CISCO SYSTEMS

(ROUTERS AND SWITCHES)

Advanced Systems Administration Course

Fred Msumeno
University computing Centre Ltd,
University of Dar es salaam,
E-mail: mfred@udsm.ac.tz
Website: www.ucc.co.tz
Installation and configurations

Pre-requisities

Knowledge of LAN and WAN

Knowledge of IP addressing

Knowledge of sub-netting and super-netting

Knowledge of TCP/IP configurations on client Computers
Router Components

Bootstrap – stored in ROM microcode – brings router up during
initialisation, boots router and loads the IOS.

POST – Power On Self Test - stored in ROM microcode – checks
for basic functionality of router hardware and determines which
interfaces are present

ROM Monitor – stored in ROM microcode – used for manufacturing,
testing and troubleshooting

Mini-IOS – a.k.a RXBOOT/boot loader by Cisco – small IOS ROM
used to bring up an interface and load a Cisco IOS into flash
memory from a TFTP server; can also perform a few other
maintenance operations
Router Components

RAM – holds packet buffers, ARP cache, routing table, software and
data structure that allows the router to function; running-config is
stored in RAM, as well as the decompressed IOS in later router
models

ROM – starts and maintains the router

Flash memory – holds the IOS; is not erased when the router is
reloaded; is an EEPROM [Electrically Erasable Programmable
Read-Only Memory] created by Intel, that can be erased and
reprogrammed repeatedly through an application of higher than
normal electric voltage

NVRAM – Non-Volatile RAM - holds router configuration; is not
erased when router is reloaded
Router Components

Config-Register
 controls how router boots;
 value can be seen with “show version” command;

 is typically 0x2102, which tells the router to load the IOS from
flash memory and the startup-config file from NVRAM
Purpose of the Config Register

Reasons why you would want to modify the config-register:
 Force the router into ROM Monitor Mode
 Select a boot source and default boot filename

 Enable/Disable the Break function

 Control broadcast addresses

 Set console terminal baud rate

 Load operating software from ROM

 Enable booting from a TFTP server
 System Startup

POST – loaded from ROM and runs diagnostics on all router hardware

Bootstrap – locates and loads the IOS image; default setting is to load
the IOS from flash memory

IOS – locates and loads a valid configuration from NVRAM; file is called
startup-config; only exists if you copy the running-config to
NVRAM

startup-config – if found, router loads it and runs embedded
configuration; if not found, router enters setup mode
Overview

Router configuration controls the operation of the router’s:

Interface IP address and netmask

Routing information (static, dynamic or default)

Security (passwords and authentication)

Boot and startup information
 Where is the Configuration?

Router always has two configurations:

Running configuration
 In RAM, determines how the router is currently
operating
 Is modified using the configure command
 To see it: show running-config

Startup confguration
 In NVRAM, determines how the router will operate
after next reload
 Is modified using the copy command
 To see it: show startup-config
Where is the Configuration?

Can also be stored in more permanent places:

 External hosts, using TFTP (Trivial File Transfer Protocol)

 In flash memory in the router

Copy command is used to move it around

 copy run start copy run tftp

 copy start tftp copy tftp start

 copy flash start copy start flash

Router Access Modes

User EXEC mode – limited examination of router

 Router>

Privileged EXEC mode – detailed examination of router,
debugging, testing, file manipulation (router prompt
changes to an octothorp)
 Router#

ROM Monitor – useful for password recovery & new IOS
upload session

Setup Mode – available when router has no startup-
config file
External Configuration Sources

Console
 Direct PC serial access

Auxiliary port
 Modem access

Virtual terminals
 Telnet/SSH access

TFTP Server
 Copy configuration file into router RAM

Network Management Software

 e.g., CiscoWorks
Changing the Configuration

Configuration statements can be entered interactively

 changes are made (almost) immediately, to the running
configuration

Can use direct serial connection to console port, or

Telnet/SSH to vty’s (“virtual terminals”), or

Modem connection to aux port, or

Edited in a text file and uploaded to the router at a later
time via tftp; copy tftp start or config net
Logging into the Router/switch

Cisco devices can be configured through :-

Console ,SSH, Telnet, SNMP & TFTP protocols
Configuration using Console

Console login to a Cisco device using windows operating system
installed PC

Console is used to make initial configuration to a Cisco device or if
the device can not be accessed using SSH, Telnet, SNMP and
TFTP protocols.
Logging into the Router/switch

Steps:-

Connect a console cable to a Cisco device console port and then to

your computer Communication port

Open the hyper terminal window , go to

StartProgramsAccessoriesCommunicationsHyper Terminal
Logging into the Router/switch
Logging into the Router/switch

Enter the connection name and select the first icon for
the connection

Enter the connection details and select the communication port

Enter the port settings and press inter to start configuration of your
Cisco device
New Router Configuration Process

Any time you make changes to the router configuration, you must
save the changes to memory because if you do not they will be lost
if there is a system reload or power outage. There are two types of
configuration files: the running (current operating) configuration and
the startup configuration.

Use the following privileged mode commands to work with
configuration files.

 configure terminal – modify the running configuration manually

from the terminal

 show running-config – display the running configuration.

New Router Configuration Process
 show startup-config – display the startup configuration

 copy running-config startup-config – copy the running

configuration to the startup configuration

 copy startup-config running-config – copy the

startup configuration to the running configuration

 erase startup-config – erase the startup-

configuration in NVRAM.
New Router Configuration Process

 copy tftp running-config – load a configuration

file stored on a Trivial File Transfer Protocol
(TFTP) server into the running configuration

 copy running-config tftp – store the running

configuration on a TFTP server
Router configuration

Hostname configuration
Router>enable
Router#configure terminal
Router(config)#hostname TEST-ROUTER

Setting console password

TEST-ROUTER(config)#line console 0
TEST-ROUTER(config-line)#login
TEST-ROUTER(config-line)#password cisco
Router configuration

Setting telnet password

TEST-ROUTER(config)#line vty 0 4
TEST-ROUTER(config-line)#login
TEST-ROUTER(config-line)#password cisco

Setting Setting telnet password

TEST-ROUTER(config)#line vty 0 4
TEST-ROUTER(config-line)#login
TEST-ROUTER(config-line)#password cisco
Router configuration

Enable secret password
TEST-ROUTER(config)#enable secret cisco

Enable password
TEST-ROUTER(config)#enable password cisco1

Note:

Do not save the configuration before you confirm that the setting
are correct, to do that exit the privileged
mode and try to login using the passwords, for telnet login the router
must have been configured with IP address on one of its
interfaces.

To save the configurations

TEST-ROUTER#copy running-config startup-config or type
TEST-ROUTER#write
IP Address Configuration

IP addresses are configured on interfaces (Fast Ethernet or

Ethernets), VLANS(for a layer 2/layer 3 switch), serial interfaces.

Enter privileged EXEC mode

Enter global configuration mode

Enter in an interface to configure

TEST-ROUTER(config)#interface ethernet 0

Configure the IP addres
IP Address Configuration

TEST-ROUTER(config-if)#ip address 192.168.200.1

255.255.255.0

If the interface is connected /to connect two different subnet you add
a secondary IP address

TEST-ROUTER(config-if)#ip address 192.168.100.1
255.255.255.0 secondary

Enable the interface

TEST-ROUTER(config-if)#no shutdown

Exit the interface configuration and global configuration by end or
Ctrl-Z
TEST-ROUTER(config-if)#end
IP ROUTING CONFIGURATION

Static routes configurations

Enter privileged EXEC mode

Enter global configuration mode

Configure the default gateway

TEST-ROUTER(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1

Configure other static routes

TEST-ROUTER(config)#ip route 192.168.10.0 255.255.255.0

192.168.200.2
TEST-ROUTER(config)#ip route 192.168.8.0 255.255.255.0
192.168.100.2
TEST-ROUTER(config)#ip route 192.168.0.0 255.255.254.0
192.168.200.3
DHCP SERVICE CONFIGURATION

TEST-DIST-SW#config t

TEST-DIST-SW(config)#ip dhcp database test

Configure DHCP pool address

TEST-DIST-SW(config)#ip dhcp pool test

TEST-DIST-SW(dhcp-config)#network 196.44.160.136
255.255.255.248
Configure DNS servers to be used by cliets

TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10
196.44.161.10
Configure the domain name to be used by clients

TEST-DIST-SW(dhcp-config)#domain-name test.ucc.co.tz

Configure default gateway

TEST-DIST-SW(dhcp-config)#default-router 196.44.160.137

TEST-DIST-SW(dhcp-config)#exit
DHCP …
Configure the router as dhcp server

TEST-DIST-SW(config)#ip dhcp-server 196.44.160.137

Exlude some addresses to be used in static assignment(including the

default-gateway/dhcp address)

TEST-DIST-SW(config)#ip dhcp excluded-address 196.44.160.137
196.44.160.139
Dis-able ping of the dhcp server

TEST-DIST-SW(config)#ip dhcp ping packets 0

Allow server to offer IP addresses to the clients

TEST-DIST-SW(config)#$ 107 permit udp host 196.44.160.137 any
eq bootps

TEST-DIST-SW(config)#$ 107 permit udp any host196.44.160.137
eq bootps

TEST-DIST-SW(config)#$ 107 permit udp any host 255.255.255.255
eq bootps
DHCP …

Apply the access control list on router interface that clients on LAN
connect

TEST-DIST-SW(config)#interface vlan 1

TEST-DIST-SW(config-if)#ip access-group 107 in
NAT CONFIGURATION

Configure your router as NAT

TEST-DIST-SW#config t

Configure DHCP service

TEST-DIST-SW(config)#ip dhcp pool nat

TEST-DIST-SW(dhcp-config)#network 192.168.8.0 255.255.255.0

TEST-DIST-SW(dhcp-config)#default-router 192.168.8.1

TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10
196.44.161.10

TEST-DIST-SW(dhcp-config)# domain-name nat.ucc.co.tz

TEST-DIST-SW(dhcp-config)#exit

Configure NAT
ip nat inside source list 100 interface FastEthernet0/1 overload
NAT …

Access list to assign dhcp addresses to clients

TEST-DIST-SW(config)#ipaccess-list 107 permit udp host
192.168.8.1 any eq bootps

TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host
192.168.8.1 eq bootps

TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host
255.255.255.255 eq bootps

Apply the access list above to the private network interface

Access control list for the natted addresses

access-list 100 permit ip 192.168.8.0 0.0.0.255 any
NAT ….

Configure natting on router interfaces

TEST-DIST-SW(config)# interface FastEthernet0/0

TEST-DIST-SW(config-if)# ip address 192.168.8.1 255.255.255.0

TEST-DIST-SW(config-if)# ip nat inside

TEST-DIST-SW(config-if)# interface FastEthernet0/1

TEST-DIST-SW(config-if)# ip address 196.44.161.241
255.255.255.0

TEST-DIST-SW(config-if)# ip nat outside

Save the configurations
VLAN CONFIGURATION IN
CISCO SWITCHES

Configure VLAN on switches and assign ports to the VLANS

TEST-DIST-SW#config t

TEST-DIST-SW#vlan database

TEST-DIST-SW(vlan)#vlan 2 name WLAN

EST-DIST-SW(vlan)#exit

Assign the ports to the WLAN VLAN

TEST-DIST-SW#config t
TEST-DIST-SW(config)#interface fastEthernet 0/1
TEST-DIST-SW(config-if)#switchport access vlan 2
EXERCISE

Configure your Cisco router

1. Host name
2. Set the console, telnet(limit number of
concurrent access to 4 ), secret and enable
passwords
3.WAN IP 196.44.161.X and set LAN subnet
196.44.160.136/29.
4. Configure static routes, default gateway
196.44.161.1, and a route to
196.44.160.128/29 via 196.44.161.13
Exercise cont…

5. Add users (with privilege 5)who can login to

the router
6. Configure snmp parameters
7. Enable IP cache on the interfaces