CCNADocumentV7 ITN Module10 BasicRouterConfiguration
CCNADocumentV7 ITN Module10 BasicRouterConfiguration
CCNADocumentV7 ITN Module10 BasicRouterConfiguration
1
WELCOME TO INTRODUCTION TO NETWORK
To configure the device name for R1, use the following commands.
Router> enable
Router# configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Router(config)# hostname R1
R1(config)#
Note: Notice how the router prompt now displays the router hostname.
All router access should be secured. Privileged EXEC mode provides the user with complete
access to the device and its configuration. Therefore, it is the most important mode to secure.
The following commands secure privileged EXEC mode and user EXEC mode, enable Telnet
and SSH remote access, and encrypt all plaintext (i.e., user EXEC and VTY line) passwords.
R1(config)# enable secret class
R1(config)#
R1(config)# line console 0
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# exit
R1(config)#
R1(config)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)#
R1(config)# service password-encryption
R1(config)#
The legal notification warns users that the device should only be accessed by permitted users.
Legal notification is configured as follows.
2
WELCOME TO INTRODUCTION TO NETWORK
If the previous commands were configured and the router accidently lost power, all
configured commands would be lost. For this reason, it is important to save the configuration
when changes are implemented. The following command saves the configuration to NVRAM.
R1# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
R1#
3
WELCOME TO INTRODUCTION TO NETWORK
The task to configure a router interface is very similar to a management SVI on a switch.
Specifically, it includes issuing the following commands:
Router(config)# interface type-and-number
Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown
4
WELCOME TO INTRODUCTION TO NETWORK
Note: Notice the informational messages informing us that G0/0/0 and G0/0/1 are enabled.
10.3.3. Verify Interface Configuration
There are several commands that can be used to verify interface configuration. The most
useful of these is the show ip interface brief and show ipv6 interface brief commands, as
shown in the example.
R1# show ip interface brief
Interface IP-Address OK? Method Status
Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down
down
5
WELCOME TO INTRODUCTION TO NETWORK
show ip route
R1# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
6
WELCOME TO INTRODUCTION TO NETWORK
show interfaces
R1# show interfaces gig0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140)
Description: Link to LAN
Internet address is 192.168.10.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1180 packets input, 109486 bytes, 0 no buffer
Received 84 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
7
WELCOME TO INTRODUCTION TO NETWORK
show ip interface
R1# show ip interface g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 192.168.10.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
R1#
when the host wants to send a packet to a device on another network. The default gateway
address is generally the router interface address attached to the local network of the host. The
IP address of the host device and the router interface address must be in the same network.
For example, assume an IPv4 network topology consisting of a router interconnecting two
separate LANs. G0/0/0 is connected to network 192.168.10.0, while G0/0/1 is connected to
network 192.168.11.0. Each host device is configured with the appropriate default gateway
address.
In this example, if PC1 sends a packet to PC2, then the default gateway is not used. Instead,
PC1 addresses the packet with the IPv4 address of PC2 and forwards the packet directly to
PC2 through the switch.
What if PC1 sent a packet to PC3? PC1 would address the packet with the IPv4 address of
PC3, but would forward the packet to its default gateway, which is the G0/0/0 interface of R1.
The router accepts the packet and accesses its routing table to determine that G0/0/1 is the
appropriate exit interface based on the destination address. R1 then forwards the packet out of
the appropriate interface to reach PC3.
10
WELCOME TO INTRODUCTION TO NETWORK
The same process would occur on an IPv6 network, although this is not shown in the
topology. Devices would use the IPv6 address of the local router as their default gateway.
10.4.2. Default Gateway on a Switch
A switch that interconnects client computers is typically a Layer 2 device. As such, a Layer 2
switch does not require an IP address to function properly. However, an IP configuration can
be configured on a switch to give an administrator remote access to the switch.
To connect to and manage a switch over a local IP network, it must have a switch virtual
interface (SVI) configured. The SVI is configured with an IPv4 address and subnet mask on
the local LAN. The switch must also have a default gateway address configured to remotely
manage the switch from another network.
The default gateway address is typically configured on all devices that will communicate
beyond their local network.
11
WELCOME TO INTRODUCTION TO NETWORK
12
WELCOME TO INTRODUCTION TO NETWORK
You can practice these skills using the Packet Tracer or lab equipment, if available.
Packet Tracer - Physical Mode (PTPM) (pdf, pka)
Lab Equipment (pdf)
10.5.5. What did I learn in this module?
Configure Initial Router Settings
The following tasks should be completed when configuring initial settings on a router.
1. Configure the device name.
2. Secure privileged EXEC mode.
3. Secure user EXEC mode.
4. Secure remote Telnet / SSH access.
5. Secure all passwords in the config file.
13
WELCOME TO INTRODUCTION TO NETWORK
Configure Interfaces
For routers to be reachable, the router interfaces must be configured. The Cisco ISR 4321
router is equipped with two Gigabit Ethernet interfaces: GigabitEthernet 0/0/0 (G0/0/0) and
GigabitEthernet 0/0/1 (G0/0/1). The tasks to configure a router interface are very similar to a
management SVI on a switch. Using the no shutdown command activates the interface. The
interface must also be connected to another device, such as a switch or a router, for the
physical layer to be active. There are several commands that can be used to verify interface
configuration including the show ip interface brief and show ipv6 interface brief, the show
ip route and show ipv6 route, as well as show interfaces, show ip interface and show ipv6
interface.
Configure the Default Gateway
For an end device to communicate over the network, it must be configured with the correct IP
address information, including the default gateway address. The default gateway address is
generally the router interface address for the router that is attached to the local network of the
host. The IP address of the host device and the router interface address must be in the same
network. To connect to and manage a switch over a local IP network, it must have a switch
virtual interface (SVI) configured. The SVI is configured with an IPv4 address and subnet
mask on the local LAN. The switch must also have a default gateway address configured to
remotely manage the switch from another network. To configure an IPv4 default gateway on a
switch, use the ip default-gateway ip-address global configuration command. Use the IPv4
address of the local router interface that is connected to the switch.
10.5.6. Module Quiz - Basic Router Configuration
What is the purpose of the banner motd command?
A. It configures a message that will identify printed documents to LAN users.
B. It is a way that routers communicate the status of their links with oneanother.
C. It provides an easy way of communicating with any user attached to a router’s LANs.
D. It provides a way to make announcements to those who log in to a router.
A technician is configuring a router to allow for all forms of management access. As part
of each different type of access, the technician is trying to type the
command login. Which configuration mode should be entered to do this task?
A. user executive mode
B. global configuration mode
C. any line configuration mode
D. privileged EXEC mode
What is stored in the NVRAM of a Cisco router?
A. the Cisco IOS
B. the running configuration
C. the bootup instructions
D. the startup configuration
14
WELCOME TO INTRODUCTION TO NETWORK
A router boots and enters setup mode. What is the reason for this?
A. The IOS image is corrupt.
B. Cisco IOS is missing from flash memory.
C. The configuration file is missing from NVRAM.
D. The POST process has detected hardware failure.
Which command is used to encrypt all passwords in a router configuration file?
A. Router_A (config)# enable secret <password>
B. Router_A (config)# service password-encryption
C. Router_A (config)# enable password <password>
D. Router_A (config)# encrypt password
Company policy requires using the most secure method to safeguard access to the
privileged exec and configuration mode on the routers. The privileged exec password
is trustknow1. Which of the following router commands achieves the goal of providing
the highest level of security?
A. secret password trustknow1
B. enable password trustknow1
C. service password-encryption
D. enable secret trustknow1
What will be the response from the router after the command, “router(config)#
hostname portsmouth” is entered?
A. portsmouth#
B. portsmouth(config)#
C. invalid input detected
D. router(config-host)#
E. hostname = portsmouth portsmouth#
F. ? command not recognized router(config)#
16