informaciya
ob IOS dlya znayushchih parol'
�Nabory vozmozhnostej (feature set) dlya versii 11.1 (12)�
YA
rassmatrivayu tol'ko mladshie serii (Cisco 2500, AS5100), pro ATM ni
slova, pro IBM protokoly
tozhe)(potrebnosti v pamyati dany dlya Cisco 2500 -
ispolnenie iz flesha)(RMON alarm and events
realizovany dazhe dlya naborov, v kotoryh net RMON):
-
igs-i-l(4 FLASH, 4 DRAM): IP
-
igs-im-l(4 FLASH, 4 DRAM): IP/RMON
-
igs-ir-l(8/4): IP/IBM Base
-
igs-imr-l(8/4): IP/IBM/RMON
-
igs-in-l(8/4): IP/IPX
-
igs-imn-l(8/4): IP/IPX/RMON
-
igs-inr-l(8/4): IP/IPX/IBM Base
-
igs-imnr-l(8/4): IP/IPX/IBM/RMON
-
igs-ainr-l(8/8): IP/IPX/IBM/APPN
-
igs-d-l(8/4): Desktop (s etogo urovnya
nachinaetsya AppleTalk, DECnet IV)
-
igs-dr-l(8/4): Desktop/IBM Base
-
igs-j-l(8/6): Enterprise (s etogo urovnya
nachinaetsya ES-IS i IS-IS, DECnet V, Apoolo domain, VINES, ISO, XNS
kerberos dlya login,
translyaciya
protokolov, Xremote)
-
igs-jm-l(8/6): Enterprise/RMON
-
igs-aj-l(16/8): Enterprise/APPN
-
CFRAD(4/4) (Cisco Frame Relay Access Device)
-
igs-p-l(4/4): Remote Access Server (net
vsyakih IBMovskih i prochih
nestandarnyh veshchej, zato est' vse, chto
neobhodimo dlya
normal'noj raboty, net RMONa,ISDN, OSPF, EGP,
mosta, zato est'
translyaciya
protokolov, TN3270, Xremote, PAD, LAT, NETBEUI
cherez PPP,
avtokonfiguraciya modemov)
-
igs-g-l(4/2): ISDN
-
LAN FRAD(4/4)
-
OSPF LAN FRAD(4/4)
�Oshibki versii 11.1 (tol'ko te, kotorye mne interesny)�
11.1(12)
-
esli razreshen uchet
soedineniya, no ne razreshen uchet exec, to pri 2-om
soedinenii
pol'zovatelya Cisco
peregruzhaetsya.
-
ne
poderzhivaetsya interrupt-level IP fragmentation
-
DHCP proxy-client ne
obrabatyvaet DHCP pakety ot servera s
DHCP-opciej ravnoj nulyu
-
RADIUS CLASS attribut
razrushaetsya, chto ne
pozvolyaet
ispol'zovat' MERIT server
-
aaa accounting system start-stop tacacs+ ne
vsegda peredaet soobshchenie "system restarted" (ne
uspevaet ustoyat'sya tablica
marshrutizacii) -
ispol'zujte: ip host-routing
-
show accounting mozhet vyzvat'
perezagruzku
-
problema pri otsutsvii svyazi s RADIUS
serverom (ne
predlagaet vvesti enable password)
-
problemy s shifrovkoj dlinnyh (bol'she 11
simvolov) parolej
administratora - mozhet
obrezat'sya do 11 simvolov
-
snmp-server trap-source rabotaet
neverno
-
pool manager ihogda pozhiraet pamyat' I/O
-
groh po komande no boot system flash
(vvedite polnoe imya fajla)
-
vklyuchenie szhatiya STAC na async linii mozhet
podvesit' Cisco
-
nel'zya
ispol'zovat' ping s paketom 2048 bajt
-
otklyuchenie 10Base2 kabelya ne
opuskaet interfejs
-
tunel' ne rabotaet, esli bandwidth bol'she 2048
-
icmp redirect ne
posylaetsya, esli vhodnoj paket tipa ECHO-REPLY
-
BGP s
rasshirennym ACL i default-originate route-map
grohaetsya
-
pri nekotoryh usliviyah
staticheskij marshrut so
sleduyushchim uzlom,
dostizhimym cherez
staticheskij marshrut, ne
zanositsya v tablicu
-
ne rabotaet trace na
sobstvennyj ip-adres
-
ne rabotaet szhatie
zagolovkov TCP na vyhodnyh liniyah PPP
-
nadezhnyj PPP-rezhim ne rabotaet na
asinhronnyh liniyah
-
szhatie zagolovkov TCP ne
sovmestimo s multilink TCP, a
preduprezhdeniya ob etom ne
delaetsya
11.1(11)
-
exec-timeout vyrubaet dazhe
aktivnyj telnet (libo
vernites' k 11.1(10), libo
postav'te 0)
-
BGP i OSPF rabotayut
nestabil'no
-
ip igmp query-interval 0
podveshivaet sistemu
-
nizkoskorostnye sync/async porty
nesposobny
obrabatyvat' pakety razmerom bol'she 1500
(postav'te na oboih koncah MTU men'she 1498)
11.1(10)
-
reset script modema ne
vypolnyaetsya, esli PPP-sessiya
zavershilas' normal'no
-
tacacs+ vyzyvaet pozhiranie pamyati
(nachinaya s versiii 11.0(10)
-
inogda byvaet Bus Error
-
inogda telnet zamiraet na 20 sekund,
nazhmite lyubuyu klavishu
-
show ip bgp iconsistence-as inogda
perezagruzhaet kisku
-
rasshirennyj ACL inogda
propuskaet fragmenty, esli
vklyuchena
zhurnalizaciya
-
po no shutdown dlya group async kiska inogda
perezagruzhaetsya
-
esli est' PPP, to inogda
proishodit Bus error
bolee starye
modifikacii ya ne
rassmatrivayu, no
kolichestvo ih
vpechatlyaet
�Nabory
vozmozhnostej (feature set) dlya versii 11.0(16)(u menya
est' tol'ko 11.0(14))�
Rassmatrivaetsya tol'ko Cisco 2500 (vse ochen'
pohozhe na 11.1,
potrebnosti v pamyati dany dlya Cisco 2500 -
ispolnenie iz flesha) :
-
IP(4 MB Flash/2 DRAM)
-
IP/IBM Base(8/4)
-
IP/IPX(4/4)
-
IP/IPX/IBM Base(8/4)
-
IP/IPX/IBM APPN(8/8)
-
Desktop(8/4)
-
Desktop/IBM Base(8/4)
-
Enterprise(8/6)
-
Enterprise/APPN(8/8)
-
CFRAD(4/2)
-
ISDN(4/2)
-
LAN FRAD(8/4)
-
Remote Access Server(4/4)
�Oshibki versii 11.0(tol'ko te, kotorye mne interesny)�
11.0(16):
-
service password-encription
obrezaet paroli do 11 simvolov
-
esli serial
ustanovlen v loopback
apparatnym signalom, to chtoby vyvesti ego iz etogo
sostoyaniya, nado vydat' komandu no loopback
11.0(14):
-
Cisco 2511 inogda
perezagruzhaetsya so slovami sched-3-pagezero: low memory
-
vklyuchenie TACACS+ privodit k
pozhiraniyu pamyati (poyavilos' v versii 11.0(10)
-
inogda byvaet bus error
-
OSPF inogda privodit k krahu
-
rasshirennyj ACL inogda
propuskaet fragmenty, esli
vklyuchena
zhurnalizaciya
-
esli est' PPP, to inogda
proishodit Bus error
-
inogda podvisaet async
kontroller vmeste s 4 modemami
11.0(13):
-
kogda pinguesh'
sinhronnyj DDR s
ustanovlennym szhatiem HDLC,
marshrutizator
sbrasyvaetsya
-
perezagruzhaj kazhdye 3 nedeli, esli
ispol'zuetsya SPX
-
ne-TCP obratnoe
soedinenie mozhet vyzvat' groh
marshrutizatora (nachalos' s 11.0(11.1)
11.0(12):
-
pakety k TACAS+ mogut byt'
zaderzhany na 9 sekund, esli DNS ne
skonfigurirovan na
marshrutizatore (libo sdelajte no ip domain-lookup, libo
dobav'te IP adres TACACS+ servera k
lokal'noj tablice hostov)
-
esli zadacha zanyala men'she vremeni, chem
potrebovalos' chtoby
dostuchat'sya do TACACS+, to stop-zapis'
teryaetsya
-
esli alias rasshiritsya v stroku dlinnee 256, to
kiska grohnetsya
11.0(11) i ranee:
-
service compress-config mozhet
podveshivat'
-
ispol'zovanie DNS dlya poiska alias
grohaet kisku
-
ne nado govorit' ip address na
podklyuchennyj k PPP
interfejs
-
PAP ne rabotaet s TACACS+
-
na Cisco 2511 inogda srazu 4 porta menyayut DSR pri
odnom sobytii
-
encapsulation ppp (ili async mode dedicated)
privodit k pauze
neopredelennoj dliny, esli vydana dlya gruppy
-
pri tyazheloj zagruzke Cisco 2509-2511 mogut
zavisnut' ili bus error
-
inogda posle copy tftp running
otvalivaetsya
apparatnaya
sinhronizaciya
-
esli
ispol'zovat' autoselect v
kombinacii s TACACS+, to tablica
marshrutov budet soderzhat' tablicu
marshrutov dlya IP-adresa po
umolchaniyu, dazhe esli TACACS+ pomenyal etot adres
-
rasshirennyj ACL s
ispol'zovaniem konechnyh UDP adresov,
rabotaet neverno
�Nabory vozmozhnostej (feature set) dlya versii 11.2 (7a)(u menya
est' tol'ko 11.2(05))�
Dlya versii 11.2
parallel'no vedutsya 3 vetki: 11.2
(naibolee stabil'naya, tol'ko
ispravleniya oshibok), 11.2 P
(ispravlenie oshibok i novoe
oborudovanie), 11.2 F
(ispravlenie oshibok, novoe
oborudovanie i
mezhplatformennaya
sovmestimost').
Trebovaniya k pamyati (dlya versii 11.2 Cisco 2500):
-
Enterprise i vyshe: 8MB flash, 6MB DRAM
-
vse, chto nizhe: 8MB flash, 4MB DRAM. YA
rassmatrivayu tol'ko mladshie serii (Cisco 1000, 1600, 2500, 4000, AS5100,
AS5200), pro ATM ni slova, pro IBM
protokoly tozhe.
Imena fajlov sm. v
http://www.cisco.com/univercd/data/doc/software/11_2/relnotes/rn112.htm
Image
Name Mapping from Release 11.1 to Release 11.2
|
|
|
Cisco 1005 |
|
|
-
c1005-bnxy-mz
|
c1005-bny-mz |
|
-
c1005-bxy-mz
|
c1005-by-mz |
|
-
c1005-nxy-mz
|
c1005-ny-mz |
|
-
c1005-xy-mz
|
c1005-y-mz |
|
-
c1005-xy2-mz
|
c1005-y2-mz |
|
Cisco 2500 Series |
|
| IP/IPX/IBM/APPN |
-
igs-ainr-l
|
c2500-ainr-l |
| Enterprise/APPN |
-
igs-aj-l
|
c2500-ajs-l |
|
-
igs-c-l
|
c2500-c-l |
| Desktop |
-
igs-d-l
|
c2500-d-l |
| Desktop/IBM Base |
-
igs-dr-l
|
c2500-ds-l |
|
-
igs-f-l
|
c2500-f-l |
|
-
igs-fin-l
|
c2500-fin-l |
| ISDN |
-
igs-g-l
|
c2500-g-l |
| IP |
-
igs-i-l
|
c2500-i-l |
| IP/RMON |
-
igs-im-l
|
c2500-is-l |
| IP/IPX/RMON |
-
igs-imn-l
|
c2500-ds-l |
| IP/IPX/IBM/RMON |
-
igs-imnr-l
|
c2500-ds-l |
| IP/IBM/RMON |
-
igs-imr-l
|
c2500-is-l |
| IP/IPX |
-
igs-in-l
|
c2500-d-l |
| IP/IBM Base |
-
igs-ir-l
|
c2500-is-l |
| IP/IPX/IBM base |
-
igs-inr-l
|
c2500-ds-l |
| Enterprise/RMON |
-
igs-jm-l
|
c2500-js-l |
| Enterprise |
-
igs-j-l
|
c2500-j-l |
|
Cisco AS5200 |
|
|
-
as5200-iz-l
|
c5200-is-l |
|
-
as5200-dz-l
|
c5200-ds-l |
|
-
as5200-jmz-l
|
c5200-js-l |
|
Cisco 4000 Series |
|
|
-
xx-ainr-mz
|
c4000-ainr-mz |
|
-
xx-aj-mz
|
c4000-ajs-mz |
|
-
xx-d-mz
|
c4000-d-mz |
|
-
xx-dr-mz
|
c4000-ds-mz |
|
-
xx-i-mz
|
c4000-is-mz |
|
-
xx-in-mz
|
c4000-d-mz |
|
-
xx-inr-mz
|
c4000-ds-mz |
|
-
xx-ir-mz
|
c4000-is-mz |
|
-
xx-j-mz
|
c4000-j-mz |
|
Cisco 4500 Series |
|
|
-
c4500-aj-mz
|
c4500-ajs-mz |
|
-
c4500-dr-mz
|
c4500-ds-mz |
|
-
c4500-ir-mz
|
c4500-is-mz |
|
-
c4500-in-mz
|
c4500-d-mz |
|
-
c4500-inr-mz
|
c4500-ds-mz |
|
Cisco 7000 Series |
|
|
-
gs7-aj-mz
|
c7000-aj-mz |
|
-
gs7-ajv-mz
|
c7000-ajv-mz |
|
-
gs7-jv-mz
|
c7000-jv-mz |
|
-
gs7-j-mz
|
c7000-j-mz |
|
Cisco 7200 Series |
|
|
-
c7200-aj-mz
|
c7200-ajs-mz |
|
-
c7200-dr-mz
|
c7200-ds-mz |
|
-
c7200-j-mz
|
c7200-js-mz |
|
Cisco 7500 Series and Cisco 7000 with RSP7000 |
|
|
-
rsp-aj-mz
|
rsp-ajsv-mz |
|
-
rsp-j-mz
|
rsp-jsv-mz |
|
-
rsp-ajv-mz
|
rsp-ajsv-mz |
|
-
rsp-jv-mz
|
rsp-jsv-mz |
Kazhdyj nabor mozhet imet' 4
modifikacii: bazovaya,
rasshirennaya (PLUS), shifrovka 40 bit,
shifrovka 56 bit (ne na kazhdoj
platforme vozmozhny
opredelennye pakety i ih
modifikacii):
-
c2500-i- IP:
parallel'naya
marshrutizaciya i most, GRE,
sovmeshchennaya
marshrutizaciya i most (nachinaya s 11.2), IP, LAN extention host, multiring,
prozrachnye i
perevodnye mosty, VLAN (ISL i IEEE 802.10 -
tol'ko Cisco 4500 i s versii 11.2 i
modifikaciya Plus), Combinet Packet Protocol (CPP - s
versii 11.2), Dialer Profiles (s versii 11.2), Frame Relay, Frame Relay Traffic
shaping (s 11.2),
polumost/polumarshrutizator (s 11.2), HDLC, PPP, SMDS, switched 56, X.25,
polosa
propuskaniya po zaprosu,
nastraivaemye
prioritety ocheredej, dial backup, dial-on-demand,
szhatie zagolovka,
soedineniya i payroll(?), snapshot routing, weighted fair queuing, BGP, BGP4
(s 11.2), EGP, IGRP, enhanced IGRP,
optimizaciya EIGRP (s 11.2),
poimennovannye IP ACL (s 11.2),
translyaciya setevyh adresov (s 11.2 i Plus), NHRP,
marshrutizaciya po zaprosu (s 11.2), OSPF, OSPF Not-So-Stubby-Areas (s 11.2),
OSPF on demand circuit (RFC 1793 - s 11.2), PIM (protocol independent multicast),
policy based routing, RIP, RIP2 (s 11.1), generic traffic shaping (s 11.2),
Random Early Detection (RED - s 11.2), resource reservation protocol (RSVP
- s 11.2), AutoInstall,
avtomaticheskaya
konfiguraciya modemov (s 11.1), HTTP-server (s 11.2), RMON events and alarms
(s 11.1), polnyj RMON (tol'ko 2500, s 11.2 i Plus), SNMP, telnet,
spiski dostupa,
rasshirennye spiski dostupa, Lock and Key (s 11.2), MAC security for hubs
(s 11.2), MD5 routing authentication,
shifrovka na setevom urovne (tol'ko
modifikaciya encrypt), RADIUS (s 11.1), TACACS+, asynchronous master interfaces,
PPP, SLIP, CPPP, CSLIP, DHCP, IP pooling, rlogin, telnet, X.25 PAD
-
c2500- IP/IPX(etot nabor
otsutstvuet dlya 11.2):
dobavleno IPX, IPXWAN 2.0, ISDN, IPX RIP, NLSP, IPXCP
-
c2500- Desktop(IP/IPX/AppleTalk/DEC):
dobavleno AppleTalk 1 i 2, DECnet IV, Virtual Private Dial-UP network (s
11.2), AURP, RTMP, SMRP, ARAP 1.0/2.0, ATCP, MacIP
-
c2500- Enterpise: dobavleno Apollo Domain, Banyan Vines, DECnet V, OSI, XNS,
Frame Relay SVC (s 11.2), multichassis multilink PPP (MPP - s 11.2), ES-IS,
IS-IS, SRTP, Kerberos login (s 11.1),
podderzhka klientov Kerberos V (s 11.2),
translyaciya protokolov (LAT, telnet, PPP, rlogin, X.25, TN3270), IPX i ARAP
na virtual'nyh
asinhronnyh
interfejsah, NASI (s 11.1), NetBEUI poverh PPP (s 11.1), LAT, TN3270, Xremote
-
c2500- Enterprise and APPN
-
c2500- IP/IPX/IBM and APPN
-
c2500- Desktop/IBM and APPN
Dlya Cisco 1000 i 1600 (tol'ko 11.1 i 11.2):
-
IP
-
IP/IPX
-
IP/Apple Talk
-
IP/IPX/Apple Talk
Dlya Cisco 1005:
-
IP/OSPF/PIM
-
IP/Async
-
IP/IPX/Async
Dlya Cisco 2500 i AS5100
dopolnitel'no:
-
c2500- CFRAD
-
c2500- LAN FRAD
-
c2500- ISDN
-
c2500-p- Remote Access Server (2509-2512 i AS5100): AppleTalk 1 i 2 (s 11.2),
DECnet IV (tol'ko 11.0), GRE,
sovmeshchennaya
marshrutizaciya i most (nachinaya s 11.2), IP, multiring, IPX, source-route bridging
(s 11.2), prozrachnyj most (s 11.2),
prozrachnye i
perevodnye mosty, CPP (s 11.2), dialer profiles (s 11.2), Frame Relay, Frame
Relay Traffic shaping (s 11.2),
polumost/polumarshrutizator (s 11.2), HDLC, IPXWAN 2.0, multichassis multilink
PPP (MPP - s 11.2), PPP, switched 56, Virtual Private Dial-UP network (s
11.2), X.25, polosa
propuskaniya po zaprosu,
nastraivaemye
prioritety ocheredej, dial backup, dial-on-demand,
szhatie zagolovka,
soedineniya i payroll(?), snapshot routing, weighted fair queuing, BGP
(tol'ko 11.0), BGP4 net sovsem, EGP (tol'ko 11.0), EIGRP,
optimizaciya EIGRP (s 11.2), IGRP, NHRP
(tol'ko 11.0),
marshrutizaciya po zaprosu (s 11.2), OSPF
(tol'ko 11.0), PIM, policy based routing, RIP, RIP2 (s 11.1), AURP, IPX RIP,
RTMP, generic traffic shaping (s 11.2), utoInstall,
avtomaticheskaya
konfiguraciya modemov (s 11.1), HTTP-server (s 11.2), RMON events and alarms
(s 11.1), SNMP, telnet, piski dostupa,
rasshirennye spiski dostupa, Lock and Key (s 11.1), MD5 routing authentication,
RADIUS (s 11.1), TACACS+,
translyaciya protokolov (LAT, telnet, PPP, rlogin, X.25, TN3270), ARAP 1.0/2.0,
asynchronous master interfaces, PPP, SLIP, CPPP, CSLIP, ATCP, DHCP, IP pooling,
IPX i ARAP na
virtual'nyh
asinhronnyh
interfejsah, IPXCP, MacIP, NASI (s 11.1), NetBEUI
poverh PPP (s 11.1), login, telnet, X.25 PAD, LAT, TN3270, Xremote
�Oshibki v versii 11.2 (tol'ko te, kotorye menya zadevayut).�
11.2(7):
-
inogda
perezagruzka po show accounting
-
v chat-script neverno
zapominayutsya cntrl-simvoly
-
esli ip identd i
ustanovlen tacacs+, to
perezagruzka, esli:
-
ispol'zuetsya vneshnij DNS
-
TACACS+ server upal
-
pol'zovatel' zashel cherez enable
-
vydal telnet
-
pri
formatirovanii flesha tipov A6, A7, AA on ne
raspoznaetsya (Intel 28F004S5/08S5/16S5)
-
pri udalenii ip default-network ne
udalyaetsya zapis' o gateway
-
Cisco 2511 cherez nedelyu raboty mozhet
skazat', chto net pamyati
11.2(6):
-
ne stoit delat' copy tftp flash mezhdu dvumya
kiskami
-
esli dialer dtr, to kiska ne
podnimaet signal DTR
-
asinhronnyj
kontroller inogda zavisaet
-
na
nizkoskorostnyh portah
obyazatel'no stavit' MTU men'she 1498
-
nepravil'nyj LCP NAK paket grohaet kisku
11.2(5):
-
telnet mozhet podvisat' na 20 sekund
-
rasshirennyj ACL inogda
propuskaet fragmenty, esli zadana
zhurnalizaciya
11.2(4) i nizhe:
-
pri vklyuchenii TACACS+
ponemnogu ischezaet pamyat' (nachinaya s 11.0(10)
-
nel'zya ochistit' telnet-sessiyu s
nepustym vhodnym buferom
-
inogda gruppa iz 4
posledovatel'nyh portov zavisaet
-
pozhiranie pamyati cherez 29 chasov raboty
-
bystro
zavershivshiesya zadachi ne popadayut v zhurnal ucheta tacacs+
-
obratnye soedineniya ne-TCP mogut
grohnut' kisku
-
pakety k TACAS+ mogut byt'
zaderzhany na 9 sekund, esli DNS ne
skonfigurirovan na
marshrutizatore (libo sdelajte no ip domain-lookup, libo
dobav'te IP adres TACACS+ servera k
lokal'noj tablice hostov)
�Otlichiya v versiyah (X.25, DECnet, AppleTalk, VINES , IBM , ATM ne opisany)�
Novoe v versii 11.0 (nachinaya s 11.0(11)
tol'ko
ispravlyayutsya oshibki):
-
uluchshenie v rabote s pulom IP-adresov - 11.0(3)
-
Multilink PPP dlya PPP
-
odnovremennoe
ispol'zovanie Flash raznyh
proizvoditelej - 11.0(3) - nuzhen
zagruzchik 10.2(7a)
-
PPP callback - 11.0(3)
-
kucha novogo v nachal'noj versii ne
opisana
Novoe v versii 11.1 (nachinaya s 11.1(6) tol'ko
ispravlyayutsya oshibki):
-
NHRP dlya IPX
-
bystraya ustanovka dlya
staticheskih marshrutov (dlya backup);
-
bystro-pereklyuchaemoe GRE (generic routing encapsulation);
-
RIPv2 (podmaski,
autentikaciya, multicast, vneshnie metki
marshruta);
-
peredacha informacii iz EIGRP v NLSP (IPX);
-
input access list dlya IPX;
-
per host route balancing dlya IPX;
-
NLSP aggregation (IPX);
-
inkapsulyaciya IPX v FDDI;
-
szhatie zagolovkov dlya IPX (30 bajt);
-
marshrutizaciya VLAN;
-
asinhronnyj ISDN (V.120);
-
NetBEUI cherez PPP (NBFCP);
-
avtokonfiguraciya modemov;
-
NASI - dial-out servis dlya IPX-setej;
-
ident (RFC 1413);
-
RADIUS;
-
Locks and keys -
s 11.1(1) -
dinamicheskaya generaciya ACL v
zavisimosti ot imeni
pol'zovatelya.
Novoe v versii 11.2:
-
marshrutizaciya po zaprosu (ODR) - men'she
nagruzka, na "gluhom"
marshrutizatore ne nado
konfigurirovat' protokol
marshrutizacii;
-
OSPF on demand (RFC 1793) -
pozvolyaet
ispol'zovat' OSPF cherez ISDN, X.25 SVC i
modemnye linii;
-
OSPF Not-So-Stubby-Areas (NSSA) -
pozvolyaet "tupikovym"
marshrutizatoram
importirovat' vneshnyuyu tablicu
marshrutov chastichno (naprimer, tol'ko default);
-
BGP4 soft configuration -
pozvolyaet
konfigurirovat' BGP4 bez sbrosa kesha;
-
BGP4 multipath support -
balansirovka zagruzki mezhdu mnogimi exterior BGP;
-
BGP4 prefix filtering with inbound route maps -
pozvolyaet zadat' uroven'
agregirovaniya vneshnih tablic
marshrutizacii;
-
Network Address Translation (NAT) -
pozvolyaet
podsoedinyat' hosty i podseti s
lokal'nymi IP adresami k Internet;
-
poimenovannye IP ACL;
-
integrated routing and bridging (IRB) -
pozvolyaet prodolzhit' VLAN cherez
interfejsy (IP, IPX, AppleTalk, tol'ko
prozrachnye mosty, ne dlya X.25 i ISDN, ne dlya Cisco 7000, ne
mozhet rabotat'
parallel'no s concurrent routing and bridging);
-
pokazat' SAP po imeni (IPX);
-
zhurnalizaciya narushenij IPX ACL;
-
imena protokolov i portov v IPX ACL;
-
konfiguraciya s pomoshch'yu HTTP servera (11.1(5));
-
ClickStart - bystraya
konfiguraciya Cisco 1000;
-
RSVP (protokol
rezervirovaniya resursov) - realtime multimedia
prilozheniya;
-
RED (Random Early Detection) -
pomogaet izbegat'
peregruzok seti (soobshchaet
prilozheniyam TCP, chtoby rabotali
pomedlennee);
-
generic traffic shaping -
pomogaet izbezhat'
peregruzok seti (na urovne 2),
priostanavlivaya otvetnye pakety;
-
router authetication;
-
shifrovka na setevom urovne;
-
optimizaciya EIGRP;
-
Frame Relay SVC;
-
traffic shaping over Frame Relay;
-
NetFlow switching (tol'ko Cisco 7000 i 7500 s Route Switche Processor) -
uskoryaet primenenie ACL i sbor
statistiki;
-
MMP (multichassis multilink PPP) -
rasparallelivanie PPP mezhdu
kanalami s raznyh kisok (vnutri odnoj bylo i
ran'she);
-
TACACS+ single connection (odno TCP
soedinenie na vse);
-
SENDAUTH v TACACS+
(uvelichenie
bezopasnosti);
-
VPDN - Virtual Private DialUp Network - po imeni PPP
organizuetsya tunnel' do domashnej seti
pol'zovatelya,
nezavisimo ot fiz. prirody
soedineniya i
bezopasnyj;
-
Dialer profiles;
-
CPP -
sobstvennyj protokol Combinet - szhatie i
raspredelenie nagruzki po
neskol'kim ISDN;
-
polumost/polumarshrutizator dlya CPP i PPP -
pozvolyaet
podsoedinyat' deshevye mosty k yadru seti.
�Pokupka IOS�
Zakazyvat' nado produkt s nomerom,
zakanchivayushchimsya na znak
ravenstva.
IOS mozhno zakazat' v treh formah:
-
DOS disketta (EPROM, Flash);
-
CD-ROM
-
zagruzka s TFTP servera (tol'ko dlya
ustrojstv s
flesh-pamyat'yu).
Nomer produkta
opredelyaetsya tak:
-
nachinaetsya na SF i NE
konchaetsya na znak ravenstva -
pervonachal'naya zagruzka na fabrike
-
nachinaetsya na SF i
zkanchivaetsya na znak
ravenstva - upgrade dlya Cisco 1003, 1004, 1005 dlya
zagruzki vo Flash
-
nachinaetsya na CD i
zakanchivaetsya na znak
ravenstva - upgrade dlya
ustrojstva, kotoroe poka soderzhit paket (feature set)
tol'ko IP;
-
nachinaetsya na SW i NE
zakanchivaetsya na znak
ravenstva - dlya zagruzki v novuyu
sistemu;
-
nachinaetsya na SW i
zakanchivaetsya na znak
ravenstva - upgrade dlya sistemy,
postavlennoj ranee na ROM ili
diskette;
-
nachinaetsya na FR - licenziya na
ispol'zovanie;
-
nachinaetsya na SWR i
zakanchvaetsya na znak
ravenstva - zapasnoj soft,
postavlyaemyj na ROM dlya Cisco 7000.
Postavka
osushchestvlyaetsya v vide paketov
vozmozhnostej (feature packs) - CD-ROM s odnim ili
neskol'kimi obrazami IOS i
installyacionnoj
programmoj dlya MS Windows 95,
instrukciya po ustanovke (v t.ch.
ispol'zovanie TFTP vmesto
installyacionnoj programmy),
licenziya, CD-ROM s
dokumentaciej.
�Tekushchee sostoyanie�
Na nashih
marshrutizatorah stoit IOS versii 11.1 (12) na
vnutrennih i 11.2(5) na vneshnej, hotya uzhe
vypushchena 11.2(7a) 18-jul-97 - na
vnutrennih ne hvataet flesha pod versiyu 11.2.
�pristupaem k rabote�
Vynimaem zhelezku,
podklyuchaem terminal (ili PC s TELEMATE) k
konsol'nomu portu (ili
vspomogatel'nyj port ranee
skonfigurirovannoj kiski i zahodim
obratnym telnetom), vse nuzhnye nam kabeli
(sinhronnyj, Ethernet, modemy),
vklyuchaem pitanie i nachinaem
konfigurirovanie. Pri pervom
vklyuchenii IOS pytaetsya skachat'
konfiguraciyu iz
global'noj seti - mozhno
podozhdat' neskol'ko minut, chtoby dat' ej
ponyat', chto na tom konce nichego net, ili
vremenno
otsoedinit'
sinhronnyj kabel'. Poterpev neudachu, IOS
predlagaet vypolnit' komandu setup -
soglashajtes'! V etom sluchae IOS zadaet vam
neskol'ko voprosov i
samostoyatel'no
konfiguriruetsya.
Konfigurirovanie
osushchestvlyaetsya
sleduyushchimi sposobami:
-
komandnyj interfejs:
telnet imya-kiski
imya-kiski>
-
s terminala: conf term
-
NVRAM: conf memory
-
iz seti: conf network
-
cherez WWW (nachinaya s versii 11.0(6), 11.1(5), ne vse
vozmozhnosti): ip http server
-
ClickStart
(standartnye
konfiguracii).
Obshchie svedeniya o
komandnom yazyke:
-
help - v lyuboj moment mozhno vvesti "?" - kiska v
otvet vydast spisok komand ili
operandov;
-
lyuboe klyuchevoe slovo ili imya mozhno
sokrashchat' do
minimal'no
vozmozhnogo;
-
esli terminal normal'no nastroen, to mozhno
redaktirovat' komandnuyu stroku kak v emacs ili bash.
-
pochti kazhduyu komandu mozhno
predvaryat' slovom no.
Urovni privilegij:
predusmotreno 16 urovnej
privilegij - ot 0 do 15. Esli ne
proizvodit'
dopolnitel'noj nastrojki, to uroven' 0 - eto
uroven'
pol'zovatelya: dostupny tol'ko
"bezopasnye" komandy. Uroven' 15 - eto
uroven'
supervizora: dostupny vse komandy.
Perehodim s urovnya na uroven' po
komande:
epable [nomer urovnya]
Lyubuyu komandu mozhno
perevesti na uroven', otlichnyj ot
standartnogo; lyubomu
pol'zovatelyu mozhno
naznachit'
opredelennyj uroven',
ustanavlivaemyj pri vhode na kisku etogo
pol'zovatelya; takim obrazom prava
pol'zovatelej mozhno tonko
nastraivat' (tol'ko help-om pri etom tyazhelo
pol'zovat'sya :(
Rezhimy komandnogo yazyka:
-
Rezhim
pol'zovatelya
-
Privilegirovannyj rezhim:
-
verhnij uroven'
-
rezhim global'noj
konfiguracii
-
sobstvenno verhnij uroven'
konfigurirovaniya
-
konfigurirovanie
interfejsa
-
konfigurirovanie
interfejsa
-
konfigurirovanie
podinterfejsa (serial v rezhime Frame Relay)
-
konfigurirovanie
kontrollera (T1)
-
konfigurirovanie haba (cisco 2500 - ethernet)
-
konfigurirovanie spiska kart (ATM i FrameRelay)
-
konfigurirovanie klassa kart (Quality of Service over Switched Virtual Circuit
- ATM, FrameRelay ili dialer)
-
konfigurirovanie linij
-
konfigurirovanie
marshrutizatora (bgp, egp, igrp, eigrp, is-is, iso-igrp, mobile, OSPF, RIP,
static)
-
konfigurirovanie
IPX-marshrutizatora
-
konfigurirovanie kart
marshrutizatora
-
konfigurirovanie klyuchevyh cepochek s ego
podrezhimami (RIP authentication)
-
konfigurirovanie
generatora otchetov o vremeni otveta
-
konfigurirovanie BD LANE (ATM)
-
rezhim komand APPN s ego
podrezhimami (advance peer-to-peer Networking -
vtoroe pokolenie SNA)
-
rezhim komand
prisoedineniya kanala IBM s ego
podrezhimami (Cisco 7000 s CIP)
-
rezhim komand servera TN3270
-
konfigurirovanie spiskov dostupa (dlya
imenovanyh IP ACL)
-
rezhim
shestnadcaterichnogo vvoda (zadanie
publichnogo klyucha dlya shifrovki)
-
konfigurirovanie kart shifrovki
-
ROM monitor (nazhat' break v pervye 60 sekund
zagruzki, tozhe est' help).
�Redaktirovanie komandnoj stroki�
Kommentarii
nachinayutsya s
vosklicatel'nogo znaka, no v NVRAM ne
sohranyayutsya.
Zadat' razmer istorii komand: terminal history size
razmer
Predydushchaya/sleduyushchaya komanda: Ctrl-P/Ctrl-N ili
sstrelka vverh/vniz
Vklyuchit'/vyklyuchit'
redaktirovanie:
[no] terminal editing
simvol
vpered/nazad: Ctrl-F/Ctrl-B ili strelka
vpered/nazad
v nachalo/konec stroki: Ctrl-A/Ctrl-E
na slovo
vpered/nazad: Esc F/Esc B
razvertyvanie komandy: Tab ili Ctrl-I
vspomnit' iz
bufera/vspomnit' sleduyushchij: Ctrl-Y/Esc Y
udalit' simvol sleva ot
kursora/pod kursorom: Delete/Ctrl-D
udalit' vse simvoly do nachala
stroki/konca stroki: Ctrl-U/Ctrl-K
udalit' slovo sleva ot
kursora/sprava ot kursora: Ctrl-W/Esc D
pererisovat' stroku: Ctrl-L/Ctrl-R
pomenyat' simvoly mestami: Ctrl-T
ekranirovanie simvola: Ctrl-V ili Esc Q
�Rabota s flesh-pamyat'yu (v nej lezhit i iz nee
vypolnyaetsya IOS) i NVRAM
(konfiguraciya)�
Na kiske rabotaet TRI
programmy: ROM monitor (eto
zagruzchik i otladchik - tupoj do
bezobraziya - popadaem v nego esli
sootvetstvuyushchim obrazom
ustanovlen registr
konfiguracii ili nazhal BREAK vo vremya
zagruzki i eto ne
zapreshcheno); sistema v ROM
(urezannaya i ochen' staraya sistema IOS - 9.1 - esli ne
udalos' najti bolee
podhodyashchuyu vo flesh ili po seti ili ruchnaya
zagruzka iz ROM monitora) i sistema vo flesh -
versiya, kotoruya sam postavil.
V rukovodstve delaetsya
preduprezhdenie, chto na Sun'e server TFTP
dolzhen byt' nastroen tak, chtoby
generirovat' i proveryat'
kontrol'nye summy UDP (ya nichego ne delal). Vezde
vmesto TFTP mozhno
ispol'zovat' rcp (rsh), no mne
lenivo sledit' za
bezopasnost'yu v etom sluchae.
Posmotret', chto tam lezhit: show flash all
System flash directory:
File Length Name/status
addr fcksum ccksum
1 3243752 igs-i-l.110-1
0x40 0xB5C4 0xB5C4
[3243816 byt