 将当前接口加入到指定VLAN
port trunk permit vlan {ID|All} 设trunk允许的VLAN
port trunk pvid vlan 3 设置trunk端口的PVID
monitor-port <interface_type interface_num> 指定和清除镜像端口
port mirror <interface_type interface_num> 指定和清除被镜像端口
port mirror int_list observing-port int_type int_num 指定镜像和被镜像
description string 指定VLAN描述字符
description 删除VLAN描述字符
display vlan 查看VLAN设置
stp {enable|disable} 开启/关闭生成树,默认关闭
stp priority 4096 设置交换机的优先级
stp root {primary|secondary} 设置交换机为根或根的备份
stp cost 200 设置交换机端口的花费
isolate-user-vlan enable 设置主vlan
Isolate-user-vlan <x> secondary <list> 设置主vlan包括的子vlan
port hybrid pvid vlan <id> 设置vlan的pvid
port hybrid pvid 删除vlan的pvid
port hybrid vlan vlan_id_list untagged 设置无标识的vlan
如果包的vlan>
所以设置PVID为所属vlan> ----------------------------------------
路由器命令
~~~~~~~~~~
display version 显示版本信息
display current-configuration 显示当前配置
display interfaces 显示接口信息
display ip route 显示路由信息
sysname aabbcc 更改主机名
super passwrod 123456 设置口令
interface serial0 进入接口
ip address <ip><mask>
undo shutdown 激活端口
link-protocol hdlc 绑定hdlc协议
user-interface vty 0 4
authentication-mode password
set authentication-mode password simple 222
user privilege level 3
quit
debugging hdlc all serial0 显示所有信息
debugging hdlc event serial0 调试事件信息
debugging hdlc packet serial0 显示包的信息
静态路由:
ip route-static <ip><mask>{interface number|nexthop}
例如:
ip route-static 129.1.0.0 16 10.0.0.2
ip route-static 129.1.0.0 255.255.0.0 10.0.0.2
ip route-static 129.1.0.0 16 Serial 2
ip route-static 0.0.0.0 0.0.0.0 10.0.0.2
动态路由:
rip
rip work
rip input
rip output
network 1.0.0.0 ;可以all
network 2.0.0.0
peer ip-address
summary
rip version 1
rip version 2 multicast
rip split-horizon ;水平分隔
router> ospf enable 启动OSPF协议
import-route direct 引入直联路由
ospf enable area <area_id> 配置OSPF区域
标准访问列表命令格式如下:
acl <acl-number> 默认前者顺序匹配。
rule {permit|deny}
例:
acl 10
rule normal permit source 10.0.0.0 0.0.0.255
rule normal deny source any
扩展访问控制列表配置命令
配置TCP/UDP协议的扩展访问列表:
rule {normal|special}{permit|deny}{tcp|udp}source {<ip wild>|any}destination <ip wild>|any}
配置ICMP协议的扩展访问列表:
rule {normal|special}{permit|deny}icmp source {<ip wild>|any]destination {<ip wild>|any]
扩展访问控制列表操作符的含义
equal portnumber 等于
greater-than portnumber 大于
less-than portnumber 小于
not-equal portnumber 不等
range portnumber1 portnumber2 区间
扩展访问控制列表举例
acl 101
rule deny souce any destination any
rule permit icmp source any destination any icmp-type echo
rule permit icmp source any destination any icmp-type echo-reply
acl 102
rule permit ip source 10.0.0.1 0.0.0.0 destination 202.0.0.1 0.0.0.0
rule deny ip source any destination any
acl 103
rule permit tcp source any destination 10.0.0.1 0.0.0.0 destination-port equal ftp
rule permit tcp source any destination 10.0.0.2 0.0.0.0 destination-port equal www
firewall enable
firewall default permit|deny
int e0
firewall packet-filter 101 inbound|outbound
地址转换配置举例
firewall enable
firewall default permit
acl 101
rule deny ip source any destination any
rule permit ip source 129.38.1.4 0 destination any
rule permit ip source 129.38.1.1 0 destination any
rule permit ip source 129.38.1.2 0 destination any
rule permit ip source 129.38.1.3 0 destination any
acl 102
rule permit tcp source 202.39.2.3 0 destination 202.38.160.1 0
rule permit tcp source any destination 202.38.160.1 0 destination-port great-than
1024
firewall packet-filter 101 inbound
firewall packet-filter 102 inbound
nat address-group 202.38.160.101 202.38.160.103 pool1
acl 1
rule permit source 10.110.10.0 0.0.0.255
rule deny source any
int serial 0
nat outbound 1 address-group pool1
nat server global 202.38.160.101 inside 10.110.10.1 ftp tcp
nat server global 202.38.160.102 inside 10.110.10.2 www tcp
nat server global 202.38.160.102 8080 inside 10.110.10.3 www tcp
nat server global 202.38.160.103 inside 10.110.10.4 smtp udp
PPP验证:
主验方:pap|chap
local-user u2 password {simple|cipher} aaa
interface serial 0
ppp authentication-mode {pap|chap}
ppp chap user u1 //pap时,不用此句
pap被验方:
interface serial 0
ppp pap local-user u2 password {simple|cipher} aaa
chap被验方:
interface serial 0
ppp chap user u1
local-user u2 password {simple|cipher} aaa
页:
[1]