Hello everyone, my network worker friends
As the saying goes, a good memory is not as good as a bad pen.
When we were students, our favorite thing to read before exams was Xueba’s notes, but after work, no one would lend you their precious notes.
Today, I want to share with you a selection of notes shared by an old network worker on the Internet, including notes on routing, switches, Vlan configuration, etc.
Practical, is the essence of the notes of the old net worker. Hope his notes can help you!
Today's article reading benefits: "Cisco Firewall Series Product White Paper"
Friends who want to learn this material, please private message me and send the password "firewall" to get this e-book resource.
01 Several configuration modes and mode conversion of switches and routers
1. User mode
When logging in to the switch (router), it will automatically enter the user mode, and the prompt is switchname>. In this mode, only relevant information can be viewed, and it will not have any impact on the operation of IOS.
2. Privileged mode
In the user mode, enter "enable" to enter the privileged mode, and the prompt is switchname#. Any operation can be done in this mode, including checking the configuration file, restarting the switch, etc. It is a superset of the command set in the user mode.
3. Global configuration mode
Enter the "config terminal" command in the privileged mode to enter the global configuration mode, and the prompt is "switchname(config)#".
4. Local (sub)configuration mode
Enter a specific configuration command (such as interface ethernet0/1, etc.) in the global mode to enter the local configuration mode such as the Ethernet port, and the prompt is "switchname (config-xx)". This mode is used to configure components, ports, processes, etc. individually.
02 Basic configuration of switches and routers
1. Password and hostname
In global configuration mode:
hostname
hostname : set the device name
usernaeme
usernamepassword password : set access user and password (plain text)
password password : set login password
enable secret
secret : Configure superuser encrypted password
2. IP address and gateway settings
In the interface configuration submode:
ip address
ip_address mask: set the port
ip default-gateway ip_address : set default gateway
3. Port Configuration Parameters
Speed 10|100|auto :
Set the port rate, 10Mb/s, 100Mb/s, self-adaptive
Duplex auto|full|half : Set the port communication mode, there are three types: self-adaptive, full-duplex, and half-duplex
03 Routing Protocol Configuration Commands
A router can perform routing in two ways, static and dynamic. There are three types of dynamic selection protocols: distance vector (RIP, IGMP), link state routing (OSPF) and hybrid routing (EIGRP).
1. How to configure the router
The Console port is a virtual console port, through which configuration operations can be directly implemented.
The AUX port is used for remote debugging. It is generally connected to the MODEM. The equipment installation and maintenance personnel can connect to the equipment through remote dialing to implement the configuration of the equipment.
TTY ports are asynchronous ports used only to access the server's asynchronous interface.
The VTY port is connected to the virtual terminal line, and connected to Telnet through the synchronous port of the router.
connect.
2. Static route setting command
ip route destination network address subnet mask next hop address|interface [management distance] [tag tag] [permanent] (Note: permanent specifies that this route will not be removed even if the port is closed)
04 Configuration of routing access control list
It is a list of instructions for router and switch interfaces, which is used to control the data packets entering and leaving the port. Access-list is used to create access rules.
05 Collection of PSTN configuration commands
The public switched telephone network (public switched telephone network), its application can be divided into two types, one is the dial-on-demand (DDR) interconnection between institutions at the same level; the other is the ISP dial-up Internet access To provide users with the ability to remotely access the Services.
1. Global setting command
2. Basic interface setting commands
DDR(dial-on-demand routing),(xxx)
06 Basic configuration of switches and routers
X.25 defines the telephone network for data communications, and each X.25 port assigned to a user has an X.121 address.
07 Collection of PPP configuration commands
PPP provides router-to-router and host-to-network connections across synchronous and asynchronous circuits.
CHAP (Challenge Handsome authentication protocol) and PAP (password authentication protocol) are usually used to provide security authentication on PPP-encapsulated serial lines.
Set the DCE side line speed: clockrate speed
08 FR (Frame Relay) configuration command collection
An interface protocol for statistically multiplexed packet-switched data communications with variable-length packets and no flow control or error correction.
09 Firewall Configuration Command Collection
A firewall is a device that helps ensure information security, allowing or restricting the transmission of data according to specific rules.
A firewall can be a piece of dedicated hardware or a set of software built on general hardware.
user mode: pixfirewall>
Privileged mode: After typing enable, pixfirewall#
Configuration mode: After typing config terminal, pixfirewall(config)#
Monitor mode: In the process of powering on or restarting the PIX firewall, press and hold the escape key or send a "break" character to enter the monitor mode, where you can update the OS image and restore the password, monitor>.
firewall(config)#firewall enable | disable: enable or disable the firewall
1. General configuration
(1) Configure the name of the firewall and specify the security level (nameif)
Firewall(config)# nameif ethernet0 outside security0
Firewall(config)# nameif ethernet0 inside security100
Firewall(config)# nameif ethernet0 dmz security50
The security level of the external interface is 0, and the security level of the internal interface is 100. The security level ranges from 1 to 99, and the larger the number, the higher the security level.
Add new interface:
Firewall(config)# nameif pix/intf3 security40
(2) Configure Ethernet port parameters (interface)
Firewall(config)# interface ethernet0 auto #adaptive network card type
Firewall(config)# interface ethernet0 100full #100M/bs full-duplex communication
Firewall(config)# interface ethernet0 100full shutdown#Close this port
(3) Configure the IP address of the internal and external network cards
Firewall(config)# ip address outside 61.144.51.42 255.255.255.248
Firewall(config)# ip address inside 192.168.1.1 255.255.255.0
2. Network Address Translation
(1) Specify the internal address to be translated (nat)
nat (if-name) nat-id local-ip [netmask]
if-name: Indicates the name of the internal network interface, such as inside
nat-id: Indicates the global address pool, so that it matches its corresponding global command
local-ip: Indicates the IP address of the host on the intranet, such as 0.0.0.0 means that all hosts on the intranet can access the outside world
(2) Specify the external address range (global)
Global (if-name) nat-id ip_addr-ip_addr [netmask global_mask]
(3) Set static routing (route) pointing to the internal network and external network
Route (if-name) 0 0 gateway_ip [metric]
Metric: Indicates the number of hops to the gateway, usually the default value is 1
(4) Configure static IP address translation (static)
Static (internal_if_name , external_if_name) outside_ip_addr inside_ip_addr
3. Access Control Technology
(1) firewall default command
firewall default {permit | deny}: Indicates that the default filter attribute is set to "permit" or "forbidden"
(2) ip access-group command
[no] ip access-group listnumber {in | out}
listnumber is the rule number, 1-199
in indicates that the rule is used to filter packets received from the interface
out indicates that the rule is used to filter packets forwarded from the interface
no can delete the corresponding settings and related commands
(3) settr command
Settr begin-time end-time #Used to set or cancel a special time period
For example, set the time period as 8:30-12:00, 14:00-17:00, then
Firewall(config)# settr 8:30 1200 14:00 17:00
(4) show access-list command
show access-list [all | listnumber | interface interface-name] #Display the specified rules, and at the same time, you can view the rules to filter packets
(5) show firewall command
show firewall #Display firewall status
(6) conduit pipeline command
The conduit command is used to allow data flow from an interface with a lower security level to an interface with a higher security level.
conduit permit|deny global_ip port[-port] protocol foreign_ip
[netmask]
global_ip: refers to the global ip address previously defined by global or static
foreign_ip: Indicates the external ip that can access global_ip.
port: The port used by the service, such as 80 for www, 25 for smtp, etc.
For example:
Firewall(config)# conduit permit icmp any any # Allow icmp messages to pass internally and externally
(7) Configure the fixup protocol
Fixup is to enable, disable or change a service or protocol through pix firewall. For example: [no] fixup protocol ftp 21 #Enable the ftp protocol, and specify the port number of ftp as 21.
(8) Set Telnet
telnet local-ip [netmask]
local-ip is the ip address authorized to access the pix through telnet, if this item is not set, the configuration of pix can only be done by console.
Finishing: Lao Yang 丨 10-year senior network engineer, more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club