When configuring a router, certain basic tasks are performed including:
Naming the router
Setting passwords
Configuring interfaces
Configuring a banner
Saving changes on a router
Verifying basic configuration and router operations
You should already be familiar with these configuration commands; however, we will do a brief review. We begin our review with the assumption that the router does not have a current startup-config file.
The first prompt appears at user mode. User mode allows you to view the state of the router, but does not allow you to modify its configuration. Do not confuse the term "user" as used in user mode with users of the network. User mode is intended for the network technicians, operators, and engineers who have the responsibility to configure network devices.
Router>
The enable command is used to enter the privileged EXEC mode. This mode allows the user to make configuration changes on the router. The router prompt will change from a ">" to a "#" in this mode.
Router>enable
Router#
Hostnames and Passwords
The figure shows the basic router configuration command syntax used to configure R1 in the following example. You can open Packet Tracer Activity 1.2.2 and follow along or wait until the end of this section to open it.
First, enter the global configuration mode.
Router#config t
Next, apply a unique hostname to the router.
Router(config)#hostname R1
R1(config)#
Now, configure a password that is to be used to enter privileged EXEC mode. In our lab environment, we will use the password class. However, in production environments, routers should have strong passwords. See the links at the end of this section for more information on creating and using strong passwords.
Router(config)#enable secret class
Next, configure the console and Telnet lines with the password cisco. Once again, the password cisco is used only in our lab environment. The command login enables password checking on the line. If you do not enter the command login on the console line, the user will be granted access to the line without entering a password.
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
Configuring a Banner
From the global configuration mode, configure the message-of-the-day (motd) banner. A delimiting character, such as a "#" is used at the beginning and at the end of the message. The delimiter allows you to configure a multiline banner, as shown here.
R1(config)#banner motd #
Enter TEXT message. End with the character '#'.
******************************************
WARNING!! Unauthorized Access Prohibited!!
******************************************
#
Configuring an appropriate banner is part of a good security plan. At a very minimum, a banner should warn against unauthorized access. Never configure a banner that "welcomes" an unauthorized user.
Links
For discussions about using strong passwords, see:
"Cisco Response to Dictionary Attacks on Cisco LEAP," at http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00801cc901.html#wp1002291
"Strong passwords: How to create and use them," at http://www.microsoft.com/athome/security/privacy/password.mspx
Router Interface Configuration
You will now configure the individual router interfaces with IP addresses and other information. First, enter the interface configuration mode by specifying the interface type and number. Next, configure the IP address and subnet mask:
R1(config)#interface Serial0/0
R1(config-if)#ip address 192.168.2.1 255.255.255.0
It is good practice to configure a description on each interface to help document the network information. The description text is limited to 240 characters. On production networks a description can be helpful in troubleshooting by providing information about the type of network that the interface is connected to and if there are any other routers on that network. If the interface connects to an ISP or service carrier, it is helpful to enter the third party connection and contact information; for example:
Router(config-if)#description Ciruit#VBN32696-123 (help desk:1-800-555-1234)
In lab environments, enter a simple description that will help in troubleshooting situations; for example:
R1(config-if)#description Link to R2
After configuring the IP address and description, the interface must be activated with the no shutdown command. This is similar to powering on the interface. The interface must also be connected to another device (a hub, a switch, another router, etc.) for the Physical layer to be active.
Router(config-if)#no shutdown
Note: When cabling a point-to-point serial link in our lab environment, one end of the cable is marked DTE and the other end is marked DCE. The router that has the DCE end of the cable connected to its serial interface will need the additional clock rate command configured on that serial interface. This step is only necessary in a lab environment and will be explained in more detail in Chapter 2, "Static Routing."
R1(config-if)#clock rate 64000
Repeat the interface configuration commands on all other interfaces that need to be configured. In our topology example, the FastEthernet interface needs to be configured.
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#description R1 LAN
R1(config-if)#no shutdown
Each Interface Belongs to a Different Network
At this point, note that each interface must belong to a different network. Although the IOS allows you to configure an IP address from the same network on two different interfaces, the router will not activate the second interface.
For example, what if you attempt to configure the FastEthernet 0/1 interface on R1 with an IP address on the 192.168.1.0/24 network? FastEthernet 0/0 has already been assigned an address on that same network. If you attempt to configure another interface, FastEthernet 0/1, with an IP address that belongs to the same network, you will get the following message:
R1(config)#interface FastEthernet0/1
R1(config-if)#ip address 192.168.1.2 255.255.255.0
192.168.1.0 overlaps with FastEthernet0/0
If there is an attempt to enable the interface with the no shutdown command, the following message will appear:
R1(config-if)#no shutdown
192.168.1.0 overlaps with FastEthernet0/0
FastEthernet0/1: incorrect IP address assignment
Notice that the output from the show ip interface brief command shows that the second interface configured for the 192.168.1.0/24 network, FastEthernet 0/1, is still down.
R1#show ip interface brief
Related Topic Router
Naming the router
Setting passwords
Configuring interfaces
Configuring a banner
Saving changes on a router
Verifying basic configuration and router operations
You should already be familiar with these configuration commands; however, we will do a brief review. We begin our review with the assumption that the router does not have a current startup-config file.
The first prompt appears at user mode. User mode allows you to view the state of the router, but does not allow you to modify its configuration. Do not confuse the term "user" as used in user mode with users of the network. User mode is intended for the network technicians, operators, and engineers who have the responsibility to configure network devices.
Router>
The enable command is used to enter the privileged EXEC mode. This mode allows the user to make configuration changes on the router. The router prompt will change from a ">" to a "#" in this mode.
Router>enable
Router#
Hostnames and Passwords
The figure shows the basic router configuration command syntax used to configure R1 in the following example. You can open Packet Tracer Activity 1.2.2 and follow along or wait until the end of this section to open it.
First, enter the global configuration mode.
Router#config t
Next, apply a unique hostname to the router.
Router(config)#hostname R1
R1(config)#
Now, configure a password that is to be used to enter privileged EXEC mode. In our lab environment, we will use the password class. However, in production environments, routers should have strong passwords. See the links at the end of this section for more information on creating and using strong passwords.
Router(config)#enable secret class
Next, configure the console and Telnet lines with the password cisco. Once again, the password cisco is used only in our lab environment. The command login enables password checking on the line. If you do not enter the command login on the console line, the user will be granted access to the line without entering a password.
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
Configuring a Banner
From the global configuration mode, configure the message-of-the-day (motd) banner. A delimiting character, such as a "#" is used at the beginning and at the end of the message. The delimiter allows you to configure a multiline banner, as shown here.
R1(config)#banner motd #
Enter TEXT message. End with the character '#'.
******************************************
WARNING!! Unauthorized Access Prohibited!!
******************************************
#
Configuring an appropriate banner is part of a good security plan. At a very minimum, a banner should warn against unauthorized access. Never configure a banner that "welcomes" an unauthorized user.
Links
For discussions about using strong passwords, see:
"Cisco Response to Dictionary Attacks on Cisco LEAP," at http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00801cc901.html#wp1002291
"Strong passwords: How to create and use them," at http://www.microsoft.com/athome/security/privacy/password.mspx
Router Interface Configuration
You will now configure the individual router interfaces with IP addresses and other information. First, enter the interface configuration mode by specifying the interface type and number. Next, configure the IP address and subnet mask:
R1(config)#interface Serial0/0
R1(config-if)#ip address 192.168.2.1 255.255.255.0
It is good practice to configure a description on each interface to help document the network information. The description text is limited to 240 characters. On production networks a description can be helpful in troubleshooting by providing information about the type of network that the interface is connected to and if there are any other routers on that network. If the interface connects to an ISP or service carrier, it is helpful to enter the third party connection and contact information; for example:
Router(config-if)#description Ciruit#VBN32696-123 (help desk:1-800-555-1234)
In lab environments, enter a simple description that will help in troubleshooting situations; for example:
R1(config-if)#description Link to R2
After configuring the IP address and description, the interface must be activated with the no shutdown command. This is similar to powering on the interface. The interface must also be connected to another device (a hub, a switch, another router, etc.) for the Physical layer to be active.
Router(config-if)#no shutdown
Note: When cabling a point-to-point serial link in our lab environment, one end of the cable is marked DTE and the other end is marked DCE. The router that has the DCE end of the cable connected to its serial interface will need the additional clock rate command configured on that serial interface. This step is only necessary in a lab environment and will be explained in more detail in Chapter 2, "Static Routing."
R1(config-if)#clock rate 64000
Repeat the interface configuration commands on all other interfaces that need to be configured. In our topology example, the FastEthernet interface needs to be configured.
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#description R1 LAN
R1(config-if)#no shutdown
Each Interface Belongs to a Different Network
At this point, note that each interface must belong to a different network. Although the IOS allows you to configure an IP address from the same network on two different interfaces, the router will not activate the second interface.
For example, what if you attempt to configure the FastEthernet 0/1 interface on R1 with an IP address on the 192.168.1.0/24 network? FastEthernet 0/0 has already been assigned an address on that same network. If you attempt to configure another interface, FastEthernet 0/1, with an IP address that belongs to the same network, you will get the following message:
R1(config)#interface FastEthernet0/1
R1(config-if)#ip address 192.168.1.2 255.255.255.0
192.168.1.0 overlaps with FastEthernet0/0
If there is an attempt to enable the interface with the no shutdown command, the following message will appear:
R1(config-if)#no shutdown
192.168.1.0 overlaps with FastEthernet0/0
FastEthernet0/1: incorrect IP address assignment
Notice that the output from the show ip interface brief command shows that the second interface configured for the 192.168.1.0/24 network, FastEthernet 0/1, is still down.
R1#show ip interface brief
Related Topic Router
- Dinamic Routing
- Static Routing
- Routing Tables Principles
- Router Interface
- Router Bootup
- Router And Network Layer
- Introducing Routing And Packet Forwading
- Route Filtering
- Dinamyc Routing Protocol
- Policy Routing
- Routing Issu
1 comments:
Hey! I know this is somewhat off topic but I was wondering if you knew where I could locate a captcha plugin for my comment form? I'm using the same blog platform as yours and I'm having trouble finding one? Thanks a lot!
Post a Comment