network:cisco:setup_cisco_router_from_initial_to_ssh_login

Ciscoルータを初期状態からsshログインできるまで設定する

設定が一切ない場合、起動時に「初期設定するか?」と聞かれるがお断りする。 

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

特権EXECに入り、パスワードを設定する。 <code> Router>enable Router# Router(config)#enable password PASSWORD Router(config)#service password-encryption <code>

インタフェースを見てみる。 Router#show interfaces status

Port Name Status Vlan Duplex Speed Type Gi0 disabled 1 auto auto 10/100BaseTX/1000BaseT Gi1 notconnect 1 auto auto 10/100BaseTX/1000BaseT Gi2 notconnect 1 auto auto 10/100BaseTX/1000BaseT Gi3 notconnect 1 auto auto 10/100BaseTX/1000BaseT Gi4 notconnect 1 auto auto 10/100BaseTX/1000BaseT Gi5 notconnect 1 auto auto 10/100BaseTX/1000BaseT Gi6 notconnect 1 auto auto 10/100BaseTX/1000BaseT Gi7 notconnect 1 auto auto 10/100BaseTX/1000BaseT

Router#show interfaces GigabitEthernet0 is administratively down, line protocol is down 

Hardware is Gigabit Ethernet, address is 0081.c4ae.ad97 (bia 0081.c4ae.ad97)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
   reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:18, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
   8 packets input, 1222 bytes, 0 no buffer
   Received 0 broadcasts (8 multicasts)
   0 runts, 0 giants, 0 throttles 
   0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
   0 watchdog, 0 multicast, 0 pause input
   0 input packets with dribble condition detected
   11 packets output, 1637 bytes, 0 underruns
   0 output errors, 0 collisions, 2 interface resets

(略)

#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#

Router(config)#line console 0 Router(config-line)#logging synchronous

インターフェースの有効化 Router(config)#interface GigabitEthernet 0 Router(config-if)#no shutdown *Jan 8 04:32:19.011: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down *Jan 8 04:32:21.491: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up *Jan 8 04:32:22.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up *Jan 8 04:32:50.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

有効になったか確認 Router(config-if)#do show interfaces GigabitEthernet0 is up, line protocol is up 

Hardware is Gigabit Ethernet, address is 0081.c4ae.ad97 (bia 0081.c4ae.ad97)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, 
   reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set

インタフェースの数だけ繰り返す。

VLANの状態を確認してみる。 Router(config)#do show vlan-switch

VLAN Name Status Ports —- ——————————– ——— ——————————- 1 default active Gi0, Gi1, Gi2, Gi3, Gi4, Gi5 

                                              Gi6, Gi7

1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 —- —– ———- —– —— —— ——– —- ——– —— —— 1 enet 100001 1500 - - - - - 1002 1003 1002 fddi 101002 1500 - - - - - 1 1003 1003 tr 101003 1500 1005 0 - - srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0

Router(config)#interface vlan 1 Router(config-if)#ip address 172.16.0.254 255.255.0.0 Router(config-if)#no shutdown デフォで有効になっているが念のため

疎通確認 $ ping 172.16.0.254 PING 172.16.0.254 (172.16.0.254): 56 data bytes 64 bytes from 172.16.0.254: icmp_seq=0 ttl=255 time=3.138 ms 64 bytes from 172.16.0.254: icmp_seq=1 ttl=255 time=0.675 ms

— 172.16.0.254 ping statistics — 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.675/1.906/3.138/1.231 ms

sshのアカウント作成 Router(config)#username USERNAME password PASSWORD

Router(config)#line vty 0 4 Router(config-line)#login local

SSHのみ許可 Router(config-line)#transport input ssh

ホスト名とドメイン名の設定 Router(config)#hostname RT RT(config)#ip domain-name example.com

暗号鍵の設定 RT(config)#crypto key generate RSA The name for the keys will be: RT-L01-01.tokyo.lan.decomo.info Choose the size of the key modulus in the range of 360 to 4096 for your 

General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable… [OK] (elapsed time was 1 seconds)

SSHのバージョン2を使う RT(config)#ip ssh version 2

設定保存 RT#write

*Jan 8 12:54:57.493: %SYS-5-CONFIG_I: Configured from console by console Building configuration… [OK]

$ ssh Decomo@172.16.0.254 Password: RT>

  • network/cisco/setup_cisco_router_from_initial_to_ssh_login.txt
  • 最終更新: 2017-01-11 09:17
  • by Decomo