Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco router configuration AFNOG 2002 / track 2 # 1 Cisco Router Configuration Basics.

Published byBeatrix Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Cisco router configuration AFNOG 2002 / track 2 # 1 Cisco Router Configuration Basics."— Presentation transcript:

1 cisco router configuration AFNOG 2002 / track 2 # 1 Cisco Router Configuration Basics

2 cisco router configuration AFNOG 2002 / track 2 # 2 router components äLike a computer they are composed of –Operating System - IOS –Micro Processor to run the IOS –RAM main storage, dynamic configuration –NVRAM to store instruction for performing the self test of the device, backup of config –Flash memory: erasable ROM, contain copy of IOS

3 cisco router configuration AFNOG 2002 / track 2 # 3 system startup äPOST -> diagnostic on all ROM on all modules äconfiguration -> check and load IOS äload configuration files stored in NVRAM

4 cisco router configuration AFNOG 2002 / track 2 # 4 overview ärouter configuration controls the operation of the router: äinterface address and netmask ärouting information (static or dynamic) äbooting and startup information äsecurity (passwords)

5 cisco router configuration AFNOG 2002 / track 2 # 5 where is the configuration? ärouter always has two configurations: ärunning configuration äin RAM, determines how the router is currently operating  is changed by using the configuration command  to see it: show running ästartup confguration äin NVRAM, determines how the router will operate after next reload  is changed using the copy command  to see it: show startup

6 cisco router configuration AFNOG 2002 / track 2 # 6 where is the configuration? äcan also be stored in more permanent places: äexternal hosts, using TFTP to move it around äin flash memory in the router äcopy command is used to move it around copy run start copy run tftp copy start tftp copy tftp start copy flash start copy start flash

7 cisco router configuration AFNOG 2002 / track 2 # 7 external Configuration Sources äConsole/auxillary port ävirtual terminals - telnets äTFTP Server äNetwork Management Software

8 cisco router configuration AFNOG 2002 / track 2 # 8 changing the configuration äconfiguration statements can be entered interactively - changes are made (almost) immediately, to the running configuration äcan use direct serial connection to console port, or ätelnet to vty’s (“virtual terminals”), or ämodem connection to aux port

9 cisco router configuration AFNOG 2002 / track 2 # 9 changing configuration äor, edited in a text file and uploaded to the router at a later time via tftp; äsome configuration statements, especially access lists, are very difficult to work with interactively, so editing and uploading the file is the only practical way to work; äalso allows version control and auditing changes

10 cisco router configuration AFNOG 2002 / track 2 # 10 new router configuration process äload configuration parameters into RAM äpersonalize router identification äassign access passwords äconfigure interfaces äconfigure routing protocols äsave configuration parameters to NVRAM

11 cisco router configuration AFNOG 2002 / track 2 # 11 router modes äUser EXEC mode - limited examination of router –Router> äPrivileged EXEC mode - detailed examination of router, debugging, testing, file manipulation –Router# äROM Monitor - useful for password recovery äSetup Mode

12 cisco router configuration AFNOG 2002 / track 2 # 12 logging into the router äConnect router to console port or telnet to router –router> –router>enable –password –router# –router#? äConfiguring the router –Terminal (entering the commands directly) –router# configure terminal –router(config)# USER MODE PROMPT PRIVILEDGED MODE PROMPT

13 cisco router configuration AFNOG 2002 / track 2 # 13 configuring your router äSet the enable password: router(config)# enable password t2@afnogt2@afnog äIf you see in your config file, you will see that the enable password is displayed in clear text -- that is not safe, you have to encrypt it. router(config)# service password-encryption router(config)# enable secret "your pswd"(MD5 encryption) äTo configure interface you should go to interface config menu router(config) interface ethernet0 (or 0/x) router (config-if)# äSave your config uration router #copy running-config startup-config

14 cisco router configuration AFNOG 2002 / track 2 # 14 configuring your router äconfiguration statements have different contexts: äglobal: enable-password mysecret äinterface: interface ethernet0 ip address 169.222.1.45 255.255.255.0 ärouter: router ospf 1 network 169.222.31.0 0.0.0.255 area 0 äline: line vty 04

15 cisco router configuration AFNOG 2002 / track 2 # 15 global configuration äglobal configuration statements are independent of any particular interface or routing protocol, e.g.: hostname myrouter enable-password mysecret service password-encryption logging facility local0 logging 169.222.31.42

16 cisco router configuration AFNOG 2002 / track 2 # 16 global configuration äip-specific global configuration statements: ip classless ip name-server 169.222.31.42 ästatic route creation: ip route 169.222.16.0 255.255.248.0 169.229.31.1

17 cisco router configuration AFNOG 2002 / track 2 # 17 interface configuration äinterfaces are named by type and position; e.g.: ethernet0, ethernet1,... ethernet5 serial0, serial1... serial3 äand can be abbreviated: ethernet0 or eth0 or e0 serial0 or ser0 or s0

18 cisco router configuration AFNOG 2002 / track 2 # 18 interface configuration äip address and netmask configuration, using interface commands (interactive configuration example, showing prompts): router#configure terminal router(config)#interface e0 router(config-if)#ip address 169.222.30.4 255.255.255.0 router(config-if)#no shutdown router(config-if)#^Z router#

19 cisco router configuration AFNOG 2002 / track 2 # 19 interface configuration äadministratively enable/disable the interface router(config-if)#no shutdown router(config-if)#shutdown ädescription router(config-if)#description ethernet link to admin building router

20 cisco router configuration AFNOG 2002 / track 2 # 20 äCisco global config should always include: ip classless ip subnet-zero no ip domain-lookup äCisco interface config should usually include: no shutdown no ip proxy-arp no ip redirects

21 cisco router configuration AFNOG 2002 / track 2 # 21 looking at the configuration  use “show running-configuration” to see the current configuration  use “show startup-configuration” to see the configuration in NVRAM, that will be loaded the next time the router is rebooted or reloaded

22 cisco router configuration AFNOG 2002 / track 2 # 22 interactive configuration äenter configuration mode, using “configure term” äprompt gives a hint about where you are: router#configure term router(config)#ip classless router(config)#ip subnet-zero router(config)#int e3 router(config-if)#ip addr 169.222.31.33 255.255.255.224 router(config-if)#no shut router(config-if)#^Z

23 cisco router configuration AFNOG 2002 / track 2 # 23 storing the configuration on a host  requires: `tftpd’ on a unix host; destination file must exist before the file is written and must be world writable... copy run tftp router#copy run tftp Remote host []? 169.222.31.42 Name of configuration file to write [hostel-rtr-confg]? /usr/local/tftpd/hostel-rtr-confg Write file /usr/local/tftpd/hostel-rtr-confg on... host 169.222.31.42? [confirm] Building configuration... Writing /usr/local/tftpd/hostel-rtr-confg !![OK]

24 cisco router configuration AFNOG 2002 / track 2 # 24 restoring the configuration from a host äuse ‘tftp’ to pull file from unix host, copying to running config or startup router#copy tftp start Address of remote host [255.255.255.255]? 169.222.31.42 Name of configuration file [hostel-rtr-confg]? Configure using hostel-rtr-confg from 169.222.31.42? [confirm] Loading hostel-rtr-confg from 169.222.31.42 (via Ethernet0): ! [OK - 1005/128975 bytes] [OK] hostel-rtr# reload

25 cisco router configuration AFNOG 2002 / track 2 # 25 getting help äIOS has a built-in help facility; use “?” to get a list of possible configuration statements ä“?” after the prompt lists all possible commands: router#?  “ ?” lists all possible subcommands, e.g.: router#show ? router#show ip ?

26 cisco router configuration AFNOG 2002 / track 2 # 26 getting help ä“ ?” shows all possible command completions router#con? configure connect äthis is different: hostel-rtr#conf ? memory Configure from NV memory network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP... network host terminal Configure from the terminal

27 cisco router configuration AFNOG 2002 / track 2 # 27 getting help äthis also works in configuration mode: router(config)#ip a? accounting-list accounting-threshold accounting-transits address-pool alias as-path router(config)#int e0 router(config-if)#ip a? access-group accounting address

28 cisco router configuration AFNOG 2002 / track 2 # 28 getting help äcan “explore” a command to figure out the syntax: router(config-if)#ip addr ? A.B.C.D IP address router(config-if)#ip addr 169.222.64.1 ? A.B.C.D IP subnet mask router(config-if)#ip addr 169.222.64.1 255.255.255.0 ? secondary Make this IP address a secondary address router(config-if)#ip addr 169.222.64.1 255.255.255.0 router(config-if)#

29 cisco router configuration AFNOG 2002 / track 2 # 29 getting lazy help äTAB character will complete a partial word hostel-rtr(config)#int hostel-rtr(config)#interface et hostel-rtr(config)#interface ethernet 0 hostel-rtr(config-if)#ip add hostel-rtr(config-if)#ip address... 169.222.64.1 255.255.255.0 änot really necessary; partial commands can be used: router#conf t router(config)#int e0 router(config-if)#ip addr 169.222...

30 cisco router configuration AFNOG 2002 / track 2 # 30 getting lazy äcommand history äIOS maintains short list of previously typed commands  up-arrow or ‘ ^p ’ recalls previous command  down-arrow or ‘^n’ recalls next command äline editing äleft-arrow, right-arrow moves cursor inside command  ‘^d’ or backspace will delete character in front of cursor

31 cisco router configuration AFNOG 2002 / track 2 # 31 Connecting your Freebsd machine to console äConnect your machine to the console port using the serial cable provide ägo to /etc/remote to see the device configured to be used with "tip”.you will see at the end, a line begin with cuaa0c… (you can change it to cisco) bash$ tip cuaa0c (or cisco) router> router>enable router#

32 cisco router configuration AFNOG 2002 / track 2 # 32 Exercise contd älook at your running configuration äConfigure an IP address for e0/0 depending on your table - use 80.248.70.1 for table A etc älook at your running configuration and your startup configuration äwhat difference is there if any

33 cisco router configuration AFNOG 2002 / track 2 # 33 using access lists äAccess Control Lists used to implement security in routers –powerful tool for network control –filter packets flow in or out of router interfaces –restrict network use by certain users or devices –deny or permit traffic –operate in sequential, logical order - top down –goes down access list until match is found –inherent deny at the bottom of every list

34 cisco router configuration AFNOG 2002 / track 2 # 34 using access lists äStandard Access Lists (1 - 99) –simpler address specifications –generally permits or denies entire protocol suite äExtended Access Lists (100 - 199) –more complex address specification –generally permits or denies specific protocols

35 cisco router configuration AFNOG 2002 / track 2 # 35 ACL format äStandard Access List Configuration format –access-list access-list-number {permit | deny} source {source-mask} –ip access-group access-list-number {in | out} äExtended Access List Configuration format –access-list access-list-number {permit | deny} protocol source {source-mask} destination {destination-mask} –ip access-group access-list-number {in | out}

36 cisco router configuration AFNOG 2002 / track 2 # 36 where to place IP access list äplace standard access list close to destination äplace extended access lists close to the source of the traffic you want to deny

37 cisco router configuration AFNOG 2002 / track 2 # 37 using access lists äRouter(config)#Access-list access-list-number {permit|deny}{test conditions} äRouter(config)#{protocol access-group access-list-number äe.g check for IP subnets 172.30.16.0 to 172.30.31.0 172.30.16.0 0001 0000 0000 check 1111 ignore Address and Wilcard Mask: 172.30.16.0 0.0.15.255

38 cisco router configuration AFNOG 2002 / track 2 # 38 äwildcard bits indicate how to check corresponding address bit –0=check –1=ignore äMatching Any IP Address 0.0.0.0 255.255.255.255 or abbreviate the expression using the keyword any äMatching a specific host 172.30.16.29 0.0.0.0 or abbreviate the wildcard using the IP address preceded by the keyword host

39 cisco router configuration AFNOG 2002 / track 2 # 39 Permit telnet from my network only access-list 1 permit 80.248.70.224 0.0.0.15 access-list 1 deny any line vty 0 4 access-class 1 in

40 cisco router configuration AFNOG 2002 / track 2 # 40 Standard Access Lists Example Permit my network only Non 172.16.0.0 172.16.3.0172.16.4.0 172.16.4.13E0E1 S0 Access-list 1 permit 172.16.0.0 0.0.255.255 Interface ethernet 0 ip access-group 1 out interface ethernet 1 ip access-group 1 out

41 cisco router configuration AFNOG 2002 / track 2 # 41 extended access lists example Deny FTP for E0 Non 172.16.0.0 172.16.3.0172.16.4.0 172.16.4.13E0E1 S0 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20 access-list 101 permit ip172.16.4.0 0.0.0.255 0.0.0.0 255.255.255.255 interface ethernet 0 ip access-group 101 out

Download ppt "Cisco router configuration AFNOG 2002 / track 2 # 1 Cisco Router Configuration Basics."

Similar presentations

Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
Cisco Router. Overview Understanding and configuring the Cisco Internetwork Operating System (IOS) Connecting to a router Bringing up a router Logging.

Cisco Router. Overview Understanding and configuring the Cisco Internetwork Operating System (IOS) Connecting to a router Bringing up a router Logging.
1 CCNA 2 v3.1 Module 3. 2 CCNA 2 Module 3 Configuring a Router.

1 CCNA 2 v3.1 Module 3. 2 CCNA 2 Module 3 Configuring a Router.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Introduction to the Cisco IOS

Introduction to the Cisco IOS
CCNA Guide to Cisco Networking Fundamentals Fourth Edition

CCNA Guide to Cisco Networking Fundamentals Fourth Edition
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
Chapter 9 Managing a Cisco Internetwork Cisco Router Components Bootstrap - Brings up the router during initialization POST - Checks basic functionality;

Chapter 9 Managing a Cisco Internetwork Cisco Router Components Bootstrap - Brings up the router during initialization POST - Checks basic functionality;
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
Cisco Devices CONFIGURING CISCO SWITCH AND ROUTER.

Cisco Devices CONFIGURING CISCO SWITCH AND ROUTER.
Cisco Router Configuration Basics Nishal Goburdhan.

Cisco Router Configuration Basics Nishal Goburdhan.
1 Configuring Cisco Routers Relates to Lab 3.. Router Components Bootstrap – stored in ROM microcode – brings router up during initialization, boots router.

1 Configuring Cisco Routers Relates to Lab 3.. Router Components Bootstrap – stored in ROM microcode – brings router up during initialization, boots router.
Cisco Router Configuration Basics Scalable Infrastructure Workshop.

Cisco Router Configuration Basics Scalable Infrastructure Workshop.
Cisco router configuration NTW2000 / track 2 # 1 cisco router configuration basics.

Cisco router configuration NTW2000 / track 2 # 1 cisco router configuration basics.
Cisco Router Configuration AfNOG 2003 / Track 2 # 1 Cisco Router Configuration Basics Presented By Mark Tinka (Uganda)

Cisco Router Configuration AfNOG 2003 / Track 2 # 1 Cisco Router Configuration Basics Presented By Mark Tinka (Uganda)
Host-based Internetworking, Tuesday, 15 June ´99 INET ‘99 Network Training Workshop 1/11 IP Forwarding With Cisco Routers Lab Exercises.

Host-based Internetworking, Tuesday, 15 June ´99 INET ‘99 Network Training Workshop 1/11 IP Forwarding With Cisco Routers Lab Exercises.
IST 228\Ch4\Cisco IOS1 What we will be able to do?

IST 228\Ch4\Cisco IOS1 What we will be able to do?

Similar presentations

Ads by Google