Configuring a Router
From Mycomputer Notes
(→Finishing the Configuration) |
(→Finishing the Configuration) |
||
| Line 112: | Line 112: | ||
is solely as a comment about the interface, the description does not affect the operation of | is solely as a comment about the interface, the description does not affect the operation of | ||
the router. | the router. | ||
| + | </UL> | ||
Line 1 Router(Config)# interface ethernet 0 <BR> | Line 1 Router(Config)# interface ethernet 0 <BR> | ||
Line 2 Router(Config)# description Engineering LAN Bldg 18 | Line 2 Router(Config)# description Engineering LAN Bldg 18 | ||
| - | + | *Configure login banners. A login banner should warn users not to attempt login unless they are authorized. A message such as “This is a secure system, authorized access only!” informs unwanted visitors that any further intrusion is illegal. | |
*Performing host name resolution | *Performing host name resolution | ||
*Performing configuration backup and documentation. | *Performing configuration backup and documentation. | ||
| - | |||
| - | Configuring a message of the day (MOTD) banner | + | |
| + | *Configuring a message of the day (MOTD) banner | ||
Follow these steps to create and display a message-of-the-day: | Follow these steps to create and display a message-of-the-day: | ||
Revision as of 01:22, 28 April 2006
All CLI configuration changes to a Cisco router are made from global configuration mode, which is sometimes called global config. Global config is the primary configuration mode.
Contents |
Configuring a Router
A router should be given a unique name as one of the first configuration tasks In order to accomplished this go to the global configuration mode with the following command:
Router(config)#hostname Tokyo Tokyo(config)#
Configuring router passwords
As a best practive restrict access to routers with a password. Passwords should always be configured for virtual terminal (vty) lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.
Console Password
Router(Config)# line console 0 Router(Config)# password cisco Router(Config)# login
Virtual Terminal Password
Router(Config)# line vty 0 4 (when configuring telenet sessions) Router(Config)# password cisco Router(Config)# login
Enable Password
Router(Config)# enable password SanFranciso Router(Config)# service password-encryption (to encrypt non encrypted passwords)
The enable password used to restrict access to the privileged EXEC mode IF the enable secret has not been set.
Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands and a a best practice we should used the "service password-encryption" command
Password encryption
Router(Config)# enable secret <password> (encrypted password)
The enable secret commands is used to restrict access to the privileged EXEC mode The enable secret command should be used because the enable secret command is encrypted
Configuring Serial & Ethernet Interfaces
To configure a Serial Interface either from the console or through a virtual terminal line follow these steps:
- Enter global configuration mode
- Enter interface mode.
- Specify the interface address and subnet mask.
- Set clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected.
- Turn on the interface.
The variable "TYPE" here is for serial, ethernet, fasethernet, token ring and others.
Router(Config)# interface type port Router(Config)# interface type slot/port
Each Interface that has been configured with the above commands needs an IP Address and a Subnet mask. Configure the IP address with the following commands:
Router(config)#interface serial 0/0 Router(config-if)#ip address <ip address > <netmask >
Serial interfaces require a clock signal to control the timing of the communications in most cases a DCE device such as a CSU/DSU will provide the clock. By default, Cisco routers are DTE devices but they can be configured as DCE devices.
The clock is enabled and speed is specified with the clock rate command. Available clock rates are:
- 1200
- 2400
- 9600
- 19200
- 38400
- 56000
- 64000
- 72000
Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface.
This commands is used to administratively turn off/on an interface Command A will administratively turn off an interface Command A will administratively turn on an interface
A) Router(Config)#shutdown B) Router(Config)# no shutdown
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting, the shutdown command used to turn off the interface.
The commands that are used to set a clock rate and enable a serial interface are as follows:
Router(config)#interface serial 0/0 Router(config-if)#clock rate 56000 Router(config-if)#no shutdown
To configure a Ethernet Interface either from the console or through a virtual terminal line follow these steps:
- Enter global configuration mode.
- Enter interface configuration mode.
- Specify the interface address and subnet mask.
- Enable the interface.
Finishing the Configuration
Best Practice procedures when finalyzing a router's configuration.
- Established configuration standards. The standards procedures should be official and widely used by everyone to avoid chaos if there is a network failure.
- Provide and configured interface descriptions. Description should be used to identify important information(ie. distant router, circuit number, network segment). The description is solely as a comment about the interface, the description does not affect the operation of the router.
Line 1 Router(Config)# interface ethernet 0
Line 2 Router(Config)# description Engineering LAN Bldg 18
- Configure login banners. A login banner should warn users not to attempt login unless they are authorized. A message such as “This is a secure system, authorized access only!” informs unwanted visitors that any further intrusion is illegal.
- Performing host name resolution
- Performing configuration backup and documentation.
- Configuring a message of the day (MOTD) banner
Follow these steps to create and display a message-of-the-day:
Router(config)#banner motd % M-E-S-S-A-GE.% CTRL Z (to exit global configuration) Router# copy running-config start-up config
