# Packet Tracer – 使用 CDP 映射网络
## 地址分配表
| 设备 | 接口 | IP 地址 | 子网掩码 | 本地接口和互联邻居 |
| Edge1 | G0/0 | 192.168.1.1 | 255.255.255.0 | G0/1 - S1 |
| S0/0/0 | S0/0/0 - ISP | |||
| Branch-Edge | S0/0/1 | 209.165.200.10 | 255.255.255.252 | S0/0/1 – ISP |
| Branch-Edge | G0/0 | 192.168.3.249 | 255.255.255.248 | G0/0 – Branch-Firewall |
| Branch-Firewall | G0/0 | 192.168.3.253 | 255.255.255.248 | G0/0 – Branch-Edge |
| Branch-Firewall | G0/1 | 192.168.4.129 | 255.255.255.128 | G0/1 – sw-br-floor2 |
| sw-br-floor1 | G0/1 | G0/1 – sw-br-floor3 | ||
| sw-br-floor1 | G0/2 | G0/2 – sw-br-floor2 | ||
| sw-br-floor2 | G0/1 | G0/1 – Branch-Firewall | ||
| sw-br-floor2 | G0/2 | G0/2 – sw-br-floor1 | ||
| sw-br-floor2 | F0/24 | F0/24 – sw-br-floor3 | ||
| sw-br-floor2 | SVI | 192.168.4.132 | 255.255.255.128 | |
| sw-br-floor3 | F0/24 | F0/24 – sw-br-floor2 | ||
| sw-br-floor3 | G0/1 | G0/1 – sw-br-floor1 | ||
| sw-br-floor3 | SVI | 192.168.4.133 | 255.255.255.128 |
## 目标
使用 CDP 和 SSH 远程访问映射网络。
## #拓扑图
# 背景/场景
高级网络管理员要求您映射远程分支机构网络并查找最近安装的,仍需配置 IP 地址的交换机的名称。 您的任务是创建分支机构网络的映射。 您必须记录所有的网络设备名称、IP 地址和子网掩码、与网络设备互联的物理接口以及不具有 IP 地址的交换机名称。
要映射网络,您将使用 SSH 进行远程访问,并使用思科发现协议 (CDP) 发现有关相邻网络设备的信息(如路由器和交换机)。 由于 CDP 为第 2 层协议,因此可用于发现关于不具有 IP 地址的设备的信息。 您应记录收集的信息以完成地址分配表,并提供远程分支机构网络的拓扑图。
您将需要远程分支机构的 IP 地址 (209.165.200.10)。 本地和远程管理用户名和密码是:
## 本地网络
用户名:admin01
密码:S3cre7P@55
## 分支机构网络
用户名:branchadmin
密码:S3cre7P@55
### 第 1 部分: 使用 SSH 远程访问网络设备
在第 1 部分中,您将使用 Admin-PC 远程访问 Edge1 网关路由器。 接着,从 Edge1 路由器,您将使用 SSH 登录远程分支机构。
a. 在 Admin-PC 上,打开命令提示符。
b. 使用用户名 admin01 和密码 S3cre7P@55 通过 SSH 连接到地址为 192.168.1.1 的网关路由器。
PC> ssh –l admin01 192.168.1.1
Open
密码:
Edge1#
注:请注意您会直接进入特权 EXEC 模式。 这是因为 admin01 用户帐户设置为权限级别 15。
c. 使用 show ip interface brief 和 show interfaces 命令在地址分配表中记录 Edge1 路由器的物理接口、IP 地址和子网掩码。
Edge1# show ip interface brief
Edge1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.1.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 209.165.200.5 YES manual up up
Serial0/0/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
Edge1#
Edge1#show interfaces
GigabitEthernet0/0 is up, line protocol is up (connected)
Hardware is CN Gigabit Ethernet, address is 00e0.a3dd.7001 (bia 00e0.a3dd.7001)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :6/40 (size/max)
5 minute input rate 8 bits/sec, 0 packets/sec
5 minute output rate 6 bits/sec, 0 packets/sec
30 packets input, 1215 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
14 packets output, 576 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is administratively down, line protocol is down (disabled)
Hardware is CN Gigabit Ethernet, address is 00e0.a3dd.7002 (bia 00e0.a3dd.7002)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0/0/0 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 209.165.200.5/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Serial0/0/1 is administratively down, line protocol is down (disabled)
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=down DTR=down RTS=down CTS=down
Vlan1 is administratively down, line protocol is down
Hardware is CPU Interface, address is 0060.70bd.dd13 (bia 0060.70bd.dd13)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 21:40:21, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1682 packets input, 530955 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
563859 packets output, 0 bytes, 0 underruns
0 output errors, 23 interface resets
0 output buffer failures, 0 output buffers swapped out
Edge1#
d. 使用 Edge1 路由器的 CLI,您将使用用户名 branchadmin 和同一密码通过 SSH 连接到地址为 209.165.200.10 的远程分支机构:
Edge1# ssh –l branchadmin 209.165.200.10
Open
密码:
Branch-Edge#
连接到地址为 209.165.200.10 的远程分支机构后,即可将以前缺失的哪些信息添加到上述地址分配表中?
分支边缘路由器主机名
第 2 部分: 使用 CDP 发现相邻设备
现在您已远程连接到 Branch-Edge 路由器。 使用 CDP,开始寻找互联的网络设备。
a. 发出 show ip interface brief 和 show interfaces 命令,以记录分支边界路由器的网络接口、IP 地址和子网掩码。 将缺失的信息添加到地址分配表中以映射网络:
Branch-Edge# show ip interface brief
Branch-Edge#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.3.249 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
Serial0/0/0 unassigned YES unset administratively down down
Serial0/0/1 209.165.200.10 YES manual up up
Vlan1 unassigned YES unset administratively down down
Branch-Edge#
Branch-Edge# show interfaces
Branch-Edge#show interfaces
GigabitEthernet0/0 is up, line protocol is up (connected)
Hardware is CN Gigabit Ethernet, address is 0001.9660.0053 (bia 0001.9660.0053)
Internet address is 192.168.3.249/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is administratively down, line protocol is down (disabled)
Hardware is CN Gigabit Ethernet, address is 0001.9727.a463 (bia 0001.9727.a463)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 1017 multicast, 0 pause input
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Serial0/0/0 is administratively down, line protocol is down (disabled)
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=down DTR=down RTS=down CTS=down
Serial0/0/1 is up, line protocol is up (connected)
Hardware is HD64570
Internet address is 209.165.200.10/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 6/1000/64/0 (size/max total/threshold/drops)
Conversations 1/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 16 bits/sec, 0 packets/sec
5 minute output rate 10 bits/sec, 0 packets/sec
74 packets input, 3017 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
24 packets output, 981 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Vlan1 is administratively down, line protocol is down
Hardware is CPU Interface, address is 0001.4360.6197 (bia 0001.4360.6197)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 21:40:21, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1682 packets input, 530955 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
563859 packets output, 0 bytes, 0 underruns
0 output errors, 23 interface resets
0 output buffer failures, 0 output buffers swapped out
Branch-Edge#
b. 安全最佳实践建议仅在需要时运行 CDP,因此可能需要打开 CDP。 使用 show cdp 命令测试其状态。
Branch-Edge# show cdp
% CDP is not enabled
c. 您需要打开 CDP,但最好仅向内部网络设备而不向外部网络广播 CDP 信息。 为此,请在 s0/0/1 接口上禁用 CDP,然后打开 CDP 协议。
Branch-Edge# configure terminal
Branch-Edge(config)# interface s0/0/1
Branch-Edge(config-if)# no cdp enable
Branch-Edge(config-if)# exit
Branch-Edge(config)# cdp run
d. 发出 show cdp neighbors 命令以查找任何相邻的网络设备。
注:CDP 将仅显示还运行 CDP 的互联思科设备。
Branch-Edge# show cdp neighbors
Branch-Edge# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Branch-Firewall
Gig 0/0 137 R C1900 Gig 0/0
Branch-Edge#
是否存在邻近网络设备? 它是哪种类型的设备? 它的名称是什么? 它连接的接口是什么? 该设备的 IP 地址是否列出? 将信息记录在地址分配表中。
它是一个路由器。它的名称是分支防火墙,并在接口 G0/0 上连接。未列出设备的 IP 地址。
e. 要查找相邻设备的 IP 地址,使用 show cdp neighbors detail 命令,并记录 IP 地址:
Branch-Edge# show cdp neighbors detail
Branch-Edge# show cdp neighbors detail
Device ID: Branch-Firewall
Entry address(es):
IP address : 192.168.3.253
Platform: cisco C1900, Capabilities: Router
Interface: GigabitEthernet0/0, Port ID (outgoing port): GigabitEthernet0/0
Holdtime: 161
Version :
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thurs 5-Jan-12 15:41 by pt_team
advertisement version: 2
Duplex: full
Branch-Edge#
除了邻近设备的 IP 地址,还列出了其他哪些可能敏感的信息?
相邻设备的 IOS 软件版本。
f. 现在您知道了邻居设备的 IP 地址,您需要通过 SSH 与其相连,以发现其他可能的相邻设备。
注:要使用 SSH 连接,请使用相同的远程分支机构用户名和密码。
Branch-Edge# ssh –l branchadmin <the ip address of the neighbor device>
Branch-Edge#ssh -l branchadmin 192.168.3.253
Password:
Branch-Firewall#
使用 SSH 连接成功后,命令提示符会显示什么信息?
Branch-FireWall#
g. 您已远程连接到下一个邻居。 使用 show cdp neighbors 命令和 show cdp neighbors detail 命令,发现其他互联的邻近设备
Branch-Firewall#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
sw-br-floor2
Gig 0/1 160 S 2960 Gig 0/1
Branch-Edge Gig 0/0 172 R C1900 Gig 0/0
Branch-Firewall#
Branch-Firewall#show cdp neighbors detail
Device ID: sw-br-floor2
Entry address(es):
IP address : 192.168.4.132
Platform: cisco 2960, Capabilities: Switch
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0/1
Holdtime: 128
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 22:05 by pt_team
advertisement version: 2
Duplex: full
---------------------------
Device ID: Branch-Edge
Entry address(es):
IP address : 192.168.3.249
Platform: cisco C1900, Capabilities: Router
Interface: GigabitEthernet0/0, Port ID (outgoing port): GigabitEthernet0/0
Holdtime: 139
Version :
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thurs 5-Jan-12 15:41 by pt_team
advertisement version: 2
Duplex: full
Branch-Firewall#
哪些类型的设备邻近该设备? 将任何最新发现的设备记录在地址分配表中。 包括其用户名、接口和 IP 地址。
路由器(Branch-Edge)和交换机(sw-br-floor2)。sw-br-floor2 交换机是新发现的设备,位于 G192/168 接口上的 192.168.4.132。
h. 继续使用 SSH 和 show CDP 命令发现新的网络设备。 最后,您将到达网络终端,并且将不会发现更多的设备。
网络中不具有 IP 地址的交换机的名称是什么?
sw-br-floor1
i. 借助您使用 CDP 收集的信息绘制远程分支机构网络的拓扑。
【实验链接】
链接:https://pan.baidu.com/s/13AU6e5nCI39Ot-U0ZW2Q2w?pwd=1011
提取码:1011
--来自百度网盘超级会员V3的分享
