rt(config-line)# loginコンソール、Telnet パスワードを有効にする rt(config-line)# password パスワード
rt(config)# enable password パスワード
rt(config)# enable sercret パスワード
rt(config)# service password-encryption
rt(config)#ip host [ドメイン名] [ポート番号(省略OK)] [IPアドレス]rt(config)#^Z rt#show hosts
情報を確認
rt(config)# ip domain-lookup名前解決を行う (デフォルトで有効) rt(config)# ip name-server ip-addr
DNSアドレスを設定 rt(config)# ip domain-name domain-name
所属ドメインを設定
rt(config)# hostname hostname
rt# show processes cpu
CPU utilization for five seconds: 1%/0%; one minute: 1%; five minutes: 0%
5秒平均 1分平均 5分平均
rt#show processes cpu history 22221111111111 33333 100 90 80 70 60 50 40 30 20 10 0....5....1....1....2....2....3....3....4....4....5....5.... 0 5 0 5 0 5 0 5 0 5 CPU% per second (last 60 seconds) 1秒平均 3423336232352224533237232253233523246233353235543466533443 100 90 80 70 60 50 40 30 20 10 * * * * * * * * ** *** 0....5....1....1....2....2....3....3....4....4....5....5.... 0 5 0 5 0 5 0 5 0 5 CPU% per minute (last 60 minutes) 1分平均 * = maximum CPU% # = average CPU% 1 6677877799987777766966899676676777679876665967678867887776777709666966 100 90 80 70 60 50 40 30 20 10 ********************************************************************** 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7. 0 5 0 5 0 5 0 5 0 5 0 5 0 CPU% per hour (last 72 hours) 1時間平均 * = maximum CPU% # = average CPU%
rt# show memory Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 620F4700 82884864 16367324 66517540 66364920 65260656 I/O E7000000 16777216 4065512 12711704 12708832 12711676
router# show tcp brief TCB Local Address Foreign Address (state) 848B74F8 192.168.0.1.23 192.168.0.128.49422 ESTAB
router# show udp Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- 192.168.0.1 1985 0 0 1001 0 17 192.168.0.2 60493 192.168.0.1 161 0 0 1001 0 17 --listen-- 192.168.0.1 162 0 0 1011 0 17 --listen-- 192.168.0.1 55287 0 0 1011 0 17 --listen-- --any-- 161 0 0 20001 0 17 --listen-- --any-- 162 0 0 20011 0 17 --listen-- --any-- 56959 0 0 20011 0 17 --listen-- 192.168.0.1 123 0 0 1 0 17 --listen-- 192.168.0.1 500 0 0 1011 0 17 --listen-- --any-- 500 0 0 20011 0 17 --listen-- 192.168.0.1 4500 0 0 1011 0 17 --listen-- --any-- 4500 0 0 20011 0
rt(config)# line type num
rt(config-line)# password passwd
rt(config-line)# login
rt# terminal length num
rt(config-line)# exec-timeout min sec
rt(config-line)# exec-timeout 0 0 rt(config-line)# no exec-timeout
rt# clear line num
rt# show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0 0/0 - * 1 VTY - - - - 10 13 0 0/0 - 2 VTY - - - - 10 0 0 0/0 - 3 VTY - - - - 10 0 0 0/0 - 4 VTY - - - - 10 0 0 0/0 - 5 VTY - - - - 10 0 0 0/0 - 6 VTY - - - - - 0 0 0/0 - 7 VTY - - - - - 0 0 0/0 - 8 VTY - - - - - 0 0 0/0 - 9 VTY - - - - - 0 0 0/0 - 10 VTY - - - - - 0 0 0/0 - 11 VTY - - - - - 0 0 0/0 - 12 VTY - - - - - 0 0 0/0 - 13 VTY - - - - - 0 0 0/0 - 14 VTY - - - - - 0 0 0/0 - 15 VTY - - - - - 0 0 0/0 - 16 VTY - - - - - 0 0 0/0 -
rt# show user (= who) Line User Host(s) Idle Location * 1 vty 0 idle 00:00:00 XXX.XXX.XXX.XXX Interface User Mode Idle Peer Address
rt# show privilege Current privilege level is 15
rt(config)# banner motd #=========================
xxx-rt00
S/N: XXXXXXXX
=========================
#
rt(config)#
rt1(config)# line aux 0 rt1(config-if)# transport input telnet
# telnet ip-addr 2001 Trying ip-addr... Connected to ip-addr. Escape character is '^]'. User Access Verification Password: rt2# sh user Line User Host(s) Idle Location * 0 con 0 idle 00:00:00
rt1# sh user Line User Host(s) Idle Location 1 aux 0 idle 00:00:12 192.168.0.1 *194 vty 0 idle 00:00:00 192.168.0.1
rt1# telnet ip-addrTrying ip-addr ... Open
rt2# Ctrl+Shift+6→x
rt2# exrt1#
rt1#直前のセッションに戻る [Resuming connection 1 to 192.168.1.1 ... ]
rt1# resume session-num[Resuming connection 1 to 192.168.1.1 ... ]
rt1# show sessionsConn Host Address Byte Idle Conn Name * 1 192.168.1.1 192.168.1.1 0 1 192.168.1.1
rt(config)# line vty 0 4 rt(config-line)# privilege level level
rt(config)# aaa new-model
rt(config)# aaa authentication login list method [method...]
rt(config)# line type num
rt(config)# login authentication list
rt(config)# username user [] passwd
rt(config)# radius-server host ip-addr
rt(config)# radius-server auth-port num rt(config)# radius-server acct-port num
rt(config)# radius-server timeout time
rt(config)# radius-server retransmit num
rt(config)# radius-server key key
rt(config)# tacacs-server host ip-addr
rt(config)# tacacs-server key key
rt(config)# tacacs-server nat
rt(config)# tacacs-server port num
rt(config)# tacacs-server single-connection
rt(config)# tacacs-server timeout time
rt# debug aaa authentication
rt# debug aaa authorization
rt# debug aaa accounting
外部からの SNMP アクセスを許可する
rt(config)# snmp-server community comm-name RO [acl-num]
SNMP サーバに Trap を送信する
rt(config)# snmp-server host ip-addr comm-name rt(config)# snmp-server enable traps
rt# show snmp Chassis: Processor board ID 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP logging: enabled Logging to ip-addr.162, 0/10, 0 sent, 0 dropped.
rt# debug snmp packet Jan 1 00:00:00: SNMP: Packet received via UDP from ip-addr on # FastEthernet0 Jan 1 00:00:00: SNMP: Get request, reqid 175767837, errstat 0, erridx 0 ifInOctets.1 = NULL TYPE/VALUE ifOutOctets.1 = NULL TYPE/VALUE ifInErrors.1 = NULL TYPE/VALUE ifOutErrors.1 = NULL TYPE/VALUE ifInUcastPkts.1 = NULL TYPE/VALUE ifOutUcastPkts.1 = NULL TYPE/VALUE ifDescr.1 = NULL TYPE/VALUE Jan 1 00:00:00: SNMP: Response, reqid 175767837, errstat 0, erridx 0 ifInOctets.1 = 152023807 ifOutOctets.1 = 96175296 ifInErrors.1 = 0 ifOutErrors.1 = 0 ifInUcastPkts.1 = 678904 ifOutUcastPkts.1 = 859502 ifDescr.1 = FastEthernet0 Jan 1 00:00:00: SNMP: Packet sent via UDP to ip-addr
rt# debug snmp requests
rt# cdp enable
rt# show cdp
rt# show cdp neighbors
rt# show cdp neighbors detail
rt# debug cdp packets
rt# debug cdp events
rt(config)# clock timezone JST 9
rt(config)# clock set hh:mm:ss dd month yyyy
rt(config)# ntp server ntp-server
rt(config)# ntp peer ntp-server
※ ntp clock-period は手動で入れてはいけない
rt(config)# ntp master stratum
rt(config)# clock save interval time
rt(config)# ntp update-calendar
rt(config)# ntp access-group type acl-num
rt# show ntp associations address ref clock st when poll reach delay offset disp *~XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX 3 4 128 377 39.6 0.06 0.1 +~XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX 3 17 128 377 39.6 -0.00 0.3 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
rt# show ntp status Clock is synchronized, stratum 4, reference is XXX.XXX.XXX.XXX nominal freq is 250.0000 Hz, actual freq is 250.0021 Hz, precision is 2**18 reference time is C914EDD5.7E6335E4 (13:53:41.493 JST Mon Nov 27 2006) clock offset is 0.0891 msec, root delay is 49.13 msec root dispersion is 35.40 msec, peer dispersion is 0.18 msec
rt# debug ntp packets
rt# debug ntp events
rt# show version Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(15)T4, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 13-Mar-08 01:22 by prod_rel_team ROM: System Bootstrap, Version 12.4(13r)T5, RELEASE SOFTWARE (fc1) hostname uptime is 2 days, 22 hours, 2 minutes System returned to ROM by reload at 04:29:19 UTC Fri Jul 4 2008 System image file is "flash:c1841-ipbase-mz.124-15.T4.bin" Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory. Processor board ID serial-num 2 FastEthernet interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31808K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102
rt# show inventory NAME: "chassis", DESCR: "1841 chassis" PID: CISCO1841 , VID: V05 , SN: serial-num NAME: "WIC/HWIC 0", DESCR: "One-Port Fast Ethernet High Speed WAN Interface Card" PID: HWIC-1FE , VID: V01 , SN: serial-num
sw# show inventory NAME: "1", DESCR: "WS-C2960-24TC-L" PID: WS-C2960-24TC-L , VID: V02, SN: serial-num NAME: "GigabitEthernet0/1", DESCR: "1000BaseSX SFP" PID: , VID: , SN: serial-num NAME: "GigabitEthernet0/2", DESCR: "1000BaseSX SFP" PID: , VID: , SN: serial-num
ex)
enable password P@SSW0RD username USER password P@SSW0RD
ex)
enable password 7 0236246838315F1368 username USER password 7 0236246838315F1368 line con 0 password 7 0236246838315F1368
ex)
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX username USER secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ex)
enable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ex)
crypto isakmp key 6 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
rt# show controllers
rt# show processes cpu
rt# show processes memory
rt# show system
rt# show module
rt# show tech-support