为了正常的体验网站,请在浏览器设置里面开启Javascript功能!

《ASRASR系列路由器基本操作》PPT模板课件

2021-10-18 32页 ppt 7MB 0阅读

用户头像 个人认证

燕凤

中学教师

举报
《ASRASR系列路由器基本操作》PPT模板课件(Suitableforteachingcoursewareandreports)ASRASR系列路由器基本操作IOS-XE---Cisco针对下一代企业网基础设施的核心操作系统(IOSXE中间件结构及平台抽象层)IOSXE平台抽象层IOS使得IOS可以运行在MIPS、ARM、IntelX86等多种控制平台上,中间件结构使转发平面可以选择多种功能的芯片平台抽象层可以使得新平台的开发速度加快并保证全系列产品功能和行为一致操作一致性:用户使用IOS-XE和传统的IOS平台没有区别,用户接口完全一致ASR1000IOSXE硬件转发使...
《ASRASR系列路由器基本操作》PPT模板课件
(Suitableforteachingcoursewareandreports)ASRASR系列路由器基本操作IOS-XE---Cisco针对下一代企业网基础设施的核心操作系统(IOSXE中间件结构及平台抽象层)IOSXE平台抽象层IOS使得IOS可以运行在MIPS、ARM、IntelX86等多种控制平台上,中间件结构使转发平面可以选择多种功能的芯片平台抽象层可以使得新平台的开发速度加快并保证全系列产品功能和行为一致操作一致性:用户使用IOS-XE和传统的IOS平台没有区别,用户接口完全一致ASR1000IOSXE硬件转发使用QFPIOSXE平台抽象层IOSCAT4500/3850IOSXE硬件转发使用交换芯片IOSXE平台抽象层IOSISR4400系列IOSXE硬件转发使用商用网络处理器IOSXE平台抽象层IOSCSR1000VIOSXEIntelX86和虚拟化技术ASR1000初始化ASR1000基本操作1.配置主机名Router#configureterminalRouter(config)#hostnameRACK1-ASRRACK1-ASR(config)#2.启用CDP,默认ASR1000是关闭CDP服务的RACK1-ASR(config)#cdprunRack1-ASR(config)#interfacerangegi0/0/0-3Rack1-ASR(config-if-range)#cdpenableRack1-ASR(config-if-range)#interfacegi0Rack1-ASR(config-if)#cdpenable3.检查硬件模块工作状态及ROMON/CPLD版本SHN4-15-ASR1K-WAN#showplatformChassistype:ASR1004SlotTypeStateInserttime(ago)------------------------------------------------------------------0ASR1000-SIP10ok18w6d0/0SPA-1X10GE-L-V2ok18w6d0/1SPA-2X1GE-V2ok18w6dR0ASR1000-RP2ok,active18w6dF0ASR1000-ESP40ok,active18w6dP0ASR1004-PWR-ACok18w6dP1ASR1004-PWR-ACok18w6dSlotCPLDVersionFirmwareVersion-------------------------------------------------------------------00709140115.2(1r)SR01002190115.2(1r)SF01003190E15.2(1r)SASR1000管理接口配置1.配置管理接口ASR1000在路由控制引擎(RP)上的MGMTEthernet接口可以用作带外管理(Out-of-bandmamagement)接口使用该接口默认属于Mgmt-intf的VRF,并且不可以更改为其它VRF.因此在配置该接口的路由等业务时,需要注意VRF相关的配置.Rack1-ASR(config)#interfacegigabitEthernet0Rack1-ASR(config-if)#ipaddress10.74.5.181255.255.255.0Rack1-ASR(config-if)#noshutdownRack1-ASR(config-if)#iproutevrfMgmt-intf0.0.0.00.0.0.010.74.5.12.验证管理接口连通性,使用携带VRFMgmt-intf的Ping验证网关Rack1-ASR#pingvrfMgmt-intf10.74.5.1Typeescapesequencetoabort.Sending5,100-byteICMPEchosto10.74.5.1,timeoutis2seconds:!!!!!Successrateis100percent(5/5),round-tripmin/avg/max=1/1/1ms3.如果需要使用管理口处理FTP和TFTP文件拷贝,则需要键入以下命令:Rack1-ASR(config)#ipgigabitEthernet0Rack1-ASR(config)#iptgigabitEthernet0ASR1000配置系统时钟1.配置时区ASR1002-X1(config)#clocktimezoneChina82.配置NTP时钟Rack1-ASR(config)#ntpauthentication-key1md5cisco123Rack1-ASR(config)#ntptrusted-key1Rack1-ASR(config)#ntpservervrfMgmt-intf10.74.5.1key1Rack1-ASR(config)#doshowntpassociation addressrefclockstwhenpollreachdelayoffsetdisp*~10.74.5.1171.68.10.1503146410.0002.000189.45*sys.peer,#selected,+candidate,-outlyer,xfalseticker,~configured3.查看时钟Rack1-ASR(config)#doshowclock 07:07:51.806chinaWedOct172012ASR1000升级ROMMON1.拷贝ROMMON文件到RPBootflash或harddiskRack1-ASR#copybootflash:Accessing*****:*****@10.74.5.45/asr1000-rommon.152-1r.S.pkg...Loadingasr1000-rommon.152-1r.S.pkg!!!!![OK-1253680/4096bytes]2.升级ROMMONRack1-ASR#upgraderom-monitorbootflash:asr1000-rommon.152-1r.S.pkgallChassismodelASR1001hasasinglerom-monitor.Upgraderom-monitorTargetcopyingrom-monitorimagefileisaFIPSROMMONimage65536+0recordsin1114112+0recordsoutUpgradeflashpartitionMD5signatureisfe18056d332dced800d0632a0f629675ROMMONupgradecomplete.TomakethenewROMMONpermanent,youmustrestarttheRP.3.重启机箱:Rack1-ASR#reload升级完成后使用showplatform查看FirmwareversionASR1000SPA卡FPD固件升级升级原因:由于SPA接口卡模块支持Cisco多个平台,因此出厂时的固件版本不一定符合ASR1000的需求,通常会产生如下日志,此时我们需要将SPA的软件进行升级.*Sep1003:30:47.921:%SPA_OIR-3-SPA_POWERED_OFF:subslot0/0:SPA1xOC3ATMSPApoweredoffafter5failureswithin1200seconds*Sep1003:30:47.921:%SPA_OIR-6-OFFLINECARD:SPA(SPA-1XOC3-ATM-V2)offlineinsubslot0/0*Sep1003:30:47.913:%ATMSPA-3-HW_ERROR:SIP0/0:SPA-1XOC3-ATM-V2[0/0]Error0x1C53SPI4initializationfailedRouter#shplatChassistype:ASR1006             Slot     Type               State                Inserttime(ago)------------------------------------------------------------------0        ASR1000-SIP40      ok                   00:03:31      0/1     SPA-1XOC3-ATM-V2   outofservice       00:00:55     R0       ASR1000-RP2        ok,active           00:03:31     F0       ASR1000-ESP40      ok,active           00:03:31     P0       ASR1006-PWR-AC     ps,fail             00:03:15     P1       ASR1006-PWR-AC     ok                   00:03:15     检查SPAFPD版本Router#showhw-modulesubslotallfpd =============================================================================                            H/W  FieldProgrammable  Current  Min.RequiredSlotCardType              Ver. Device:"ID-Name"   Version     Version===========================================================================0/1SPA-1XOC3-AT 1.80 ????????????          ?.?        ?.?=============================================================================ASR1000SPA卡FPD固件升级-续手工升级SPAFPD:Router#upgradehw-modulesubslot0/1fpdbundled %CannotgetFPDversioninformationfromSPA-1XOC3-ATM-V2insubslot0/1.  Ifapreviousupgradeattemptonthetargetcardwasinterrupted,thenthe corruptionofFPDimagemighthavepreventedthecardfromcomingonline.  Ifthisisthecase,thenarecoveryupgradewouldberequiredtofixthe failure. (HitENTERtoproceedwithrecoveryupgradeoperation)[confirm]《-敲回车 %ThefollowingFPDwillbeupgradedforSPA-1XOC3-ATM-V2(H/Wver=1.80)insubslot0/1:         ====================================================         FieldProgrammable  Current    Upgrade  Estimated         Device:"ID-Name"   Version    Version  UpgradeTime         ====================================================         1-I/OFPGA            ?.?        2.2      00:07:00        ====================================================%NOTES: -Use'showupgradefpdprogress'commandtoviewtheprogressoftheFPD   upgrade. -Sincethetargetcardiscurrentlyindisabledstate,itwillbeautomaticallyreloadedaftertheupgradeoperationforthechangestotakeeffect. %Doyouwanttoperformtherecoveryupgradeoperation?[no]:yes《-确认升级%Startingrecoveryupgradeoperationinthebackground...  (Use"showupgradefpdprogress"commandtoseeupgradeprogress) *Sep 922:44:10.604:%FPD_MGMT-6-UPGRADE_TIME:EstimatedtotalFPDimageupgradetimeforSPA-1XOC3-ATM-V2cardinsubslot0/1=00:07:00.*Sep 922:44:10.873:%FPD_MGMT-6-UPGRADE_START:I/OFPGA(FPDID=1)imageupgradeinprogressforSPA-1XOC3-ATM-V2cardinsubslot0/1.Updatingtoversion2.2.PLEASEDONOTINTERRUPTDURINGTHEUPGRADEPROCESS(estimatedupgradecompletiontime=00:07:00)...查看SPAFPD升级过程Router#showupgradefpdprogress FPDImageUpgradeProgressTable: ===========================================================================                                              Approx.                         FieldProgrammable   Time    ElapsedSlotCardType          Device:"ID-Name"  Needed     Time   State======================================================================== 0/1SPA-1XOC3-ATM-V2   1-I/OFPGA         00:07:00  00:02:52 Updating...===========================================================================配置ASR1000的安全登陆和授权SSH登陆和TACACS+授权ASR1000配置TACACS+授权-11.对CONSOLE口使用本地授权Rack1-ASR(config)#aaanew-modelRack1-ASR(config)#aaaauthenticationloginCONSOLElocal Rack1-ASR(config)#usernameciscoprivilege15passwordcisco123 Rack1-ASR(config)#lineconsole0Rack1-ASR(config-line)#loginauthenticationCONSOLE2.配置TACACS+服务注意由于管理接口使用Mgmt-intfVRF因此需要按照如下方法进行配置:Rack1-ASR(config)#aaagroupservertacacs+ACSRack1-ASR(config-sg-tacacs+)#server-private10.74.9.254keycisco123Rack1-ASR(config-sg-tacacs+)#ipvrfforwardingMgmt-intfRack1-ASR(config-sg-tacacs+)#iptacacssource-interfaceGigabitEthernet0如果使用数据平面接口进行TACACS+通信则不需配置VRF相关的信息只需指定源接口(source-interface)即可3.配置AAA授权和认证服务Rack1-ASR(config)#aaaauthenticationloginREMOTEgrouptacacs+groupACSRack1-ASR(config)#aaaauthorizationexecREMOTEtacacs+groupACSRack1-ASR(config)#aaaauthorizationcommands15REMOTEtacacs+groupACSRack1-ASR(config)#aaaauthorizationconfig-commandsASR1000配置TACACS+授权-21.添加ASR1000到CiscoSecureACS中使用登陆ACS添加新的AAA客户端,然后点击左侧按钮”NetworkConfiguration”点击”ASR1K-TME”设备组,然后在ASR1K-TMEAAAClients下方点击”AddEntry”ASR1000配置TACACS+授权-3添加设备类型为TACACS+(CiscoIOS),地址为ASR1000管理口地址,密码为cisco123,配置完成后点击”Submit+Apply”2.针对不同登陆用户权限进行命令授权点击左侧SharedPro,查看”ShellCommandAuthorizedSets”ASR1000配置TACACS+授权-4创建两个组,一个名为Admin,另一个为NetOps,其中Admin有所有的配置权限(unmatchedcommandspermit)NetOps仅有更改IP路由(iproute命令)的权限ASR1000配置TACACS+授权-53.添加命令行控制权限到用户组点击”GroupSetup”,配置了两个Group(Admin/NetOps).其中TACACS+Setting中,配置Shell(exec)和PrivilegeLevel,并且在ShellCommandAuthorizationSet中配置选用”AssignaShellCommandAuthorizationSetforanynetworkdevice”ASR1000配置TACACS+授权-64.添加用户到用户组点击”UserSetup”输入用户名rackyyadmin/rackyyops点击”Add/Edit”,例如rack1admin,密码为cisco123,用户组选择为Admin或者NetOps5.配置登陆使用的VTY并激活SSH登陆配置域名和密钥启用SSH登陆,注意密钥长度要大于1024才能使用SSHv2登陆Rack1-ASR(config)#ipdomain-namecisco.comRack1-ASR(config)#cryptokeygeneratersamodulus1024 %YoualreadyhaveRSAkeysdefinednamedRack1-ASR.cisco.com.%Theywillbereplaced. %Thekeymodulussizeis1024bits%Generating1024bitRSAkeys,keyswillbenon-exportable...[OK](elapsedtimewas0seconds)配置VTY,并仅允许SSH登陆Rack1-ASR(config-line)#linevty090Rack1-ASR(config-line)#authorizationcommands15REMOTERack1-ASR(config-line)#authorizationexecREMOTERack1-ASR(config-line)#loginauthenticationREMOTERack1-ASR(config-line)#transportinputssh软件授权(License安装)仅ASR1001/ASR1002-X/CSR1000v需要使用软件版本授权ASR1001和ASR1002-X使用通用的操作系统文件(universalk9),单个IOSXE软件包支持IPBase/AdvancedIPService/AdvancedEnterpriseService等三种软件版本,可以通过使用软件授权的方式进行版本切换ASR1002/ASR1004/ASR1006/ASR1013则是采用三种不同的IOSXE文件来实现不同版本的切换吞吐量授权ASR1001默认为2.5Gbps吞吐量,可以通过软件授权升级到5GbpsASR1002-X默认为5Gbps吞吐量,可以通过软件授权升级到10Gbps/20Gbps/36Gbps特殊软件功能授权对于IPSec/防火墙/AVC等功能有单独的软件授权License,这些授权仅在ASR1001和ASR1002-X上使用ASR1000系列路由器软件特性授权详解ASR1000软件授权安装方式查看License需要的序列号:Router#showlicenseudiSlotIDPIDSNUDI--------------------------------------------------------------------------------*6ASR1002-XJAE16370304ASR1002-X:JAE16370304使用PID和SN申请License后,将邮件获得的License文件拷贝到ASR1000中:ASR1002-X1#copytbootflash:Destination[JAE16370304_20121115072219026.lic]?Accessingt...LoadingASR/JAE16370304_20121115072219026.licfrom10.74.57.167(viaGigabitEthernet0):![OK-3287bytes]3287bytescopiedin0.029secs(113345bytes/sec)安装LicenseASR1002-X1#licenseinstallbootflash:JAE16370304_20121115072219026.licInstallinglicensesfrom"bootflash:JAE16370304_20121115072219026.lic"Installing...Feature:internal_service...Successful:SupportedInstalling...Feature:adventerprise...Successful:SupportedInstalling...Feature:throughput_36g...Successful:Supported3/3licensesweresuccessfullyinstalled0/3licenseswereexistinglicenses0/3licenseswerefailedtoinstallASR1000软件授权安装方式-2安装完成后重启:启动时的系统日志:*Nov1518:36:50.019:%IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL:Modulename=asr1002xNextrebootlevel=adventerpriseandLicense=adventerprise*Nov1518:37:02.188:%LINK-3-UPDOWN:InterfaceLsmpi0,changedstatetoup*Nov1518:37:02.188:%LINK-3-UPDOWN:InterfaceEOBC0,changedstatetoup*Nov1518:37:02.188:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceVoIP-Null0,changedstatetoup*Nov1518:37:02.188:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceLI-Null0,changedstatetoup*Nov1518:37:02.188:%LINK-3-UPDOWN:InterfaceGigabitEthernet0,changedstatetodown*Nov1518:37:03.207:%LINEPROTO-5-UPDOWN:LineprotocolonInterfaceLIIN0,changedstatetoup*Nov1518:36:52.876:%CMLIB-6-THROUGHPUT_VALUE:R0/0:cmand:Throughputlicensefound,throughputsetto40000000kbps检查LicenseASR1002-X1#showlicensefeatureFeaturenameEnforcementEvaluationSubscriptionEnabledRightToUseadventerpriseyesyesnoyesyesadvipservicesyesyesnonoyesipbasenononononoavcnononononobroadbandnononononocube_video_b2btpnononononofirewallnononononointernal_serviceyesnonononoipsecyesyesnonoyesotvnononononosw_redundancyyesyesnonoyesthroughput_10gyesyesnonoyesthroughput_20gyesyesnonoyesthroughput_36gyesyesnoyesyesvplsnonononono开启软件冗余仅ASR1001/ASR1002-X/ASR1004可以使用ASR1006/ASR1013使用硬件冗余IOSXE(LinuxKernel)IOSActiveIOSStandbyASR1000软件冗余配置开启软件冗余前仅一个IOS引擎:ASR1002-X1#showplatformChassistype:ASR1002-XSlotTypeStateInserttime(ago)------------------------------------------------------------------0ASR1002-Xok00:15:480/06XGE-BUILT-INok00:15:070/1SPA-1XOC3-ATM-V2ok00:15:07R0ASR1002-Xok,active00:15:48F0ASR1002-Xok,active00:15:48P0ASR1002-PWR-ACok00:15:26P1ASR1002-PWR-ACok00:15:25SlotCPLDVersionFirmwareVersion-------------------------------------------------------------------01204230315.2(4r)SR01204230315.2(4r)SF01204230315.2(4r)SASR1002-X1(config)#redundancyASR1002-X1(config-red)#modessoFeatureName:sw_redundancyActivationofthesoftwarecommandlineinterfacewillbeevidenceofyouracceptanceofthisagreement.ACCEPT?(yes/[no]):yes*Nov1518:53:46.171:%LICENSE-6-EULA_ACCEPTED:EULAforfeaturesw_redundancy1.0hasbeenaccepted.UDI=ASR1002-X:JAE16370304;StoreIndex=5:Built-InLicenseStorage*Nov1518:53:46.566:%CMRP-6-DUAL_IOS_REBOOT_REQUIRED:R0/0:cmand:ConfigurationmustbesavedandthechassismustberebootedforIOSredundancychangestotakeeffect*Nov1518:53:46.568:%RedundancymodechangetoSSOIOSXE(LinuxKernel)IOSActiveIOSStandbyASR1000软件冗余配置-2重启后:ASR1002-X1#showplatformChassistype:ASR1002-XSlotTypeStateInserttime(ago)------------------------------------------------------------------0ASR1002-Xok00:01:020/06XGE-BUILT-INok00:00:210/1SPA-1XOC3-ATM-V2ok00:00:21R0ASR1002-Xok00:01:02R0/0ok,active00:01:02R0/1init,standbyneverF0ASR1002-Xok,active00:01:02P0ASR1002-PWR-ACok00:00:39P1ASR1002-PWR-ACok00:00:39SlotCPLDVersionFirmwareVersion-------------------------------------------------------------------01204230315.2(4r)SR01204230315.2(4r)SF01204230315.2(4r)SIOSXE(LinuxKernel)IOSActiveIOSStandbyASR1000接口地址和路由协议配置ASR1000接口配置POS接口配置ASR1002-X1(config)#interfacepos0/2/0ASR1002-X1(config-if)#posframingsonetASR1002-X1(config-if)#keepalive10ASR1002-X1(config-if)#clocksourceinternalASR1002-X1(config-if)#noposscramble-atmASR1002-X1(config-if)#load-interval30ASR1002-X1(config-if)#encapsulationpppASR1002-X1(config-if)#ipaddress62.1.1.1255.255.255.0ATM接口ASR1002-X1(config)#interfaceatm0/1/0ASR1002-X1(config-if)#atmclockinternalASR1002-X1(config-if)#noshutdownASR1002-X1(config-if)#interfaceatm0/1/0.1pointASR1002-X1(config-subif)#ipaddress62.1.1.1255.255.255.0ASR1002-X1(config-subif)#pvc10/100ASR1002-X1(config-if-atm-vc)#vbr-nrt3072030720ASR1002-X1(config-if-atm-vc)#oam-pvcmanageASR1002-X1(config-if-atm-vc)#oamretry331ASR1002-X1(config-if-atm-vc)#protocolip62.1.1.2broadcastASR1002-X1(config-if-atm-vc)#encapsulationaal5snapE1接口配置ASR1002-X1(config)#cardtypee101ASR1002-X1(config)#controllerE10/1/0ASR1002-X1(config-controller)#channel-group0timeslots1-31ASR1002-X1(config-controller)#interfaceserial0/1/0:0ASR1002-X1(config-if)#encapsulationhdlcASR1002-X1(config-if)#ipaddress62.1.1.1255.255.255.0以太网口ASR1002-X1(config)#interfaceGi0/1/0.100ASR1002-X1(config-if)#encapsulationdot1q100ASR1002-X1(config-if)#ipaddress100.100.0.1255.255.255.0ASR1000路由协议配置静态路由iproute0.0.0.00.0.0.010.74.5.1RIProuterripversion2network172.25.0.0network192.168.50.0OSPF(启用BFD功能)interfaceGigabitEthernet0/1/2ipaddress5.5.5.2255.255.255.0bfdinterval50min_rx50multiplier3nobfdechoipospfbfd!routerospf100network5.5.5.00.0.0.255area0bfdall-interfacesBGProuterbgp100neighbor1.1.1.1remote-as100neighbor1.1.1.1update-sourceloopback0!address-familyipv4unicastnetwork123.4.5.0mask255.255.255.0EIGRProutereigrp100network1.1.1.0redistributestaticroute-mapagg-routesdefault-metric1000125511500distribute-list20outserial0/1/0:0!iproute10.1.0.0255.255.0.0null0!route-mapagg-routespermit10matchipaddress10matchinterfaceserial0/1/0:0!access-list10permit10.1.0.00.0.255.255access-list20permit10.1.1.00.0.255.255策略路由(PBR)interfacegi0/0/0ipaddress172.16.5.1255.255.255.0ippolicyroute-mappbr!access-list1permit172.16.6.00.0.0.255access-list2permit172.16.7.00.0.0.255!route-mappbrpermit10matchipaddress1setipnext-hop172.16.4.2!route-mappbrpermit15matchipaddress2setipnext-hop172.16.4.3演讲结速,谢谢观赏!Thankyou.常用编辑图使用方法1.取消组合2.填充颜色3.调整大小选择您要用到的图标单击右键选择“取消组合”右键单击您要使用的图标选择“填充”,选择任意颜色拖动控制框调整大小商务图标元素商务图标元素商务图标元素商务图标元素
/
本文档为【《ASRASR系列路由器基本操作》PPT模板课件】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑, 图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。 本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。 网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。

历史搜索

    清空历史搜索