Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Configuring The Router From The Console Port

Download as pdf or txt
Download as pdf or txt
You are on page 1of 12

Configuring the Router from the Console Port

Once you have the correct cable connected from your PC to the Cisco router or switch, you can
start HyperTerminal to create a console connection and configure the device. Set the
configuration as follows:

1. Open HyperTerminal and enter a name for the connection. It is irrelevant what you name it,
but I always use ttc. Then click OK.

2. Choose the communications port—either COM1 or COM2, whichever is open on your PC.

3. Now set the port settings. The default values (2400bps and no flow control hardware) will not
work; you must set the port settings
Notice that the bit rate is now set to 9600 and the flow control is set to None. At this point, you
can click OK and press the Enter key, and you should be connected to your Cisco device console
port.

The Router Boot Sequence


When a router boots up, it performs a series of steps, called the boot sequence, to test the
hardware and load the necessary software. The boot sequence consists of the following steps:

1. The router performs a POST. The POST tests the hardware to verify that all components of
the device are operational and present. For example, the POST checks for the different
interfaces on the router. The POST is stored in and run from ROM (read-only memory).

2. The bootstrap then looks for and loads the Cisco IOS software. The bootstrap is a program in
ROM that is used to execute programs. The bootstrap program is responsible for finding where
each IOS program is located and then loading the file. By default, the IOS software is loaded
from flash memory in all Cisco routers.

3. The IOS software looks for a valid configuration file stored in NVRAM. This file is called
startup-config and is only there if an administrator copies the running-config file into NVRAM.
(Cisco’s new Integrated Services Router (ISR) has a small startup-config file preloaded.)

4. If a startup-config file is in NVRAM, the router will copy this file and place it in RAM and call
the file running-config. The router will use this file to run the router. The router should now be
operational. If a startup-config file is not in NVRAM, the router will broadcast out any interface
that detects carrier detect (CD) for a TFTP host looking for a configuration, and when that fails
(typically it will fail—most people won’t even realize the router has attempted this process), it
will start the setup mode configuration process.
The Command Line Interface (CLI)

To use the CLI, press ENTER after the router finishes booting up. It displays a

Router> (This is called the User mode. It is mostly used to view statistics but also a stepping
stone to logging in to privilege mode. Just type enable and it takes you to the
privilege mode)
Router> enable

Router# (This is called the Privilege mode. You can view or troubleshoot configurations done on
the router from this mode but from here we can move on the global configuration
mode where we can do any configuration on the router. Just type configure terminal
(or config t for short) and it take you to the global configuration mode)
Router# config t

Router(config)# (This is called the Global Configuration mode. Any configuration can be carried out
from this mode)

These are the three basic modes.

Some Configuration Commands


Router(config)#hostname [enter hostname] - Used to change the name of the router

Router(config)#banner motd $[enter a message]$ - Used to create a banner that is displayed before you
log in to the user mode. Just type anything that you
want to display in between the $ signs.

Router(config)#enable password [enter password] - Used to create a privilege mode password


or
Router(config)#enable secret [enter password] - Used instead of the enable password to create an
encrypted password

Router(config)#service encryption-password - Used to encrypt all passwords created on the router

Configuring the Line Ports


Since there are three different ports used in configuring the Router, we have to password these
ports so that no one can use these ports to configure the router except we give the passwords to
them. Now imagine, if you don’t do this, anyone can just plug in his/her computer to the router
and start making changes to the configuration you have made on the router which may spell
disaster.

- Configuring the Console port


Router(config)#line console 0 - Used to configure the console port
Router(config-line)#password [enter password] - Creating a password for the console port
Router(config-line)#login - Used to validate password created for console port
Router(config-line)#exit - Used to exit the line configuration mode
- Configuring the Auxiliary port
Router(config)#line aux 0 - Used to configure the auxiliary port
Router(config-line)#password [enter password] - Creating a password for the auxiliary port
Router(config-line)#login - Used to validate the password created for the
auxiliary port
Router(config-line)#exit - Used to exit the line configuration mode

- Configuring the Virtual Terminal (telnet) port


Router(config)#line vty 0 4 - Used to configure the vty(telnet) port
Router(config-line)#password [enter password] - Creating a password for the vty port
Router(config-line)#login - Used to validate password created for the vty port
Router(config-line)#exit - Used to exit the line configuration mode

Configuring Interfaces
There are two major types of interfaces seen on a router, which are the Serial interfaces and the
Ethernet interfaces (sometimes it can be Fast Ethernet interfaces).

The serial interface is used in connecting a router to a router. Most Cisco routers comes with two
serial interfaces. The names of the serial ports may be serial 0/0 (s0/0) and serial 0/1 (s0/1) or
just serial 0 (s0) and serial 1 (s1) depending on the names displayed on the router physically.

The Ethernet interface is used in connecting a router to a switch or even a host. Sometimes it
may be just an Ethernet interface called Ethernet 0 (e0) or Ethernet 0/0 (e0/0) or a Fast
Ethernet interface called Fast Ethernet 0 (f0) or Fast Ethernet 0/0 (f0/0).

These interfaces are actually acting as a gateway to a particular network. So these interfaces
have to be configured with an IP address that is in line with the network connected to it. By
default, each interface on the router is already shutdown (i.e. no access is allowed through it),
so we are supposed to specify a command “no shutdown” to bring up that interface.

- Configuring an Interface
Router(config)#interface [interface name] - Used to configure the interface chosen
Router(config-if)#ip address [ip address and subnet] - Assigning an IP address to the interface
Router(config-if)#clock rate [enter rate] - Used only with Serial interfaces (DCE)
Router(config-if)#no shutdown - Used to bring up the interface
Router(config-if)#exit - Used to exit the interface configuration mode

eg
Router(config)#interface f0/0
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit

Now physically, when connecting a Cisco router to another Cisco router, we will be using a
particular cable. On one end of this cable, there’s a label with DCE (Data communication
Equipment) and the other end, there’s a label with DTE (Data Terminal Equipment). When
connecting the serial interface of each router with this cable, notice the interface that you
plugged the DCE part of the cable to. You will have to set the clock rate of that interface on that
router so that it will provide clocking to the other router. An example is -
Router(config)#interface s0/0
Router(config-if)#ip address 192.168.50.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shutdown
Router(config-if)#exit

Some Privilege Commands


Router#show run - Used to view all the configurations on the running-config
Router#show start - Used to view the configurations saved on the startup-config
Router#show ip int - Used to view IP address of each interface
Router#show int [interface name] - Used to view interface status and configuration
Router#show cdp neighbor - Used to view devices that are directly connected
Router#show cdp neighbor detail - Used to view details of devices that are directly connected
Router#logout - Used to logout the router
Router#reload - Used to reload the router
Router#ping [ip address] - Used to check for communication with a device
Router#telnet [ip address] - Used to telnet an interface on another router
Router#disconnect - Used to disconnect an existing telnet session
Router#copy run start - Used to save configurations made on the router

We are building a beauty but this is just the beginning (ha ha). Notice how great this looks but
routers can only make networks directly connected to it to communicate with each other alone.
So how do we make networks that are on the router to communicate with networks not
connected directly to the router? That’s a big question which leads us to the next topic.

IP Routing
IP routing is just simply sending a packet through a particular route to a remote network. There
are two protocols which can handle this;

Routing Protocol: This is what routers use in learning about routes to a remote network
Routed Protocol: This is what routers use in sending packets through a route already learnt by
a router.

Since we are after learning the routes to a remote network so that we can communicate with the
remote network, then we have to know more about Routing Protocols.

There are three different types of routing protocols, which are;


1. Static Routing
2. Default Routing
3. Dynamic Routing

- Configuring Static Routing


Router(config)#ip route [destination network address and subnet mask] [next-hop address or
exit interface]

E.g. if a router wants to learn about a network 192.168.30.0 connected to another router, it can
be configured like this

Router(config)#ip route 192.168.30.0 255.255.255.0 192.168.20.2


- Configuring Default Routing
Default routing is used only in Stub networks (networks with only one exit)

Router(config)#ip route 0.0.0.0 0.0.0.0 [next-hop address or exit interface]

- Configuring Dynamic Routing


Dynamic routing is used to advertise the networks that are directly connected to the router

(RIP)
Router(config)#router rip
Router(config)#router [network address]
Router(config)#version 2 - Used for VLSM/CIDR (optional)

(IGRP)
Router(config)#router igrp [AS no.]
Router(config)#router [network address]

(EIGRP)
aRouter(config)#router eigrp [AS no.]
Router(config)#router [network address]

(OSPF)
Router(config)#router ospf [PROCESS ID]
Router(config)#[network address] [wildcard mask] area [no.]

--------------------

So with any of these routing commands, we can learn about any remote network and at the end,
all the networks can communicate with each other.

Finally, we can move on, at least everything is in order now, whew! What else?

Router#show ip route - Shows all the routes in the routing table

- Configuring DHCP for routers


Router(config)#ip dhcp pool [name]
Router(dhcp-config)#network [network address & subnet]
Router(dhcp-config)#default-router [gateway ip address]
Router(dhcp-config)#exit

E.g.

Router(config)#ip dhcp pool wuse


Router(dhcp-config)#network 192.168.30.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.30.1
Router(dhcp-config)#exit

So let us choose the interface we want to make the default gateway to our network and assign
that same IP address that we used as the default-router’s IP address.

Router(config)#interface f0/0
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shutdown
Explanation:
The first line creates a dhcp pool called wuse.
The second line now assigns a network address to the pool you created.
The third line is choosing an IP address to become the default gateway to the network.
The fourth line exits the dhcp configuration mode.
--------------------

By now all networks should be able to communicate with each other no matter how many
networks we have in the internetwork.

OK, let’s give this configuration a break, at least we can now configure the router to an extent.
Let’s look at something very important, Password Recovery.

Recovering Password
If you are locked out of a router because you forgot the password, you can change the
configuration register to help you get back on your feet.

Now before we jump into that, we need to understand something called configuration register.
Configuration registers are used to tell the router what to do when booting. By default, the
configuration register of a Cisco device is 0x2102 which tells the router to load the Cisco IOS
from flash memory, look for and load the valid configuration file (startup-config) from NVRAM.

Since all the configurations (even the passwords) we’ve made is saved on the startup-config file,
all we need to do is to ignore the NVRAM contents when the router is booting so that it will not
load the startup-config file. To do this, we have to change the configuration register settings.
Well, that’s it, here are the main steps to password recovery:

1. Boot the router and interrupt the boot sequence by performing a break (simply press
“Ctrl + Break” on your keyboard), which will take the router into Rom monitor mode.

2. Change the configuration register (type “confreg 0x2142” then hit enter).

3. Reload the router (type “reset” then hit enter).

4. After the router finishes booting, enter the privilege mode. Notice that you are not
asked for any passwords.

5. Copy the startup-config file to running-config (type “copy start run”). This copies all
the settings that you have made on the router before to the router but meanwhile you
have already bypassed all passwords.

6. Change the password.

7. Reset the configuration register to the default settings. On the global configuration
mode, simply type “config-register 0x2102” then hit enter.

8. Save the router configuration. On the privilege mode, type “copy run start”. This now
saves all the changes you have made on the router.

9. Reload the router (optional).


Access Lists
An access list is essentially a list of conditions that categorize packets. They can be really helpful
when you need to exercise control over network traffic. An access list would be your tool of
choice for decision making in these situations.

One of the most common and easiest to understand uses of access lists is filtering unwanted
packets when implementing security policies. For example, you can set them up to make very
specific decisions about regulating traffic patterns so that they’ll allow only certain hosts to
access web resources on the Internet while restricting others. With the right combination of
access lists, network managers arm themselves with the power to enforce nearly any security
policy they can invent.

There are two main types of Access List:

Standard access lists This use only the source IP address in an IP packet as the condition test.
All decisions are made based on the source IP address. This means that standard access lists
basically permit or deny an entire suite of protocols. They don’t distinguish among any of the
many types of IP traffic such as web, Telnet, UDP, and so on. Standard Access List uses
numbers from 1 – 99.

- Configuring Standard Access List (SACL)


Router(config)#access-list [SACL no.] [deny or permit] [Source address and wildcard mask]
Router(config)#access-list [SACL no.] permit any

Extended access lists Extended access lists can evaluate many of the other fields in the layer
3 and layer 4 headers of an IP packet. They can evaluate source and destination IP addresses,
the protocol field in the Network layer header, and the port number at the Transport layer
header. This gives extended access lists the ability to make much more granular decisions when
controlling traffic. Extend Access List uses numbers from 100 – 199.

- Configuring Extended Access List (EACL)


Router(config)#access-list [EACL no.] [deny or permit] [tcp or udp] [Source address and
wildcard mask] [Destination address and wildcard mask] eq [port address or
protocol name]
Router(config)#access-list [EACL no.] permit ip any any

Wildcard Mask
Wildcards are used with access lists to specify and individual host, a network or a certain range
of a network or networks.

Wildcards are used with the host or network address to tell the router a range of available
addresses to filter. To specify a host, the address would look like this:

172.16.30.5 0.0.0.0

The four zeros represent each octet of the address. Whenever a zero is present, it means that
octet in the address must match exactly. To specify that an octet can be any value, the value of
255 is used. As an example, here’s how a /24 subnet is specified with a wildcard:

172.16.30.0 0.0.0.255

This tells the router to match up the first three octets exactly, but the fourth octet can be any
value.
Applying Access List
What we have done so far is to create the access list. We are supposed to apply it to an interface
which we will use in filtering that packet. Before we apply it, there are some things we are
supposed to know;

Inbound Access List: When an access list is applied to inbound packets on an interface, those
packets are processed through the access list before being routed to the outbound interface. Any
packets that are denied won’t be routed because they’re discarded before the routing process is
provoked.

Outbound Access List: When an access list is applied to outbound packets on an interface,
those packets are routed to the outbound interface and then processed through the access list
before being queued.

- Applying the Access List to an interface


Router(config)#interface [interface name]
Router(config-if)#ip access-group [SACL or EACL no. created] [in or out]

That’s all there is to configure in Access List. We can view the all the access lists that we have
created by typing

Router#show access-list

Network Address translation


NAT can be used when;
_ You need to connect to the Internet and your hosts don’t have globally unique IP addresses.
_ You change to a new ISP that requires you to renumber your network.
_ You need to merge two intranets with duplicate addresses.

There are 3 types of NAT

Static NAT This type of NAT is designed to allow one-to-one mapping between local and global
addresses. Keep in mind that the static version requires you to have one real Internet IP address
for every host on your network.

Dynamic NAT This version gives you the ability to map an unregistered IP address to a
registered IP address from out of a pool of registered IP addresses. You don’t have to statically
configure your router to map an inside to an outside address as you would using static NAT, but
you do have to have enough real, bona fide IP addresses for everyone who’s going to be sending
packets to and receiving them from the Internet.

Overloading This is the most popular type of NAT configuration. Understand that overloading
really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single
registered IP address—many-to-one—by using different ports. By using PAT (NAT Overload), you
get to have thousands of users connect to the Internet using only one real global IP address.
Configuring NAT
- Static NAT
Router(config)#ip nat inside source static [host address] [internet address]

E.g.

Router(config)#ip nat inside source static 192.168.5.2 217.10.10.2

This is just saying that host 192.168.5.2 should connect to the internet with the IP address
217.10.10.2

- Dynamic NAT
Router(config)#ip nat pool [name for the pool] [first internet address] [last internet address]
netmask [subnet mask]
Router(config)#access-list [SAL no.] permit [source network address] [wildcard mask]
Router(config)#ip nat inside source list [same SAL no.] pool [same pool name created]

E.g.

Router(config)#ip nat pool ttc 217.10.10.2 217.10.10.254 netmask 255.255.255.0


Router(config)#access-list 20 permit 192.168.5.0 0.0.0.255
Router(config)#ip nat inside source list 20 pool ttc

1st Line - We created a pool of IP addresses 217.10.10.2 to 217.10.10.254 and we named it ttc
2nd Line - We created standard access list, permitting hosts in the 192.168.5.0 network
3rd Line - We applied the standard access list to the pool of IP addresses we created

- Overloading NAT
Router(config)#ip nat pool [name for the pool] [internet address] [same internet address]
netmask [subnet mask]
Router(config)#access-list [SAL no.] permit [source network address] [wildcard mask]
Router(config)#ip nat inside source list [same SAL no.] pool [same pool name created] overload

E.g.

Router(config)#ip nat pool zone 217.10.10.1 217.10.10.1 netmask 255.255.255.0


Router(config)#access-list 10 permit 192.168.10.0 0.0.0.255
Router(config)#ip nat inside source list 10 pool zone overload

1st Line - We created a pool of IP addresses 217.10.10.1 to 217.10.10.1 and we named it ttc
but in this pool, we are only using just one IP address since it is overloading
2nd Line - We created standard access list, permitting hosts in the 192.168.10.0 network
3rd Line - We applied the standard access list to the pool of we created and we are specifying
that it is an overloading nat.
- Configuring Interfaces for NAT
After creating the NAT, we have to apply it to the interfaces. The command follows;

Router(config)#interface [interface name]


Router(config-if)#ip address [ip address] [subnet mask]
Router(config-if)#ip nat [inside or outside]

E.g.
Router(config)#Interface f0/0
Router(config-if)#ip address 192.168.5.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#interface s0/0
Router(config-if)#ip address 217.10.10.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#exit

Mostly, the gateway to your LAN is the inside source (in this case, we are talking about interface
f0/0) while the gateway to your WAN is the outside source (which is s0/0 here).

Virtual Local Area Networks (VLAN)


VLAN is a logical grouping of network users and resources connected to administratively defined
ports on a switch. When you create VLANs, you’re given the ability to create smaller broadcast
domains within a layer 2 switched internetwork by assigning different ports on the switch to
different subnetworks.

So, does this mean we no longer need routers? It really depends on what you want or what your
needs are. By default, hosts in a specific VLAN cannot communicate with hosts that are
members of another VLAN, so if you want inter-VLAN communication, the answer is that you still
need a router.

Great, so let’s see how to create a VLAN

Switch(config)#vlan [enter any no. btw 2 to 1000]


Switch(config-vlan)#name [enter any name]

E.g.

Switch(config)#vlan 2
Switch(config-vlan)#name customer

Switchport Links
There are two different types of links in a switched environment.
Access Ports: An access port belongs to and carries the traffic of only one VLAN. It is also used
in assigning VLAN to a port

Trunk Ports: A trunk port carries the information of multiple VLANs. It is mostly used on a port
that connects a switch to other switches or a switch to a router.
- Assigning VLAN to an Interface
Switch(config)#interface [interface name]
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan [vlan no.]

- Configuring trunk link for an interface


Switch(config)#interface [interface name]
Switch(config-if)#switchport mode trunk

VLAN TRUNKING PROTOCOL (VTP)


Now imagine that we have a network with say 200 computers and the switch we are making use
of is a 24 port switch. That means we will have to use more than one switches to connect all the
computers together. Meanwhile on one of the switches, we have already created about 10
different VLANs, so what do we do? Do we go ahead create VLANs on each of the switches which
will take us a long time?

That’s where VTP comes in. VTP is used to manage all configured VLANs across a switch
internetwork and to maintain consistency throughout that network. VTP is used to send VLAN
information to all switches by the creating a VTP Mode and VTP domain.

First of all the switch that you want to send out the VLAN information must be on VTP mode
Server and you create a domain for it. The Server can create, add or delete VLAN. Then the
other switches should be on client mode and also on the same domain with the Server so that
they can pick up the VLAN information from the Server. The Client cannot create, add or delete
VLAN. There’s also the transparent mode but it does not take part in the VLAN, it only forwards
the VLAN information to other switches.

So here’s how to configure VTP

Switch(config)#vtp mode [server/client/transparent]


Switch(config)#vtp domain [enter a name]
Switch(config)#vtp password [enter a password] (optional)

- Configuring Inter-VLAN Routing


By default, only hosts that are members of the same VLAN can communicate. To change this
and allow inter-VLAN communication, you need a router or a layer 3 switch. I’m going to start
with the router approach.

To support 802.1Q routing on a Fast Ethernet interface, the router’s interface is divided into
logical interfaces—one for each VLAN. These are called subinterfaces. From a Fast Ethernet, you
can set the interface to trunk with the encapsulation command:

Router(config)#interface f0/0
Router(config-if)#no shutdown
Router(config-if)#int f0/0.1
Router(config-subif)#ip address [ip address] [subnet mask]
Router(config-subif)#encapsulate dot1q [vlan no.]

First of all, the interface on the router which we plugged the switch to, we select it and specify
the no shutdown command to bring it up. Then we create a subinterface on that interface, give it
an IP address and encapsulate it to a particular VLAN to become that VLAN’s gateway.

You might also like