Sergej Bogomolov. Operacionnaya sistema marshrutizatorov CISCO Sergej Bogomolov Original etogo dokumenta lezhit na stranice Sergeya Bogomolova, i tam postoyanno ispravlyaetsya i popolnyaetsya. Luchshe shodite tuda. http://www.bog.pp.ru/work/cisco_ios.html ¡ http://www.bog.pp.ru/work/cisco_ios.html http://www.bog.pp.ru./work/ios_lab.html ¡ http://www.bog.pp.ru./work/ios_lab.html Ssylki:
  • slovar' terminov
  • slovar' terminov Cisco
  • matrica versij
  • bezopasnost'
  • lokal'naya dokumentaciya na IOS 11.0 na CD-ROM
  • IOS 11.0 na CD-ROM na www.cisco.com
  • IOS 11.1 na CD-ROM na www.cisco.com
  • IOS 11.2 na CD-ROM na www.cisco.com
  • informaciya ob IOS na servere Cisco
  • novosti o softe
  • obshchee opisanie produkta - otlichiya v naborah vozmozhnostej i versiyah
  • razlichie v naborah vozmozhnostej dlya razlichnyh modelej i trebovaniya k resursam (pamyat'/flesh) dlya versij 11.1 i 11.2
  • informaciya ob IOS dlya znayushchih parol'

    Nabory vozmozhnostej (feature set) dlya versii 11.1 (12)

    YA rassmatrivayu tol'ko mladshie serii (Cisco 2500, AS5100), pro ATM ni slova, pro IBM protokoly tozhe)(potrebnosti v pamyati dany dlya Cisco 2500 - ispolnenie iz flesha)(RMON alarm and events realizovany dazhe dlya naborov, v kotoryh net RMON):

    1. igs-i-l(4 FLASH, 4 DRAM): IP
    2. igs-im-l(4 FLASH, 4 DRAM): IP/RMON
    3. igs-ir-l(8/4): IP/IBM Base
    4. igs-imr-l(8/4): IP/IBM/RMON
    5. igs-in-l(8/4): IP/IPX
    6. igs-imn-l(8/4): IP/IPX/RMON
    7. igs-inr-l(8/4): IP/IPX/IBM Base
    8. igs-imnr-l(8/4): IP/IPX/IBM/RMON
    9. igs-ainr-l(8/8): IP/IPX/IBM/APPN
    10. igs-d-l(8/4): Desktop (s etogo urovnya nachinaetsya AppleTalk, DECnet IV)
    11. igs-dr-l(8/4): Desktop/IBM Base
    12. igs-j-l(8/6): Enterprise (s etogo urovnya nachinaetsya ES-IS i IS-IS, DECnet V, Apoolo domain, VINES, ISO, XNS kerberos dlya login, translyaciya protokolov, Xremote)
    13. igs-jm-l(8/6): Enterprise/RMON
    14. igs-aj-l(16/8): Enterprise/APPN
    15. CFRAD(4/4) (Cisco Frame Relay Access Device)
    16. igs-p-l(4/4): Remote Access Server (net vsyakih IBMovskih i prochih nestandarnyh veshchej, zato est' vse, chto neobhodimo dlya normal'noj raboty, net RMONa,ISDN, OSPF, EGP, mosta, zato est' translyaciya protokolov, TN3270, Xremote, PAD, LAT, NETBEUI cherez PPP, avtokonfiguraciya modemov)
    17. igs-g-l(4/2): ISDN
    18. LAN FRAD(4/4)
    19. OSPF LAN FRAD(4/4)
    Oshibki versii 11.1 (tol'ko te, kotorye mne interesny)

    11.1(12)

    11.1(11)

    11.1(10)

    bolee starye modifikacii ya ne rassmatrivayu, no kolichestvo ih vpechatlyaet Nabory vozmozhnostej (feature set) dlya versii 11.0(16)(u menya est' tol'ko 11.0(14))

    Rassmatrivaetsya tol'ko Cisco 2500 (vse ochen' pohozhe na 11.1, potrebnosti v pamyati dany dlya Cisco 2500 - ispolnenie iz flesha) :

    1. IP(4 MB Flash/2 DRAM)
    2. IP/IBM Base(8/4)
    3. IP/IPX(4/4)
    4. IP/IPX/IBM Base(8/4)
    5. IP/IPX/IBM APPN(8/8)
    6. Desktop(8/4)
    7. Desktop/IBM Base(8/4)
    8. Enterprise(8/6)
    9. Enterprise/APPN(8/8)
    10. CFRAD(4/2)
    11. ISDN(4/2)
    12. LAN FRAD(8/4)
    13. Remote Access Server(4/4)
    Oshibki versii 11.0(tol'ko te, kotorye mne interesny)

    11.0(16):

    11.0(14):

    11.0(13):

    11.0(12):

    11.0(11) i ranee:

    Nabory vozmozhnostej (feature set) dlya versii 11.2 (7a)(u menya est' tol'ko 11.2(05))

    Dlya versii 11.2 parallel'no vedutsya 3 vetki: 11.2 (naibolee stabil'naya, tol'ko ispravleniya oshibok), 11.2 P (ispravlenie oshibok i novoe oborudovanie), 11.2 F (ispravlenie oshibok, novoe oborudovanie i mezhplatformennaya sovmestimost').

    Trebovaniya k pamyati (dlya versii 11.2 Cisco 2500):

    Imena fajlov sm. v http://www.cisco.com/univercd/data/doc/software/11_2/relnotes/rn112.htm

    Image Name Mapping from Release 11.1 to Release 11.2
    Image Name in Release 11.1 or Earlier Image Name in Release 11.2
    Cisco 1005
    c1005-bnxy-mz
    c1005-bny-mz
    c1005-bxy-mz
    c1005-by-mz
    c1005-nxy-mz
    c1005-ny-mz
    c1005-xy-mz
    c1005-y-mz
    c1005-xy2-mz
    c1005-y2-mz
    Cisco 2500 Series
    IP/IPX/IBM/APPN
    igs-ainr-l
    c2500-ainr-l
    Enterprise/APPN
    igs-aj-l
    c2500-ajs-l
    igs-c-l
    c2500-c-l
    Desktop
    igs-d-l
    c2500-d-l
    Desktop/IBM Base
    igs-dr-l
    c2500-ds-l
    igs-f-l
    c2500-f-l
    igs-fin-l
    c2500-fin-l
    ISDN
    igs-g-l
    c2500-g-l
    IP
    igs-i-l
    c2500-i-l
    IP/RMON
    igs-im-l
    c2500-is-l
    IP/IPX/RMON
    igs-imn-l
    c2500-ds-l
    IP/IPX/IBM/RMON
    igs-imnr-l
    c2500-ds-l
    IP/IBM/RMON
    igs-imr-l
    c2500-is-l
    IP/IPX
    igs-in-l
    c2500-d-l
    IP/IBM Base
    igs-ir-l
    c2500-is-l
    IP/IPX/IBM base
    igs-inr-l
    c2500-ds-l
    Enterprise/RMON
    igs-jm-l
    c2500-js-l
    Enterprise
    igs-j-l
    c2500-j-l
    Cisco AS5200
    as5200-iz-l
    c5200-is-l
    as5200-dz-l
    c5200-ds-l
    as5200-jmz-l
    c5200-js-l
    Cisco 4000 Series
    xx-ainr-mz
    c4000-ainr-mz
    xx-aj-mz
    c4000-ajs-mz
    xx-d-mz
    c4000-d-mz
    xx-dr-mz
    c4000-ds-mz
    xx-i-mz
    c4000-is-mz
    xx-in-mz
    c4000-d-mz
    xx-inr-mz
    c4000-ds-mz
    xx-ir-mz
    c4000-is-mz
    xx-j-mz
    c4000-j-mz
    Cisco 4500 Series
    c4500-aj-mz
    c4500-ajs-mz
    c4500-dr-mz
    c4500-ds-mz
    c4500-ir-mz
    c4500-is-mz
    c4500-in-mz
    c4500-d-mz
    c4500-inr-mz
    c4500-ds-mz
    Cisco 7000 Series
    gs7-aj-mz
    c7000-aj-mz
    gs7-ajv-mz
    c7000-ajv-mz
    gs7-jv-mz
    c7000-jv-mz
    gs7-j-mz
    c7000-j-mz
    Cisco 7200 Series
    c7200-aj-mz
    c7200-ajs-mz
    c7200-dr-mz
    c7200-ds-mz
    c7200-j-mz
    c7200-js-mz
    Cisco 7500 Series and Cisco 7000 with RSP7000
    rsp-aj-mz
    rsp-ajsv-mz
    rsp-j-mz
    rsp-jsv-mz
    rsp-ajv-mz
    rsp-ajsv-mz
    rsp-jv-mz
    rsp-jsv-mz

    Kazhdyj nabor mozhet imet' 4 modifikacii: bazovaya, rasshirennaya (PLUS), shifrovka 40 bit, shifrovka 56 bit (ne na kazhdoj platforme vozmozhny opredelennye pakety i ih modifikacii):

    1. c2500-i- IP: parallel'naya marshrutizaciya i most, GRE, sovmeshchennaya marshrutizaciya i most (nachinaya s 11.2), IP, LAN extention host, multiring, prozrachnye i perevodnye mosty, VLAN (ISL i IEEE 802.10 - tol'ko Cisco 4500 i s versii 11.2 i modifikaciya Plus), Combinet Packet Protocol (CPP - s versii 11.2), Dialer Profiles (s versii 11.2), Frame Relay, Frame Relay Traffic shaping (s 11.2), polumost/polumarshrutizator (s 11.2), HDLC, PPP, SMDS, switched 56, X.25, polosa propuskaniya po zaprosu, nastraivaemye prioritety ocheredej, dial backup, dial-on-demand, szhatie zagolovka, soedineniya i payroll(?), snapshot routing, weighted fair queuing, BGP, BGP4 (s 11.2), EGP, IGRP, enhanced IGRP, optimizaciya EIGRP (s 11.2), poimennovannye IP ACL (s 11.2), translyaciya setevyh adresov (s 11.2 i Plus), NHRP, marshrutizaciya po zaprosu (s 11.2), OSPF, OSPF Not-So-Stubby-Areas (s 11.2), OSPF on demand circuit (RFC 1793 - s 11.2), PIM (protocol independent multicast), policy based routing, RIP, RIP2 (s 11.1), generic traffic shaping (s 11.2), Random Early Detection (RED - s 11.2), resource reservation protocol (RSVP - s 11.2), AutoInstall, avtomaticheskaya konfiguraciya modemov (s 11.1), HTTP-server (s 11.2), RMON events and alarms (s 11.1), polnyj RMON (tol'ko 2500, s 11.2 i Plus), SNMP, telnet, spiski dostupa, rasshirennye spiski dostupa, Lock and Key (s 11.2), MAC security for hubs (s 11.2), MD5 routing authentication, shifrovka na setevom urovne (tol'ko modifikaciya encrypt), RADIUS (s 11.1), TACACS+, asynchronous master interfaces, PPP, SLIP, CPPP, CSLIP, DHCP, IP pooling, rlogin, telnet, X.25 PAD
    2. c2500- IP/IPX(etot nabor otsutstvuet dlya 11.2): dobavleno IPX, IPXWAN 2.0, ISDN, IPX RIP, NLSP, IPXCP
    3. c2500- Desktop(IP/IPX/AppleTalk/DEC): dobavleno AppleTalk 1 i 2, DECnet IV, Virtual Private Dial-UP network (s 11.2), AURP, RTMP, SMRP, ARAP 1.0/2.0, ATCP, MacIP
    4. c2500- Enterpise: dobavleno Apollo Domain, Banyan Vines, DECnet V, OSI, XNS, Frame Relay SVC (s 11.2), multichassis multilink PPP (MPP - s 11.2), ES-IS, IS-IS, SRTP, Kerberos login (s 11.1), podderzhka klientov Kerberos V (s 11.2), translyaciya protokolov (LAT, telnet, PPP, rlogin, X.25, TN3270), IPX i ARAP na virtual'nyh asinhronnyh interfejsah, NASI (s 11.1), NetBEUI poverh PPP (s 11.1), LAT, TN3270, Xremote
    5. c2500- Enterprise and APPN
    6. c2500- IP/IPX/IBM and APPN
    7. c2500- Desktop/IBM and APPN

    Dlya Cisco 1000 i 1600 (tol'ko 11.1 i 11.2):

    1. IP
    2. IP/IPX
    3. IP/Apple Talk
    4. IP/IPX/Apple Talk

    Dlya Cisco 1005:

    1. IP/OSPF/PIM
    2. IP/Async
    3. IP/IPX/Async

    Dlya Cisco 2500 i AS5100 dopolnitel'no:

    1. c2500- CFRAD
    2. c2500- LAN FRAD
    3. c2500- ISDN
    4. c2500-p- Remote Access Server (2509-2512 i AS5100): AppleTalk 1 i 2 (s 11.2), DECnet IV (tol'ko 11.0), GRE, sovmeshchennaya marshrutizaciya i most (nachinaya s 11.2), IP, multiring, IPX, source-route bridging (s 11.2), prozrachnyj most (s 11.2), prozrachnye i perevodnye mosty, CPP (s 11.2), dialer profiles (s 11.2), Frame Relay, Frame Relay Traffic shaping (s 11.2), polumost/polumarshrutizator (s 11.2), HDLC, IPXWAN 2.0, multichassis multilink PPP (MPP - s 11.2), PPP, switched 56, Virtual Private Dial-UP network (s 11.2), X.25, polosa propuskaniya po zaprosu, nastraivaemye prioritety ocheredej, dial backup, dial-on-demand, szhatie zagolovka, soedineniya i payroll(?), snapshot routing, weighted fair queuing, BGP (tol'ko 11.0), BGP4 net sovsem, EGP (tol'ko 11.0), EIGRP, optimizaciya EIGRP (s 11.2), IGRP, NHRP (tol'ko 11.0), marshrutizaciya po zaprosu (s 11.2), OSPF (tol'ko 11.0), PIM, policy based routing, RIP, RIP2 (s 11.1), AURP, IPX RIP, RTMP, generic traffic shaping (s 11.2), utoInstall, avtomaticheskaya konfiguraciya modemov (s 11.1), HTTP-server (s 11.2), RMON events and alarms (s 11.1), SNMP, telnet, piski dostupa, rasshirennye spiski dostupa, Lock and Key (s 11.1), MD5 routing authentication, RADIUS (s 11.1), TACACS+, translyaciya protokolov (LAT, telnet, PPP, rlogin, X.25, TN3270), ARAP 1.0/2.0, asynchronous master interfaces, PPP, SLIP, CPPP, CSLIP, ATCP, DHCP, IP pooling, IPX i ARAP na virtual'nyh asinhronnyh interfejsah, IPXCP, MacIP, NASI (s 11.1), NetBEUI poverh PPP (s 11.1), login, telnet, X.25 PAD, LAT, TN3270, Xremote
    Oshibki v versii 11.2 (tol'ko te, kotorye menya zadevayut).

    11.2(7):

    11.2(6):

    11.2(5):

    11.2(4) i nizhe:

    Otlichiya v versiyah (X.25, DECnet, AppleTalk, VINES , IBM , ATM ne opisany)

    Novoe v versii 11.0 (nachinaya s 11.0(11) tol'ko ispravlyayutsya oshibki):

    Novoe v versii 11.1 (nachinaya s 11.1(6) tol'ko ispravlyayutsya oshibki):

    Novoe v versii 11.2:

    Pokupka IOS

    Zakazyvat' nado produkt s nomerom, zakanchivayushchimsya na znak ravenstva.

    IOS mozhno zakazat' v treh formah:

    1. DOS disketta (EPROM, Flash);
    2. CD-ROM
    3. zagruzka s TFTP servera (tol'ko dlya ustrojstv s flesh-pamyat'yu).

    Nomer produkta opredelyaetsya tak:

    Postavka osushchestvlyaetsya v vide paketov vozmozhnostej (feature packs) - CD-ROM s odnim ili neskol'kimi obrazami IOS i installyacionnoj programmoj dlya MS Windows 95, instrukciya po ustanovke (v t.ch. ispol'zovanie TFTP vmesto installyacionnoj programmy), licenziya, CD-ROM s dokumentaciej. Tekushchee sostoyanie

         Na nashih marshrutizatorah stoit IOS versii 11.1 (12) na vnutrennih i 11.2(5) na vneshnej, hotya uzhe vypushchena 11.2(7a) 18-jul-97 -  na vnutrennih ne hvataet flesha pod versiyu 11.2. pristupaem k rabote

         Vynimaem zhelezku, podklyuchaem terminal (ili PC s TELEMATE) k konsol'nomu portu (ili vspomogatel'nyj port ranee skonfigurirovannoj kiski i zahodim obratnym telnetom), vse nuzhnye nam kabeli (sinhronnyj, Ethernet, modemy), vklyuchaem pitanie i nachinaem konfigurirovanie. Pri pervom vklyuchenii IOS pytaetsya skachat' konfiguraciyu iz global'noj seti - mozhno podozhdat' neskol'ko minut, chtoby dat' ej ponyat', chto na tom konce nichego net, ili vremenno otsoedinit' sinhronnyj kabel'. Poterpev neudachu, IOS predlagaet vypolnit' komandu setup - soglashajtes'! V etom sluchae IOS zadaet vam neskol'ko voprosov i samostoyatel'no konfiguriruetsya.

    Konfigurirovanie osushchestvlyaetsya sleduyushchimi sposobami:

    1. komandnyj interfejs:
      telnet imya-kiski
      imya-kiski>
      • s terminala: conf term
      • NVRAM: conf memory
      • iz seti: conf network
    2. cherez WWW (nachinaya s versii 11.0(6), 11.1(5), ne vse vozmozhnosti): ip http server
    3. ClickStart (standartnye konfiguracii).

       Obshchie svedeniya o komandnom yazyke:

    1. help - v lyuboj moment mozhno vvesti "?" - kiska v otvet vydast spisok komand ili operandov;
    2. lyuboe klyuchevoe slovo ili imya mozhno sokrashchat' do minimal'no vozmozhnogo;
    3. esli terminal normal'no nastroen, to mozhno redaktirovat' komandnuyu stroku kak v emacs ili bash.
    4. pochti kazhduyu komandu mozhno predvaryat' slovom no.

       Urovni privilegij: predusmotreno 16 urovnej privilegij - ot 0 do 15. Esli ne proizvodit' dopolnitel'noj nastrojki, to uroven' 0 - eto uroven' pol'zovatelya: dostupny tol'ko "bezopasnye" komandy. Uroven' 15 - eto uroven' supervizora: dostupny vse komandy. Perehodim s urovnya na uroven' po komande:
       epable
    [nomer urovnya]
    Lyubuyu komandu mozhno perevesti na uroven', otlichnyj ot standartnogo; lyubomu pol'zovatelyu mozhno naznachit' opredelennyj uroven', ustanavlivaemyj pri vhode na kisku etogo pol'zovatelya; takim obrazom prava pol'zovatelej mozhno tonko nastraivat' (tol'ko help-om pri etom tyazhelo pol'zovat'sya :(

    Rezhimy komandnogo yazyka:

    1. Rezhim pol'zovatelya
    2. Privilegirovannyj rezhim:
      1. verhnij uroven'
      2. rezhim global'noj konfiguracii
        1. sobstvenno verhnij uroven' konfigurirovaniya
        2. konfigurirovanie interfejsa
          1. konfigurirovanie interfejsa
          2. konfigurirovanie podinterfejsa (serial  v rezhime Frame Relay)
        3. konfigurirovanie kontrollera (T1)
        4. konfigurirovanie haba (cisco 2500 - ethernet)
        5. konfigurirovanie spiska kart (ATM i FrameRelay)
        6. konfigurirovanie klassa kart (Quality of Service over Switched Virtual Circuit - ATM, FrameRelay ili dialer)
        7. konfigurirovanie linij
        8. konfigurirovanie marshrutizatora (bgp, egp, igrp, eigrp, is-is, iso-igrp, mobile, OSPF, RIP, static)
        9. konfigurirovanie IPX-marshrutizatora
        10. konfigurirovanie  kart marshrutizatora
        11. konfigurirovanie klyuchevyh cepochek s ego podrezhimami (RIP authentication)
        12. konfigurirovanie generatora otchetov o vremeni otveta
        13. konfigurirovanie BD LANE (ATM)
        14. rezhim komand APPN s ego podrezhimami (advance peer-to-peer Networking -  vtoroe pokolenie SNA)
        15. rezhim komand prisoedineniya kanala IBM s ego podrezhimami (Cisco 7000 s CIP)
        16. rezhim komand servera TN3270
        17. konfigurirovanie spiskov dostupa (dlya imenovanyh IP ACL)
        18. rezhim shestnadcaterichnogo vvoda (zadanie publichnogo klyucha dlya shifrovki)
        19. konfigurirovanie kart shifrovki
      3. ROM monitor (nazhat' break v pervye 60 sekund zagruzki, tozhe est' help).
    Redaktirovanie komandnoj stroki

    Kommentarii nachinayutsya s vosklicatel'nogo znaka, no v NVRAM ne sohranyayutsya.

    Zadat' razmer istorii komand: terminal history size razmer

    Predydushchaya/sleduyushchaya komanda: Ctrl-P/Ctrl-N ili sstrelka vverh/vniz

    Vklyuchit'/vyklyuchit' redaktirovanie:
    [no] terminal editing

    simvol vpered/nazad: Ctrl-F/Ctrl-B ili strelka vpered/nazad

    v nachalo/konec stroki: Ctrl-A/Ctrl-E

    na slovo vpered/nazad: Esc F/Esc B

    razvertyvanie komandy: Tab ili Ctrl-I

    vspomnit' iz bufera/vspomnit' sleduyushchij: Ctrl-Y/Esc Y

    udalit' simvol sleva ot kursora/pod kursorom: Delete/Ctrl-D

    udalit' vse simvoly do nachala stroki/konca stroki: Ctrl-U/Ctrl-K

    udalit' slovo sleva ot kursora/sprava ot kursora: Ctrl-W/Esc D

    pererisovat' stroku: Ctrl-L/Ctrl-R

    pomenyat' simvoly mestami: Ctrl-T

    ekranirovanie simvola: Ctrl-V ili Esc Q Rabota s flesh-pamyat'yu (v nej lezhit i iz nee vypolnyaetsya IOS) i NVRAM (konfiguraciya)

    Na kiske rabotaet TRI programmy: ROM monitor (eto zagruzchik i otladchik - tupoj do bezobraziya - popadaem v nego esli sootvetstvuyushchim obrazom ustanovlen registr konfiguracii ili nazhal BREAK vo vremya zagruzki i eto ne zapreshcheno); sistema v ROM (urezannaya i ochen' staraya sistema IOS - 9.1 - esli ne udalos' najti bolee podhodyashchuyu vo flesh ili po seti ili ruchnaya zagruzka iz ROM monitora) i sistema vo flesh - versiya, kotoruya sam postavil.

    V rukovodstve delaetsya preduprezhdenie, chto na Sun'e server TFTP dolzhen byt' nastroen tak, chtoby generirovat' i proveryat' kontrol'nye summy UDP (ya nichego ne delal). Vezde vmesto TFTP mozhno ispol'zovat' rcp (rsh), no mne lenivo sledit' za bezopasnost'yu v etom sluchae.

    Posmotret', chto tam lezhit: show flash all

    System flash directory:
    File  Length   Name/status
            addr      fcksum  ccksum
      1   3243752  igs-i-l.110-1
            0x40      0xB5C4  0xB5C4
    [3243816 byt