Professional Documents
Culture Documents
vez has querido referencia rpida para IOS XR en la seguridad bsica, configuracin cometer, RIP, OSPF, EIGRP, IS-IS, IPv6 y las comparaciones con IOS clsico? Est justo aca para usted. No hay mucho que aprender acerca de IOS XR, desde el punto de vista de la teora de redes. Es slo otra lnea de comando en un router. El punto aqu es la evolucin. IOS XE es la evolucin de la original IOS y tiene casi exactamente la misma sintaxis original de IOS. IOS XE fue construido para proporcionar una mejor disponibilidad alta y entrega rpida caracterstica utilizando el conocimiento existente en el mundo de la IOS Command Line Interface (CLI). En resumen, el IOS XE es una versin mejorada del IOS internamente, pero no significa mucho para la configuracin bsica. IOS XR sin embargo, es completamente construir desde cero en una arquitectura micro-kernel, memoria protegida y multitarea preventiva. IOS XR tiene ventajas sobre el IOS original IOS XE en: Mejoras de alta disponibilidad - en gran parte gracias al apoyo de la redundancia de hardware y mtodos de falla de contencin tales como el espacio de memoria protegida. Tambin los procesos son auto-reiniciar. Mejor Escalabilidad - para configuraciones de hardware grande una infraestructura de software distribuido y de dos etapas arquitectura reenvo est disponible Paquete modelo basado en la distribucin de software - esto permitir instalar / quitar funciones de router como multicast / MPLS para aadir mientras router est funcionando y sin tiempo de inactividad. Tambin se pueden instalar los parches sin interrupcin (potencialmente). Tambin GUI basado en web para la gestin del sistema (soporte para la automatizacin de configuracin XML) Qu router est ejecutando IOS qu? IOS - Routers Cisco ISR Series (800,1900,2900,3900 serie), Cisco 7200 y 7600 Series y los routers existentes y Catalizadores 6500 IOS XE - ASR 1000 Series y Catalyst 4500E Series Switches IOS XR - Cisco CRS-1 y CRS-3, ASR9000 Cisco y Cisco XR12000 IOS XR Acceso a los comandos de lnea y principios de configuracin
Junto con el acceso bsico a la consola fsica y puerto auxiliar, el IOS XR viene con interfaces de administracin dedicados fsicos. En ASR9000 estos son:
interface MgntEth0/RSP0/CPU0/0 interface MgntEth0/RSP0/CPU0/1
Si desea acceder gestin IP al router, debe configurar estas interfaces con direcciones IP de la subred de gestin. IPs ya sea fsico o virtual compatible. Adems, el IOS XR del sistema en ASR9000 tiene la siguiente estructura del sistema:
RP/0/RSP0/CPU0:PE1#
RP - Ruta procesador 0 - chasis para rack RSP0 - Procesador Ruta del interruptor (ya sea RSP0 o RSP1) CPU0 - siempre debe ser el mismo en ASR9000 PE1 - nombre de host del router Edicin de la configuracin y confirmacin en IOS XR Vamos a empezar sin rodeos, no existe el concepto de startup-config running-config y en IOS XR. La nueva forma de hacer las cosas es a travs de un mtodo de configuracin de dos etapas. En la primera etapa de hacer una coleccin de cambios en la configuracin actual. Usted puede comprobar los cambios de las correcciones en el sistema. Personalmente esto es lo mismo que muchos de nosotros hacer cambios en un bloc de notas u otro editor txt antes de ir al router para su aplicacin. Esto es un poco lo mismo, excepto el apoyo directo de la XR IOS. En la segunda etapa, puede confirmar la configuracin a la configuracin de destino. "Commit" es todo o nada, la aceptacin de los cambios. Si alguno de los comandos preparados no es correcta, los cambios en la configuracin enteros no se aplicar. Usted puede ver los cambios de configuracin con "show config". Hay algunos otros mtodos de aplicar el comando commit al router, ya que no quieren ir a los detalles de un rpido vistazo a la "confirmacin?" Debera ser suficiente. RP/0/RSP0/CPU0: PE (config) # cometido?
"best-effort" Confirmar los cambios de configuracin a travs de la operacin de mximo esfuerzo "comment" Asignar un comentario para este compromiso "confirmed" Rollback esta confirmacin a menos que exista un compromiso que confirma "force" Anular las comprobaciones de memoria "label" Asignar una etiqueta a este compromiso "replace" Reemplazar el contenido de ejecutar la configuracin "save-running" Guardar ejecutar la configuracin en un archivo "<cr>" Confirmar los cambios de configuracin a travs de pseudo-operacin atmica TIP: Para borrar la configuracin de inicio actual, puede utilizar "comprometerse reemplazar" con los cambios de configuracin vacas. TIP: Para cargar o guardar la configuracin desde o hacia un archivo, utilice la carga o guardar comandos. Comandos basicos: show config Mostrar configuracin no comprometido show config merge Mostrar configuracin futura esperada despus de cometer show config changes Mostrar configuracin futuro si "Encomienda reemplazar" utilizada commit best-effort Comprometerse todas las configuraciones que se pueden cometer (esto anula el "todo o nada" lgica). commit confirmed seconds Cometer durante la duracin de los tiempos (a menos comprometido antes de timer) commit label comete y aade una descripcin de los cambios a la historia commit comment aade un comentario a la entrada del histrico compromiso show configuration failed Si los cambios confirmados generar y error y volver, se puede ver lo que sali mal en esta salida.
aaa authentication login name group tacacs+ Note The group keyword appears before tacacs+; this is common for allaaa...tacacs+ commands.
aaa authorization commands {default | listname} group tacacs+ Note There is no level argument because Cisco IOS XR software permissions are different from those of Cisco IOS software.
aaa accounting exec {default | list-name} {startstop | stop-only} group tacacs+ Note The group keyword appears before tacacs+.
aaa accounting commands {default | list-name} {start-stop | stop-only}group tacacs+ Note There is no level argument; see also the taskgroup section below.
Routing area-password password [authenticate snp {validate | send-only}] lsp-password {hmac-md5 | text} {clear | encrypted} password [level {1 |2}] [sendonly] [snp send-only] auto-cost {reference-bandwidth mbps | disable} auto-summary (EIGRP) auto-summary (RIP)
BGP Routing bgp bestpath compare-routerid bgp cluster-id cluster-id bgp confederation identifier as-number bgp bestpath compare-routerid bgp cluster-id cluster-id bgp confederation identifier autonomous-systemnumber bgp confederation peers [autonomous-systemnumber] bgp fast-external-fallover disable This command disables bgp fast-external-fallover. bgp graceful-restart [restarttime seconds | stalepath-timeseconds] bgp graceful-restart bgp graceful-restart purge-time bgp graceful-restart restart-time bgp graceful-restart stalepath-time
bgp fast-external-fallover
bgp redistribute-internal bgp router-id ip-address bgp scan-time [import] scanner-interval cdp run clock source {internal | line | loop} crc {16 | 32} dampening [half-life-period reuse-threshold] [suppress-threshold max-suppress-time [restartpenalty]] default-information originate default-metric number description string
bgp redistribute-internal bgp router-id ip-address bgp scan-time seconds cdp clock source {internal | line} crc {16 | 32} dampening [half-life [reuse suppress max-suppresstime]]
distance {ip-address {wildcard-mask}} [ip-standard-list] distance weight [ip-address mask [access-list-name]] [ip-extended-list] distance bgp external-distance internal-distance local- distance bgp external-distance internal-distance distance local-distance distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]} distance ospf {intra-area | interarea | external} distance
domainlsp-password {hmac-md5 | text} password password [authenticate snp {validate | sen {clear | encrypted} password [level {1 |2}] [sendd-only}] only] [snp send-only] encapsulation {hdlc | ppp} encapsulation {hdlc | ppp}
escape-character {break | char | default | none | soft} escapecharacter {break | number | character | default | non e} exec-timeout minutes [seconds] flowcontrol {none | software [lock] [in | out] | hardware [in | out]} hello padding hostname name ip directed-broadcast [access-list-number | extended access-list-number] ip domain-list name ip domain-name name ip ftp... exec-timeout minutes seconds flowcontrol hardware {in | out | none}
ip host [vrf vrf-name] {name | modem-telephonenumber} [tcp-portnumber] address1 [address2...address8] ip http server
hostname name
http server [[access-group name] | [ssl] [accessgroup name]] icmp ipv4 rate-limit unreachable [DF] milliseconds
ip icmp rate-limit unreachable [df] [ms] [log [packets] [interval-ms]] ip mask-reply ip msdp [vrf vrf-name] default-peer {peeraddress | peer-name} [prefix-list list] ip msdp [vrf vrf-name] originator-id interfacetype interface-number ip msdp sa-limit {peer-name | peer-address} sa-limit ip name-server ip ospf name-lookup ip proxy-arp
ip radius source-interface subinterface-name [vrf vrf- radius source-interface interface-name name] ip rcmd remote-username username ip rcmd source-interface interface-id ip redirects ip sap cache-timeout minutes ip sdr cache-timeout minutes ip ssh timeout seconds ip tacacs source-interface subinterface-name ip tcp path-mtu-discovery [agetimer {minutes | infinite}] ip tcp synwait-time seconds ip tcp window-size bytes ip telnet source-interface ip tftp... ip route network mask... Router# ip route 10.0.0.0 255.0.0.0 rcp client username username rcp client source-interface type instance ipv4 redirects sap cache-timeout minutes
ssh timeout seconds tacacs source-interface type instance tcp path-mtu-discovery [agetimer minutes | infinite] tcp synwait-time seconds tcp window-size bytes telnet ipv4 client source-interface tftp client... route ipv4 network/masklen... RP0/0/RP0/CPU0:router# route ipv4 unicast 10.0.0.0/8 All options available after the network and mask in parameters in Cisco IOS software (outgoing interface, next-hop, tag, admin distance, and so on)
are also available after the network/masklen parameter with the same command in Cisco IOS XR software. ip unnumbered interface-type interface-number ip unreachables ipv4 unnumbered interface-name ipv4 unreachables disable This command disables IPv4 unreachables. ip verify unicast reverse-path [list] ip verify unicast source reachable-via ipv6 address {ipv6-address/prefix-length | prefixname sub-bits/prefix-length} ipv6 enable ipv6 icmp error-interval milliseconds [bucketsize] ipv6 mtu bytes is-type [level-1 | level-1-2 | level-2-only] keepalive [period [retries]] length screen-length line {aux | console} 0 ipv4 verify unicast source reachable-via {any | rx} [allow-default] [allow-self-ping] ipv6 address ipv6-prefix/prefix-length [eui-64]
ipv6 enable ipv6 icmp error-interval milliseconds [bucketsize] ipv6 mtu bytes is-type {level-1 | level-1-2 | level-2-only} keepalive {seconds | disable} length lines line {aux | console} No line number is necessary. See also the "Line Configurations" section.
load-interval seconds log-adjacency-changes [detail] logging buffered [buffer-size | severity-level] logging console filtered [severity-level] logging event {dlci-status-change | linkstatus | subif-link-status} logging facility facility-type logging history [severity-level-name | severity-levelnumber] logging host {{ip-address | hostname} [vrf vrf-name] | {ipv6 ipv6-address | hostname}} [transport {udp [port port-number] | tcp [portportnumber] [audit]}] [xml | filtered [stream stream-id]] [alarm[severity]] logging monitor filtered [severity-level] logging on logging source-interface interface-type interface-
load-interval seconds log adjacency changes [detail | disable] logging buffered [size | severity] logging console {severity | disable} logging events link-status [logical | physical]
number logging trap level lsp-mtu bytes lsp-refresh-interval seconds max-lsp-lifetime [hours] value max-metric router-lsa [on-startup {seconds | waitfor-bgp}] maximum-paths {[number-of-paths] [import numberof-paths] | [import number-of-paths]} maximum-paths eibgp number [import number] maximum-paths ibgp {[number] [import number] | [importnumber]} metric-style narrow [transition] [level-1 | level2 | level-1-2] metric-style transition [level-1 | level-2 | level-1-2] logging trap [severity] lsp-mtu bytes [level {1 | 2}] lsp-refresh-interval seconds [level {1 | 2}] max-lsp-lifetime seconds [level {1 | 2}] max-metric router-lsa [on-startup {wait-forbgp | announce-time}] maximum paths maximum
maximumpaths {ebgp | ibgp | eibgp} maximum [unequalcost] metric-style narrow [transition] [level {1 | 2}]
metric-style wide [transition] [level-1 | level-2 | level- metric-style wide [transition] [level {1 | 2}] 1-2] mpls label range min max mpls traffic-eng area number mpls traffic-eng {level-1 | level-2} mpls traffic-eng router-id interface-name (RIP) neighbor ip-address (OSPF) neighbor ip-address [cost number] [priority number] [poll-interval seconds] (EIGRP) neighbor {ip-address | ipv6address} interface-type interface-number net network-entity-title nsf cisco helper disable nsf ietf helper disable ntp authentication-key number md5 value output-delay delay passive-interface [default] {interface-type interfacenumber} (dot1x credentials) password [0 | 7] password mpls label range [table table-id] minimum maximum mpls traffic-eng area {ospf-area} mpls traffic-eng level {1 | 2} mpls traffic-eng router-id interface-name neighbor ip-address neighbor ip-address [cost number] [priority number] [poll-intervalseconds] neighbor ip-address
pos ais-shut pos flag {c2 | s1s0} value pos framing {sdh | sonet} pos report {b1-tca | b2-tca | b3tca | lais | lrdi | pais | plop | prdi |rdool | sd-ber | sfber | slof | slos}
ais-shut (in SONET path configuration mode) overhead {c2 byte-value | j1 ascii-value} framing {sdh | sonet} report [b1-tca | b2-tca | lais | lrdi | sd-ber | sfber | slof | slos] (in SONET configuration) report [b3-tca disable | pais | plop disable | prdi] (in SONET path configuration) threshold {b1-tca | b2-tca | sd-ber | sf-ber} biterror-rate (in SONET configuration) threshold b3-tca bit-error-rate (in SONET path configuration) radius-server deadtime minutes radius-server key {0 clear-text-key | 7 encryptedkey | clear-text-key} radius-server retransmit retries radius-server timeout seconds router rip router-id {interface-type interface-instance | routerid} service {ipv4 | ipv6} tcp-small-servers [maxservers number | no-limit] [access-list-name] service timestamps [[debug | log] {datetime [localtime] [msec] [show-timezone] | disable | uptime}] service {ipv4 | ipv6} udp-small-servers [maxservers number | no-limit] [access-list-name] session-timeout minutes [output] shutdown snmp-server ifmib ifalias long snmp-server chassis-id serial-number snmp-server contact system-contact-string snmp-server engineid local engine-id snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view] [context context-name] [access-list-name]
radius-server retransmit retries radius-server timeout seconds router rip router-id ip-address
service tcp-small-servers
service timestamps [debug | log] [uptime | datetime [msec] [localtime] [showtimezone] [year]] service udp-small-servers
session-timeout minutes [output] shutdown snmp ifmib ifalias long snmp-server chassis-id text snmp-server contact text snmp-server engineID local engineid-string snmp-server group groupname {v1 | v2c | v3 {auth | noauth | priv}} [context context-name] [read read-view] [write writeview] [notifynotify-view] [access [ipv6 named-accesslist] [acl-number | acl-name]] snmp-server ifindex persist
snmp-server location text snmp-server packetsize byte-count snmp-server queue-length length snmp-server trap-source interface
snmp-server location system-location snmp-server packetsize size snmp-server queue-length length snmp-server trap-source interface-type interfacenumber snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted} authpassword [priv des56 {clear | encrypted} privpassword]]} [LROwner | SystemOwner] [access-listname] snmp-server view view-name oidtree {excluded | included} stopbits {1 | 2} summary-address ip-address {/length | mask} [admin-distance] summary-prefix {address/prefix-length | ipv6prefix/prefix-length} [level {1 |2}] tacacs source-interface type instance tacacs-server key key-name tacacs-server timeout seconds mpls mtu bytes timers bgp keepalive hold-time timers lsa arrival milliseconds timers pacing lsa-group seconds timers pacing lsa-group seconds timers pacing flood milliseconds timers pacing retransmission milliseconds timers throttle spf spf-start spf-hold spf-max-wait transport [udp | tcp] tunnel destination ip-address
snmp-server user username groupname [remote host [udp-portport]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} authpassword]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 | 256}}privpassword] {acl-number | acl-name}] snmp-server view view-name oidtree {included | excluded} stopbits {1 | 1.5 | 2} summary-address address mask {level-1 | level-12 | level-2} summary-prefix ipv6-prefix/prefix-length {level1 | level-1-2 | level-2} ip tacacs source-interface subinterface-name tacacs-server key {0 string | 7 string | string} tacacs-server timeout seconds tag-switching mtu bytes timers bgp keepalive holdtime timers lsa arrival milliseconds timers lsa-group-pacing seconds timers pacing lsa-group seconds timers pacing flood milliseconds timers pacing retransmission milliseconds timers throttle spf spf-start spf-hold spf-max-wait transport {tcp tls | udp} tunnel destination {host-name | ip-address | ipv6address} tunnel source {ip-address | ipv6-address | interfacetype interface-number} version {1 | 2}
version {1 | 2 | 3}
width characters
width characters
...
! router isis net 39.528f.1100.1000.4025.5062.00 is-type level-2-only domain-password $xxyy area-password $wwzz metric-style wide max-lsp-lifetime 65535 lsp-refresh-interval 65000 spf-interval 1 1 8 prc-interval 1 1 8 lsp-gen-interval 1 1 1 no hello padding log-adjacency-changes all redistribute connected passive-interface GigabitEthernet2/0 passive-interface GigabitEthernet2/1 passive-interface Loopback0 passive-interface Loopback1 passive-interface Loopback6 ! address-family ipv6 no adjacency-check exit-address-family router isis isp net 39.528f.1100.1000.4025.5062.00 is-type level-2-only lsp-password $xxyy level 2 lsp-password $wwzz level 1 max-lsp-lifetime 65535 lsp-refresh-interval 65000 lsp-gen-interval maximum-wait 1 initial-wait 1 secondary-wait 1 log adjacency changes ! address-family ipv4 unicast metric-style wide spf-interval maximum-wait 1 initial-wait 1 secondary-wait 8 prc-interval 1 redistribute connected ! address-family ipv6 unicast adjacency-check disable ! interface Loopback1 no hello-padding passive address-family ipv4 unicast ! ! interface POS0/3/0/1 no hello-padding address-family ipv4 unicast metric 503 level 2 ! address-family ipv6 unicast !
192.168.1.0 0.0.0.255 area 0 192.168.7.0 0.0.0.255 area 0 192.168.12.0 0.0.0.255 area 0 192.168.13.0 0.0.0.255 area 0 192.168.14.0 0.0.0.255 area 0 192.168.18.0 0.0.0.255 area 0 192.168.20.0 0.0.0.255 area 0
! interface Loopback0
ip address 192.168.1.5 255.255.255.255
! interface POS2/1
ip address 192.168.14.5 255.255.255.0 ip ospf cost 17
interface Loopback0 passive enable ! interface POS0/1/0/1 ! interface POS0/2/0/0 ! interface POS0/2/0/1 cost 17 ! interface POS0/2/0/2 ! ! mpls traffic-eng area 0
Configuracin bsica de BGP entre un router Cisco IOS y un router Cisco IOS XR