![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
目次
Cisco 892の初期設定手順。
アドレス付与、リモート接続、SNMP有効化あたりまでをカバーする予定。
初期接続にはコンソールケーブルが必須となる。
シリアル接続のパラメータはteratermの初期値で対応が可能。
初期起動時には以下の様な出力が行われる。
System Bootstrap, Version 12.4(22r)YB3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2009 by cisco Systems, Inc.
C890 platform with 524288 Kbytes of main memory
<中略>
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:
対話型インターフェイスにて初期設定を行う場合は[yes]、行わない場合は[no]を入力する。
[no]を選択した場合には以下の様な出力が行われる。
Press RETURN to get started! *Mar 1 00:00:05.539: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c890 Next reboot level = advipservices and License = advipservices *Mar 6 05:39:40.043: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory *Mar 6 05:39:40.127: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized *Mar 6 05:39:40.203: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled *Mar 6 05:39:54.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0, changed state to down *Mar 6 05:39:54.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to down *Mar 6 05:39:54.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changed state to down *Mar 6 05:39:54.811: %LINK-3-UPDOWN: Interface FastEthernet8, changed state to up *Mar 6 05:39:54.811: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up *Mar 6 05:39:55.739: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down *Mar 6 05:39:55.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet8, changed state to down *Mar 6 05:39:55.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down *Mar 6 05:39:56.811: %LINK-3-UPDOWN: Interface FastEthernet8, changed state to down *Mar 6 05:39:56.811: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down *Mar 6 05:42:24.819: %LINK-5-CHANGED: Interface BRI0, changed state to administratively down *Mar 6 05:42:26.767: %LINK-5-CHANGED: Interface FastEthernet8, changed state to administratively down *Mar 6 05:42:26.767: %LINK-5-CHANGED: Interface GigabitEthernet0, changed state to administratively down *Mar 6 05:42:34.207: %SYS-5-RESTART: System restarted -- Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.1(3)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Sun 27-Mar-11 12:57 by prod_rel_team *Mar 6 05:42:34.207: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start *Mar 6 05:42:34.231: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF *Mar 6 05:42:34.231: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF *Mar 6 05:42:36.891: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down *Mar 6 05:42:36.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down *Mar 6 05:42:36.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down *Mar 6 05:42:36.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down *Mar 6 05:42:36.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down *Mar 6 05:42:36.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5, changed state to down *Mar 6 05:42:36.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet6, changed state to down *Mar 6 05:42:36.963: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet7, changed state to down Router>
インターフェイスの状態を表示させる。
#show ip interface brief
Interface IP-Address OK? Method Status Protocol BRI0 unassigned YES unset administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down FastEthernet0 unassigned YES unset down down FastEthernet1 unassigned YES unset down down FastEthernet2 unassigned YES unset down down FastEthernet3 unassigned YES unset down down FastEthernet4 unassigned YES unset down down FastEthernet5 unassigned YES unset down down FastEthernet6 unassigned YES unset down down FastEthernet7 unassigned YES unset down down FastEthernet8 unassigned YES unset administratively down down GigabitEthernet0 unassigned YES unset administratively down down Vlan1 unassigned YES unset down down
以下の手順にてホスト名を設定する。
> en # conf t (config)# hostname [HOSTNAME] (config)# exit # writemem
WAN(GigabitEthernet0)に192.168.1.252/24を付与する手順。
> en # conf t (config)#interface gigabitEthernet 0 (config-if)#ip address 192.168.1.252 255.255.255.0 (config-if)#no shutdown (config)# exit # write mem
インターフェイスの状態を確認する。
#show ip interface brief
Interface IP-Address OK? Method Status Protocol BRI0 unassigned YES unset administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down FastEthernet0 unassigned YES unset down down FastEthernet1 unassigned YES unset down down FastEthernet2 unassigned YES unset down down FastEthernet3 unassigned YES unset down down FastEthernet4 unassigned YES unset down down FastEthernet5 unassigned YES unset down down FastEthernet6 unassigned YES unset down down FastEthernet7 unassigned YES unset down down FastEthernet8 unassigned YES unset administratively down down GigabitEthernet0 192.168.1.252 YES manual up up Vlan1 unassigned YES unset down down
FastEthernet0〜7に対して、172.16.0.252/16を付与する手順。
> en # conf t (config)#interface Vlan1 (config-if)#ip address 172.16.0.252 255.255.0.0 (config-if)#no shutdown
(config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet1 (config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet2 (config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet3 (config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet4 (config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet5 (config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet6 (config-if)#switchport access Vlan 1 (config-if)#interface FastEthernet7 (config-if)#switchport access Vlan 1 (config)# exit # write mem
#show ip interface brief Interface IP-Address OK? Method Status Protocol BRI0 unassigned YES unset administratively down down BRI0:1 unassigned YES unset administratively down down BRI0:2 unassigned YES unset administratively down down FastEthernet0 unassigned YES unset up up FastEthernet1 unassigned YES unset down down FastEthernet2 unassigned YES unset down down FastEthernet3 unassigned YES unset down down FastEthernet4 unassigned YES unset down down FastEthernet5 unassigned YES unset down down FastEthernet6 unassigned YES unset down down FastEthernet7 unassigned YES unset down down FastEthernet8 unassigned YES unset administratively down down GigabitEthernet0 192.168.1.252 YES NVRAM up up Vlan1 172.16.0.252 YES manual up up
ルーティングにゲートウェイを指定する。
> en # conf t (config)#ip route 0.0.0.0 0.0.0.0 [Gateway] (config)# exit # write mem
DNSサーバの指定。
> en # conf t (config)# ip name-server [DNS1] [DNS2] (config)# ip domain lookup source-interface [Interface] (config-line)#password cisco (config)# exit # write mem
enableモードに切り替える際のパスワードを設定する。(例では「cisoc」に設定)
> en # conf t (config)#enable password cisco (config)# exit # write mem
telnet接続を有効化とログインパスワードの設定。(例では「cisoc」に設定)
> en # conf t (config)#line vty 0 4 (config-line)#transport input telnet (config-line)#password cisco (config)# exit # write mem
(config)#ip domain-name [OMAIN NAME]
(config)#crypto key generate rsa The name for the keys will be: cisco982-01.asabiya.net Choose the size of the key modulus in the range of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 2048 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 7 seconds)
(config)#ip ssh version 2 (config)#line vty 0 4 (config-line)#transport input ssh (config-line)#exit
(config)#username admin password [PASSWORD]
外部のNTPサーバ(ntp.nict.jp)を設定。
> en # conf t (config)# ntp server ntp.nict.jp (config)# exit # write mem
> en # show ntp associations
address ref clock st when poll reach delay offset disp *~133.243.238.244 .NICT. 1 37 64 1 3.518 82.703 187.59 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
> en # conf t (config)# snmp-server community [community name] [ro|rw] (config)# exit # write mem
> en # conf t (config)# snmp-server host [IP] version 2c [community name] (config)# snmp-server enable traps (config)# exit # write mem
Syslogサーバへのログ送信設定。
> en # conf t (config)# logging [Syslog Server IP] (config)# logging source-interface [Interface] (config)# exit # write mem
LLDPを有効化する手順。~
> en # conf t (config)# lldp run (config)# exit # write mem
有効化後、1分程度待ってから隣接機器情報を参照する。
#show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID CORE-SW01 Gi0 120 B g13 Total entries displayed: 1
ファームウェアのイメージを入手する。
Cisco 892用のファームウェアは以下の様なファイル名となっている。
| c890-universalk9-mz.151-3.T1.bin |
| c890-universalk9-mz.124-22.YB4.bin |
| c890-universalk9-mz.150-1.M.bin |
| c890-universalk9-mz.150-1.M4.bin |
| c890-universalk9-mz.150-1.M5.bin |
| c890-universalk9-mz.150-1.M6.bin |
| c890-universalk9-mz.151-3.T.bin |
| c890-universalk9-mz.151-3.T1.bin |
| c890-universalk9-mz.151-4.M.bin |
| c890-universalk9-mz.151-4.M1.bin |
| c890-universalk9-mz.152-1.T.bin |
| c890-universalk9-mz.154-3.M3.bin |
| c890-universalk9-mz.154-3.M4.bin |
| c890-universalk9-mz.154-3.M6a.bin |
| c890-universalk9-mz.154-3.M7.bin |
| c890-universalk9-mz.154-3.M8.bin |
| c890-universalk9-mz.155-1.T.bin |
| c890-universalk9-mz.155-2.T1.bin |
| c890-universalk9-mz.155-3.M1.bin |
| c890-universalk9-mz.156-1.T.bin |
| c890-universalk9-mz.156-3.M.bin |
| c890-universalk9_npe-mz.151-3.T2.bin |
| c890-universalk9_npe-mz.151-4.M1.bin |
| c890-universalk9_npe-mz.152-1.T.bin |
tftpサーバを使用してファームウェアを転送する。
Windows用のtftpサーバとしては、以下の様な製品がある、
https://www.solarwinds.com/ja/free-tools/free-tftp-server
サービスを起動し、ルートディレクトリにファームウェアを配置する。
Cisco 892からは以下のコマンドにてtftpサーバから取得する。
> en #copy tftp: flash: Address or name of remote host []? 192.168.1.133 ← tftpサーバのアドレス Source filename []? c890-universalk9-mz.156-3.M.bin ← ダウンロードするファイルを指定 Destination filename [c890-universalk9-mz.156-3.M.bin]? ← メモリに保管する際の名称を指定 Accessing tftp://192.168.1.133/c890-universalk9-mz.156-3.M.bin...
%Warning: File not a valid executable for this system Abort Copy? [confirm] Loading c800-universalk9-mz.SPA.158-3.M3.bin from 192.168.1.133 (via GigabitEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 97182536 bytes]
#show flash: -#- --length-- -----date/time------ path 1 30094096 May 13 2016 04:43:40 +00:00 c890-universalk9-mz.151-3.T1.bin 2 58397940 Mar 6 2020 08:19:08 +00:00 c890-universalk9-mz.156-1.T.bin 164495360 bytes available (88502272 bytes used)
起動するイメージを指定する。
> en # conf t (config)# no boot system flash c890-universalk9-mz.151-3.T1.bin (config)# boot system flash c890-universalk9-mz.156-1.T.bin (config)# exit # write mem # reload
再起動後、バージョンを確認する。
#show version
Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.6(1)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 20-Nov-15 17:49 by prod_rel_team ROM: System Bootstrap, Version 12.4(22r)YB3, RELEASE SOFTWARE (fc1) <中略> License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *1 CISCO892-K9 FGLxxxxxxx License Information for 'c890' License Level: advipservices Type: Permanent Next reboot license Level: advipservices Configuration register is 0x2102
