Networking Operating Systems (CO32010) 1. Operating Systems 2. Processes and scheduling 3. Distributed processing 4. Distributed file systems 5. Routing protocols 6. Routers 7. Encryption 8. NT, UNIX and NetWare 6.1Introduction 6.2Router configuration and startup 6.3Router commands 6.4Access Control Lists (ACLs) 6.5Exercises 6.6Cisco router commands Objectives: To outline the main elements of a router. To be able to understand the main elements in the programming of a router. To be able to program a router for a given specification. To understand the operation of firewalls, and how these are implemented on a firewall. Objectives: To outline the main elements of a router. To be able to understand the main elements in the programming of a router. To be able to program a router for a given specification. To understand the operation of firewalls, and how these are implemented on a firewall.
Routers Router Console port Modem Auxiliary port Ether1 Serial0 Ether0 Console terminal Virtual Terminal (through telnet) TFTP Server (to download configuration files over the network) Serial1 Interfaces Auxiliary Port (RJ-45) Console Port (RJ-45) Serial0 (DB-60) Serial1 (DB-60) Ether0 (DB-15) Ether1 (DB-15) ROUTER
Router modes ROM Perform hardware tests Perform hardware tests Load operating system Load operating system Run EXEC Run EXEC Bootstrap program Executes User commands Global, process and interface information Load configuration file from NVRAM User EXEC. View configuration parameters User EXEC. View configuration parameters Privileged EXEC. Edit configuration parameter/ debug/testing Privileged EXEC. Edit configuration parameter/ debug/testing Setup mode Used to configure the router when first started Setup mode Used to configure the router when first started RXBOOT Maintenance mode, such as recovering lost passwords RXBOOT Maintenance mode, such as recovering lost passwords Global Config Performs simple configuration tasks Global Config Performs simple configuration tasks
Example topology Switch LAB-A (Router) LAB-A (Router) LAB-B (Router) LAB-B (Router) Serial0 Serial1Ether1 LAB-C (Router) LAB-C (Router) Serial0 Serial1 LAB-D (Router) LAB-D (Router) Hub LAB-E (Router) LAB-E (Router) Ether0 Serial Serial1 Ether
Router startup The bootstrap loader is loaded from ROM and run on the processor. The operation system (Cisco IOS – Internetwork Operating System) is then loaded from the boot field of a configuration register (which specifies either boot from flash memory, boot from the network or manual boot). The lower four bits of the configuration register define the boot field. The operating system is then booted, and it determines the hardware and the software on the system, and displays these to the console terminal. The operating system then loads the configuration file from NVRAM and executes it one line at a time. These lines start different processes, and define addresses and protocol types. If there is no configuration file in NVRAM, the router automatically goes into user setup mode, where the router asks the user questions about the router configuration. Once these have been specified the router saves these to NVRAM, so that the settings will be saved. Once saved, the router should automatically boot, without going into user setup mode. As much as possible the router tries to discover its environment, and tries to minimize the settings that the user has to add. Typically values are given in squared brackets, which are defaults that the user can choose if the return key is pressed at the option.
Router memory NVRAM. This type of memory does not lose its contents when the power is withdrawn, but can be written to. It is used to store the router’s backup/startup configuration file. One of the options in the configuration is where the operating system image is loaded from, typically either from flash memory, or from a TFTP server. Flash. This is erasable, reprogrammable ROM, which keeps its contents when the power is taken away. It is used in the router to contain one or more copies of the operating system image and microcode. Flash memory allows for easy updates to the operating system software, without having to replace any parts of the hardware. ROM. This is a permanent type of memory, which cannot be changed, and does not lose its contents when the power is withdrawn. On the router it contains power-on diagnostics, a bootstrap program, and operating system software. Upgrades to ROM require a change of a ROM integrated circuit. RAM. This is the main memory of the router and stores running programs and the current running configuration file. Along with this the RAM stores routing tables, ARP cache, packet buffering and packet hold queues. The contents of the RAM are lost when the power is withdrawn.
Router commands (enable) LAB-A con0 is now available Press RETURN to get started. User Access Verification Password: ******* LAB-A>? Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface clear Reset functions connect Open a terminal connection :::::::: LAB-A>enable Password: ********** LAB-A#? Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry cd Change current directory ::::::::
Router commands (enable) show arp. Displays the current status of router’s ARP tables, which map IP addresses to MAC address. Session run 6.6 gives an example of this command. show buffers. This command shows detailed statistics on the buffers within the router. Session run 6.2 gives an example of this command. In this case, the memory buffers split into small buffers (104 bytes), middle buffers (600 bytes), big buffers (1524 bytes), very big buffers (4520 bytes), large buffers (5024 bytes) and huge buffers (18024 bytes). show flash. This command displays information on the data stored in the flash memory. An example is given in Session run 6.8. show hosts. This command displays a lists of connected hosts and their IP addresses. show interfaces. This command displays statistics for all interfaces configured on the router. Session run 6.10 shows an example. show mem. This command displays the usage of the routers memory. Session run 6.3 shows an example. show processes. This command shows the active processes. show protocols. This command displays the status of currently running protocols (such as IP, IPX, AppleTalk and DECnet). It can be seen from Session run 6.9 that there are three active interfaces (Ethernet0, Serial0 and Serial1), and that each of the interfaces is operating (‘they are up’). For example the IP address of Ethernet0 interface is /24, which specifies that it has an IP address of and that 24 bits are used to define the network part of the address (as expected as it is a Class C address). show running-config. This command displays the active configuration file. show startup. Displays the startup configuration file. show version. This command display information on the hardware, software version, configuration file name, and the boot image.
Router commands (show buffers) LAB-A#show buffers Buffer elements: 500 in free list (500 max allowed) 2026 hits, 0 misses, 0 created Public buffer pools: Small buffers, 104 bytes (total 50, permanent 50): 49 in free list (20 min, 150 max allowed) 669 hits, 0 misses, 0 trims, 0 created :::::::: Huge buffers, bytes (total 0, permanent 0): 0 in free list (0 min, 4 max allowed) 0 hits, 0 misses, 0 trims, 0 created 0 failures (0 no memory) Interface buffer pools: Ethernet0 buffers, 1524 bytes (total 32, permanent 32): 8 in free list (0 min, 32 max allowed) 24 hits, 0 fallbacks 8 max cache size, 8 in cache :::::::: Serial0 buffers, 1524 bytes (total 32, permanent 32): 7 in free list (0 min, 32 max allowed) 102 hits, 0 fallbacks 8 max cache size, 8 in cache
Router commands (show hosts) LAB-A>show hosts Default domain is not set Name/address lookup uses domain service Name servers are Host Flags Age Type Address(es) LAB-B (perm, OK) 17 IP LAB-C (perm, OK) 18 IP LAB-D (perm, OK) 19 IP LAB-E (perm, OK) 18 IP LAB-A (perm, OK) 19 IP
Router commands (show protocols) Lab-B>show protocols Internet Protocol routing is enabled Ethernet0 is up, line protocol is up Internet address is /24 Serial0 is up, line protocol is up Internet address is /24 Serial1 is up, line protocol is up Internet address is /24
Router commands (show running-config) Lab-B#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Lab-B ! enable password class ! ip subnet-zero ! interface Ethernet0 ip address no ip directed-broadcast ! interface Serial0 ip address ip directed-broadcast no ip mroute-cache no fair-queue clockrate !
Router commands (show running-config – cont.) interface Serial1 ip address no ip directed-broadcast ! router rip network network network ! no ip classless ! line con 0 password cisco login transport input none line aux 0 line vty 0 4 password cisco login ! end !
MAC and IP address Switch LAB-A (Router) LAB-A (Router) Hub MAC: b81.1d72 IP: ARP TABLE (in LAB-A) Protocol Address Age (min) Hardware Addr Type Interface Internet f40 ARPA Ethernet1 Internet b81.1d72 ARPA Ethernet0 Internet b430.b332 ARPA Ethernet0 Internet b81.1d73 ARPA Ethernet1 MAC: 0000.b430.b332 IP: MAC: b81.1d73 IP: MAC: f40 IP:
Router programming Router> enable Router# Router# config t Enter configuration commands, one per line. End with END. Router (config)# hostname LAB_A LAB_A (config)# LAB_A (config)# enable secret class LAB_A (config)# exit LAB_A# exit LAB_A> enable Password: ccc Password: class LAB_A#
Router programming LAB_A# config t LAB_A (config)# int e0 LAB_A (config-if)# ip address LAB_A (config-if)# no shutdown LAB_A (config-if)# exit LAB_A (config)# int e1 LAB_A (config-if)# ip address LAB_A (config-if)# no shutdown LAB_A (config-if)# exit LAB_A (config)# int s0 LAB_A (config-if)# ip address LAB_A (config-if)# clock rate LAB_A (config-if)# no shutdown LAB_A (config-if)# exit LAB_A (config)# router rip LAB_A (config-router)# network LAB_A (config-router)# network LAB_A (config-router)# network LAB_A (config-router)# exit LAB_A (config)#
ACLs A port on a router can be setup with ACLs to filter traffic based on the network address or the source or destination port number For example the firewall may block FTP traffic going out of the network. Router
ACLs Source IP address. The address that the data packet was sent from. Destination IP address. The address that the data packet is destined for. Source TCP port. The port that the data segment originated from. Typical ports which could be blocked are FTP (port 21), TELNET (port 23), and WWW (port 80). Destination TCP port. The port that the data segment is destined for. Protocol type. This filters for UDP or TCP traffic.
Standard ACLs Router# access-list access-list-value {permit | deny} source source-mask Router# access-list 1 deny Router# access-list 1 deny Router# access-list 1 permit ip any any Router (config)# interface Ethernet0 Router (config-if)# ip address Router (config-if)# ip access-group 1 in
Extended ACLs Router# access-list access-list-value {permit | deny} {test-conditions} Router(config)#access-list 100 deny ip host Router(config)#access-list 100 permit ip any any Router(config)#access-list 100 deny ip Router(config)#access-list 100 permit ip any any Router(config)#access-list 100 deny ip host Router(config)#access-list 100 permit ip any any Router (config)# interface Ethernet0 Router (config-if)# ip address Router (config-if)# ip access-group 100 in