¥¢¡¼¥«¥¤¥Ö

2011ǯ04·î

¥«¥Æ¥´¥ê:

º£²ó¤ÏSCP¤òÍøÍѤ·¤¿¥Õ¥¡¥¤¥ë¤ÎžÁ÷¤òÀßÄꤷ¤Þ¤¹¡£°ÊÁ°¤ÎIOS¤Ïftp-server¥³¥Þ¥ó¥É¤òÍøÍѤ·¤ÆFTP¥µ¡¼¥Ð¤È¤·¤Æ²Ôư¤µ¤»¤ë¤³¤È¤¬½ÐÍè¤Þ¤·¤¿¤¬¡¢¸½ºß¤ÏÄ̾ïÍøÍѽÐÍè¤Þ¤»¤ó¡£Âå¤ï¤ê¤Ë¤è¤ê°ÂÁ´¤ÊSCP¤ò»È¤¤¤Þ¤¹¡£SCP¤ÏSSH¤Îµ¡Ç½¤Î°ì¤Ä¤Ç¡¢°Å¹æ²½¤·¤¿¾õÂ֤ǥե¡¥¤¥ë¤òžÁ÷¤·¤Þ¤¹¤Î¤ÇFTP¤è¤ê°ÂÁ´¤Ç¤¹¡£

SCP¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢SSH¤¬É¬ÍפǤ¹¡£¤Þ¤º¡¢SSH¤òÍ­¸ú¤Ë¤·¤Þ¤¹¡£

R1(config)#ip domain-name example.com
R1(config)#crypto key generate rsa modulus 1024

F0/0¤ÏR2(12.12.12.2)¤ËÀܳ¤µ¤ì¤Æ¤ª¤ê¡¢F0/1¤ÏLAN¤ÇLinux¥µ¡¼¥Ð¤ÈÀܳ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

R1(config)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            12.12.12.1      YES manual up                    up
FastEthernet0/1            192.168.0.100   YES manual up                    up

¤Þ¤ºÇ§¾Ú¤Î¤¿¤á¤ËAAA¤òÍ­¸ú¤Ë¤·¤Þ¤¹¡£

R1(config)#aaa new-model

AAA¤Çauthentication loing¤Èauthorization exec¤òÍ­¸ú¤·¤Þ¤¹¡£º£²ó¤Ï¥í¡¼¥«¥ëǧ¾Ú¤òÍøÍѤ·¤Þ¤¹¡£

R1(config)#aaa authentication login default local
R1(config)#aaa authorization exec default local

ǧ¾Ú¤Ë»È¤¦¥æ¡¼¥¶¤òºîÀ®¤·¤Þ¤¹¡£¥æ¡¼¥¶Ì¾¤È¥Ñ¥¹¥ï¡¼¥É¶¦¡¢cisco¤Ë¤·¤Þ¤·¤¿¡£privilege¤ÎÀßÄê¤ËÃí°Õ¤¬É¬ÍפǤ¹¡£¥ì¥Ù¥ë¤Ë¤è¤Ã¤Æ¥Õ¥¡¥¤¥ë¤ÎÊݸ¤¬¥¨¥é¡¼¤Ë¤Ê¤ê¤Þ¤¹¡£

R1(config)#username cisco privilege 15 secret cisco

ºÇ¸å¤Ëip scp server enable¤ÇSCP¤òÍ­¸ú¤Ë¤·¤Þ¤¹¡£SSH¤òÍ­¸ú¤Ë¤·¤¿¤À¤±¤Ç¤ÏSCP¤ÏÍøÍѤǤ­¤Þ¤»¤ó¡£

R1(config)# ip scp server enable

Àܳ¤Î³Îǧ¤Î¤¿¤á¤Ë¥Ç¥Ð¥°¤òÍ­¸ú¤·¤Þ¤¹¡£

R1#debug ip scp
Incoming SCP debugging is on

¤Þ¤ºLinux¤Ë¤¢¤ë¥Õ¥¡¥¤¥ë(scp-test.txt)¤òR1¤ËžÁ÷¤·¤Þ¤¹¡£¤³¤³¤Ç¤Ï¥ë¡¼¥¿¤Îflash¤ËÊݸ¤ò¼Â¹Ô¤·¤Æ¤¤¤Þ¤¹¡£¥Õ¥¡¥¤¥ë̾(from_linux)¤Þ¤Ç»ØÄꤷ¤Þ¤¹¡£

$ cat scp-test.txt
File from Linux to IOS.
$ scp scp-test.txt cisco@192.168.0.100:flash:from_linux
The authenticity of host '192.168.0.100 (192.168.0.100)' can't be established.
RSA key fingerprint is 1d:a4:f5:d8:f8:88:6c:03:41:2c:b7:e2:d7:da:d1:51.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.100' (RSA) to the list of known hosts.
Password: ¢« ¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ
scp-test.txt                                  100%   24     0.0KB/s   00:00

R1¤Î¥í¥°¤ò³Îǧ¤·¡¢ÆÏ¤¤¤¿¥Õ¥¡¥¤¥ë¤òmore¥³¥Þ¥ó¥É¤Çɽ¼¨¤·¤Æ¤¤¤Þ¤¹¡£

R1#
Apr 25 07:53:26.823: SCP: [22 -> 192.168.0.180:34063] send <OK>
Apr 25 07:53:26.843: SCP: [22 <- 192.168.0.180:34063] recv C0644 24 scp-test.txt
Apr 25 07:53:26.855: SCP: [22 -> 192.168.0.180:34063] send <OK>
Apr 25 07:53:26.875: SCP: [22 <- 192.168.0.180:34063] recv 24 bytes
Apr 25 07:53:27.071: SCP: [22 <- 192.168.0.180:34063] recv <OK>
Apr 25 07:53:27.075: SCP: [22 -> 192.168.0.180:34063] send <OK>
Apr 25 07:53:27.079: SCP: [22 <- 192.168.0.180:34063] recv <EOF>
R1#
R1#dir flash:
Directory of flash:/

   12  -rw-          24  Apr 25 2011 16:53:27 +09:00  from_linux

16777212 bytes total (16499660 bytes free)
R1#more flash:from_linux
File from Linux to IOS.

IOS¤«¤éSCP¤òÍøÍѤ¹¤ë¤Ë¤Ïcopy¥³¥Þ¥ó¥É¤òÍøÍѤ·¤Þ¤¹¡£²¼µ­¤Ïrunning-config¤ò¥³¥Ô¡¼¤¹¤ëÎã¤Ç¤¹¡£

R2#copy running-config scp://cisco@12.12.12.1/
Address or name of remote host [12.12.12.1]?
Destination username [cisco]?
Destination filename [r2-confg]?
Writing r2-confg
Password:
¢« ¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ
!
1289 bytes copied in 14.320 secs (90 bytes/sec)

žÁ÷¤µ¤ì¤Æ¤¤¤ë¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£

R1#dir flash:
Directory of flash:/
¡Áά¡Á
   15  -rw-        1289  Apr 25 2011 17:00:09 +09:00  r2-confg
¡Áά¡Á
R1#more flash:r2-confg
!
! Last configuration change at 15:13:53 JST Mon Apr 25 2011
!
version 12.4
¡Áά¡Á

ANAµ¡Âι©¾ì¸«³Ø¤Î¼Ì¿¿

¥«¥Æ¥´¥ê:

ANA¤Îµ¡Âι©¾ì¸«³Ø¤Ë¹Ô¤­¤Þ¤·¤¿¡£´Ö¶á¤Ç¸«¤ëÈô¹Ôµ¡¤ÏËÜÅö¤ËÂ礭¤¯¤Æ¥Ó¥Ã¥¯¥ê¤·¤Þ¤¹¡£¤¤¤º¤ìJAL¤ÎÊý¤â¹Ô¤Ã¤Æ¤ß¤¿¤¤¡£

Boeing 777-300

__.JPG

Boeing 747-400

Boeing 767-300

Boeing 767-300

Boeing 767-300

¥«¥Æ¥´¥ê:

¸½ºß¤Ç¤ÏCCNA¤Ç¤â¥ë¡¼¥¿¤Î¥¢¥¯¥»¥¹¤Ë´Ø¤·¤ÆSSH¤ÎÌäÂ꤬½Ð¤ë¤è¤¦¤Ç¤¹¡£Linux¤Ê¤É¤Ç¤Ï¤«¤Ê¤êÁ°¤«¤ételnet¤Ïɸ½à¤Ç̵¸ú¤Ç¤¢¤ê¡¢ÅöÁ³¤È¤¤¤¨¤ÐÅöÁ³¤Ç¤¹¤¬¡Ä¡£

º£²ó¤ÏSSH¤Î´ðËÜŪ¤ÊÍøÍѤò³Îǧ¤·¤Þ¤¹¡£½é´üÃͤǤÏSSH¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

R1#sh ip ssh
SSH Disabled - version 1.99
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 120 secs; Authentication retries: 3

SSH¤òÍøÍѤ¹¤ë¤Ë¤ÏRSA¥­¡¼¤òºîÀ®¤·¤Þ¤¹¡£

R1(config)#crypto key generate rsa modulus 1024
% Please define a domain-name first.

¤¿¤À¾åµ­¤Î·ë²Ì¤«¤éʬ¤«¤ë¤È¤ª¤ê¡¢¤¢¤é¤«¤¸¤á¥É¥á¥¤¥ó̾¤Î»ØÄ꤬ɬ¿Ü¤Ç¤¹¡£

R1(config)#ip domain-name example.com
R1(config)#crypto key generate rsa modulus 1024
The name for the keys will be: R1.example.com

% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

¤³¤Î»þÅÀ¤ÇSSH¤ÇÀܳ¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£

R1(config)#
Apr 20 05:52:11.391: %SSH-5-ENABLED: SSH 1.99 has been enabled

R1(config)#do sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3

Àܳ¤ò¹Ô¤¦¥æ¡¼¥¶¤òºîÀ®¤·¤Þ¤¹¡£

R1(config)#username cisco secret cisco

¤½¤·¤Æ¥í¡¼¥«¥ëǧ¾Ú¤òÍ­¸ú¤Ë¤·¤Þ¤¹¡£

R1(config)#line vty 0 15
R1(config-line)#login local
R1#debug ip ssh client
SSH Client debugging is on

¤Ç¤ÏÎÙÀܤ¹¤ëR2(12.12.12.2)¤è¤êR1(12.12.12.1)¤ËSSH¤Ç¥í¥°¥¤¥ó¤·¤Þ¤¹¡£R2¤Ç¤ÏÆÃ¤ËÀßÄê¤ÏɬÍפ¢¤ê¤Þ¤»¤ó¡£¤Þ¤¿Windows¤Ê¤É¤«¤é¤Ç¤â¤â¤Á¤í¤óÍøÍѤǤ­¤Þ¤¹¡£

IOS¤Çssh¥³¥Þ¥ó¥É¤òÍøÍѤ¹¤ë¤Ë¤Ï-l¥ª¥×¥·¥ç¥ó¤Ç¥æ¡¼¥¶Ì¾¤ò»ØÄꤷ¤Þ¤¹¡£

R2#ssh -l cisco 12.12.12.1

Password: ¢« ¥Ñ¥¹¥ï¡¼¥É¤òÆþÎÏ

R1>

¤³¤Î»þ¡¢R1¤Ç¤Ï²¼µ­¤Î¤è¤¦¤Ê¥í¥°¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

R1#
Apr 20 06:26:07.135: SSH0: sent protocol version id SSH-1.99-Cisco-1.25
Apr 20 06:26:07.147: SSH0: protocol version id is - SSH-1.99-Cisco-1.25

¤³¤Î¤Þ¤ÞÍøÍѤ¹¤ë¤Ë¤Ï¤¢¤Þ¤ê¥»¥­¥å¥ê¥Æ¥£Åª¤Ë˾¤Þ¤·¤¯¤Ê¤¤¤Î¤Ç¡¢¤Þ¤º¥¢¥¯¥»¥¹¥ê¥¹¥È¤òÀßÄꤷ¤Þ¤¹¡£¤³¤ÎÀßÄê¤Ë¤è¤ê12.12.12.0/24¤«¤é¤ÎÀܳ¤Î¤ß¤¬µö²Ä¤µ¤ì¤Þ¤¹¡£

R1(config)#access-list 1 per 12.12.12.0 0.0.0.255
R1(config)#line
R1(config)#line vty 0 15
R1(config-line)#access-class 1 in
R1(config-line)#do sh ip acce 1
Standard IP access list 1
    10 permit 12.12.12.0, wildcard bits 0.0.0.255 (2 matches)

¤³¤Î»þÅÀ¤Ç¤ÏTELNET¤¬Í­¸ú¤Ç¤¹¡£¤»¤Ã¤«¤¯SSH¤òÍ­¸ú¤Ë¤·¤¿¤Î¤Ë¡¢¤³¤Î¤Þ¤Þ¤Ç¤Ï°ÕÌ£¤¬¤¢¤ê¤Þ¤»¤ó¡£SSH¤Î¤ß¤Ç¤ÎÀܳ¤È¤¹¤ë¤Ë¤Ïtransport input¥³¥Þ¥ó¥É¤òÍøÍѤ·¤Þ¤¹¡£

R1(config)#line vty 0 15
R1(config-line)#transport input ssh

¤³¤Î»þÅÀ¤ÇR2¤«¤é¤ÎTELNET¤¬ÍøÍѤǤ­¤¯¤Ê¤ê¤Þ¤·¤¿¡£

R2#telnet 12.12.12.1
Trying 12.12.12.1 ...
% Connection refused by remote host

½é´üÃͤÎÀßÄê¤Ç¤ÏSSH¤Î¥Ð¡¼¥¸¥ç¥ó1¤È¥Ð¡¼¥¸¥ç¥ó2¤ÎξÊý¤¬Í­¸ú¤Ç¤¹¤¬¡¢¸Å¤¤¥Ð¡¼¥¸¥ç¥ó1¤ò¤¢¤¨¤ÆÍøÍѤ¹¤ëɬÍפϤ¢¤ê¤Þ¤»¤ó¡£Ìµ¸ú¤Ë¤·¤Þ¤¹¡£ssh¥³¥Þ¥ó¥É¤Ç-v¥ª¥×¥·¥ç¥ó¤òÍøÍѤ¹¤ë¤È¥Ð¡¼¥¸¥ç¥ó¤ò»ØÄê¤Ç¤­¤Þ¤¹¡£

R2#ssh -l cisco -v 1 12.12.12.1

²¼µ­¤Ï¥Ð¡¼¥¸¥ç¥ó1¤ÇÀܳ¤µ¤ì¤¿¤È¤­¤ÎR1¤Î¥í¥°¤Ç¤¹¡£

Apr 20 06:35:27.827: SSH0: sent protocol version id SSH-1.99-Cisco-1.25
Apr 20 06:35:27.831: SSH0: protocol version id is - SSH-1.5-Cisco-1.25

R1¤Ç¥Ð¡¼¥¸¥ç¥ó2¤Î¤ß¤òµö²Ä¤¹¤ë¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£

R1(config)#do sh ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
R1(config)#ip ssh version ?
  <1-2>  Protocol version

R1(config)#ip ssh version 2
R1(config)#do sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3

¤¹¤ë¤ÈR2¤«¤é¥Ð¡¼¥¸¥ç¥ó1¤Ç¤ÎÀܳ¤¬ÉÔ²Äǽ¤Ë¤Ê¤ê¡¢¤«¤Ê¤ê°ÂÁ´¤ÊÀßÄê¤È¤Ê¤ê¤Þ¤·¤¿¡£

R2#ssh -l cisco -v 1 12.12.12.1

[Connection to 12.12.12.1 aborted: error status 0]

R1(config)#
Apr 20 06:38:33.671: SSH0: Session terminated normally
Apr 20 06:38:35.567: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
Apr 20 06:38:35.579: SSH0: receive failure - status 0x07
Apr 20 06:38:35.683: SSH0: Session disconnected - error 0x07

SSH¤ÎÀßÄê¤ò¤¹¤ë»þ¤Ë¤Ïip ssh logging events¤òÍ­¸ú¤Ë¤¹¤ë¤ÈÊØÍø¤Ç¤¹¡£

R1(config)# ip ssh logging events
R1(config)#
Apr 20 06:46:32.455: SSH0: sent protocol version id SSH-2.0-Cisco-1.25
Apr 20 06:46:32.463: SSH0: protocol version id is - SSH-1.99-Cisco-1.25
Apr 20 06:46:32.567: %SSH-5-SSH2_SESSION: SSH2 Session request from 12.12.12.2 (tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-sha1' Succeeded
Apr 20 06:46:33.739: %SSH-5-SSH2_USERAUTH: User 'cisco' authentication for SSH2 Session from 12.12.12.2 (tty = 0) using crypto cipher 'aes128-cbc', hmac 'hmac-sha1' Succeeded

IOS¤Ç¤Îhttp server¤ÎÀßÄê

¥«¥Æ¥´¥ê:

º£²ó¤ÏIOS¤Çhttp server¤ÎÀßÄê¤ò¹Ô¤¤¤Þ¤¹¡£R1¤ÎF0/1¤ËÀßÄꤷ¤Æ¤¢¤ë192.168.0.100¤ËÂФ·¤Æ¥¯¥é¥¤¥¢¥ó¥È(Windows 7)¤Î¥Ö¥é¥¦¥¶¤«¤éÀܳ¤ò¤·¤Þ¤¹¡£

R1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/1            192.168.0.100   YES manual up                    up

½é´üÃͤǤÏhttp server¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

R1#show ip http server status
HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: enable
HTTP server access class: 0
HTTP server base path:
HTTP server help root:
¡Áά¡Á

ip http server¥³¥Þ¥ó¥É¤ÇÍ­¸ú¤Ë¤Ê¤ê¤Þ¤¹¡£

R1(config)#ip http server
R1(config)#do sh ip http server status
HTTP server status: Enabled
¡Áά¡Á

¤Ç¤Ï¥Ö¥é¥¦¥¶¤è¤êhttp://192.168.0.100/¤ËÀܳ¤·¤Þ¤¹¡£¥æ¡¼¥¶Ç§¾Ú¤òÂ¥¤¹¥×¥í¥ó¥×¥È¤¬É½¼¨¤µ¤ì¤Þ¤¹¤¬¡¢level_15_access¤Î¥µ¡¼¥Ð¤Èɽ¼¨¤µ¤ì¤ë¤³¤È¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£

Http1_2

¥æ¡¼¥¶Ì¾¤Ï̵¤·¡¢¥Ñ¥¹¥ï¡¼¥É¤Ïenable¥Ñ¥¹¥ï¡¼¥É¤òÆþÎϤ¹¤ë¤³¤È¤Ç¥í¥°¥¤¥ó½ÐÍè¤Þ¤¹¡£

Http2

²èÌ̾å¤Î¥ê¥ó¥¯¡¢Monitor the router¤òÍøÍѤ¹¤ë¤³¤È¤Ç¥Ö¥é¥¦¥¶¾å¤«¤éIOS¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£

Http3

¸½ºß¤ÎÀßÄê¤Ç¤Ï¥¢¥¯¥»¥¹À©¸Â¤¬¤Ê¤¯¡¢Ë¾¤Þ¤·¤¤¾õÂ֤ȤϸÀ¤¨¤Þ¤»¤ó¡£²¼µ­¤Ïaccess-list¤òÍøÍѤ·¡¢192.168.0.0/24¤«¤é¤Î¤ß¥¢¥¯¥»¥¹½ÐÍè¤ë¤è¤¦¤Ë¤¹¤ëÎã¤Ç¤¹¡£

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255
R1(config)#ip http access-class 1
R1(config)#do sh ip http server status | i class
HTTP server access class: 1

¼¡¤Ë¥æ¡¼¥¶Ì¾¤òÍøÍѤ·¤¿Ç§¾Ú¤ò³Îǧ¤·¤Þ¤¹¡£¤Þ¤º¥æ¡¼¥¶cisco¤ò¥Ñ¥¹¥ï¡¼¥Écisco¤ÇºîÀ®¤·¤Þ¤¹¡£²¼µ­¤Î¤è¤¦¤Ëprivilege¤ò»ØÄꤷ¤Ê¤¤¾ì¹ç¡¢privilege level¤Ï1¤È¤Ê¤ê¤Þ¤¹¡£

R1(config)#username cisco secret cisco
R1(config)#do sh run | i username
username cisco secret 5 $1$wLzt$1ERo8cQ7l4xSpjzVTJoMv1

¥æ¡¼¥¶Ç§¾Ú¤òÍ­¸ú¤Ë¤¹¤ë¤¿¤á¡¢ip http authentication local¤ò¼Â¹Ô¤·¤Þ¤¹¡£

R1(config)#ip http authentication local
R1(config)#do sh ip http server status | i method
HTTP server authentication method: local

¤³¤Î¾õÂ֤ǥǥХ°¤òÍ­¸ú¤Ë¤·¡¢¥í¥°¥¤¥ó¤ò¼Â¹Ô¤¹¤ë¤È¤É¤¦¤Ê¤ë¤«³Îǧ¤·¤Þ¤¹¡£

R1#debug ip http authentication
HTTP Server Authentication debugging is on

ǧ¾Ú¤ËɬÍפʥì¥Ù¥ë15¤Ç¤Ï¤Ê¤¤¤¿¤á¥í¥°¥¤¥ó¤Ï¼ºÇÔ¤·¡¢²¼µ­¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£

Apr 11 06:37:46.139: HTTP: Authentication failed for level 15

¤³¤³¤Ç¥æ¡¼¥¶cisco¤Îprivilege¤ò15¤ËÊѹ¹¤·¤Þ¤¹¡£

R1(config)#username cisco privilege 15
R1(config)#do sh run | i username
username cisco privilege 15 secret 5 $1$wLzt$1ERo8cQ7l4xSpjzVTJoMv1

ÌäÂê¤Ê¤¯¥í¥°¥¤¥ó½ÐÍè¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£

Apr 11 06:40:20.423: HTTP: Priv level granted 15

http server¤Î¥Ñ¥¹¤ò»ØÄꤷ¡¢¤½¤Î¾ì½ê¤Ë¥Õ¥¡¥¤¥ë¤òÃÖ¤¯¤È¤½¤Î¤Þ¤Þ¥Ö¥é¥¦¥¶¤Çɽ¼¨²Äǽ¤Ç¤¹¡£

R1(config)#ip http path flash:
R1(config)#do sh ip http server status | i path
HTTP server base path: flash:

¥³¥Þ¥ó¥É¤Î·ë²Ì¤Ïredirect¤òÍøÍѤ¹¤ë¤ÈľÀÜ»ØÄꤷ¤¿¾ì½ê¤ËÊݸ¤Ç¤­¤Þ¤¹¡£

R1#show ip http server statistics | redirect flash:http.txt

¾åµ­¤Î¥Õ¥¡¥¤¥ë¤Ï http://192.168.0.100/http.txt ¤Çɽ¼¨²Äǽ¤Ç¤¹¡£¤³¤Î¤è¤¦¤Ë¡¢ÉáÄ̤ÎWeb¥µ¡¼¥Ð¤È¤·¤Æ½ÐÍè¤ë¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£

Http4_2

¥«¥Æ¥´¥ê:

º£²ó¤ÏRIP¤Îǧ¾Ú¤ò³Îǧ¤·¤Þ¤¹¡£R2¤ÈR3¤Ï¥·¥ê¥¢¥ë¥±¡¼¥Ö¥ë¤ÇľÀÜÀܳ(23.23.23.0/24)¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

R2(config)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/2                  23.23.23.2      YES manual up                    up
Loopback0                  17.17.2.2       YES NVRAM  up                    up

R3(config)#do sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Serial1/3                  23.23.23.3      YES manual up                    up
Loopback0                  17.17.3.3       YES NVRAM  up                    up

R2(config)#do pin 23.23.23.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.23.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/26/72 ms

¤Þ¤ºÇ§¾Ú¤Ê¤·¤ÇRIP¤òÀßÄꤷ¤Þ¤¹¡£CCIE(R&S)¤Ç¤ÏRIP¤Ï¥Ð¡¼¥¸¥ç¥ó2¤Î¤ß¤ÎÍøÍѤǤ¹¤Î¤Ç¡¢version 2¤Ïɬ¿Ü¥³¥Þ¥ó¥É¤Ç¤¹¡£

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 23.23.23.2
R2(config-router)#network 17.17.2.2

OSPF¤Î¤è¤¦¤Ë¡¢¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤ÎIP¥¢¥É¥ì¥¹¤ò¤½¤Î¤Þ¤ÞÆþÎϤ·¤Æ¤â¥¯¥é¥¹¥Õ¥ë¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥É¥ì¥¹¤Ë¼«Æ°Åª¤ËÃÖ¤­´¹¤ï¤ëÅÀ¤ËÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£

R2(config-router)#do sh run | s rip
router rip
version 2
network 17.0.0.0
network 23.0.0.0
no auto-summary

RIP¤ÎÀßÄê¤ò³Îǧ¤¹¤ë¤Ë¤Ï"show ip protocols"¤ä"show ip rip database"¤ò»È¤¤¤Þ¤¹¡£

"show ip protocols"¤Ë¤è¤ê¥Ð¡¼¥¸¥ç¥ó2¤¬ÍøÍѤµ¤ì¤Æ¤¤¤ë¤³¤È¤ä¡¢»ØÄꤷ¤¿¥Í¥Ã¥È¥ï¡¼¥¯¤¬Í­¸ú¤Ç¤¢¤ë¤³¤È¤¬³Îǧ¤Ç¤­¤Þ¤¹¡£

R2#show ip protocols
Routing Protocol is "rip"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 10 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial1/2             2     2
    Loopback0             2     2
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    17.0.0.0
    23.0.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 120)

"show ip rip database"¤Ç¤Ï¡¢¸½ºß¼«Ê¬¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤·¤«É½¼¨¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£

R2#show ip rip database
17.0.0.0/8    auto-summary
17.17.2.0/24    directly connected, Loopback0
23.0.0.0/8    auto-summary
23.23.23.0/24    directly connected, Serial1/2

¥Ç¥Ð¥°¤òÍ­¸ú¤Ë¤·¤Æ¡¢Æ±¤¸¥³¥Þ¥ó¥É¤òR3¤Ë¤âÆþÎϤ·¤Þ¤¹¡£¤·¤Ð¤é¤¯¤¹¤ë¤ÈR2¤«¤é¤Î¥¢¥Ã¥×¥Ç¡¼¥È¤¬³Îǧ¤Ç¤­¤Þ¤¹¡£

R3#debug ip rip
R3(config-router)#do sh run | s rip
router rip
version 2
network 17.0.0.0
network 23.0.0.0
no auto-summary

Apr  4 07:02:06.631: RIP: received v2 update from 23.23.23.2 on Serial1/3
Apr  4 07:02:06.635:      17.17.2.0/24 via 0.0.0.0 in 1 hops

R2¤Ç³Îǧ¤¹¤ë¤ÈRouting Information Sources¤ËR3¤ÎIP¥¢¥É¥ì¥¹¤¬É½¼¨¤µ¤ì¤ë¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£

R2#show ip protocols | begin Sources
  Routing Information Sources:
    Gateway         Distance      Last Update
    23.23.23.3           120      00:00:23
  Distance: (default is 120)

R3¤ÎLo0¤Î¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥É¥ì¥¹¤¬Äɲäµ¤ì¤Æ¤¤¤Þ¤¹¡£

R2#show ip rip database
17.0.0.0/8    auto-summary
17.17.2.0/24    directly connected, Loopback0
17.17.3.0/24
    [1] via 23.23.23.3, 00:00:12, Serial1/2
23.0.0.0/8    auto-summary
23.23.23.0/24    directly connected, Serial1/2

¤Ç¤Ïǧ¾Ú¤òÍøÍѤ¹¤ë¤Ë¤¢¤¿¤ê¡¢¥­¡¼¥Á¥§¡¼¥ó¤òºîÀ®¤·¤Þ¤¹¡£¤³¤³¤Ç¤Ï¥­¡¼¥Á¥§¡¼¥ó̾¤ò"RIP"¤È¤·¥­¡¼ÈÖ¹æ¤Ï"1"¤È¤·¤Þ¤·¤¿¡£¥­¡¼¤Îʸ»úÎó¤Ï"CISCO"¤Ç¤¹¡£Æ±¤¸¤â¤Î¤òR3¤Ç¤âºîÀ®¤·¤Þ¤¹¡£¥­¡¼¤Îʸ»úÎó¤ÎºÇ¸å¤Ë;·×¤Ê¥¹¥Ú¡¼¥¹¤¬Æþ¤ë¤Èǧ¾Ú¥¨¥é¡¼¤È¤Ê¤ê¤Þ¤¹¤Î¤ÇÃí°Õ¤·¤Æ¤¯¤À¤µ¤¤¡£

R2(config)#key chain RIP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CISCO
R2(config-keychain-key)#do sh key chain
Key-chain RIP:
    key 1 -- text "CISCO"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

¤Þ¤º¥Æ¥­¥¹¥È¥â¡¼¥É¤Çǧ¾Ú¤òÍ­¸ú¤Ë¤·¤Æ¤ß¤Þ¤¹¡£Ç§¾Ú¤Ï¥Æ¥­¥¹¥È¥â¡¼¥É¤¬½é´üÃͤΤ¿¤á¡¢"ip rip authentication mode text"¤ÏÆþ¤ì¤Æ¤âÆþ¤ì¤Ê¤¯¤Æ¤âƱ¤¸¤Ç¤¹¡£

R2(config-keychain-key)#int s1/2
R2(config-if)#ip rip authentication key-chain RIP

R2(config-if)#do sh ip prot | b Interface
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial1/2             2     2                    RIP
    Loopback0             2     2

¤³¤Î»þ¡¢R3¤Ç¤Ï²¼µ­¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£

Apr  4 07:30:40.923: RIP: ignored v2 packet from 23.23.23.2 (invalid authentication)

R3¤Ç¤âǧ¾Ú¤òÍ­¸ú¤Ë¤·¤Æ¤ß¤Þ¤¹¡¢¥Æ¥­¥¹¥È¥â¡¼¥É¤Î¤¿¤á¥­¡¼¤Îʸ»úÎó"CISCO"¤¬¤½¤Î¤Þ¤Þɽ¼¨¤µ¤ì¤ë¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£

R3(config-router)#int s1/3
R3(config-if)#ip rip authentication key-chain RIP

Apr  4 07:32:04.659: RIP: received packet with text authentication CISCO
Apr  4 07:32:04.659: RIP: ignored v2 packet from 23.23.23.2 (invalid authentication)

¤è¤ê˾¤Þ¤·¤¤Ç§¾Ú¤Ç¤¢¤ë¡¢MD5¥â¡¼¥É¤ËÊѹ¹¤·¤Þ¤¹¡£

R2(config)#int s1/2
R2(config-if)#ip rip authentication mode md5

R3(config)#int s1/3
R3(config-if)#ip rip authentication mode md5

³Î¤«¤ËMD5¤¬ÍøÍѤµ¤ì¤Æ¤¤¤ë¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£RIP¤Ç¤Ï¤³¤Î¤è¤¦¤Ëdebug¥³¥Þ¥ó¥É¤òÍøÍѤ·¤Æ¡¢Ç§¾Ú¤ò³Îǧ¤·¤Þ¤¹¡£

Apr  4 07:52:35.035: RIP: received packet with MD5 authentication

¤³¤Î¥Ú¡¼¥¸¤Î¥È¥Ã¥×¥Ø

¸«½Ð¤·²èÁü
¡ß