Router fault maintenance is very important for router users and can avoid many routing problems. The connection between the campus and the Internet enables teachers and students to obtain a large amount of information resources, broaden their horizons and knowledge. Therefore, the establishment of the campus network has become the only way to promote the modernization of school education. As a router of the internal network and Internet connection hub of the campus network, it plays an important role in it. Therefore, the management of routers and the maintenance of router faults are essential for every campus network administrator.
Considering the versatility of primary and secondary school campuses, we mainly introduce the router fault maintenance content of Cisco2612, which is common in campus networks. Of course, the content of this article can also be applied to routers such as Cisco7600 with higher performance. The modular architecture of Cisco2612 provides the versatility needed to adapt to the changing network technology. It is equipped with a powerful RISC processor to support the Advanced Quality of Service (QoS) required for today's evolving networks), security and network integration features. By integrating the functions of multiple independent devices into one unit, Cisco2612 also reduces the complexity of managing remote networks, it provides cost-effective solutions for Internet, Intranet access on campus, multi-service Voice/Data Integration, analog and digital dial-up access services, VPN access, centralized ATM access, VLAN, route bandwidth management, and other applications. solution.
Preparations before connection
Many primary and secondary school campus networks use the ADSL or HDSL connection method. First, check the Modem status. If the Modem DCD is not bright, the line connection is faulty. Check the access line connection first, then check the router's cable connection, connect the control terminal to the vro, and press enter to display the vro name.
Connect a terminal or a PC node running simulation software to the CONSOLE port. Terminal or PC configuration information: 9600baud8databitsnoparity2stopbits (9600,8/N/2), meaning: baud rate 9600, data bit 8, stop bit 1, no parity check. The administrator can also remotely set through Telnetaddress at the remote end. However, if the router is configured for the first time, the previous configuration method must be used.
Ethernet port Fault Identification
We use the showinterfaceethernet0 (Port 0) command to determine the Ethernet port failure, which is used to check the status of a link. In addition, when we suspect that the port has a physical fault, the shownversion can be used to display ports with rational and normal output, but ports with physical faults will not be displayed.
Serial Port Fault Identification
We can use the showinterfaceserial0 (Serial Port 0) command to determine the serial port failure and check the link status. As shown in the following figure: router # showintserial0. In addition, when we suspect that the port has a thing-wise fault, shownversion is available, which will display the rational and normal port, the physical failure ports will not be displayed.
Router fault Maintenance
Attacks initiated by exploiting vro vulnerabilities often occur. Router attacks waste CPU cycles, mislead information traffic, and cause network exceptions or even paralysis. Therefore, appropriate security measures must be taken to protect the security of the router.
(1) prevent password Leakage
According to CERT/CC (Computer Emergency Response Team/Control Center) of Carnegie Mellon University, 80% of Security breakthroughs were caused by weak passwords. Hackers often use weak passwords or default passwords for attacks. This vulnerability can be prevented by using a password extension and a password validity period of 30 to 60 days.
(2) Disable IP Direct Broadcast
Smurf attacks are DoS attacks. In this attack, attackers use fake source addresses to send an "ICMPecho" request to your broadcast address. This requires all hosts to respond to this broadcast request. This will reduce network performance. Use noipsource-route to disable the IP address direct broadcast address.
(3) disable unnecessary services
To emphasize the security of the vro, You have to disable unnecessary local services, such as SNMP and DHCP, which are rarely used by users and can be used only when necessary. In addition, if possible, disable the HTTP settings of the vro because the identity authentication protocol used by HTTP is equivalent to sending an unencrypted password to the entire network. However, there is no valid rule in the HTTP protocol for password verification or one-time password verification.