Configuring a Router

From Mycomputer Notes

(Difference between revisions)
(Enable Password)
(Configuring a Router)
 
(21 intermediate revisions not shown)
Line 7: Line 7:
In order to accomplished this go to the global configuration mode with the following command:  
In order to accomplished this go to the global configuration mode with the following command:  
-
Router(config)#hostname Tokyo  
+
Router(config)#hostname Tokyo <BR>
Tokyo(config)#  
Tokyo(config)#  
Line 40: Line 40:
-
===Password encryption==  
+
===Password encryption===  
  Router(Config)# enable secret <password> (encrypted password)
  Router(Config)# enable secret <password> (encrypted password)
Line 46: Line 46:
The enable secret commands is used to restrict access to the privileged EXEC mode
The enable secret commands is used to restrict access to the privileged EXEC mode
The enable secret command should be used because the enable secret command is encrypted
The enable secret command should be used because the enable secret command is encrypted
 +
 +
==Configuring Serial & Ethernet Interfaces==
 +
To configure a '''Serial Interface''' either from the console or through a virtual terminal line follow these steps:
 +
 +
#Enter global configuration mode
 +
#Enter interface mode.
 +
#Specify the interface address and subnet mask.
 +
#Set clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected.
 +
#Turn on the interface.
 +
 +
 +
The variable "TYPE" here is for serial, ethernet, fasethernet, token ring and others.
 +
 +
Router(Config)# interface type port
 +
Router(Config)# interface type slot/port
 +
 +
Each Interface that has been configured with the above commands needs an IP Address and a Subnet mask. Configure the IP address with the following commands:
 +
 +
Router(config)#interface serial 0/0
 +
Router(config-if)#ip address <ip address > <netmask >
 +
 +
Serial interfaces require a clock signal to control the timing of the communications in most cases a DCE device such as a CSU/DSU will provide the clock. By default, Cisco routers are DTE devices but they can be configured as DCE devices.
 +
 +
The clock is enabled and speed is specified with the clock rate command. Available clock rates are:
 +
*1200
 +
*2400
 +
*9600
 +
*19200
 +
*38400
 +
*56000
 +
*64000
 +
*72000
 +
 +
Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface.
 +
 +
This commands is used to administratively turn off/on an interface
 +
Command A will administratively turn off an interface
 +
Command A will administratively turn on an interface
 +
 +
A) Router(Config)#shutdown
 +
B) Router(Config)# no shutdown
 +
 +
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting, the shutdown command used to turn off the interface.
 +
 +
The commands that are used to set a clock rate and enable a serial interface are as follows:
 +
 +
Router(config)#interface serial 0/0
 +
Router(config-if)#clock rate 56000
 +
Router(config-if)#no shutdown
 +
 +
To configure a '''Ethernet Interface''' either from the console or through a virtual terminal line follow these steps:
 +
 +
#Enter global configuration mode.
 +
#Enter interface configuration mode.
 +
#Specify the interface address and subnet mask.
 +
#Enable the interface.
 +
 +
=Finishing the Configuration=
 +
Best Practice procedures when finalyzing a router's configuration.
 +
 +
<UL>
 +
<LI>Established configuration standards. The standards procedures should be official and widely used by everyone to avoid chaos if there is a network failure.</LI>
 +
 +
<LI>Provide and configured interface descriptions. Description should be used to identify important information(ie. distant router, circuit number, network segment). The description
 +
is solely as a comment about the interface, the description does not affect the operation of
 +
the router.</LI>
 +
</UL>
 +
 +
Router(Config)# interface ethernet 0
 +
Router(Config)# description Engineering LAN Bldg 18
 +
 +
*Configure login banners. A login banner should warn users not to attempt login unless they are authorized. A message such as “This is a secure system, authorized access only!” informs unwanted visitors that any further intrusion is illegal.
 +
<UL>
 +
<LI>Configuring a message of the day (MOTD) banner
 +
Follow these steps to create and display a message-of-the-day:
 +
</LI> </UL>
 +
Router(config)#banner motd % M-E-S-S-A-GE.%
 +
CTRL Z (to exit global configuration)
 +
Router# copy running-config startup config
 +
 +
<UL>
 +
<LI>Performing host name resolution.
 +
Host name resolution is the process that a computer system uses to associate
 +
a host name with an IP address.
 +
A list of host names and their associated IP addresses is called a host table.
 +
The following is an example of the configuration of a host table on a router:
 +
</LI></UL>
 +
 +
Router (config) # ip host Auckland    172.16.32.1
 +
Router (config) # ip host Beirut      192.168.53.1
 +
Router (config) # ip host Capetown    192.168.89.1
 +
Router (config) # ip host Denver      10.202.8.1
 +
 +
*Performing configuration backup and documentation.
 +
 +
The configuration of network devices determines how the network will behave. Management of device configuration includes the following tasks:
 +
 +
*List and compare configuration files on running devices.
 +
*Store configuration files on network servers.
 +
*Create a backup copies of configuration files.
 +
*Perform software installations and upgrades.
 +
 +
Save de configuration files to one of the following:
 +
#TFTP Server
 +
#Network Server
 +
#Disk in a safe place

Current revision as of 21:57, 21 September 2006

All CLI configuration changes to a Cisco router are made from global configuration mode, which is sometimes called global config. Global config is the primary configuration mode.


Contents

[edit] Configuring a Router

A router should be given a unique name as one of the first configuration tasks In order to accomplished this go to the global configuration mode with the following command:

Router(config)#hostname Tokyo
Tokyo(config)#


[edit] Configuring router passwords

As a best practive restrict access to routers with a password. Passwords should always be configured for virtual terminal (vty) lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.


[edit] Console Password

Router(Config)# line console 0
Router(Config)# password cisco
Router(Config)# login

[edit] Virtual Terminal Password

Router(Config)# line vty 0 4 (when configuring telenet sessions)
Router(Config)# password cisco
Router(Config)# login

[edit] Enable Password

Router(Config)# enable password SanFranciso
Router(Config)# service password-encryption (to encrypt non  encrypted passwords)

The enable password used to restrict access to the privileged EXEC mode IF the enable secret has not been set.

Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands and a a best practice we should used the "service password-encryption" command


[edit] Password encryption

Router(Config)# enable secret <password> (encrypted password)

The enable secret commands is used to restrict access to the privileged EXEC mode The enable secret command should be used because the enable secret command is encrypted

[edit] Configuring Serial & Ethernet Interfaces

To configure a Serial Interface either from the console or through a virtual terminal line follow these steps:

  1. Enter global configuration mode
  2. Enter interface mode.
  3. Specify the interface address and subnet mask.
  4. Set clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected.
  5. Turn on the interface.


The variable "TYPE" here is for serial, ethernet, fasethernet, token ring and others. 

Router(Config)# interface type port
Router(Config)# interface type slot/port

Each Interface that has been configured with the above commands needs an IP Address and a Subnet mask. Configure the IP address with the following commands: 

Router(config)#interface serial 0/0 
Router(config-if)#ip address <ip address > <netmask >

Serial interfaces require a clock signal to control the timing of the communications in most cases a DCE device such as a CSU/DSU will provide the clock. By default, Cisco routers are DTE devices but they can be configured as DCE devices.

The clock is enabled and speed is specified with the clock rate command. Available clock rates are:

  • 1200
  • 2400
  • 9600
  • 19200
  • 38400
  • 56000
  • 64000
  • 72000

Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface.

This commands is used to administratively turn off/on an interface Command A will administratively turn off an interface Command A will administratively turn on an interface 

A) Router(Config)#shutdown
B) Router(Config)# no shutdown

By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting, the shutdown command used to turn off the interface.

The commands that are used to set a clock rate and enable a serial interface are as follows: 

Router(config)#interface serial 0/0 
Router(config-if)#clock rate 56000 
Router(config-if)#no shutdown

To configure a Ethernet Interface either from the console or through a virtual terminal line follow these steps:

  1. Enter global configuration mode.
  2. Enter interface configuration mode.
  3. Specify the interface address and subnet mask.
  4. Enable the interface.

[edit] Finishing the Configuration

Best Practice procedures when finalyzing a router's configuration.

  • Established configuration standards. The standards procedures should be official and widely used by everyone to avoid chaos if there is a network failure.
  • Provide and configured interface descriptions. Description should be used to identify important information(ie. distant router, circuit number, network segment). The description is solely as a comment about the interface, the description does not affect the operation of the router.
Router(Config)# interface ethernet 0 
Router(Config)# description Engineering LAN Bldg 18
  • Configure login banners. A login banner should warn users not to attempt login unless they are authorized. A message such as “This is a secure system, authorized access only!” informs unwanted visitors that any further intrusion is illegal.
  • Configuring a message of the day (MOTD) banner Follow these steps to create and display a message-of-the-day: 
Router(config)#banner motd % M-E-S-S-A-GE.%
CTRL Z (to exit global configuration)
Router# copy running-config startup config
  • Performing host name resolution. Host name resolution is the process that a computer system uses to associate a host name with an IP address. A list of host names and their associated IP addresses is called a host table. The following is an example of the configuration of a host table on a router: 
Router (config) # ip host Auckland    172.16.32.1
Router (config) # ip host Beirut      192.168.53.1
Router (config) # ip host Capetown    192.168.89.1
Router (config) # ip host Denver      10.202.8.1
  • Performing configuration backup and documentation.

The configuration of network devices determines how the network will behave. Management of device configuration includes the following tasks:

  • List and compare configuration files on running devices.
  • Store configuration files on network servers.
  • Create a backup copies of configuration files.
  • Perform software installations and upgrades.

Save de configuration files to one of the following:

  1. TFTP Server
  2. Network Server
  3. Disk in a safe place
Retrieved from "http://editthis.info/mycomputer_notes/Configuring_a_Router"
Personal tools