treinamento de redes (ineo) modulo 3 - IOS

Prévia do material em texto

MÓDULO 3 - Sistema Operacional dos equipamentos 
Cisco (IOS) e estrutura de hardware
TREINAMENTO DE REDES
06/12/2013
1
Évolution de la Charte Graphique
Sistema Operacional dos equipamentos Cisco
IOS
06/12/2013
2
Évolution de la Charte Graphique
• É o nome sistema operacional que integra os roteadores e switches
da Cisco (Internetworking Operating System);
• Fica armazenado na memória Flash do equipamento;
• Compõe desde os equipamentos mais baratos de Acesso até os mais
caros como os de Core seguindo o mesmo padrão;
• Atualmente na versão 15.x;
• Somente clientes com contrato de garantia (smartnet), tem
possibilidade de atualizar o IOS;
• CCIE´s podem fazer download dos IOS´s atualizados;
• Fácil utilização e aprendizado;
Sistema Operacional dos equipamentos Cisco
IOS
06/12/2013
3
Évolution de la Charte Graphique
Quando o usuário autentica no equipamento possui 3 modos:
1 – Modo usuário ( > )
• Permite apenas verificar o status 
de interface, ocupação de CPU, 
memória, versão do IOS, etc, sem 
poder alterar nenhuma 
configuração.
• Representado sempre com o 
símbolo “>”.
Sistema Operacional dos equipamentos Cisco
IOS
06/12/2013
4
Évolution de la Charte Graphique
2– Modo privilegiado ( # )
• Além de permitir visualizar todo o 
status de qualquer item do 
equipamento, permite 
importar/exportar imagens do IOS
• Representado sempre com o 
símbolo “#”.
Sistema Operacional dos equipamentos Cisco
IOS
06/12/2013
5
Évolution de la Charte Graphique
3 – Modo de configuração global (config) #
• Permite inserir configurações no 
roteador; 
• A partir do momento que digita o 
comando e aperta o ENTER, ele já 
é executado, sem necessidade de 
carregar nenhum outro arquivo;
• Representado sempre com o 
símbolo “(config) #”.
Sistema Operacional dos equipamentos Cisco
IOS
06/12/2013
6
Évolution de la Charte Graphique
4 – CLI Prompts
Interfaces
Switch(config)#interface ?
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#)
Line Commands
Switch(config)#line ?
 First Line number
console Primary terminal line
vty Virtual terminal
Switch(config)#line console 0
Switch(config-line)#
Sistema Operacional dos equipamentos Cisco
IOS
06/12/2013
7
Évolution de la Charte Graphique
4 – CLI Prompts
Access List Configurations
Switch#config t
Switch(config)#ip access-list standard Todd
Switch(config-std-nacl)#
Routing Protocol Configurations
Switch(config)#router rip
IP routing not enabled
Switch(config)#ip routing
Switch(config)#router rip
Switch(config-router)#
Facilidades do IOS
06/12/2013
8
Évolution de la Charte Graphique
O IOS possui facilidades auxiliam na utilização
• Caso não saiba o comando, utilizar “?” para saber quais opções de 
comandos estão disponíveis;
• Utilize a tecla “TAB”, para completar o comando;
• Utilize as teclas ↑↓ ou para visualizar os comandos digitados na 
sessão;
Switch#c?
cd clear clock cns configure connect copy
Switch#sh fastethernet 0/0
^
% Invalid input detected at ‘^’ marker.
Facilidades do IOS
06/12/2013
9
Évolution de la Charte Graphique
Switch#clock ?
set Set the time and date
Switch#clock set ?
hh:mm:ss Current Time
Switch#clock set 2:34 ?
% Unrecognized command
Switch#clock set 2:34:01 ?
 Day of the month
MONTH Month of the year
Switch#clock set 2:34:01 21 july ?
 Year
Switch#clock set 2:34:01 21 august 2013
Switch#
00:19:45: %SYS-6-CLOCKUPDATE: System clock has been updated from 
Facilidades do IOS
06/12/2013
10
Évolution de la Charte Graphique
Facilidades do IOS
06/12/2013
11
Évolution de la Charte Graphique
Switch#sh history
sh fastethernet 0/0
sh ru
sh cl
config t
sh history
sh flash
sh running-config
Facilidades do IOS
06/12/2013
12
Évolution de la Charte Graphique
• Hostnames
Switch#config t
Switch(config)#hostname Luiz
Luiz(config)#hostname Felipe
Felipe(config)#hostname LFelipe
LFelipe(config)#
• Banners
LFelipe(config)#banner ?
LINE c banner-text c, where 'c' is a delimiting character
exec Set EXEC process creation banner
incoming Set incoming terminal line banner
login Set login banner
motd Set Message of the Day banner
prompt-timeout Set Message for login authentication timeout
slip-ppp Set Message for SLIP/PPP
Facilidades do IOS
06/12/2013
13
Évolution de la Charte Graphique
Router(config)#banner motd c
Enter TEXT message. End with the character 'c'.
CUIDADO! AMBIENTE MONITORADO E AUDITADO!
SAIBA EXATAMENTE O QUE ESTEJA FAZENDO
c
Router(config)#exit
Router#exit
Router>exit
Facilidades do IOS
06/12/2013
14
Évolution de la Charte Graphique
• Setting Passwords
LFelipe (config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password
secret Assign the privileged level secret
use-tacacs Use TACACS to check enable passwords
LFelipe(config)#enable secret felipe
LFelipe(config)#enable password felipe
The enable password you have chosen is the same as your enable secret. This is 
not recommended. Re-enter the enable password.
LFelipe(config)#line console ?
 First Line number
Todd(config)#line console 0
Todd(config-line)#password console
Todd(config-line)#login
Facilidades do IOS
06/12/2013
15
Évolution de la Charte Graphique
LFelipe(config-line)#exec-timeout ?
 Timeout in minutes
LFelipe(config-line)#exec-timeout 0 ?
 Timeout in seconds
LFelipe(config-line)#exec-timeout 0 0 (Default 10 minutos)
LFelipe(config-line)#logging synchronous
LFelipe(config)#line aux 0
LFelipe(config-line)#login
% Login disabled on line 1, until ‘password’ is set
LFelipe(config-line)#password aux
LFelipe(config-line)#login
Facilidades do IOS
06/12/2013
16
Évolution de la Charte Graphique
• Telnet Password
LFelipe(config)#line vty 0 ?
 Last Line number
LFelipe(config)#line vty 0 15
LFelipe(config-line)#password telnet
LFelipe(config-line)#login
LFelipe(config-line)#line vty 0 15
LFelipe(config-line)#no login
LFelipe#telnet SwitchB
Trying SwitchB (10.0.0.1)…Open
Password required, but none set
[Connection to SwitchB closed by foreign host]
LFelipe#
Facilidades do IOS
17
• Setting Up Secure Shell (SSH)
È recomendável utilizar apenas o Secure Shell (SSH), em comparação com o 
Telnet, o SSH cria uma sessão segura, pois utiliza chaves criptografadas e todo o 
envio de dados (inclusive user e pass) são enviados em texto criptografado, 
diferente do Telnet que envia tudo em texto claro.
LFelipe(config)#crypto key generate rsa
LFelipe(config)#ip ssh version 2
LFelipe(config)#line vty 0 15
LFelipe(config-line)#transport input ?
all All protocols
none No protocols
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol
LFelipe(config-line)#transport input ssh telnet
Facilidades do IOS
06/12/2013
18
Évolution de la Charte Graphique
Encrypting Your Passwords
LFelipe#sh running-config
Building configuration...
enable secret 4 ykw.3/tgsOuy9.6qmgG/EeYOYgBvfX4v.S8UNA9Rddg
enable password felipe
!
!
line con 0
password console
login
line vty 0 4
password telnet
login
line vty 5 15
password telnet
login
Facilidades do IOS
06/12/2013
19
Évolution de la Charte Graphique
LFelipe#config t
LFelipe(config)#service password-encryption
LFelipe(config)#do show run
Building configuration...
!
!
enable secret 4 ykw.3/tgsOuy9.6qmgG/EeYOYgBvfX4v.S8UNA9Rddg
enable password 7 1506040800
!
line con 0
password 7 050809013243420C
login
line vty 0 4
password 7 06120A2D424B1D
login
line vty 5 15
password 7 06120A2D424B1D
login
Facilidades do IOS
06/12/2013
20
Évolution de la Charte Graphique
Descriptions
LFelipe#config t
LFelipe(config)#int fa0/1
LFelipe(config-if)#description Sales VLAN Trunk Link
LFelipe(config-if)#^Z
LFelipe#sh run
Building configuration...
!
interface FastEthernet0/1
description Sales VLAN Trunk Link
Todd#sh int description
Interface Status Protocol Description
Vl1 up upFa0/1 up up Sales VLAN Trunk Link
Fa0/2 up up
Facilidades do IOS
06/12/2013
21
Évolution de la Charte Graphique
Router and Switch Interfaces
Router>sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.255.11 YES DHCP up up
FastEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Router>
Facilidades do IOS
06/12/2013
22
Évolution de la Charte Graphique
• Configuring an IP Address on an Interface
LFelipe#config t
LFelipe(config)#interface GigabitEthernet 0/1
LFelipe(config-if)#speed 1000
LFelipe(config-if)#duplex full
LFelipe(config-if)#ip address 172.16.10.2 255.255.255.0
LFelipe(config-if)#ip address 172.16.20.2 255.255.255.0 secondary
LFelipe(config-if)#no shutdown
• Using the Pipe
Router#sh run | ?
append Append redirected output to URL (URLs supporting append operation
only)
begin Begin with the line that matches
exclude Exclude lines that match
include Include lines that match
redirect Redirect output to URL
section Filter a section of output
tee Copy output to URL
Facilidades do IOS
06/12/2013
23
Évolution de la Charte Graphique
Router#sh run | begin interface
interface FastEthernet0/0
description Sales VLAN
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.20.2 255.255.255.0 secondary
ip address 172.16.10.2 255.255.255.0
duplex auto
speed auto
!
LFelipe#sh ip route | include 192.168.3.32
R 192.168.3.32 [120/2] via 10.10.10.8, 00:00:25, FastEthernet0/0
Memórias dos equipamentos
06/12/2013
24
Évolution de la Charte Graphique
Os roteadores e switches Cisco possuem 4 tipos de memória para os seguintes 
propósitos:
EPROM: A memória EPROM, também chamada de ROM, é do tipo não volátil.
Ela é utilizada para armazenar o ROM Monitor Software, e o boot loader/helper
software, que permite acessar o equipamento mesmo se ele estiver sem o IOS.
NVRAM: A Non-Volatile Rando-Access Memory é responsável por armazenar a startup-
config e também o configuration-register. O roteador escolhe de onde vai carregar o IOS 
com base no valor do configuration-register.
Flash: Memória tipo flash (a vá!), nos equipamentos mais novos, em geral, é externa. É 
usada para armazenar o IOS e outros arquivos.
Você pode salvar uma cópia da configuração, arquivos do CallManager Express, logs, 
arquivos html para acessar o equipamento via browser e outros. É análoga ao HD dos 
computadores.
DRAM: A Dynamic Random-Access Memory é uma memória volátil. Ou seja as 
informações carregadas nela, se perdem quando o equipamento é desligado. Pode ser 
comparada com a memória RAM do PC.
Memórias dos equipamentos
06/12/2013
25
Tipod de Memórias do roteador Cisco 2500
Memórias dos equipamentos
06/12/2013
26
Componente do roteador Cisco 2600
Memórias dos equipamentos
06/12/2013
27
• Viewing, Saving, and Erasing Configurations
LFelipe#copy running-config ?
flash: Copy to flash: file system
ftp: Copy to ftp: file system
http: Copy to http: file system
https: Copy to https: file system
null: Copy to null: file system
nvram: Copy to nvram: file system
rcp: Copy to rcp: file system
running-config Update (merge with) current system configuration
scp: Copy to scp: file system
startup-config Copy to startup configuration
syslog: Copy to syslog: file system
system: Copy to system: file system
tftp: Copy to tftp: file system
tmpsys: Copy to tmpsys: file system
vb: Copy to vb: file system
Memórias dos equipamentos
06/12/2013
28
LFelipe#copy running-config startup-config
Destination filename [startup-config]? [press enter]
Building configuration...
[OK]
LFelipe#sh start
Using 855 out of 524288 bytes
!
! Last configuration change at 23:20:06 UTC Mon Mar 1 1993
!
version 15.0
[output cut]
But beware—if you try and view the configuration and see
LFelipe#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete
Memórias dos equipamentos
06/12/2013
29
LFelipe#
*Mar 5 01:59:45.206: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of 
nvram
LFelipe#reload
Proceed with reload? [confirm]
Troubleshooting
06/12/2013
30
Troubleshooting
LFelipe#ping ?
WORD Ping destination address or hostname
clns CLNS echo
ip IP echo
ipv6 IPv6 echo
tag Tag encapsulated IP echo
LFelipe#ping
Protocol [ip]:
Target IP address: 10.1.1.1
Repeat count [5]:
% A decimal number between 1 and 2147483647.
Repeat count [5]: 5000
Datagram size [100]:
% A decimal number between 36 and 18024.
Datagram size [100]: 1500
Troubleshooting
06/12/2013
31
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: FastEthernet 0/1
Source address or interface: Vlan 1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5000, 1500-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
Troubleshooting
06/12/2013
32
LFelipe#traceroute ?
WORD Trace route to destination address or hostname
aaa Define trace options for AAA events/actions/errors
appletalk AppleTalk Trace
clns ISO CLNS Trace
ip IP Trace
ipv6 IPv6 Trace
ipx IPX Trace
mac Trace Layer2 path between 2 endpoints
oldvines Vines Trace (Cisco)
vines Vines Trace (Banyan)
Troubleshooting
06/12/2013
33
Telnet, FTP e HTTP são as melhores ferramentas de testes, pois eles usam IP na 
camada de rede, e TCP na camada de transporte para criar uma sessão com um 
host remoto. Se você pode usar telnet , ftp, ou http em um dispositivo , você sabe 
que a sua conectividade IP est[a!
LFelipe#telnet ?
WORD IP address or hostname of a remote system
Troubleshooting
06/12/2013
34
Router#sh int s0/0/0
Serial0/0 is up, line protocol is up
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set
(10 sec)
Last input never, output never, output hang never
Last clearing of “show interface” counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Troubleshooting
06/12/2013
35
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored,
0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 16 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=down DTR=down RTS=down CTS=down
Router#clear counters s0/0/0
Clear “show interface” counters on this interface
[confirm][enter]
Router#
00:17:35: %CLEAR-5-COUNTERS: Clear counter on interface
Serial0/0/0 by console
Router#
Troubleshooting
06/12/2013
36
No buffer This isn’t a number you want to see incrementing. This means you don’t
have any buffer room left for incoming packets. Any packets received once the
buffers are full are discarded. You can see how many packets are dropped with the
ignored output.
Ignored If the packet buffers are full, packets will be dropped. You see this
increment along with the no buffer output. Typically if the no buffer and ignored
outputs are incrementing, you have some sort of broadcast storm on your LAN.
This can be caused by a bad NIC or even a bad network design.
Runts Frames that did not meet the minimum frame size requirement of 64 bytes.
Typically caused by collisions.
Giants Frames received that are larger than 1518 bytes
Input Errors This is the total of many counters: runts, giants, no buffer, CRC,
frame,overrun, andignored counts.
CRC At the end of each frame is a Frame Check Sequence (FCS) field that holds
the answer to a cyclic redundancy check (CRC). If the receiving host’s answer to
the CRC does not match the sending host’s answer, then a CRC error will occur.
Troubleshooting
06/12/2013
37
Frame This output increments when frames received are of an illegal format, or not
complete, which is typically incremented when a collision occurs.
Packets Output Total number of packets (frames) forwarded out to the interface.
Output Errors Total number of packets (frames) that the switch port tried to 
transmit but for which some problem occurred.
Collisions When transmitting a frame in half-duplex, the NIC listens on the
receiving pair of the cable for another signal. If a signal is transmitted from another
host, a collision has occurred. This output should not increment if you are running
full-duplex.
Late Collisions If all Ethernet specifications are followed during the cable install, 
all collisions should occur by the 64th byte of the frame. If a collision occurs after 
64 bytes, the late collisions counter increments. This counter will increment on a 
duplex mismatched interface, or if cable length exceeds specifications
Troubleshooting
06/12/2013
38
Router#sh protocols
Global values:
Internet Protocol routing is enabled
Ethernet0/0 is administratively down, line protocol is down
Serial0/0 is up, line protocol is up
Internet address is 100.30.31.5/24
Serial0/1 is administratively down, line protocol is down
Serial0/2 is up, line protocol is up
Internet address is 100.50.31.2/24
Loopback0 is up, line protocol is up
Internet address is 100.20.31.1/24
Troubleshooting
06/12/2013
39
Router#sh ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 1.1.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
[output cut]
Troubleshooting
06/12/2013
40
Router#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/1 unassigned YES unset up up
Serial0/0/0 unassigned YES unset up down
Serial0/0/1 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/2/0 unassigned YES unset administratively down down
Tipos de conexões mais comuns
06/12/2013
41
Componente do roteador Cisco 2600
Principais Interfaces de Rede
06/12/2013
42
Évolution de la Charte Graphique
Conexão UTP
Conexão mais barata e simples de implementar;
Curtas distâncias (dependendo da velocidade e tipo de cabo até 100 metros;
• Categoria do cabo 3 (CAT3) – Suporta até 10 Mbps
• Categoria do cabo 5e (CAT5e) – Suporta taxas de 10/100/1000 Mbps
• Categoria do cabo 6 e 6A (CAT6) – Suporta todas as taxas do CAT 5e e até 10 
Gbps
• Categoria do cabo 7 e 7A (CAT6) – Ainda sendo 
homologado podendo chegar em até 40 Gbps e 100 
Gbps respectivamente
Principais Interfaces de Rede
06/12/2013
43
Évolution de la Charte Graphique
Fibra Ótica
Conexão mais cara e complexa de implementar;
Distância mais longas;
Largura de banda muito alta;
Verificar se precisa de transceiver para conectar no equipamento (porta SFP).
Principais Interfaces de Rede
06/12/2013
44
Évolution de la Charte Graphique
Cabo Serial V.35 / V.24
Conexão serial é mais comuns em links mais antigos V.35 / V.24;
Distância bem curtas, comprimento do cabo máximo 15 metros, se for maior precisa 
de um par de modens;
Largura de banda mais baixas (Até 2 Mbps) ;
Muito mais suscetíveis a erro comparada com o padrão UTP / Fibra Ótica.
www.cofelyineo-gdfsuez.com