使用Cisco IOS CLI配置基本软件
Table Of Contents
目录
Basic Software Configuration Using the Cisco IOS Command-Line Interface
使用Cisco IOS CLI配置基本软件
Contents
内容
Platforms Supported by This Document
文档支持的平台
Prerequisites for Basic Software Configuration Using the Cisco IOS CLI
使用Cisco IOS CLI基本软件配置的首要条件
Restrictions for Basic Software Configuration Using the Cisco IOS CLI
使用Cisco IOS CLI基本软件配置的限制
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
怎么使用Cisco IOS CLI完成一个基本软件配置
Configuring the Router Hostname
设置主机名
Configuring the Enable and Enable Secret Passwords
设置enable与enable secret密码
Configuring the Console Idle Privileged EXEC Timeout
设置控制台实行特权置闲的超时时间
Configuring Fast Ethernet and Gigabit Ethernet Interfaces
设置快速以太网接口与千兆以太网接口
Specifying a Default Route or Gateway of Last Resort
指定一个默认路由或网关的方法(??)
Configuring Virtual Terminal Lines for Remote Console Access
为远程控制访问设置虚拟终端线路
Configuring the Auxiliary Line
配置aux
Verifying Network Connectivity
检验网络连通性
Saving Your Router Configuration
保存路由器配置
Saving Backup Copies of Your Configuration and System Image
保存备份你的配置与系统镜像
Where to Go Next
下一步
Additional References
另附参考
Related Documents—Basic Software Configuration
相关文档—基本软件配置
Related Documents—Additional Configuration
相关文档—其他配置
Technical Assistance
技术支援
Basic Software Configuration Using the Cisco IOS Command-Line Interface
This document describes how to use the Cisco IOS command-line interface (CLI) to perform a basic software configuration for your router.
这个文档描述怎么在你的路由器使用Cisco IOS CLI去完成基本软件配置。
Contents
目录
• Platforms Supported by This Document
文档支持的平台
• Prerequisites for Basic Software Configuration Using the Cisco IOS CLI
使用Cisco IOS CLI基本软件配置的首要条件
• Restrictions for Basic Software Configuration Using the Cisco IOS CLI
使用Cisco IOS CLI基本软件配置的限制
• How to Perform a Basic Software Configuration Using the Cisco IOS CLI
怎么使用Cisco IOS CLI完成一个基本软件配置
• Where to Go Next
接下来
• Additional References
另附参考
Platforms Supported by This Document
文档支持的平台
Use this document with the following platforms:
下列的平台支持使用本文档
• Cisco 1800 series routers
•Cisco 1800系列路由器
• Cisco 2800 series routers
•Cisco 2800 系列路由器
• Cisco 3800 series routers
•Cisco 3800 系列路由器
Prerequisites for Basic Software Configuration Using the Cisco IOS CLI
使用Cisco IOS CLI基本软件配置的首要条件
Follow the instructions in the quick start guide that shipped with your router to install the chassis, connect cables, and power up the router.
依照快速向导的指示来进行路由器的安装、电缆连接和打开电源
Timesaver Before powering up the router, disconnect all WAN cables from the router to keep it from trying to run the AutoInstall process. The router may try to run AutoInstall if you power it on while there is a WAN connection on both ends and the router does not have a valid configuration file stored in NVRAM (for instance, when you add a new interface). It can take several minutes for the router to determine that AutoInstall is not connected to a remote TCP/IP host.
在打开路由器电源前,断开所有WAN电缆抑制它设法运行自动安装程序。当在两端都连接到WAN 并且路由器的NVRAM中没有存储有效的配置文件时,路由器可能试图运行自动安装 (例如在添加新的接口的时候)。路由器需要几分钟来发现自动安装程序没有连接到一个远程的TCP/IP主机。
Restrictions for Basic Software Configuration Using the Cisco IOS CLI
使用Cisco IOS CLI基本软件配置的限制
If Cisco Router and Security Device Manager (SDM) is installed on your router, we recommend that you use Cisco SDM instead of the Cisco IOS CLI to perform the initial software configuration. To access SDM, see the quick start guide that shipped with your router.
如果路由器上安装了Cisco Router和SDM,我们推荐你使用Cisco SDM代替Cisco IOS CLI去完成初始化软件配置。如何访问SDM请看装在路由器上的快速开始指导。
How to Perform a Basic Software Configuration Using the Cisco IOS CLI
如何使用Cisco IOS CLI完成一个基本软件配置
This section contains the following procedures:
这部分包含以下的步骤
• Configuring the Router Hostname (Optional)
• 设置路由器主机名(可选)
• Configuring the Enable and Enable Secret Passwords (Required)
• 设置enable和enable Secret密码(必须)
• Configuring the Console Idle Privileged EXEC Timeout (Optional)
• 设置控制台特权实行超时(可选)
• Configuring Fast Ethernet and Gigabit Ethernet Interfaces (Required)
• 设置快速以太网接口与吉比特以太网接口(必须)
• Specifying a Default Route or Gateway of Last Resort (Required)
•指定最近请求的默认路由和网关(必须)
• Configuring Virtual Terminal Lines for Remote Console Access (Required)
• 为远程控制访问设置虚拟终端线路(必须)
• Configuring the Auxiliary Line (Optional)
• 设置Aux线路(可选)
• Verifying Network Connectivity (Required)
• 检查网络连接(必须)
• Saving Your Router Configuration (Required)
• 保存路由器配置(必须)
• Saving Backup Copies of Your Configuration and System Image (Optional)
•保存备份你的配置与系统镜像(可选)
Configuring the Router Hostname
设置路由器主机名
The hostname is used in CLI prompts and default configuration filenames. If you do not configure the router hostname, the router uses the factory-assigned default hostname "Router."
在CLI提示符和默认配置文件名中使用主机名。如果你不配置路由器主机名,路由器使用出厂设置的默认主机名”Router”。
Do not expect capitalization and lowercasing to be preserved in the hostname. Uppercase and lowercase characters are treated as identical by many Internet software applications. It may seem appropriate to capitalize a name as you would ordinarily do, but conventions dictate that computer names appear in all lowercase characters. For more information, see RFC 1178, Choosing a Name for Your Computer.
在主机名中不会保留大小写。在许多网络应用软件中,是不区分大小写的。使用大写字母拼写名字,就像你平时所做的,似乎比较合适,但是习惯上计算机名都采用小写字母拼写。更多的信息请参看RFC 1178,,Choosing a Name for Your Computer。
The name must also follow the rules for Advanced Research Projects Agency Network (ARPANET) hostnames. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. For more information, see RFC 1035, Domain Names—Implementation and Specification.
所起的名字也必须遵循ARPANET规则。必须以字母开始,以字母或数字结束,中间的字符只包含字母,数字和连接符。名字不得超过63个字符。更多信息请参看RFC 1035,Domain Names—Implementation and Specification。
SUMMARY STEPS
摘要步骤
1. enable
2. configure terminal
3. hostname name
4. Verify that the router prompt displays your new hostname.
5. end
DETAILED STEPS
详细步骤
Command or Action
命令或动作
Purpose
用途
Step 1
步骤1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权允许模式
• Enter your password if prompted.
•输入密码
Step 2
步骤2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 3
步骤3
hostname name
Example:
Router(config)# hostname myrouter
Specifies or modifies the hostname for the network server.
在网络服务器上指定或修改主机名
Step 4
步骤4
Verify that the router prompt displays your new hostname.
验证路由器提示符显示了新的主机名
Example:
myrouter(config)#
—
Step 5
步骤5
end
Example:
myrouter# end
(Optional) Returns to privileged EXEC mode.
(可选)返回特权允许模式
What to Do Next
下一步
Proceed to the "Configuring the Enable and Enable Secret Passwords" section.
进入“配置Enable和Enable Secret 密码”部分。
Configuring the Enable and Enable Secret Passwords
设置Enable和Enable Secret密码
To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password command or enable secret command. Both commands accomplish the same thing—they allow you to establish an encrypted password that users must enter to access privileged EXEC (enable) mode.
为了产生一个附加的安全层,尤其是跨网络的或者是存储在TFTP服务器上的密码,你可以使用enable password 命令或者enable secret命令。两个命令都实现了一个功能——允许设定加密密码,用户必须输入这个密码才能访问特权允许模式。
We recommend that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command.
我们建议你使用enable secret命令,因为它使用了改进的密码编码规则。只有在你启动一个旧的Cisco IOS软件镜像或者启动一个无法识别enable secret命令的旧的启动ROM时才使用enable password。
For more information, see the "Configuring Passwords and Privileges" chapter in the Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password Encryption Factstech note and the Improving Security on Cisco Routerstech note.
更多的信息参看Cisco IOS Security Configuration Guide中"Configuring Passwords and Privileges"一章。同时可参看Cisco IOS Password Encryption Facts 技术笔记和Improving Security on Cisco Routers技术笔记。
Restrictions
限制条件
If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously.
如果你配置了enable secret命令,它比enable password命令有更高的优先权;这两个命令不能同时生效。
SUMMARY STEPS
摘要步骤
1. enable
2. configure terminal
3. enable password password
4. enable secret password
5. end
6. enable
7. end
DETAILED STEPS
详细步骤
Command or Action
命令
Purpose
作用
Step 1
enable
Example:
Router> enable
• Enables privileged EXEC mode.
• 进入特权允许模式
• Enter your password if prompted.
• 输入密码
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 3
enable password password
Example:
Router(config)# enable password pswd2
(Optional) Sets a local password to control access to various privilege levels.
(可选)设置一个可控制访问不同特权的本地密码
• We recommend that you perform this step only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command.
• 提示当启动旧版本的Cisco IOS 镜像软件或早期的boot ROMs不能识别enable secret命令时才能完成这一进程。
Step 4
enable secret password
Example:
Router(config)# enable secret greentree
Specifies an additional layer of security over the enable password command.
指定一个额外的安全层的enable password
• Do not use the same password that you entered in Step 3.
• 请不要与Step 3使用一样的password
Step 5
end
Example:
Router(config)# end
Returns to privileged EXEC mode.
返回特权模式
Step 6
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Verify that your new enable or enable secret password works.
•检查新的enable或enable secret password
Step 7
end
Example:
Router(config)# end
(Optional) Returns to privileged EXEC mode.
(可选)返回特权模式
Troubleshooting Tips
故障检测技巧
If you forget the password that you configured, or if you cannot access privileged EXEC (enable) mode, see the Password Recovery Procedures for your router, available at http://www.cisco.com/warp/public/474.
如果你忘记了密码,或者无法进入特权模式,参考路由器上的Password Recovery Procedures ,可以在http://www.cisco.com/warp/public/474找到。
What to Do Next
下一步
If you want to set the console interface privileged EXEC timeout to a value other than 10 minutes (the default), proceed to the "Configuring the Console Idle Privileged EXEC Timeout" section.
如果想设置控制台接口的特权允许的超时时间值大于10分钟(默认),进入"Configuring the Console Idle Privileged EXEC Timeout"一节。
If you do not wish to change the privildged EXEC timeout, proceed to the "Specifying a Default Route or Gateway of Last Resort" section.
如果你不想改变控制台接口的特权允许的超时时间,进入"Specifying a Default Route or Gateway of Last Resort"一节。
Configuring the Console Idle Privileged EXEC Timeout
设置控制台实行特权置闲的超时时间
This section describes how to configure the console line's idle privileged EXEC timeout. By default, the privileged EXEC command interpreter waits 10 minutes to detect user input before timing out.
本节描述了如何配制控制台队列实行特权置闲的超时时间。在默认状态下,特权实行命令解释程序在超时之前等待十分钟来发现用户的输入。
When you configure the console line, you can also set communication parameters, specify autobaud connections, and configure terminal operating parameters for the terminal that you are using. For more information on configuring the console line, see the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide. In particular, see the "Configuring Operating Characteristics for Terminals" and "Troubleshooting and Fault Management" chapters.
当你配置了控制台队列,你也可以设置通讯参数,指定自动的连接,为所使用的终端配置终端操作参数。配置控制台队列的更多信息,请参看Cisco IOS Configuration Fundamentals and Network Management Configuration Guide。详细说明请看"Configuring Operating Characteristics for Terminals"章和 "Troubleshooting and Fault Management"章。
SUMMARY STEPS
摘要步骤
1. enable
2. configure terminal
3. line console 0
4. exec-timeout minutes [seconds]
5. end
6. show running-config
DETAILED STEPS
详细步骤
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权允许模式
• Enter your password if prompted.
输入密码
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 3
line console 0
Example:
Router(config)# line console 0
Configures the console line and starts the line configuration command collection mode.
配置控制台队列,启动队列配置命令集模式
Step 4
exec-timeout minutes [seconds]
Example:
Router(config-line)# exec-timeout 0 0
Sets the idle privileged EXEC timeout, which is the interval that the privileged EXEC command interpreter waits until user input is detected.
设置控制台实行特权置闲的超时时间,即特权实行命令解释程序用于发现用户输入所等待的时间间隔
• The example shows how to specify no timeout.
本例演示了如何指定超时时间为0
Step 5
end
Example:
Router(config)# end
Returns to privileged EXEC mode.
返回特权实行模式
Step 6
show running-config
Example:
Router(config)# show running-config
Displays the running configuration file.
显示运行的配置文件
• Verify that you properly configured the idle privileged EXEC timeout.
验证你已经配置好了控制台实行特权置闲的超时时间
Examples
例如:
The following example shows how to set the console idle privileged EXEC timeout to 2 minutes 30 seconds:
下面的例子演示了如何将控制台实行特权置闲的超时时间设置为2分30秒:
line console
exec-timeout 2 30
The following example shows how to set the console idle privileged EXEC timeout to 10 seconds:
下面的例子演示了如何将控制台实行特权置闲的超时时间设置为10秒:
line console
exec-timeout 0 10
What to Do Next
下一步
Proceed to the "Configuring Fast Ethernet and Gigabit Ethernet Interfaces" section.
进入"Configuring Fast Ethernet and Gigabit Ethernet Interfaces"部分
Configuring Fast Ethernet and Gigabit Ethernet Interfaces
配置快速以太网和千兆以太网接口
This section shows how to assign an IP address and interface description to an Ethernet interface on your router.
本节演示了如何分配一个IP地址和路由器以太网接口的接口描述。
For comprehensive configuration information on Fast Ethernet and Gigabit Ethernet interfaces, see the "Configuring LAN Interfaces" chapter of the Cisco IOS Interface and Hardware Component Configuration Guide.
关于快速以太网和千兆以太网接口全面配置的信息,请参看Cisco IOS Interface and Hardware Component Configuration Guide 的"Configuring LAN Interfaces"章节。
For information on interface numbering, see the quick start guide that shipped with your router.
有关接口的编号,请看路由器的快速开始向导。
SUMMARY STEPS
大致步骤
1. enable
2. show ip interface brief
3. configure terminal
4. interface {fastethernet | gigabitethernet} 0/port
5. description string
6. ip address ip-address mask
7. no shutdown
8. end
9. show ip interface brief
DETAILED STEPS
详细步骤
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权允许模式
• Enter your password if prompted.
输入密码
Step 2
show ip interface brief
Example:
Router# show ip interface brief
Displays a brief status of the interfaces that are configured for IP.
显示配置 IP的接口的基本状态
• Learn which type of Ethernet interface is on your router: Fast Ethernet or Gigabit Ethernet.
学习(??)路由器以太网的接口类型:快速或千兆
Step 3
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 4
interface {fastethernet | gigabitethernet} 0/port
Example:
Router(config)# interface fastethernet 0/1
Example:
Router(config)# interface gigabitethernet 0/0
Specifies the Ethernet interface and enters interface configuration mode.
指定以太网接口
Note For information on interface numbering, see the quick start guide that shipped with your router.
注意:接口编号的更多信息,参看路由器的快速开始向导
Step 5
description string
Example:
Router(config-if)# description FE int to 2nd floor south wing
(Optional) Adds a description to an interface configuration.
(可选)为接口配置添加描述
• The description helps you remember what is attached to this interface. The description can be useful for troubleshooting.
这个描述帮助你记忆接口所连接的内容。在解决故障时这个描述很有用处
Step 6
ip address ip-address mask
Example:
Router(config-if)# ip address 172.16.74.3 255.255.255.0
Sets a primary IP address for an interface.
为接口设置初级IP(??)地址
Step 7
no shutdown
Example:
Router(config-if)# no shutdown
Enables an interface.
进入一个接口
Step 8
end
Example:
Router(config)# end
Returns to privileged EXEC mode.
返回到特权模式
Step 9
show ip interface brief
Example:
Router# show ip interface brief
Displays a brief status of the interfaces that are configured for IP.
显示已配置好IP的接口的状态
• Verify that the Ethernet interfaces are up and configured correctly.
验证以太网接口已经启用并且配置正确。
Examples
例如
Configuring the Fast Ethernet Interface: Example
配置快速以太网接口
!
interface FastEthernet0/0
description FE int to HR group
ip address 172.16.3.3 255.255.255.0
duplex auto
speed auto
no shutdown
!
Sample Output for the show ip interface brief Command
显示IP接口摘要命令的输出范例
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.3.3 YES NVRAMup up
FastEthernet0/1 unassigned YES NVRAMadministratively down down
Router#
What to Do Next
下一步
Proceed to the "Specifying a Default Route or Gateway of Last Resort" section.
进入”Specifying a Default Route or Gateway of Last Resort" 一节
Specifying a Default Route or Gateway of Last Resort
指定最近请求的默认路由和网关
This section describes how to specify a default route with IP routing enabled. For alternative methods of specifying a default route, see the Configuring a Gateway of Last Resort Using IP Commandstech note.
The Cisco IOS software uses the gateway (router) of last resort if it does not have a better route for a packet and if the destination is not a connected network. This section describes how to select a network as a default route (a candidate route for computing the gateway of last resort). The way in which routing protocols propagate the default route information varies for each protocol.
本节描述了如何指定 IP路由的默认路由。指定默认路由的可选择的方法,参看Configuring a Gateway of Last Resort Using IP Commands技术笔记。在数据包没有更好的路由,以及目的地是不可到达的网络的情况下Cisco IOS软件使用最近请求的网关。本节描述了如何选择一个网络作为默认路由(处理最近请求网关的侯选路由)。路由协议传播默认路由信息的方式对于每个协议是不同的。
For comprehensive configuration information about IP routing and IP routing protocols, see the Cisco IOS IP Configuration Guide. In particular, see the "Configuring IP Addressing" chapter and all "Part 2: IP Routing Protocols" chapters.
IP路由和IP路由协议的全面配置信息,参看Cisco IOS IP Configuration Guide,"Configuring IP Addressing" 章,和所有 "Part 2: IP Routing Protocols" 章。
SUMMARY STEPS
大致步骤
1. enable
2. configure terminal
3. ip routing
4. ip route dest-prefix mask next-hop-ip-address [admin-distance]
5. ip default-network network-number
or
ip route dest-prefix mask next-hop-ip-address
6. end
7. show ip route
DETAILED STEPS
详细配置
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Enter your password if prompted.
输入密码
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 3
ip routing
Example:
Router(config)# ip routing
Enables IP routing
进入IP路由.
Step 4
ip route dest-prefix mask next-hop-ip-address [admin-distance]
Example:
Router(config)# ip route 192.168.24.0 255.255.255.0 172.28.99.2
Establishes a static route.
建立一个静态路由
Step 5
ip default-network network-number
or
ip route dest-prefix mask next-hop-ip-address
Example:
Router(config)# ip default-network 192.168.24.0
Example:
Router(config)# ip route 0.0.0.0 0.0.0.0 172.28.99.1
Selects a network as a candidate route for computing the gateway of last resort.
选择一个网络作为处理最近请求网关的侯选路由
Creates a static route to network 0.0.0.0
0.0.0.0 for computing the gateway of last resort.
生成一个到网络0.0.0.0的静态路由。0.0.0.0作处理最近请求网关(??)
Step 6
end
Example:
Router(config)# end
Returns to privileged EXEC mode.
返回特权模式
Step 7
show ip route
Example:
Router# show ip route
Displays the current routing table information.
显示当前路由表信息
• Verify that the gateway of last resort is set.
验证最近请求网关已经建立。
Examples
例如
Specifying a Default Route: Example
指定默认路由。例如
!
ip routing
!
ip route 192.168.24.0 255.255.255.0 172.28.99.2
!
ip default-network 192.168.24.0
!
Sample Output for the show ip route Command
显示IP路由命令的输出
Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is 172.28.99.2 to network 192.168.24.0
172.24.0.0 255.255.255.0 is subnetted, 1 subnets
C 172.24.192.0 is directly connected, FastEthernet0
S 172.24.0.0 255.255.0.0 via 172.28.99.0
S* 192.168.24.0 via 172.28.99.2
172.16.0.0 255.255.255.0 is subnetted, 1 subnets
C 172.16.99.0 is directly connected, FastEthernet1
Router#
What to Do Next
下一步
Proceed to the "Configuring Virtual Terminal Lines for Remote Console Access" section.
进入"Configuring Virtual Terminal Lines for Remote Console Access"节
Configuring Virtual Terminal Lines for Remote Console Access
为远程控制访问设置虚拟终端线路
Virtual terminal (vty) lines are used to allow remote access to the router. This section shows you how to configure the virtual terminal lines with a password, so that only authorized users can remotely access the router.
虚拟终端线路用于对路由器的远程访问。本节演示了如何使用密码对虚拟终端线路进行配置,所以只有授权用户可以远程访问路由器。
The router has five virtual terminal lines by default. However, you can create additional virtual terminal lines as described in the chapter "Configuring Protocol Translation and Virtual Asynchronous Devices" in the Cisco IOS Terminal Services Configuration Guide .
路由器默认有五个的虚拟终端线路。但是你可以按照Cisco IOS 终端服务配置向导中Configuring Protocol Translation and Virtual Asynchronous Devices一章所描述的,创建另外的虚拟终端线路。
For more information on line passwords and password encryption, see the "Configuring Passwords and Privileges" chapter in the Cisco IOS Security Configuration Guide . Also see the Cisco IOS Password Encryption Facts tech note.
更多有关线路密码和密码编码的信息参看Cisco IOS Security Configuration Guide中Configuring Passwords and Privileges一章。也可参看Cisco IOS Password Encryption Facts技术笔记。
If you want to secure the vty lines with an access list, see "Part 3: Traffic Filtering and Firewalls" in the Cisco IOS Security Configuration Guide.
如果想用访问列表(??)来保护vty线路,参看Cisco IOS Security Configuration Guide.中的"Part 3: Traffic Filtering and Firewalls"部分。
SUMMARY STEPS
大致步骤
1. enable
2. configure terminal
3. line vty line-number [ending-line-number]
4. password password
5. login
6. end
7. show running-config
8. From another network device, attempt to open a Telnet session to the router.
DETAILED STEPS
详细步骤
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Enter your password if prompted.
输入密码
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 3
line vty line-number [ending-line-number]
Example:
Router(config)# line vty 0 4
Starts the line configuration command collection mode for the virtual terminal lines (vty) for remote console access.
启动线路配置命令集模式,为远程控制台访问配置虚拟终端
• Make sure that you configure all vty lines on your router.
确定你配置了路由器上的所有虚拟线路。
Note To verify the number of vty lines on your router, use the line vty ? command.
注意使用vty ?命令来验证路由器上的虚拟线路数。
Step 4
password password
Example:
Router(config-line)# password guessagain
Specifies a password on a line.
设定线路的密码
Step 5
login
Example:
Router(config-line)# login
Enables password checking at login.
启动登录时密码检验
Step 6
end
Example:
Router(config-line)# end
Returns to privileged EXEC mode.
返回特权模式
Step 7
show running-config
Example:
Router# show running-config
Displays the running configuration file.
显示运行配置文件
• Verify that you properly configured the virtual terminal lines for remote access.
验证你已经正确的配置了远程访问虚拟终端。
Step 8
From another network device, attempt to open a Telnet session to the router.
Example:
Router# 172.16.74.3
Password:
Verifies that you can remotely access the router and that the virtual terminal line password is correctly configured.
验证你可以远程访问路由器以及虚拟终端线路密码已经配置正确。
Examples
例如
The following example shows how to configure virtual terminal lines with a password:
下例演示了如何使用密码配置虚拟终端线路
!
line vty 0 4
password guessagain
login
!
What to Do Next
下一步
After you configure the vty lines, follow these steps:
当你配置了vty线路后,按如下步骤:
• (Optional) To encrypt the virtual terminal line password, see the "Configuring Passwords and Privileges" chapter in the Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password Encryption Facts tech note.
(可选)如何将虚拟终端线路密码加密,参看Cisco IOS Security Configuration Guide中"Configuring Passwords and Privileges"一章。也可参看Cisco IOS Password Encryption Facts技术笔记。
• (Optional) To secure the VTY lines with an access list, see "Part 3: Traffic Filtering and Firewalls" in the Cisco IOS Security Configuration Guide.
(可选)如何使用访问列表(??)来保护VTY线路,参看Cisco IOS Security Configuration Guide.的"Part 3: Traffic Filtering and Firewalls"部分。
• To continue with the basic software configuration for your router, proceed to the "Configuring the Auxiliary Line" section.
继续路由器的基本软件配置,进入"Configuring the Auxiliary Line" 部分。
Configuring the Auxiliary Line
配置Aux线路
This section describes how to enter line configuration mode for the auxiliary line. How you configure the auxiliary line depends on your particular implementation of the auxiliary (AUX) port. See the following documents for information on configuring the auxiliary line:
本节描述了如何进入线路配置模式来配置AUX线路。如何配置AUX线路取决于AUX端口的特殊执行(??)。有关AUX线路配置的信息请看下面的文档。
Configuring a Modem on the AUX Port for EXEC Dialin Connectivity, tech note
Configuring a Modem on the AUX Port for EXEC Dialin Connectivity,技术笔记
http://www.cisco.com/warp/public/471/mod-aux-exec.html
Configuring Dialout Using a Modem on the AUX Port, sample configuration
Configuring Dialout Using a Modem on the AUX Port配置范例
http://www.cisco.com/warp/public/471/mod-aux-dialout.html
Connecting a SLIP/PPP Device to a Router's AUX Port, tech note
Connecting a SLIP/PPP Device to a Router's AUX Port,技术笔记
http://www.cisco.com/warp/public/701/6.html
Configuring AUX-to-AUX Port Async Backup with Dialer Watch, sample configuration
Configuring AUX-to-AUX Port Async Backup with Dialer Watch,配置范例
http://www.cisco.com/warp/public/471/aux-aux-watch.html
Modem-Router Connection Guide, tech note
Modem-Router Connection Guide,技术笔记
http://www.cisco.com/warp/public/76/9.html
SUMMARY STEPS
大致步骤
1. enable
2. configure terminal
3. line aux 0
4. See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port.
DETAILED STEPS
详细配置
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Enter your password if prompted.
输入密码
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
进入全局配置模式
Step 3
line aux 0
Example:
Router(config)# line aux 0
Starts the line configuration command collection mode for the auxiliary line.
启动线路配置命令集模式来配置AUX线路
Step 4
See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port.
参看技术笔记和配置范例来为AUX端口的特殊执行(??)配置线路。
----
What to Do Next
下一步
Proceed to the "Verifying Network Connectivity" section.
进入 "Verifying Network Connectivity"节
Verifying Network Connectivity
验证网络连通性
This section describes how to verify network connectivity for your router.
本节描述了如何为路由器验证网络的连通性
Prerequisites
先决条件
• Complete all previous configuration tasks in this document.
完成了本文档前面提及的所有配置任务
• The router must be connected to a properly configured network host.
路由器必须连接到一个配置正确的网络主机上
SUMMARY STEPS
大致步骤
1. enable
2. ping [ip-address | hostname]
3. telnet {ip-address | hostname}
DETAILED STEPS
详细配置
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Enter your password if prompted.
输入密码
Step 2
ping [ip-address | hostname]
Example:
Router# ping 172.16.74.5
Diagnoses basic network connectivity.
诊断基本网络连通性
• To verify connectivity, ping the next hop router or connected host for each configured interface to.
为验证连通性,对每个配置过的接口ping下一跳的路由器或者连接的主机。
Step 3
telnet {ip-address | hostname}
Example:
Router# telnet 10.20.30.40
Logs in to a host that supports Telnet.
记录下一个支持Telnet的主机
• If you want to test the vty line password, perform this step from a different network device, and use your router's IP address.
如果你想测试vty密码,从一个不同的网络设备上执行这一步,并且使用你路由器的IP地址。
Examples
例如
The following display shows sample output for the ping command when you ping the IP address 192.168.7.27:
下面显示了当你ping IP地址192.168.7.27时ping命令的输出结果
Router# ping
Protocol :
Target IP address: 192.168.7.27
Repeat count :
Datagram size :
Timeout in seconds :
Extended commands :
Sweep range of sizes :
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms
The following display shows sample output for the ping command when you ping the IP hostname donald:
下面显示了当你ping IP主机名为donald 时ping命令的输出结果
Router# ping donald
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.27, timeout is 2 seconds:
!!!!!
Success rate is 100 percent, round-trip min/avg/max = 1/3/4 ms
What to Do Next
下一步
Proceed to the "Saving Your Router Configuration" section.
进入”Saving Your Router Configuration"一节
Saving Your Router Configuration
保存路由器配置
This section describes how to avoid losing your configuration at the next system reload or power cycle by saving the running configuration to the startup configuration in NVRAM.
本节描述了如何通过保存运行的配置到NVRAM中的启动配置来避免在下次加载系统或者加电时丢失配置(信息)。
SUMMARY STEPS
大致步骤
1. enable
2. copy running-config startup-config
DETAILED STEPS
详细步骤
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Enter your password if prompted.
输入密码
Step 2
copy running-config startup-config
Example:
Router# copy running-config startup-config
Saves the running configuration to the startup configuration.
将运行的配置保存到启动配置。
What to Do Next
下一步
Proceed to the "Saving Backup Copies of Your Configuration and System Image" section.
进入”Saving Backup Copies of Your Configuration and System Image"一节
Saving Backup Copies of Your Configuration and System Image
保存配置备份和系统镜像
To aid file recovery and minimize downtime in case of file corruption, we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server.
为了在文件损坏时帮助文件恢复和减少停工时间,我们建议你在一个服务器上保存启动配置文件的备份和Cisco IOS软件系统镜像文件。
For more detailed information, see the "Managing Configuration Files" chapter and the "Loading and Maintaining System Images" chapter of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide.
更多细节信息,参看Cisco IOS Configuration Fundamentals and Network Management Configuration Guide.的"Managing Configuration Files" 一章和 "Loading and Maintaining System Images" 一章。
SUMMARY STEPS
大致步骤
1. enable
2. copy nvram:startup-config {ftp: | rcp: | tftp:}
3. show flash:
4. copy flash:{ftp: | rcp: | tftp:}
DETAILED STEPS
详细步骤
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
进入特权模式
• Enter your password if prompted.
输入密码
Step 2
copy nvram:startup-config {ftp: | rcp: | tftp:}
Example:
Router# copy nvram:startup-config ftp:
Copies the startup configuration file to a server.
将启动配置文件拷贝到一个服务器
• The configuration file copy can serve as a backup copy.
配置文件拷贝可以作为一个备份拷贝使用(??)
• Enter the destination URL when prompted.
输入目的URL
Step 3
show flash:
Example:
Router# show flash:
Displays the layout and contents of a flash memory file system.
显示闪存文件系统的布局和内容
• Learn the name of the system image file.
学习(??)系统镜像文件的名字。
Step 4
copy flash:{ftp: | rcp: | tftp:}
Example:
Router# copy flash: ftp:
Copies a file from flash memory to a server.
将闪存中的一个文件拷贝到一个服务器上
• Copy the system image file to a server to serve as a backup copy.
将系统镜像文件拷贝的服务器上来作为一个备份拷贝(??)
• Enter the filename and destination URL when prompted.
输入文件名和目的URL
Examples
例如
Copying the Startup Configuration to a TFTP Server: Example
将启动配置文件拷贝到TFTP服务器:例如
The following example shows the startup configuration being copied to a TFTP server:
下面的例子显示了将启动配置拷贝到TFTP服务器
Router# copy nvram:startup-config tftp:
Remote host[]? 172.16.101.101
Name of configuration file to write ?
Write file rtr2-confg on host 172.16.101.101?
!
Copying from Flash Memory to a TFTP Server: Example
从闪存拷贝到TFTP服务器:例如
The following example shows the use of the show flash: command in privileged EXEC to learn the name of the system image file and the use of the copy flash: tftp: privileged EXEC command to copy the system image (c3640-2is-mz) to a TFTP server. The router uses the default username and password.
下面的例子显示了show flash的使用:学习(??)系统镜像文件名字的特权命令和copy flash的使用:将系统镜像(c3640-2is-mz)拷贝到TFTP服务器的特权命令。路由器使用默认的用户名和密码。
Router# show flash:
System flash directory:
File Length Name/status
1 4137888 c3640-c2is-mz
16384K bytes of processor board System flash (Read/Write)\
Router# copy flash: tftp:
IP address of remote host ? 172.16.13.110
filename to write on tftp host? c3600-c2is-mz
writing c3640-c2is-mz !!!!...
successful ftp write.
Where to Go Next
下一步
• When you complete the basic software configuration, consider implementing routing protocols or access lists and other security-improving methods to protect your router. See the documents listed in the "Related Documents—Additional Configuration" section.
当你完成了基本软件配置,考虑使用路由协议或访问列表以及提高安全性的其他方法来保护你的路由器。参看”Related Documents—Additional Configuration" 一节。
• To configure features on your router, see Finding Feature Documentation.
参看 Finding Feature Documentation来在路由器上配置特征(??)
Additional References
附加参考
The following sections provide references related to basic software configuration using the Cisco IOS CLI.
下面一节通过Cisco IOS CLI提供了和基本软件配置相关的参考
Related Documents—Basic Software Configuration
相关文档——基本软件配置
Topic 题目
Related Document Title or Link 相关文档或链接
Chassis installation, cable connections, power-up procedures, and interface numbering
安装,连线,启动过程和接口编码
Quick start guide for your router
路由器的快速启动向导
Cisco Security Device Manager (SDM)
http://www.cisco.com/go/sdm
Guidelines for assigning the router hostname
分配主机名的原则
RFC 1035, Domain Names—Implementation and Specification
RFC 1178, Choosing a Name for Your Computer
Access lists, passwords, and privileges
访问列表,密码和特权
Cisco IOS Security Configuration Guide
Passwords and password encryption
密码和编码
Cisco IOS Password Encryption Factstech note
Password recovery procedures for Cisco products
Cisco产品的密码恢复程序
Password Recovery Procedures
Configuring the console line, managing configuration files, and loading and maintaining system images
配置控制台队列(??),管理配置队列和和装载维护系统镜像
Cisco IOS Configuration Fundamentals and Network Management Configuration Guide
Configuring interfaces
配置接口
Cisco IOS Interface and Hardware Component Configuration Guide
IP routing and IP routing protocols
IP路由和IP路由协议
Cisco IOS IP Configuration Guide
Configuring default routes or a gateway of last resort
配置默认路由或者一个最近请求网关
Configuring a Gateway of Last Resort Using IP Commandstech note
Configuring virtual terminal lines
配置虚拟终端线路
Cisco IOS Terminal Services Configuration Guide
Configuring the auxiliary (AUX) port
配置AUX端口
Configuring a Modem on the AUX Port for EXEC Dialin Connectivity , tech note
Configuring Dialout Using a Modem on the AUX Port , sample configuration
Connecting a SLIP/PPP Device to a Router's AUX Port , tech note
Configuring AUX-to-AUX Port Async Backup with Dialer Watch , sample configuration
Modem-Router Connection Guide , tech note
Related Documents—Additional Configuration
相关文档——附加配置
Topic
Related Document Title or Link
Cisco configuration settings that network administrators should consider changing on their routers, especially on their border routers, to improve security
Cisco有关网络管理员应该考虑在路由器,尤其是边界路由器的交换以增加安全性的配置
Improving Security on Cisco Routerstech note
Note To view this document, you must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
注意:必须有Cisco.com的帐户才能看到这篇文档。如果你没有或者忘记了用户名或密码,点击对话框的Cancle,按照指示命令继续。
IP routing and IP routing protocols
IP路由和IP路由协议
Cisco IOS IP Configuration Guide
Access lists
访问列表
Cisco IOS Security Configuration Guide
Technical Assistance
技术支持
Description
Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
TAC主页包括了30000页的可查询的技术内容 (??),包括产品、技术、解决方案、技术便签和工具的链接。注册的Cisco.com用户可以从这个页面登录来访问更多的内容。
http://www.cisco.com/public/support/tac/home.shtml
Copyright © 2004 Cisco Systems, Inc. All rights reserved.
页:
[1]