The initial steps that are used to configure
a router are
not very difficult. If you become familiar with these steps and
learn how
to move between the router's user modes, it becomes easy to perform
complex
router configurations. These notes introduce the basic configuration
modes of
a Cisco router and demonstrate simple configurations.
A clear, easy to understand router configuration that is backed up regularly should be a goal of all network administrators. The Cisco IOS provides many tools that an administrator can use to add information to the configuration file for documentation purposes. A network administrator should provide as much information as possible in case another person becomes responsible for the network.
Students who complete this module should be able to perform the following tasks:This page will discuss some features that are
available from
global configuration mode.
All
The
prompt changes
to indicate that the router is now in global configuration mode.
Router#configure terminal
Router(config)#
The prompt will change to indicate that the
router is in
global configuration mode. Here are a few of the modes that can be
entered from
global configuration mode:
When these specific modes are entered, the
router prompt
changes to indicate the current configuration mode. Any configuration
changes
that are made will apply only to the interfaces or processes covered by
the
particular mode.
Type exit from one of the specific modes to
return a router
to global configuration mode. Pressing Ctrl-Z leaves the configuration
modes
completely and returns the router to privileged EXEC mode.
Router(config)#hostname
When the Enter key is pressed, the prompt
will change from
the default host name, which is Router, to the newly configured host
name,
which is
The following commands are used to set an
optional but
recommended password on the console line:
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password <password
>
A password must be set on one or more of the
vty lines for
users to gain remote access to a router through Telnet. Most Cisco
routers
support five vty lines numbered 0 through 4. Other hardware platforms
support
different numbers of vty connections. The same password is generally
used for
all vty lines. However, a unique password can be set for one line to
provide a
fallback entry to the router if the other four connections are in use.
The
following commands are used to set a password on vty lines:
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password <password
>
The enable password and enable secret commands are used to restrict access to the privileged EXEC mode. The enable password is only used if the enable secret has not been set. The enable secret command should be used because the enable secret command is encrypted. The enable password command is not encrypted. The following commands are used to set the passwords:
Router(config)#enable secret
<password
>
Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands. This command is used to encrypt passwords in configuration output:
The service password-encryption command
applies a weak
encryption to all unencrypted passwords. The enable secret <password
>
command uses a strong MD5 algorithm for encryption.
This page will introduce some show commands.
Many of these
commands can be used to examine the contents of files in the router and
for
troubleshooting. In both privileged EXEC and user EXEC modes, the
command show
? provides a list of available show commands. The list is considerably
longer
in privileged EXEC mode than it is in user EXEC mode.
Students should learn the functions of the
following
commands:
show interfaces
- this command displays statistics for all
interfaces on a router. To view the statistics for a specific
interface, enter
the show interfaces command followed by the specific interface
slot/port
number. This is shown in the following example:
Router#show interfaces serial 0/1
show controllers serial - Displays information that is specific to the interface hardware. This command must also include the port or slot/port number of the serial interface. For example:
Router#show controllers serial 0/1
show clock - Shows the time set in the router
show hosts - Displays a cached list of host names and addresses
show users - Displays all users who are connected to the router
show history - Displays a history of commands that have been entered
show flash - Displays information about flash memory and what IOS files are stored there
show version - Displays information about the currently loaded software version along with hardware and device information.
show arp - Displays the ARP table of the router
show protocols - Displays the global and interface-specific status of any configured Layer 3 protocols
show startup-config - Displays the saved configuration located in NVRAM
show running-config - Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.
To configure a
serial interface follow these steps:
1. Enter global configuration mode.
2. Enter interface mode.
3. Specify the interface address and subnet mask.
4.
Set
clock rate if a DCE cable is connected. Skip this step if a
5.
Turn
on the interface.
Each connected serial interface must have an
IP address and
subnet mask to route IP packets. Configure the IP address with the
following
commands:
Router(config)#interface serial 0/0
Router(config-if)#ip address
<ip address
> <netmask >
Serial interfaces require a clock signal to
control the
timing of the communications. In most environments, a DCE device such
as a
On serial links that are directly
interconnected, as in a
lab environment, one side must be considered a DCE and provide a
clocking signal.
The clock is enabled and speed is specified with the clock rate
command. The
available clock rates in bits per second are 1200, 2400, 9600, 19200,
38400,
56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000,
2000000,
or 4000000. Some bit rates might not be available on certain serial
interfaces.
This depends on the capacity of each interface.
By default, interfaces are turned off, or
disabled. To turn
on or enable an interface, the command no shutdown is entered. If an
interface
needs to be administratively disabled for maintenance or
troubleshooting, the
shutdown command used to turn off the interface.
In the lab environment, the clockrate setting
that will be
used is 56000. The commands that are used to set a clock rate and
enable a
serial interface are as follows:
Router(config)#interface serial 0/0
Router(config-if)#clock rate
56000
Router(config-if)#no shutdown
To verify changes, use the show
running-config command. This
command will display the current configuration. If the variables
displayed are
not correct, the environment can be changed in the following ways:
· Issue the no form of a configuration command.
· Reload the system to return to the original configuration file from NVRAM.
· Copy an archived configuration file from a TFTP server.
· Remove the startup configuration file with the erase startup-config, then restart the router and enter setup mode.
Router#copy running-config startup-config
Each Ethernet interface must have an IP
address and subnet
mask to route IP packets.
To configure an Ethernet interface follow
these steps:
1. Enter global configuration mode.
2. Enter interface configuration mode.
3. Specify the interface address and subnet mask.
4. Enable the interface.
A standard is a set of rules or procedures
that are either
widely used or officially specified. If an organization does not have
standards, the network will be in chaos if a service interruption
occurs.
Network management requires a centralized
support standard.
Configuration, security, performance, and other issues must be
addressed for
the network to function properly. The creation of standards for network
consistency helps reduce network complexity, unplanned downtime, and
events
that may affect network performance.
The description will appear in the
configuration files that
exist in the router memory. However, it will not affect the operation
of a
router. A description only provides information about an interface.
Descriptions are created by following a standard format that applies to
each
interface. The description may include the purpose and location of the
interface, other devices or locations connected to the interface, and
circuit
identifiers. Descriptions allow support personnel to better understand
the
scope of problems related to an interface and allow for faster
resolution of
problems.
The description will appear in the
configuration files that
exist in the router memory. However, it will not affect the operation
of a
router. A description only provides information about an interface.
Descriptions
are created by following a standard format that applies to each
interface. The
description may include the purpose and location of the interface,
other
devices or locations connected to the interface, and circuit
identifiers.
Descriptions allow support personnel to better understand the scope of
problems
related to an interface and allow for faster resolution of problems.
The steps to configure an interface
description are as
follows:
1. Use the configure terminal command to enter global configuration mode.
2. Enter a specific interface mode such as interface FastEthernet 0/0
3. Enter the command description followed by the information that is to be displayed, such as XYZ Network, Building 18.
4. Use Ctrl-Z to exit interface mode and return to privileged EXEC mode.
5. Use the copy running-config startup-config command to save the configuration changes to NVRAM.
description
interface serial 0/0
description ABC network
1, Circuit 1
Login banners can be seen by anyone.
Therefore, a banner
message should be worded carefully. “Welcome†is an
invitation for
anyone to
enter a router and is probably not an appropriate message.
A login banner should warn users not to
attempt login unless
they are authorized. A message such as “This is a secure
system,
authorized
access only!†informs unwanted visitors that any further
intrusion is
illegal.
Follow these steps to create and display a
message-of-the-day:
1. Use the configure terminal command to enter global configuration mode.
2. Enter the command banner motd # <message of the day > # .
3.
Issue
the copy
running-config startup-config command to save the changes.
A router has several modes that are used to
accomplish
specific tasks. The user EXEC mode is used primarily to check the
status of a
router. The privileged EXEC mode allows administrators to set usernames
and
passwords for access to router commands. Global configuration mode is
used to
apply configuration statements that affect a whole system.
One of the first configuration tasks is to
give a unique
name to a router. For security purposes, passwords and user IDs for
authorized
users should be set. The show command is used to examine the contents
of files
and for troubleshooting.
Serial interfaces require a clock signal to
control the
timing of the communications. An interface must have an IP address and
subnet
mask to route IP packets. By default, interfaces are turned off or
disabled.
Use the no shutdown command to turn on an interface. Use the show
running-config command to display the current running configuration to
verify
any modifications.