■Debian WheezyからCisco1812-Jで遊んでみる。(シリアル/SSH設定、FTPバックアップ)
$ cat /etc/debian_version
7.4
$ screen -v
Screen version 4.01.00devel (GNU) 2-May-06
$ dmesg | grep ttyS
[ 0.688803] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 0.709469] 00:08: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
$ su
Password:
■まずは初期化済みのメッセージから。
Would you like to enter the initial configuration dialog? [yes/no]: no
Router>
■HWの情報収集
1812-J、IOS12.4(6)T7、32MBコンパクトフラッシュ。
Router>show version | include Version
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 12.4(6)T7, RELEASE SOFTWARE (fc5)
ROM: System Bootstrap, Version 12.3(8r)YH12, RELEASE SOFTWARE (fc1)
Router>
Router>show hardware | include byte
Cisco 1812-J (MPC8500) processor (revision 0x300) with 118784K/12288K bytes of memory.
31360K bytes of ATA CompactFlash (Read/Write)
Router>
Router>show memory statistics
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 83624DDC 64860708 16020996 48839712 48315952 47842392
I/O 7400000 12582912 4721212 7861700 7861700 7861628
Router>
■vlan.datは初期化は不要。
Router>show flash:
-#- --length-- -----date/time------ path
1 2202 Jan 14 2006 01:53:48 +09:00 sdmconfig-1811-1812.cfg
2 4052480 Jan 14 2006 01:54:22 +09:00 sdm.tar
3 812032 Jan 14 2006 01:54:40 +09:00 es.tar
4 1007616 Jan 14 2006 01:55:06 +09:00 common.tar
5 1038 Jan 14 2006 01:55:26 +09:00 home.shtml
6 113152 Jan 14 2006 01:55:46 +09:00 home.tar
7 511939 Jan 14 2006 01:56:08 +09:00 128MB.sdf
8 600 Mar 16 2006 05:44:10 +09:00 vlan.dat
9 16925304 Jun 5 2006 15:38:00 +09:00 c181x-advipservicesk9-mz.124-6.T7.bin
8491008 bytes available (23445504 bytes used)
Router>show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7
Fa8, Fa9
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
■まだLANケーブルは接続していない。10M/100Mモデル。
Fa0/Fa1はWAN側の予定。
Router#show interfaces status
Port Name Status Vlan Duplex Speed Type
Fa2 notconnect 1 auto auto 10/100BaseTX
Fa3 notconnect 1 auto auto 10/100BaseTX
Fa4 notconnect 1 auto auto 10/100BaseTX
Fa5 notconnect 1 auto auto 10/100BaseTX
Fa6 notconnect 1 auto auto 10/100BaseTX
Fa7 notconnect 1 auto auto 10/100BaseTX
Fa8 notconnect 1 auto auto 10/100BaseTX
Fa9 notconnect 1 auto auto 10/100BaseTX
Router#show version | include ^[0-9]*
10 FastEthernet interfaces
1 ISDN Basic Rate interface
Router#show interfaces fastEthernet 0 switching
Interface FastEthernet0 is disabled
Router#show interfaces fastEthernet 1 switching
Interface FastEthernet1 is disabled
■設定モード、ホスト名の設定
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#ip domain name localdomain
R1(config)#exit
R1#show hosts
Name lookup view: Global
Default domain is localdomain
Name/address lookup uses domain service
Name servers are 255.255.255.255
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
R1#configure terminal
R1(config)#hostname Router
Router(config)#exit
Router#
■ローカル時刻の設定
Router#configure terminal
Router(config)#clock timezone JST 9
Router(config)#exit
Router#calendar set 21:45:30 17 April 2014
Router#clock update-calendar
Router#show clock
22:35:47.707 JST Thu Apr 17 2014
■ログの設定
ローカルバッファを4K使用し、debugで出力。コンソールはnotification以上。
Router#conf t
Router(config)#service timestamps debug datetime msec localtime
Router(config)#service timestamps log datetime msec localtime
Router(config)#logging buffered 4096 debugging
Router(config)#logging console notifications
Router(config)#exit
Router#show logging | include Log|SYS
Logging Exception size (4096 bytes)
Log Buffer (4096 bytes):
Apr 17 22:45:00.163: %SYS-5-CONFIG_I: Configured from console by console
Router#
■管理ポートの設定/VLAN1
Router#configure terminal
Router(config)#interface vlan 1
Router(config-if)#ip address 172.16.16.201 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#ping 172.16.16.201
Apr 17 23:30:44.903: %SYS-5-CONFIG_I: Configured from console by console
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.16.201, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Router#
■LANケーブルを接続
Router#show interfaces status | exclude notconnect
Port Name Status Vlan Duplex Speed Type
Fa2 connected 1 a-full a-100 10/100BaseTX
Router#ping 172.16.16.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.16.200, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Router#show interfaces vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 0016.c7e8.0d60 (bia 0016.c7e8.0d60)
Internet address is 172.16.16.201/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:29, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
576 packets input, 34814 bytes, 0 no buffer
Received 569 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
7 packets output, 674 bytes, 0 underruns
0 output errors, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
Router#
Router#show interfaces vlan 1 stats
Vlan1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 576 34814 7 674
Route cache 0 0 0 0
Total 576 34814 7 674
Router#show vlan-switch id 1
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7
Fa8, Fa9
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
■SSHの設定
debian同様に2048bit/Version 2とする。
$ ssh-keygen -e -f .ssh/id_rsa | awk -F\: '($1=="Comment") {print $2}' | sed s/",.*"//
"2048-bit RSA
Router#! for Telnet/SSH Console Log Check
Router#terminal monitor
% Console already monitors
Router#configure terminal
Router(config)#hostname R1
R1(config)#! Like a ssh-keygen -t rsa
R1(config)#crypto key generate
The name for the keys will be: Cisco1812J.kumo.jp
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Apr 18 00:01:16.191: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)#username labunix password XXXXXX
R1(config)#ip ssh version 2
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#transport input ssh
R1(config-line)#access-class 22 in
R1(config-line)#exit
R1(config)#! for console en password
R1(config)#enable password XXXXXX
R1(config)#service password-encryption
R1(config)#!for ssh permit access, only from debian
R1(config)#access-list 22 permit 172.16.16.200 255.255.255.255
R1(config)#access-list 22 deny any
R1(config)#exit
$ ssh labunix@172.16.16.201
Password:
R1>
R1>enable
Password:
R1#
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#exit
R1#terminal length 0
R1#show ssh
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes128-cbc hmac-md5 Session started labunix
0 2.0 OUT aes128-cbc hmac-md5 Session started labunix
%No SSHv1 server connections running.
R1#
R1#show running-config | include pass
service password-encryption
enable password 7 XXXXXXXXXXX
username labunix password 7 XXXXXXXXXX
■簡単に正常性確認
R1#show version | include uptime
R1 uptime is 2 hours, 30 minutes
R1#show running-config | include access
access-list 22 permit any
access-list 22 deny any
access-class 22 in
R1#show logging | include [Ee]rror|[Ww]orn|[Cc]rit|[Ff]ail
R1#
R1#write memory
Building configuration...
[OK]
R1#exit
■FTPでバックアップを転送
running-config
$ sudo grep "^#anonymous\|^local\|^write" /etc/vsftpd.conf
local_enable=YES
write_enable=YES
local_umask=022
$ sudo /etc/init.d/vsftpd status
vsftpd is running
$ ssh 172.16.16.201
Password:
R1>enable
Password:
R1#config terminal
R1(config)#ip ftp usernam labunix
R1(config)#ip ftp password XXXXXX
R1(config)#end
R1#copy running-config ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [r1-confg]?
Writing r1-confg !
1459 bytes copied in 1.952 secs (747 bytes/sec)
R1#exit
$ ls -l r1-confg | awk '{print $5,$NF}'
1459 r1-confg
■IOSのバックアップ
R1#show file systems | include \*
* 31936512 8491008 disk rw flash:#
R1#show flash:
-#- --length-- -----date/time------ path
1 2202 Jan 14 2006 01:53:48 +09:00 sdmconfig-1811-1812.cfg
2 4052480 Jan 14 2006 01:54:22 +09:00 sdm.tar
3 812032 Jan 14 2006 01:54:40 +09:00 es.tar
4 1007616 Jan 14 2006 01:55:06 +09:00 common.tar
5 1038 Jan 14 2006 01:55:26 +09:00 home.shtml
6 113152 Jan 14 2006 01:55:46 +09:00 home.tar
7 511939 Jan 14 2006 01:56:08 +09:00 128MB.sdf
8 600 Mar 16 2006 05:44:10 +09:00 vlan.dat
9 16925304 Jun 5 2006 15:38:00 +09:00 c181x-advipservicesk9-mz.124-6.T7.bin
8491008 bytes available (23445504 bytes used)
R1#copy flash:sdmconfig-1811-1812.cfg ftp:
Source filename [sdmconfig-1811-1812.cfg]?
Address or name of remote host []? 172.16.16.200
Destination filename [sdmconfig-1811-1812.cfg]?
Writing sdmconfig-1811-1812.cfg !
2202 bytes copied in 0.072 secs (30583 bytes/sec)
R1#copy flash:sdm.tar ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [sdm.tar]?
Writing sdm.tar !!!!!!!!!!!!!!!!
4052480 bytes copied in 3.548 secs (1142187 bytes/sec)
R1#copy flash:es.tar ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [es.tar]?
Writing es.tar !!!!
812032 bytes copied in 0.800 secs (1015040 bytes/sec)
R1#copy flash:common.tar ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [common.tar]?
Writing common.tar !!!!
1007616 bytes copied in 0.956 secs (1053992 bytes/sec)
R1#copy flash:home.shtml ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [home.shtml]?
Writing home.shtml !
1038 bytes copied in 0.088 secs (11795 bytes/sec)
R1#copy flash:home.tar ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [home.tar]?
Writing home.tar !
113152 bytes copied in 0.180 secs (628622 bytes/sec)
R1#copy flash:128MB.sdf ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [128MB.sdf]?
Writing 128MB.sdf !!!
511939 bytes copied in 0.540 secs (948035 bytes/sec)
R1#copy flash:vlan.dat ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [vlan.dat]?
Writing vlan.dat !
600 bytes copied in 0.088 secs (6818 bytes/sec)
R1#copy flash:c181x-advipservicesk9-mz.124-6.T7.bin ftp:
Address or name of remote host []? 172.16.16.200
Destination filename [c181x-advipservicesk9-mz.124-6.T7.bin]?
Writing c181x-advipservicesk9-mz.124-6.T7.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
16925304 bytes copied in 15.152 secs (1117034 bytes/sec)
R1#exit
$ env LANG=C ls -ltr 1812j/ | cut -c 29-
1459 Apr 17 23:44 r1-confg
2202 Apr 17 23:56 sdmconfig-1811-1812.cfg
4052480 Apr 17 23:56 sdm.tar
812032 Apr 17 23:58 es.tar
1007616 Apr 17 23:58 common.tar
1038 Apr 17 23:59 home.shtml
113152 Apr 17 23:59 home.tar
511939 Apr 18 00:00 128MB.sdf
600 Apr 18 00:00 vlan.dat
16925304 Apr 18 00:00 c181x-advipservicesk9-mz.124-6.T7.bin