You are currently browsing the archives for the cisco category
操作步骤:
Router(config)#ip dns server (1)
Router(config)#ip domain-lookup (2)
Router(config)#ip name-server 202.96.64.68 (3)
Router(config)#ip host www.51jifen.com 10.1.1.1 (4)
内部网络主机的DNS配置成10.1.1.254
命令解释:
(1):启用路由器DNS服务功能
(2):启用DNS的外部查询功能,一般来说,该功能路由器缺省启用
(3):指定所查找的上级DNS服务器地址(根据本地情况确定)
(4):手工配置DNS本地条目
CCNP Switch (642-813)学习指南 ,关于DHCP操作过程的描述
中文译本第188页提到:
①Client —–DHCP Discovery(广播)—–> Server
②Client<—-DHCP Offer(单播)———— Server
③Client——DHCP Request(广播)——–>Server
④Client<—-DHCP ACK(单播)————- Server
中文译本第318页提到 DHCP使用下列4个消息来向客户端提供IP地址
我对比了一下中文版与英文原版,发现英文原版也是同样的描述。以上两处对应英文原版PDF文档的第147页及245页。
由此,我用wireshark做了一个抓包测试,结果又有了新的发现,如下图:
DHCP的四个过程都是以广播的形式进行的,不过这里的网络设备不是CISCO的。。。不同厂家在对待DHCP的实现上,看来有些差异。
1、升级ASA5510的IOS,若升级出错,config-register可能会变为0×41,正常的模式是0×1。0×41模式下,设备启动时,会忽略NVRAM中存放的配置文件,若出现了这种情况,可用config-register 0×1命令恢复正常。
2、擦除disk0,会把Activation Key擦除:我的设备是5510 security plus,在擦除disk0后,Activation Key为全0. 设备显示:This platform has a Base license。若提前记住了Activation Key,用activation-key命令导入,可恢复正常。
3、ASA832-k8.bin的命令,和以前的版本存在许多的不同,配置式显得更有层次了,但至今还没找到如何打开防火墙的特定端口并映射到内网服务器的方法。8.2版本中的ACL方法似乎不起作用了。
For English users about how to use GNS3 to run ASA, please visit http://www.gns3.net/phpBB/topic1369-30.html, and read the post that posted by me (ID: jresins).
详见:http://bbs.56cto.com/thread-41418-1-1.html
或 http://www.netemu.cn/bbs/thread-12203-1-1.html
或 http://www.51chongdian.net/bbs/thread-21730-1-1.html
以上各连接内容一样。 Continue reading →
1、模拟的方法
模拟的方法很简单,从网上下载pix的IOS(是.bin格式的文件),然后在GNS3的“编辑”–>“首选项”–>”Qemu”–>”PIX”,在binary image中设置相应IOS文件即可。
2. PIX的激活
要完全使用PIX的功能,需要激活PIX,激活方法如下(引用自网络):
pixfirewall> en
Password:
pixfirewall# sh versionCisco PIX Security Appliance Software Version 7.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is “Unknown, monitor mode tftp booted image”
Config file at boot was “startup-config”pixfirewall up 3 mins 23 secs
Hardware: PIX-525, 256 MB RAM, CPU Pentium II 1 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB0: Ext: Ethernet0 : address is 0000.abcd.ef00, irq 9
1: Ext: Ethernet1 : address is 0000.abcd.ef01, irq 11
2: Ext: Ethernet2 : address is 0000.abcd.ef02, irq 11
3: Ext: Ethernet3 : address is 0000.abcd.ef03, irq 11
4: Ext: Ethernet4 : address is 0000.abcd.ef04, irq 11
The Running Activation Key is not valid, using default settings:Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Disabled //Failover不可用
VPN-DES : Disabled
VPN-3DES-AES : Disabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : UnlimitedThis platform has a Restricted (R) license.
Serial Number: 808102688 //序列号
Running Activation Key: 0×00000000 0×00000000 0×00000000 0×00000000 0×00000000 //激活码
Configuration has not been modified since last system restart.
pixfirewall# activation-key 0xd2390d2c 0x9fc4b36d 0x98442d99 0xeef7d8b1 //输入激活码
The following features available in flash activation key are NOT
available in new activation key:
Failover is different.
flash activation key: Restricted(R)
new activation key: Unrestricted(UR)
Proceed with update flash activation key? [confirm]
The following features available in running activation key are NOT
available in new activation key:
Failover is different.
running activation key: Restricted(R)
new activation key: Unrestricted(UR)
WARNING: The running activation key was not updated with the requested key.
The flash activation key was updated with the requested key, and will
become active after the next reload.
pixfirewall# write //保存配置
Building configuration…
Cryptochecksum: 70b1d47e d807251d 47f50cb7 f851d3901226 bytes copied in 0.800 secs
[OK]然后在GNS3中直接停掉PIX,重新启动即可,不能reload。
下面是重启后的
pixfirewall> en
Password:
pixfirewall# sh versionCisco PIX Security Appliance Software Version 7.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is “Unknown, monitor mode tftp booted image”
Config file at boot was “startup-config”pixfirewall up 17 secs
Hardware: PIX-525, 256 MB RAM, CPU Pentium II 1 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB0: Ext: Ethernet0 : address is 0000.abcd.ef00, irq 9
1: Ext: Ethernet1 : address is 0000.abcd.ef01, irq 11
2: Ext: Ethernet2 : address is 0000.abcd.ef02, irq 11
3: Ext: Ethernet3 : address is 0000.abcd.ef03, irq 11
4: Ext: Ethernet4 : address is 0000.abcd.ef04, irq 11Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : UnlimitedThis platform has an Unrestricted (UR) license.
Serial Number: 808102688
Running Activation Key: 0xd2390d2c 0x9fc4b36d 0x98442d99 0xeef7d8b1
Configuration has not been modified since last system restart.附上我找到的PIX序列号&激活码
Serial Number: 302aab20
Running Activation Key: 0xd2390d2c 0x9fc4b36d 0x98442d99 0xeef7d8b1Serial Number: 807211225
Running Activation Key: 0x5236f5a7 0x97def6da 0x732a91f5 0xf5deef57Serial Number: 808181272
Running Activation Key: 0x052a1524 0x3712a12b 0xb636cc54 0xa178eeac
3、修改PIX Serial Number,套用已有激活码激活PIX
通常无法获得与上文中相同的Serial Number,那么也就没办法使用对应的激活码了。但是,我们可以通过修改GNS3中的PIX参数来修改PIX的Serial Number,这样,我们就可以使用已有的激活码了。
具体操作:
方法一:
“编辑”–>“首选项”–>”Qemu”–>”PIX”–>”PIX Specific Settings”—>”Serial”
方法二:
进入设置的Qemu的工作目录,找到FW1目录,修改该目录下的pemu.ini文件中相应的内容
注:只有在GNS中创建了PIX防火墙,才会有FW1目录产生。以此类推,若创建了多个PIX,则就会产生FW2,FW3…等多个目录。
至此,大功告成。
附:通过google查找PIX IOS及激活码
Google Searches:
Google Search for IOS Images
Google Search for Pix Images
Google Search for Pix Serial Numbers and Authorization Keys