Router firewall switch server

2 the function of the router

Connect two different networks or multiple different networks and have the function of filtering data packets.

3 Function of the switch

Connect the computer to the network to realize the connection between the computer and the network.

4 the function of the firewall

Filter unhealthy websites, packet entry and output direction.

Two routers

1 composition of the router

Include hardware and software.

2 Hardware part of the router

Cpu flash rom ram nvram

The function of flash memory is to store the operating system,

Rom boots the router just like the bios of the computer.

The function of ram, all running configuration files should be configured here.

The function of nvram is to save the running configuration file.

Some interfaces of the router

1) auxiliary port

The function is to debug the router and connect through the modem.

2) Control port (console),

The function is to debug the router, the commonly used port now,

3) Ethernet port and fast Ethernet port,

4) Other expansion tanks.

Add according to personal needs.

3 the software part of the router

The operating system IOS of the router.

4 router configuration method

1) Configure the router through the control port.

Connect through the control line. One end of the control line is RJ-45 port and the other end is RS-232 port.

Before connecting, please make sure that the router and computer are powered off. Otherwise, it will burn the router.

One end is connected to the control port of the router, and the other end is connected to the serial port of the router.

After connecting, first turn on the router, and then turn on the computer.

5 Router startup sequence

After the power is turned on, the rom performs a power-on self-test, loads the IOS operating system in flash into ram, and then puts it in.

The running configuration file in nvram is loaded into ram,

6 Several Configuration Modes of Router

1) user mode

The router name is followed by a greater than sign.

Example:

Router & gt

2) Privileged mode of router

The router name is followed by a #

Example:

Router #

The command to enter privileged mode from user mode is enable.

The command to exit from privilege mode to user mode is disable.

3) Global configuration mode

Router Name (Configuration) #

Example:

Router (Configuration) #

Command the configuration terminal to switch from privileged mode to global configuration mode.

Command exits from global configuration mode to privileged mode.

4) Local configuration mode

(1) interface mode

Router Name (Configuration Information) #

Example:

Router (configuration -if)#

The command to enter the interface mode is the type slot slogan/port number of the interface port.

Router (Configuration) # Interface Ethernet 0/0

Router (configuration -if)#

Exit mode exit command.

(2) Console mode

Router Name (Configuration Line) #

Command line console 0 enters the console.

Example:

Router (Configuration) # Line Console 0

Router (configuration line) #

Command exit to exit this mode.

(3) Virtual terminal mode

Router Name (Configuration Line) #

Command to enter virtual terminal

Router (Configuration) # Line vty 0 4

Note: vty is the command of the virtual terminal, and 0 4 is * * * five ports from 0 to 4.

7. Enter the HyperTerminal

Start-Programs-Accessories-Communication-HyperTerminal

9600

eight

not have

1

not have

8, some commonly used commands

1) Use of question marks

Question marks can be used in any situation.

A command that prompts for input.

Router & gt?

Router #co? Show commands that start with co

2) Use the 2)tab key.

Command complete

3) Abbreviation of command

9. Password Settings

1) User password settings

Router (Configuration) # Line Configuration 0

Router (Configuration Line) # Password

Router (Configuration Line) # Login

Delete user password

Router (configuration line) # No password password

2) Settings of privileged passwords

Router (Configuration) # Enable Password Password

delete

Router (Configuration) # No Enable Password Password

3) View the configured commands

Router # shows running.

4) Set the encrypted privileged password

Router (Configuration) # Enable Encrypted Password

delete

Router (Configuration) # does not have an enable encryption password.

5) Set the virtual terminal password.

Router (Configuration) # Line vty 0 4

Router (Configuration Line) # Password

Router (Configuration Line) # Login

10, save the settings.

1) Router #copy runnig-config starts the configuration.

2) Router # writes

1 1. Backup of routing system

Router #copy flash tftp // Back up the operating system to tftp.

Router#copy run tftp // Back up the running configuration file to tftp.

Router #copy start tftp // backs up the contents of nvram to tftp.

12, history cache command

1) View the history cache command

Router # displays history

2) Change the number of history cache commands that can be stored.

The number of terminal history sizes that the router & gt wants to change.

13, some error messages

The command is incomplete//The command is wrong, and there are no correct parameters behind it.

Ambiguous command//command error,

Invalid input was detected at the ""tag//. There is an error in the command, and the error is at''.

14, set the ip address.

Router (Configuration) # Interface f0/0

Router (configuration -if)#ip address subnet mask

Example:

Router (configuration -if)#ip address192.168.0.1255.255.0.

Router (config-if)#no shutdown // Activate the port or open the port.

Router (config-if)#shutdown // Close the port.

15, set the screen saver.

Router (configuration line) # exec- timeout minutes and seconds

16. Prompt information before entering the router

Router (Configuration) # Banner motd #

Welcome to enter router #

17. Set the prompt information in the port.

Router (config-if) # describes the information you entered.

18, view the port information.

Router #show int f slot slogan/port number

Ethernet startup, line protocol startup//indicates that there is no problem in the physical layer and data layer.

On Ethernet, under the line protocol//it means that there is nothing wrong with physics, but there is something wrong with the data layer.

Ethernet downtime, line protocol downtime//indicates that there is a problem with the network cable.

The Ethernet is administratively closed, and the line protocol is closed//indicating that the port is closed.

19. Change the name of the router.

Router(config)#hostname The name of the router to be changed,

Example:

Router (Configuration) # Hostname sunny

Sunny (configuration) #

20. Turn off the DNS query of the router.

Router (Configuration) # No ip Domain-Find

2 1、

Command to load configuration file

Router # replication starts running.

22. Delete configuration file

Router # Erase Start

23. Delete the ios operating system.

Router # Erases Flash Memory

24. Enter the subinterface of the router.

Router (configuration) #int f slot slogan/port number. Subport number

Example:

Router (configuration) #int f0/0.0

Router (Configuration-Subinterface) #

If you want to open the port, you should open it at f0/0.

Router (Configuration -subif)# Exit

Router (configuration) #int f0/0

Router (configuration -if)# does not turn off.

25. After the exit command is finished, you can directly retreat to privileged mode.

Router (Configuration -if)# End

Router #

You can also use ctrl+z to exit privileged mode.

26. Encrypt all passwords

Router (Configuration) # Service Password Encryption

Section 2 Access Control List

First, the working principle of access control list

1, mainly based on IP address,

2. It consists of multiple statements.

3. Every item in the table is a judgment statement.

4. The execution order of statements is from top to bottom.

5. For ports, such as 80,21. 20 。 25 。 23……

6. First, establish an access control list, and then bind the list in the inbound or outbound direction of the port.

7. It is best to bind the list to the entrance of the router.

8. The most restrictive statement is placed at the top of the list.

9. Wildcard mask,

It is also understandable that the subnet mask is written in reverse.

Example:

192.168.1.0 wildcard mask is 0.0.0.255.

172. 16.0.0 The wildcard mask is 0.0.255.255.

When referring to a specific IP address, the wildcard mask is 0.0.0.0.

Example:

The wildcard mask of192.168.0.1is 0.0.

When referring to all networks, please use 0.0.0.0 255.255.255.255.

It can be abbreviated as any.

Secondly, the classification of access control lists.

1, standard access control list

2. Expand the access control list

3. Name access control list

Third, the standard access control list.

1. The standard access control list can only restrict the source address.

format

Router (Configuration) # access- List List Number Allow/Deny Wildcard Mask of Source IP Address.

The table number of the standard access control list is 1-99.

Permission means permission,

Deny denied packet access.

2. Binding the access control list to the format of the port

Router (configuration -if)# IP access- group list number input/output

In is the direction into the router.

Outbound is the outbound direction of the router.

Example:

Bind the column expression 1 1 to Fast Ethernet port 0/ 1.

Router (configuration) #int f0/ 1

Router (configuration -if)#ip access-group 1 1 in

3. The standard access control list is based on the source address.

Fourth, expand the access control list

1. The extended access control list is based on source and destination addresses, ports and protocols.

Some parameters of extended access control list.

It is less than

Gt is greater than

EQ equals

Neq is not equal to

Range between ...

Expand the format of access control list

Router (Configuration) # Access List Number Allow/Deny Protocol Source IP Address Source Wildcard Mask Target IP Address

Target wildcard mask

The agreement includes

internet protocol

Tcp protocol

Udp protocol

Icmp protocol

The list number of the extended access control list is from 100- 199.

Example:

Router (configuration) # access list 100 allows TCP192.168.0.10.0.0 host172.16.0./kloc-.

Router (configuration) # access list 100 allows TCP192.168.0.10.0.0172.16.0.000.0.

172.16.0.10.0 is equivalent to host172.16.0.1.

2. Delete the access control list

Router (Configuration) # No Access List 100

3. Delete the list bound to the port.

Router (config-if) # No IP access group list number input/output.

Example:

Delete the access control list bound in the inbound direction of f0/0 port 10 1.

Router (configuration) #int f0/0

Router (configuration -if)# No ip access-Group 10 1 in

4. Access control list of ports

Router (Configuration) # Access List List Number Allow/Deny Protocol Source IP Address

Source IP address wildcard mask destination IP address wildcard mask opcode port number

Opcode lt gt eq neq range

Port number: 80 2 1 20, etc.

5. Check whether the port is bound with an access control list.

Router # displays the ip int port type port number.

Example:

Router #show ip it f0/0

View some information about access control lists.

Router # displays the access list.

or

Router # shows running.

Verb (abbreviation for verb) name access control list

1 and the advantages of expanding the access control list ratio

You can delete one of the statements.

2. Format

Router (configuration) # ipaccess-listextend name

Name: any English name you give to the access control list.

Router (config-ext-NaCl) # Allow/Deny wildcard mask of protocol source IP address.

Destination address wildcard mask

3. Binding port

Router (config-if)# IP access- group list name input/output

4. Delete one of the statements.

Router (config-ext-NaCl) # noDeny/allow the wildcard mask of the protocol source IP address.

Wildcard mask of destination IP address

5. Delete the name access control list

Router (Configuration) # no IP access list extension list name

Six static routing protocols

1, routing table: equivalent to a map in life, guiding the direction of data transmission.

2. What is artificially added can only be deleted artificially, otherwise it will not disappear.

3. The format of static routing protocol

Router (Configuration) #ip Routing Destination ip Address Subnet Mask IP address of the next hop port.

Example:

Router (configuration) #ip routing192.168.1.0 255.255.0172.16.0/

4. When the destination network is all networks, use 0.0.0.0.0.0.0.0.0.

Example:

Router (configuration) #ip route 0.0.0.0.0172.16.0.1

Seven subnetting

1, composition of IP address

It consists of two parts: network and host bit.

All the host bits are 0, representing the network number.

All the host bits are 1 to indicate the broadcast number.

2. When subnetting, borrow several host bits as network bits.

3, the solution of borrowing numbers

Add the rightmost bits of the host bits to the left in turn until they are greater than the number of subnets to be divided.

Example: Seven subnets should be divided.

1+2+4+8 = 15 & gt； seven

It means you want to borrow four digits.

In fact, the number of subnets can be divided by the fourth power of 2, where 4 is the number of borrowed bits.

How many IP addresses are there in each subnet? 2 to the fourth power, where 4 is the number of remaining host bits.

The subnet mask is 255.255.255.240.

The solution of subnet mask is 128+64+32+ 16=240.