Sunday, December 05, 2010

Configuring a router

Basic Router Configuration

When configuring a router, certain basic tasks are performed including:

  • Naming the router
  • Setting passwords
  • Configuring interfaces
  • Configuring a banner
  • Saving changes on a router
  • Verifying basic configuration and router operations

The first prompt appears at user mode. User mode allows you to view the state of the router, but does not allow you to modify its configuration.

Router>

The enable command is used to enter the privileged EXEC mode. This mode allows the user to make configuration changes on the router.

Router>enable
Router#

Hostnames and Passwords
First, enter the global configuration mode:

Router#config t

(c)# enable secret [password]

Enables encrypted password for accessing the privilege EXEC mode.

(c)# hostname [name]

Adds a name to the router (e.g.. HQ1, R1, Central)

Next, configure the console, auxiliary and Telnet lines with a password (e.g.. cisco)

vty -  for telneting into the router with a password

(c)# line vty 0 4
(c-line)#password [type password]
(c-line)#privilege level <0-15> <--- 15 is like root/admin
(c-line)#login
(c-line)#exit

con 0 – passwording the access to the router’s DB-60 (console) port

(c)# line console 0 OR (c)#line con 0
(c-line)#password [type password]
(c-line)#logging synchronous <—This is to not be disturbed by console messages when typing
(c-line)#exec-timeout 0 0 <-– a log off timer – here it is set to never log off the connection
(default 10 min)
(c-line)#login
(c-line)#exit

aux – password the auxiliary port

(c)# line aux 0
(c-line)#password [type password]
(c-line)#login
(c-line)#exit

(c)# no ip domain lookup

Disables name resolving – useful for lab environment

(c)# service password-encryption

Encrypts the console, virtual, auxiliary passwords
entry in iOS:Encrypt system passwords

# wr OR
# copy running-config stratup-config

Saving settings on the router into NVRAM

Configuring the message of the day banner (pre login)

(c)#banner motd #

******************************************
WARNING!! Unauthorized Access Prohibited!!
******************************************
#

Enable SSH access

1) hostname
(c)# hostname [name]
2)domain name
(c)#ip domain-name [word]
2)add a username and the privilege level 
(c)#username [user] privilege 15 secret [password]
3)generate keys:
(c)#crypto key generate rsa general-keys modulus 512

The name for the keys will be: [hostname].[domain name]

% The key modulus size is 512 bits
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

4. (c)#line vty 0 4
    (c-line)login local
    (c-line)transport input telnet or SSH or both or others > restricting access only to some protocols.

Then go into putty select the interface’s IP and then connect.

rsa

Hit YES.

Configuring a Serial /  Ethernet interface

(c)#interface [type, number]
(c-if)#ip address [address, mask]
(c-if)#description [description] (maximum 128 char)
(c-if)#no shutdown

First, enter the interface configuration mode by specifying the interface type and number. Next, configure the IP address and subnet mask:

R1(config)#interface Serial0/0/0
R1(config-if)#ip address 192.168.2.1 255.255.255.0

It is good practice to configure a description on each interface to help document the network information. The description text is limited to 240 characters.

Router(config-if)#description [text]

After configuring the IP address and description, the interface must be activated with the no shutdown command. This is similar to powering on the interface. The interface must also be connected to another device (a hub, a switch, another router, etc.) for the Physical layer to be active.

Repeat the interface configuration commands on all other interfaces that need to be configured. In our topology example, the FastEthernet interface needs to be configured.

R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#description R1 LAN
R1(config-if)#no shutdown

If you attempt to configure another interface, with an IP address that belongs to the same network, you will get the following message:

R1(config)#interface FastEthernet0/1
R1(config-if)#ip address 192.168.1.2 255.255.255.0
192.168.1.0 overlaps with FastEthernet0/0

If there is an attempt to enable the interface with the no shutdown command, the following message will appear:

R1(config-if)#no shutdown
192.168.1.0 overlaps with FastEthernet0/0
FastEthernet0/1: incorrect IP address assignment

R1#show ip interface brief
<output omitted>
FastEthernet0/1 192.168.1.2 YES manual administratively down down

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)