http, https, ntp 서버
* 강사님 정리 노트 :
* 실습 파일 :
0322_test2.gns3
* 현재 진도
* Port number
console 접속
remote 접속 [ip통신]
평문 암호문
CLI telnet [tcp23] ssh [tcp22]
GUI http [tcp80] ssl [tcp443] *
* Review
R1
conf t
ho xx
int f 0/0
no shut
ip add 10.1.1.1 255.255.255.0
end
R2
conf t
ho aa
int f 0/0
no shut
ip add 10.1.1.2 255.255.255.0
exi
R3
conf t
ho song
int f 0/0
no shut
ip add 10.1.1.3 255.255.255.0
exi
int fa 0/1
no shut
ip add dhcp
end
R1/2/3/
show ip int brief
show cdp nei
인접핑
* Http
1) [R1]
http 접속
계정 생성
http 인증
configure terminal
ip http server
username admin privilege 15 password cisco
ip http authentication local
2) [VMware]
internet exploer> 10.1.1.11> admin/cisco
-------------------------------
// 1) [R1]
R1#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
// http 접속
R1(config)#ip http server
R1(config)#
// 계정 생성
R1(config)#username admin privilege 15 password cisco
R1(config)#
R1(config)#
R1(config)#ip http ?
access-class Restrict http server access by access-class
active-session-modules Set up active http server session modules
authentication Set http server authentication method
client Set http client parameters
help-path HTML help root URL
max-connections Set maximum number of concurrent http server
connections
path Set base path for HTML
port Set http port
secure-active-session-modules Set up active http secure server session
modules
secure-ciphersuite Set http secure server ciphersuite
secure-client-auth Set http secure server with client
authentication
secure-port Set http secure server port number for
listening
secure-server Enable HTTP secure server
secure-trustpoint Set http secure server certificate trustpoint
server Enable http server
session-module-list Set up a http(s) server session module list
timeout-policy Set http server time-out policy parameters
// http 인증
R1(config)#ip http authentication ?
aaa Use AAA access control methods
enable Use enable passwords
local Use local username and passwords
R1(config)#ip http authentication local
// 2) [VMware]
// internet exploer> 10.1.1.11> admin/cisco
* Https (보안 웹)
1) [VMware]
C:\Documents and Settings\Administrator\바탕 화면\다운받기\SDM-V25
=> setup.exe 설치
2-1) 폴더옵션> 보기> 알려진 파일 형식의 파일 확장명 숨기기 해제,
> 숨김 파일 및 폴더 표시 체크
2) C:\Program Files\Cisco Systems\Cisco SDM\common\common
=> runAPP.shtml => runAPP.html //확장자에서 s 지우기!
=> launchTask.html 파일 들어가서 shtml> html로 바꾸기!
3) R2 작업
conf t
no ip http server
ip http secure-server
username admin privilege 15 password cisco
ip http authentication local
4)[VMware] Cisco SDM 실행
> 차단된 콘텐츠 허용
> admin/cisco
5) R2 작업
6) [VMwre] https 그래픽 접속 설치 방법
Cisco SDM> Configure 에서 진행
-------------------------------
// 1) [VMware]
C:\Documents and Settings\Administrator\바탕 화면\다운받기\SDM-V25
=> setup.exe 설치
// 2) C:\Program Files\Cisco Systems\Cisco SDM\common\common
// => runAPP.shtml => runAPP.html //확장자에서 s 지우기!
// => launchTask.html 파일 들어가서 shtml> html로 바꾸기!
// 3) R2 작업
R2#conf tEnter configuration commands, one per line. End with CNTL/Z.
R2(config)#no ip http server
R2(config)#ip http secure-server
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R2(config)#
*Mar 1 01:06:27.423: %SSH-5-ENABLED: SSH 1.99 has been enabled
R2(config)#
*Mar 1 01:06:27.503: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate
R2(config)#
R2(config)#ip http authentication local
R2(config)#
R2(config)#end
R2#
*Mar 1 01:06:37.987: %SYS-5-CONFIG_I: Configured from console by console
// 4)[VMware] Cisco SDM 실행
// > 차단된 콘텐츠 허용
// > admin/cisco
// 5) R2 작업
R2#wr
Building configuration...
[OK]
R2#
R2#dir nvram:
Directory of nvram:/
249 -rw- 1264 <no date> startup-config
250 ---- 1939 <no date> private-config
1 ---- 15 <no date> persistent-data
2 -rw- 574 <no date> IOS-Self-Sig#1.cer
3 -rw- 0 <no date> ifIndex-table
260088 bytes total (253761 bytes free)
R2#
R2#more nvram:IOS-Self-Sig#1.cer
0^B^B:0^B^A# ^C^B^A^B^B^A^A0
^F *^FH^Fw
^A^A^D^E^@011/0-^F^CU^D^C^S&IOS-Self-Signed-Certificate-42792565170^^^W
020301010627Z^W
200101000000Z011/0-^F^CU^D^C^S&IOS-Self-Signed-Certificate-42792565170^A^_0
^F *^FH^Fw
^A^A^A^E^@^C^A
^@0^A ^B^A^A^@0U^N}^K^VN^_^UGwR^[o'mE^E^[^Ur4XG61;^YA^O0IZxNeLj
^P ]%\y^AT!|^[^EPn
^C^]xl#*9<jbNbLX^N4=^B^_^_-ik%}^^K^_^@^QD^}IM^Z>DZ;2^Tw^!5P^Od2%%5C1^AGa)KK}|^^y?I( ^B^C^A^@^A#b0`0^O^F^CU^]^S^A^A^D^E0^C^A^A0
^F^CU^]^Q^D^F0^D^B^BR20^_^F^CU^]#^D^X0^V^@^T>f:^L3yk?^X|es-/,;6^^T0^]^F^CU^]^N^D^V^D^T>f:^L3yk?^X|es-/,;6^^T0
^F *^FH^Fw
^A^A^D^E^@^C^A^A^@P%!e0^QxGz| .^X^C
7w^FS^KMW#?^Xp8^^^.-uhm`ZBU
P^T$dce]UAH8^PhRIil\ajK(^Cy5^O^NqEg^A^^}^@:=jv=^U
^Qmj}^_/ZO^_^YvVUQ]W$^B I^DPzbU@:^\^S}^Pn^\Xj>;n?+Tt+w
R2#
// 6) [VMwre] https 그래픽 접속 설치 방법
// Cisco SDM> Configure 에서 진행
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.22 YES NVRAM up up
FastEthernet0/1 7.7.7.7 YES TFTP up up
* ntp 서버
1) R3 작업
R3
conf t
int fa 0/1
no shut
ip add dhcp
end
show ip int b
2) ntp 서버로 지정된 R3 에서 R1, R2 시간 받아오기
Rx
conf t
ntp server time.nist.gov
end
show run | in ntp
conf t
no ntp server
// 3) pc 시간도 셋팅 해주기!
=> [VMware]> 작업표시줄 시계 클릭> 인터넷 시간에서 서버: R3로 셋팅!
원자시계 → NTP 서버 → NTP client
NTP : UDP 123 /
------------------------------------------
// 1) R3 작업
R3#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)#interface fastEthernet 0/1
R3(config-if)#no shut
R3(config-if)#
R3(config-if)#ip address dhcp
R3(config-if)#
R3(config-if)#end
R3#
R3#
Mar 26 01:54:51.520: %SYS-5-CONFIG_I: Configured from console by console
R3#
Mar 26 01:54:54.532: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1 assigned DHCP address 192.168.0.242, mask 255.255.255.0, hostname R3
R3#
R3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.33 YES NVRAM up up
FastEthernet0/1 192.168.0.242 YES DHCP up up
R3#
R3#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3#
R3#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)
1 192.168.0.1 8 msec 8 msec 12 msec
2 * * *
3 * * *
4 112.190.32.9 4 msec
112.190.32.5 12 msec
112.190.32.9 12 msec
5 112.174.104.189 16 msec 16 msec 8 msec
6 112.174.7.34 8 msec 8 msec 8 msec
7 72.14.194.194 40 msec 40 msec 40 msec
8 * * *
9 209.85.243.241 40 msec
108.170.238.73 48 msec
209.85.143.75 32 msec
10 google-public-dns-a.google.com (8.8.8.8) 40 msec 40 msec 44 msec
R3#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)#ip domain lookup
R3(config)#
R3(config)#end
R3#
R3#show dhcp server
DHCP server: ANY (255.255.255.255)
Leases: 4
Offers: 2 Requests: 2 Acks : 2 Naks: 0
Declines: 0 Releases: 3 Query: 0 Bad: 0
DNS0: 168.126.63.1, DNS1: 168.126.63.2
Subnet: 255.255.255.0
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)#ntp server 3.asia.pool.ntp.org
Translating "3.asia.pool.ntp.org"...domain server (168.126.63.1) [OK]
R3(config)#
R3(config)#end
R3#show running-config
Building configuration...
Current configuration : 1539 bytes
!
! Last configuration change at 11:01:11 kor Mon Mar 26 2018
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
clock timezone kor 9
no ip icmp rate-limit unreachable
!
!
ip cef
ip domain name junga.com
R3#
R3#show run | in ntp
ntp clock-period 17179843
ntp server 82.200.209.194
ntp server 94.237.64.20
R3#
// R3(config)#clock timezone kor +9
R3#show clock
11:01:38.416 kor Mon Mar 26 2018
// 2) ntp 서버로 지정된 R3 에서 R1, R2 시간 받아오기
[R1]
R1(config)#ntp server 10.1.1.33
R1(config)#
R1(config)#end
R1#show clock
02:15:43.043 UTC Mon Mar 26 2018
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#clock timezone kor +9
R1(config)#
R1(config)#
Mar 26 02:20:36.419: %SYS-6-CLOCKUPDATE: System clock has been updated from 02:29:36 kor Mon Mar 26 2018 to 11:20:36 kor Mon Mar 26 2018, configured from console by console.
R1(config)#end
R1#
R1#
Mar 26 02:20:39.735: %SYS-5-CONFIG_I: Configured from console by console
R1#show clock
11:20:44.683 kor Mon Mar 26 2018
R1#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config)#no ntp server
[R2]
R2(config)#ntp server 10.1.1.33
R2(config)#end
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#
R2(config)#clock timezone kor +9
R2(config)#
Mar 26 02:20:54.886: %SYS-6-CLOCKUPDATE: System clock has been updated from 02:29:54 kor Mon Mar 26 2018 to 11:20:54 kor Mon Mar 26 2018, configured from console by console.
R2(config)#end
R2#
R2#show clock
11:20:59.886 kor Mon Mar 26 2018
R2#
R2#
R2#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#no ntp server
% Incomplete command.
// 3) pc 시간도 셋팅 해주기!
=> [VMware]> 작업표시줄 시계 클릭> 인터넷 시간에서 서버: R3로 셋팅!
* syslog
log 전송해주는 protocol = syslog [UDP 514]
log 등급 [0-7] / 0-4 심각 / 5-7 일반
[gns3]
1) R1 : syslog
2) host pc => server로 변경
오.버> change symbol > server로 변경
[VMware]
3) C:\Documents and Settings\Administrator\바탕 화면\다운받기
=> Kiwi_Syslog_Server_8.3.52.exe 설치 // 얘는 허접한 pg ㅋㅋ. solarwins 추천!!!
4) 윈도우 방화벽: 사용안함 설정
[gns3]
5) R1 설정
------------------------------------------
// [gns3]
// 1) R1 : syslog
// 2) host pc => server로 변경
// 오.버> change symbol > server로 변경
// [VMware]
// 3) C:\Documents and Settings\Administrator\바탕 화면\다운받기
// => Kiwi_Syslog_Server_8.3.52.exe 설치 // 얘는 허접한 pg ㅋㅋ. solarwins 추천!!!
// 4)[제어판] 윈도우 방화벽: 사용안함 설정
// [gns3]
// 5) R1 설정
R1#
R1#conf t
R1(config)#
R1(config)#
R1(config)#syslo?
% Unrecognized command
R1(config)#
R1(config)#ud?
% Unrecognized command
R1(config)#
R1(config)#logg?
logging
R1(config)#logging on
R1(config)#
R1(config)#logging ?
Hostname or A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurrence
discriminator Create or modify a message discriminator
dmvpn DMVPN Configuration
esm Set ESM filter restrictions
exception Limit size of exception flush output
facility Facility parameter for syslog messages
filter Specify logging filter
history Configure syslog history table
host Set syslog server IP address and parameters
message-counter Configure log message to include certain counter value
monitor Set terminal line (monitor) logging parameters
on Enable logging to all enabled destinations
origin-id Add origin ID to syslog messages
persistent Set persistent logging parameters
queue-limit Set logger message queue size
rate-limit Set messages per second limit
reload Set reload logging level
server-arp Enable sending ARP requests for syslog servers when
first configured
source-interface Specify interface for source address in logging
transactions
trap Set syslog server logging level
userinfo Enable logging of user info on privileged mode enabling
R1(config)#logging trap ?
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
<cr>
R1(config)#logging trap 7
R1(config)#
R1(config)#logging host 10.1.1.100
R1(config)#
R1(config)#no logging cons
R1(config)#no logging console ***** // log를 서버에 뿌려주세용~
R1(config)#
[R2]
R2#ping 10.1.1.11 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 10.1.1.11, timeout is 2 seconds:
...!!!.!.!
Success rate is 50 percent (5/10), round-trip min/avg/max = 108/113/128 ms
