cisco-switch-router configurations

CISCO SYSTEMS (ROUTERS AND SWITCHES) Advanced Systems Administration Course

Fred Msumeno University computing Centre Ltd, University of Dar es salaam, E-mail: [email protected] Website: www.ucc.co.tz

Installation and configurations Pre-requisities

Knowledge of LAN and WAN Knowledge of IP addressing Knowledge of sub-netting and super-netting Knowledge of TCP/IP configurations on client Computers

Router Components

Bootstrap – stored in ROM microcode – brings router up during initialisation, boots router and loads the IOS. POST – Power On Self Test - stored in ROM microcode – checks for basic functionality of router hardware and determines which interfaces are present ROM Monitor – stored in ROM microcode – used for manufacturing, testing and troubleshooting Mini-IOS – a.k.a RXBOOT/boot loader by Cisco – small IOS ROM used to bring up an interface and load a Cisco IOS into flash memory from a TFTP server; can also perform a few other maintenance operations

Router Components

RAM – holds packet buffers, ARP cache, routing table, software and data structure that allows the router to function; running-config is stored in RAM, as well as the decompressed IOS in later router models ROM – starts and maintains the router Flash memory – holds the IOS; is not erased when the router is reloaded; is an EEPROM [Electrically Erasable Programmable Read-Only Memory] created by Intel, that can be erased and reprogrammed repeatedly through an application of higher than normal electric voltage NVRAM – Non-Volatile RAM - holds router configuration; is not erased when router is reloaded

Router Components

Config-Register controls how router boots; value can be seen with “show version” command; is typically 0x2102, which tells the router to load the IOS from flash memory and the startup-config file from NVRAM

Purpose of the Config Register

Reasons why you would want to modify the config-register: Force the router into ROM Monitor Mode Select a boot source and default boot filename Enable/Disable the Break function Control broadcast addresses Set console terminal baud rate Load operating software from ROM Enable booting from a TFTP server

System Startup

POST – loaded from ROM and runs diagnostics on all router hardware Bootstrap – locates and loads the IOS image; default setting is to load the IOS from flash memory IOS – locates and loads a valid configuration from NVRAM; file is called startup-config; only exists if you copy the running-config to NVRAM startup-config – if found, router loads it and runs embedded configuration; if not found, router enters setup mode

Overview

Router configuration controls the operation of the router’s: Interface IP address and netmask Routing information (static, dynamic or default) Security (passwords and authentication)

Boot and startup information

Where is the Configuration?

Router always has two configurations: Running configuration

In RAM, determines how the router is currently operating Is modified using the configure command To see it: show running-config

Startup confguration

In NVRAM, determines how the router will operate after next reload Is modified using the copy command To see it: show startup-config

Where is the Configuration?

Can also be stored in more permanent places:

External hosts, using TFTP (Trivial File Transfer Protocol)

In flash memory in the router

Copy command is used to move it around

copy run start

copy run tftp

copy start tftp

copy tftp start

copy flash start

copy start flash

Router Access Modes

User EXEC mode – limited examination of router

Privileged EXEC mode – detailed examination of router, debugging, testing, file manipulation (router prompt changes to an octothorp)

Router>

Router#

ROM Monitor – useful for password recovery & new IOS upload session Setup Mode – available when router has no startupconfig file

External Configuration Sources

Console Direct PC serial access Auxiliary port Modem access Virtual terminals Telnet/SSH access TFTP Server Copy configuration file into router RAM Network Management Software e.g., CiscoWorks

Changing the Configuration

Configuration statements can be entered interactively

changes are made (almost) immediately, to the running configuration

Can use direct serial connection to console port, or Telnet/SSH to vty’s (“virtual terminals”), or Modem connection to aux port, or Edited in a text file and uploaded to the router at a later time via tftp; copy tftp start or config net

Logging into the Router/switch

Cisco devices can be configured through :Console ,SSH, Telnet, SNMP & TFTP protocols

Configuration using Console

Console login to a Cisco device using windows operating system installed PC Console is used to make initial configuration to a Cisco device or if the device can not be accessed using SSH, Telnet, SNMP and TFTP protocols.

Logging into the Router/switch Steps:

Connect a console cable to a Cisco device console port and then to your computer Communication port

Open the hyper terminal window , go to StartProgramsAccessoriesCommunicationsHyper Terminal



Enter the connection name and select the first icon for the connection

Enter the connection details and select the communication port

Enter the port settings and press inter to start configuration of your Cisco device

New Router Configuration Process

Any time you make changes to the router configuration, you must save the changes to memory because if you do not they will be lost if there is a system reload or power outage. There are two types of configuration files: the running (current operating) configuration and the startup configuration. Use the following privileged mode commands to work with configuration files.

configure terminal – modify the running configuration manually from the terminal show running-config – display the running configuration.


show startup-config – display the startup configuration copy running-config startup-config – copy the running configuration to the startup configuration

copy startup-config running-config – copy the startup configuration to the running configuration erase startup-config – erase the startupconfiguration in NVRAM.


copy tftp running-config – load a configuration file stored on a Trivial File Transfer Protocol (TFTP) server into the running configuration copy running-config tftp – store the running configuration on a TFTP server

Router configuration

Hostname configuration Router>enable Router#configure terminal Router(config)#hostname TEST-ROUTER

Setting console password TEST-ROUTER(config)#line console 0 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco

Router configuration

Setting telnet password TEST-ROUTER(config)#line vty 0 4 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco

Setting Setting telnet password TEST-ROUTER(config)#line vty 0 4 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco

Router configuration Enable secret password TEST-ROUTER(config)#enable secret cisco Enable password TEST-ROUTER(config)#enable password cisco1 Note: Do not save the configuration before you confirm that the setting are correct, to do that exit the privileged mode and try to login using the passwords, for telnet login the router must have been configured with IP address on one of its interfaces. To save the configurations TEST-ROUTER#copy running-config startup-config or type TEST-ROUTER#write

IP Address Configuration

IP addresses are configured on interfaces (Fast Ethernet or Ethernets), VLANS(for a layer 2/layer 3 switch), serial interfaces. Enter privileged EXEC mode Enter global configuration mode Enter in an interface to configure TEST-ROUTER(config)#interface ethernet 0 Configure the IP addres

IP Address Configuration

TEST-ROUTER(config-if)#ip address 192.168.200.1 255.255.255.0 If the interface is connected /to connect two different subnet you add a secondary IP address TEST-ROUTER(config-if)#ip address 192.168.100.1 255.255.255.0 secondary Enable the interface TEST-ROUTER(config-if)#no shutdown Exit the interface configuration and global configuration by end or Ctrl-Z TEST-ROUTER(config-if)#end

IP ROUTING CONFIGURATION Static routes configurations Enter privileged EXEC mode Enter global configuration mode Configure the default gateway TEST-ROUTER(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 Configure other static routes TEST-ROUTER(config)#ip route 192.168.10.0 255.255.255.0 192.168.200.2 TEST-ROUTER(config)#ip route 192.168.8.0 255.255.255.0 192.168.100.2 TEST-ROUTER(config)#ip route 192.168.0.0 255.255.254.0 192.168.200.3

DHCP SERVICE CONFIGURATION TEST-DIST-SW#config t TEST-DIST-SW(config)#ip dhcp database test Configure DHCP pool address TEST-DIST-SW(config)#ip dhcp pool test TEST-DIST-SW(dhcp-config)#network 196.44.160.136 255.255.255.248 Configure DNS servers to be used by cliets TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10 196.44.161.10 Configure the domain name to be used by clients TEST-DIST-SW(dhcp-config)#domain-name test.ucc.co.tz Configure default gateway TEST-DIST-SW(dhcp-config)#default-router 196.44.160.137 TEST-DIST-SW(dhcp-config)#exit

DHCP … Configure the router as dhcp server TEST-DIST-SW(config)#ip dhcp-server 196.44.160.137 Exlude some addresses to be used in static assignment(including the default-gateway/dhcp address) TEST-DIST-SW(config)#ip dhcp excluded-address 196.44.160.137 196.44.160.139 Dis-able ping of the dhcp server TEST-DIST-SW(config)#ip dhcp ping packets 0 Allow server to offer IP addresses to the clients TEST-DIST-SW(config)#$ 107 permit udp host 196.44.160.137 any eq bootps TEST-DIST-SW(config)#$ 107 permit udp any host196.44.160.137 eq bootps TEST-DIST-SW(config)#$ 107 permit udp any host 255.255.255.255 eq bootps

DHCP …

Apply the access control list on router interface that clients on LAN connect TEST-DIST-SW(config)#interface vlan 1 TEST-DIST-SW(config-if)#ip access-group 107 in

NAT CONFIGURATION Configure your router as NAT TEST-DIST-SW#config t Configure DHCP service TEST-DIST-SW(config)#ip dhcp pool nat TEST-DIST-SW(dhcp-config)#network 192.168.8.0 255.255.255.0 TEST-DIST-SW(dhcp-config)#default-router 192.168.8.1 TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10 196.44.161.10 TEST-DIST-SW(dhcp-config)# domain-name nat.ucc.co.tz TEST-DIST-SW(dhcp-config)#exit Configure NAT ip nat inside source list 100 interface FastEthernet0/1 overload

NAT …

Access list to assign dhcp addresses to clients TEST-DIST-SW(config)#ipaccess-list 107 permit udp host 192.168.8.1 any eq bootps TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host 192.168.8.1 eq bootps TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host 255.255.255.255 eq bootps Apply the access list above to the private network interface Access control list for the natted addresses access-list 100 permit ip 192.168.8.0 0.0.0.255 any

NAT ….

Configure natting on router interfaces TEST-DIST-SW(config)# interface FastEthernet0/0 TEST-DIST-SW(config-if)# ip address 192.168.8.1 255.255.255.0 TEST-DIST-SW(config-if)# ip nat inside TEST-DIST-SW(config-if)# interface FastEthernet0/1 TEST-DIST-SW(config-if)# ip address 196.44.161.241 255.255.255.0 TEST-DIST-SW(config-if)# ip nat outside Save the configurations

VLAN CONFIGURATION IN CISCO SWITCHES Configure VLAN on switches and assign ports to the VLANS TEST-DIST-SW#config t TEST-DIST-SW#vlan database TEST-DIST-SW(vlan)#vlan 2 name WLAN EST-DIST-SW(vlan)#exit Assign the ports to the WLAN VLAN TEST-DIST-SW#config t TEST-DIST-SW(config)#interface fastEthernet 0/1 TEST-DIST-SW(config-if)#switchport access vlan 2

EXERCISE Configure your Cisco router 1. Host name 2. Set the console, telnet(limit number of concurrent access to 4 ), secret and enable passwords 3.WAN IP 196.44.161.X and set LAN subnet 196.44.160.136/29. 4. Configure static routes, default gateway 196.44.161.1, and a route to 196.44.160.128/29 via 196.44.161.13

Exercise cont… 5. Add users (with privilege 5)who can login to the router 6. Configure snmp parameters 7. Enable IP cache on the interfaces