Cisco Router Configuration Basics

● Cisco Router Configuration Basics
● Router Components
● Purpose of the Config Register
● System Startup
● Overview
● Where is the Configuration?
● Router Access Modes
● External Configuration Sources
● Changing the Configuration
● Logging into the Router
● Connecting your FreeBSD Machine to the Router’s Console Port
● Address Assignments
● New Router Configuration Process
● Router Prompts – How to tell where you are on the router
● Configuring your Router
● Configuring Your Router
● Global Configuration
● The NO Command
● Interface Configuration
● Global Configuration Commands
● Looking at the Configuration
● Interactive Configuration
● Storing the Configuration on a Remote System
● Restoring the Configuration from a Remote System
● Getting Online Help
● Getting Lazy Online Help
● Connecting your FreeBSD machine to the Router’s Console port
● Deleting your Router’s Configuration
● Using Access Control Lists (ACLs)
● Rules followed when comparing traffic with an ACL
● Using ACLs
● ACL Syntax
● Where to place ACLs
● What are Wild Card Masks?
● ACL Example
● Permit telnet access only for my network
● Standard IP ACLs
Permit only my network
● Extended IP ACLs:
Deny FTP access through Interface E1
● Prefix Lists
● Prefix List Configuration Syntax
● Prefix List Configuration Example
● Disaster Recovery – ROM Monitor
● Getting to the ROM Monitor
● Disaster Recovery:
How to Recover a Lost Password
cisco router configuration basics nishal goburdhan router components bootstrap – stored in rom microcode – brings router up during initialisation boots router and loads the ios. post – power on self test stored in rom microcode – checks for basic functionality of router hardware and determines which interfaces are present rom monitor – stored in rom microcode – used for manufacturing testing and troubleshooting mini ios – a.k.a rxboot boot loader by cisco – small ios rom used to bring up an interface and load a cisco ios into flash memory from a tftp server can also perform a few other maintenance operations router components ram – holds packet buffers arp cache routing table software and data structure that allows the router to function running config is stored in ram as well as the decompressed ios in later router models rom – starts and maintains the router flash memory – holds the ios is not erased when the router is reloaded is an eeprom electrically erasable programmable read only memory created by intel that can be erased and reprogrammed repeatedly through an application of higher than normal electric voltage nvram – non volatile ram holds router configuration is not erased when router is reloaded router components config register controls how router boots value can be seen with show version command is typically x۲۱ ۲ which tells the router to load the ios from flash memory and the startup config file from nvram purpose of the config register reasons why you would want to modify the config register force the router into rom monitor mode select a boot source and default boot filename enable disable the break function control broadcast addresses set console terminal baud rate load operating software from rom enable booting from a tftp server system startup post – loaded from rom and runs diagnostics on all router hardware bootstrap – locates and loads the ios image default setting is to load the ios from flash memory ios – locates and loads a valid configuration from nvram file is called startup config only exists if you copy the running config to nvram startup config – if found router loads it and runs embedded configuration if not found router enters setup mode overview router configuration controls the operation of the router’s interface ip address and netmask routing information static dynamic or default boot and startup information security passwords and authentication where is the configuration router always has two configurations running configuration in ram determines how the router is currently operating is modified using the configure command to see it show running config startup confguration in nvram determines how the router will operate after next reload is modified using the copy command to see it show startup config where is the configuration can also be stored in more permanent places external hosts using tftp trivial file transfer protocol in flash memory in the router copy command is used to move it around copy run start copy run tftp copy start tftp copy tftp start copy flash start copy start flash router access modes user exec mode – limited examination of router router privileged exec mode – detailed examination of router debugging testing file manipulation router prompt changes to an octothorp router rom monitor – useful for password recovery new ios upload session setup mode – available when router has no startup config file external configuration sources console direct pc serial access auxiliary port modem access virtual terminals telnet ssh access tftp server copy configuration file into router ram network management software e.g. ciscoworks changing the configuration configuration statements can be entered interactively changes are made almost immediately to the running configuration can use direct serial connection to console port or telnet ssh to vty’s virtual terminals or modem connection to aux port or edited in a text file and uploaded to the router at a later time via tftp copy tftp start or config net logging into the router connect router to console port or telnet to router router router enable password router router configuring the router terminal entering the commands directly router configure terminal router config connecting your freebsd machine to the router’s console port connect your machine to the console port using the rollover serial cable provide go to etc remote to see the device configured to be used with tip . you will see at the end a line begin with com۱ bash tip com۱ enter router router enable router address assignments new router configuration process load configuration parameters into ram router configure terminal personalize router identification router config hostname routera assign access passwords routera config line console routera config line password cisco routera config line login new router configuration process configure interfaces routera config interface ethernet routera config if ip address n.n.n.n m.m.m.m routera config if no shutdown configure routing routed protocols save configuration parameters to nvram routera copy running config startup config or write memory router prompts – how to tell where you are on the router you can tell in which area of the router’s configuration you are by looking at the router prompts router – user prompt mode router – privileged exec prompt mode router config – terminal configuration prompt router config if – interface configuration prompt router config subif – sub interface configuration prompt router prompts – how to tell where you are on the router you can tell in which area of the router’s configuration you are by looking at the router prompts router config route map – route map configuration prompt router config router – router configuration prompt router config line – line configuration prompt rommon ۱ rom monitor mode configuring your router set the enable secret password router config enable secret your pswd this md۵ encrypts the password the old method was to use the enable password command. but this is not secure weak encryption and is absolutely not recommended. do not use ensure that all passwords stored on router are weakly encrypted rather than clear text router config service password encryption configuring your router to configure interface you should go to interface configuration prompt router config interface ethernet or x router config if save your configuration router copy running config startup config or write memory configuring your router global enable secret e۲@fnog interface interface ethernet ip address n.n.n.n m.m.m.m router router ospf ۱ network n.n.n.n w.w.w.w area line line vty ۴ global configuration global configuration statements are independent of any particular interface or routing protocol e.g. hostname e۲ @fnog enable secret tracke۲ service password encryption logging facility local logging n.n.n.n global configuration ip specific global configuration statements ip classless ip name server n.n.n.n static route creation ip route n.n.n.n m.m.m.m …

