世界上很少有比将一块硬件放在自己的膝盖上并附上一张便条纸“为新子网进行配置”更令人高兴的事了。
我熟悉 Linux/UNIX,但从未接触过 CISCO 路由器。因此,我得到了一块旧的 CISCO 2960S 金属块,并设法弄清楚如何将串行电缆连接到它并将其重置为出厂默认设置。做到了。甚至设法设置了启用密码。耶。现在真的成功了。但是,我得到了一个子网,如 204.xxx.yyy.160 - 204.xxx.yyy.191,所以对我来说,这看起来像一个斜线 27(32 个 IP 地址,网络掩码为 255.255.255.191?)。
我不是网络人员,甚至根本不是,所以我必须将最后一个八位字节转换为二进制才能使其有意义:
160 = 10100000 binary
191 = 10111111 binary
所以我猜测广播地址一定是 204.xxx.yyy.191。只是猜测。
无论如何,在我将这个东西插入机架并连接 ISP 给我们的铜线之前,我需要能够登录 CISCO 路由器本身。我的意思是在管理界面上。
因此我尝试阅读这里无尽的内容:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swint.html#wp2220949
这几乎让我一无所获。我至少能够查询接口状态,至少...我认为这就是我在这里看到的:
SW4-03#show interfaces fastethernet 0
FastEthernet0 is up, line protocol is up
Hardware is PowerPC FastEthernet, address is 6c50.4d83.a537 (bia 6c50.4d83.a537)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 100Mb/s, MII
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
596880 packets input, 91088101 bytes
Received 233272 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
24904 packets output, 10360064 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
SW4-03#
对我来说,其中大部分都是纯粹的噪音。我似乎看到接口已启动并作为 100Mbit/sec 接口运行,但它的 IP 是什么?我只想将其设置为 192.168.35.3,然后 ssh 进入此路由器以继续解决下一个谜题。
所以问题是,如何配置永久静态 IP 192.168.35.3 到允许我通过 telnet 或 SSH 进入该路由器的管理界面?
这是黑魔法吗?
我提前感谢所有那些将此类事情放在他们头上并说“自己想办法吧,这有多难?”的管理层。
这些信息可能有用:
SW4-03#show running-config
Building configuration...
Current configuration : 4429 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW4-03
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lots-off-good-hash-here
enable password secretgoodpasswd
!
!
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
authentication mac-move permit
ip subnet-zero
!
!
!
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos
!
crypto pki trustpoint TP-self-signed-1300473088
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1300473088
revocation-check none
rsakeypair TP-self-signed-1300473088
!
!
crypto pki certificate chain TP-self-signed-1300473088
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
.
.
. lots of hex here
.
0D8C4FFC 852B4817 36F1DD49 BD625EE4 5946A7CE 70E72481 EB63BC59 05B4F27A C4C418
quit
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0
no ip address
speed 100
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
switchport access vlan 10
!
interface GigabitEthernet0/3
switchport access vlan 10
!
interface GigabitEthernet0/4
switchport access vlan 10
!
interface GigabitEthernet0/5
switchport access vlan 10
!
interface GigabitEthernet0/6
switchport access vlan 10
!
interface GigabitEthernet0/7
switchport access vlan 10
!
interface GigabitEthernet0/8
switchport access vlan 10
!
interface GigabitEthernet0/9
switchport access vlan 10
!
interface GigabitEthernet0/10
switchport access vlan 10
!
interface GigabitEthernet0/11
switchport access vlan 10
!
interface GigabitEthernet0/12
switchport access vlan 10
!
interface GigabitEthernet0/13
switchport access vlan 10
!
interface GigabitEthernet0/14
switchport access vlan 10
!
interface GigabitEthernet0/15
switchport access vlan 10
!
interface GigabitEthernet0/16
switchport access vlan 10
!
interface GigabitEthernet0/17
switchport access vlan 10
!
interface GigabitEthernet0/18
switchport access vlan 10
!
interface GigabitEthernet0/19
switchport access vlan 11
!
interface GigabitEthernet0/20
switchport access vlan 11
!
interface GigabitEthernet0/21
switchport access vlan 12
!
interface GigabitEthernet0/22
switchport access vlan 12
!
interface GigabitEthernet0/23
switchport mode trunk
mls qos trust cos
macro description cisco-switch
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/24
switchport mode trunk
mls qos trust cos
macro description cisco-switch
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
switchport trunk allowed vlan 1,10-12,999
switchport mode trunk
!
interface Vlan1
ip address 192.168.250.203 255.255.255.0
!
ip http server
ip http secure-server
!
!
line con 0
password somepawwordsstuff
line vty 0 4
password someotherpasswdstuff
login
line vty 5 15
password yetanotherpasswordstuff
login
!
end
实际上根本不应该配置任何 vlan。
答案1
本设备上的管理接口为 Fa0(FastEthernet0长话短说)。这里配置了它no ip address。
您应该为其配置一个 IP 地址,这实际上可能就足够了。因此,enable,并conf t开始配置。然后interface fa0配置管理接口。
赋予它一个 IP:ip address 1.2.3.4 255.255.0.0或者您希望它拥有的任何 IP 和网络掩码。
最后,退出配置模式(exit)并将配置写入 NVRAM(copy running-config startup-config)。现在,它应该可以工作了。
如果接口被管理禁用,您还必须指定no shut配置指令,但看起来情况并非如此。
不要在该接口上指定 VLAN。它不是访问端口或中继端口;它是一个端点。它应该连接到其他交换机,连接到管理 VLAN 上的访问端口。