Ch.

3 Configuring a Router
CCNA 1 version 3.0

Overview
Students completing this module should be able to: Name a router Set passwords Examine show commands Configure a serial interface Configure an Ethernet interface Execute changes to a router Save changes to a router Configure an interface description Configure a message-of-the-day banner Configure host tables Understand the importance of backups and documentation

CLI command modes

Router#configure terminal Router(config)#

Using exit, end and Control-Z

end exit

Using exit, end and Control-Z

Router>ena Must be in privileged mode Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#? Configure commands: aaa Authentication, Authorization and Acc.. access-list Add an access list entry alias Create command alias appletalk Appletalk global configuration commands arap Appletalk Remote Access Protocol arp Set a static ARP entry <text omitted> Router(config)#exit 00:03:20: %SYS-5-CONFIG_I: Configured from console by con Router#

Router(config)#interface interface Router(config-if)#exit Router(config)#router routing-protocol Router(config-router)#exit Router(config)#exit Router#

Message each time you exit global configuration mode

Using exit, end and Control-Z

Router# conf t (abbreviated)

Router(config)# router protocol Router(config-router)# (commands) Router(config-router)# exit Router(config)# exit Router# Router(config)# interface type port Router(config-if)# (commands) Router(config-if)# end (or Control-Z) Router#

Configuring a router name

Router#config t Router(config)#hostname Tokyo Tokyo(config)#

Lab 12-1: Command Mode and Router Identification: Page 244

Configuring router passwords

Not recommended, clear text

Encrypts the passwords above, but

Use this command instead, password is encryped

Router(config)#enable secret <password>

service password-encryption command

WARNING service password-encryption uses a Cisco Level 7 encryption which is very easy to decrypt. For the GetPass! software www.boson.com However, the enable secret <password> uses a stronger encryption method and cannot be easily hacked.

enable secret <password> command

Doesnt work for enable secret!

More later!
Lab 12-2: Configuring Router Passwords. Page 247

Router Passwords Used in the Cisco Lab

Privilege Password cisco

Console password

conpass

VTY 0 4 password

vtypass

Auxiliary

auxpass

Examining the show commands

show interfaces Displays all the statistics for all the interfaces on the
router. To view the statistics for a specific interface, enter the show interfaces command followed by the specific interface and port number. show controllers serial Displays information-specific to the interface hardware show clock Shows the time set in the router show hosts Displays a cached list of host names and addresses show users Displays all users who are connected to the router show history Displays a history of commands that have been entered show flash Displays information about flash memory and what IOS files are stored there show version Displays information about the router and the IOS that is running in RAM show ARP Displays the ARP table of the router show protocol Displays the global and interface specific status of any configured Layer 3 protocols show startup-configuration Displays the saved configuration located in NVRAM show running-configuration Displays the configuration currently running in RAM

show interfaces <interface> command

MAC Address Router>show interface ethernet 0 Status Ethernet0 is administratively down, line protocol is down , using hub 0 Hardware is Lance, address is 0010.7b3a.cf84 (bia 0010.7b3a.cf84) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) Routing metric ARP type: ARPA, ARP Timeout 04:00:00 ARP cache entries timer Data link information Last input never, output 01:05:35, output hang never encapsulation (later) (Ethernet-II) Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 63 packets output, 11676 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router>

Examining the show commands

We will log into a router and examine some of the show
commands.

Lab 12-3: Using Router Show Commands, Page 251

Configuring a serial interface

Configuring an IP Address on an interface

Router(config)#interface serial 0/0 Router(config-if)#ip address <ip address> <netmask>

show ip interface command

Router# show ip interface brief Interface Ethernet0 Serial0 IP-Address 131.108.1.11 198.135.2.49 OK? YES YES Method manual manual Status up administratively down Protocol up down

What is wrong here? The administrator has either done a shutdown on the interface or has forgotten to do a no shutdown.

A serial interface will not show up and up unless both

ends are properly configured (mostly) and the no shutdown command is used. If one routers configuration looks okay, check the other routers configuration.

Configuring a serial interface

Lab

Real world

On serial links that are directly interconnected, as in a lab environment,

one side must be considered a DCE and provide a clocking signal. The clock is enabled and speed is specified with the clock rate command.

Router(config)#interface serial 0/0 Router(config-if)#clock rate 56000 Router(config-if)#no shutdown

Configuring a serial interface

RouterA DTE cable
RouterB(config)#inter serial 1 RouterB(config-if)#clock rate ? Speed (bits per second) 1200 2400 4800 9600 19200 38400 56000 64000 <text omitted> 2000000 4000000 <300-4000000> Choose clockrate from list above

RouterB DCE cable

RouterB(config-if)#clock rate 64000 RouterB(config-if)#

Configuring a serial interface

DTE Cable

DCE Cable

How can you tell which end is the DTE and which end is the DCE?  Look at the label on the cable.  Look at the connecter between the two cables - The DTE cable will always be male and the DCE cable will always be female.

Configuring a serial interface

RouterA DTE cable RouterB DCE cable

RouterA#show controllers serial 0 HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8 buffer size 1524 HD unit 0, V.35 DTE cable cpb = 0x62, eda = 0x403C, cda = 0x4050 RX ring with 16 entries at 0x624000 00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22 This is one of few commands where there must be a space between the interface type and the port. RouterB#show controllers serial 0 buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000 cpb = 0x62, eda = 0x408C, cda = 0x40A0 RX ring with 16 entries at 0x624000 00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22

How can you tell which end is the DTE and which end is the DCE?  Use the show controllers command!  It will also tell you the type of cable, in our labs we will be using a V.35 cable.

Configuring a serial interface

This end up! (The wider end is up.)

Please be very careful when connecting the male and female

V.35 cables together AND when connecting the serial cable to the router! They only connect ONE WAY! Be sure the two ends match! Dont force it!

Lab 12-4: Configuring a Serial Interface, Page 256

Configuring an Ethernet Interface

Interface descriptions

RouterB#show inter e 0 Serial0 is up, line protocol is up Hardware is HD64570 Description: Engineering LAN, Bldg. 18 Internet address is 10.1.1.1/24

Interface descriptions
Gateway(config)#inter e 0 Gateway(config-if)#description LAN interface for Marketing Gateway(config-if)#end Gateway# Gateway#show run Building configuration... <text omitted> ! interface Ethernet0 description LAN interface for Marketing no ip address no ip directed-broadcast shutdown <text omitted> Gateway#show interface ethernet 0 Ethernet0 is administratively down, line protocol is down Hardware is Lance, address is 0000.0c34.9ebb (bia 0000.0c34.9ebb) Description: LAN interface for Marketing MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 252/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 <text omitted> Gateway#copy run start Dont forget this or next time router Destination filename [startup-config]? reboots these changes will be lost! Building configuration... Gateway#

Configuring interface description

Lab 12-5: Configuring an Ethernet Interface, Page 260

Importance of configuration standards

In order to manage a network, there must be a centralized

support standard. Configuration, security, performance, and other issues must be adequately addressed for the network to function smoothly. Creating standards for network consistency helps reduce network complexity, the amount of unplanned downtime, and exposure to events that may have an impact on network performance.

Executing adds, moves, and changes

running-config IOS (running)

startup-config

IOS

Bootup program ios (partial)

Executing adds, moves, and changes

Router#show startup-config %% Non-volatile configuration memory is not present Router#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ip subnet-zero ! ! interface Ethernet0 no ip address no ip directed-broadcast shutdown ! interface Serial0 no ip address no ip directed-broadcast shutdown

No startup-config file in NVRAM

Default running-config file, created in RAM

Executing adds, moves, and changes

Router#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ip subnet-zero ! interface Ethernet0 no ip address no ip directed-broadcast shutdown

The running-config

The configuration file contains global, process, and interface information that directly affects the operation of the router and its interface ports. All changes to the router are made to the running-config file and take affect immediately on the router (with just a couple of exceptions).

IP address Routing Protocols Routers Name etc.

copy running-config startup-config

During bootup

running-config

RAM
startup-config

Router# copy running-config startup-config

Changes to the router are automatically put in the running-config file. If the router loses power or reboots, everything in RAM is lost including the runningconfig file. To make sure the changes to the routers configuration remain saved, you must copy the running-config from RAM into the startup-config into NVRAM:

Router# copy

running-config

startup-config

copy running-config startup-config

Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... Router#show startup-config ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ! ip subnet-zero ! interface Ethernet0 no ip address no ip directed-broadcast shutdown !

The startup-config file now identical to running-config and the router will also have these changes if the router reboots.

copy running-config startup-config

Router# copy running-config startup-config Or Router# copy running startup OR Router# copy run start OR Any usage of the command or parameters, so that they are still uniquely recognizable.
WARNING Using an incorrect configuration file name could overwrite the routers IOS in flash, as the router believes you are trying to copy a blank file into flash. Router#copy running-config start-up **** NOTICE **** Incorrect file name! Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. ---- ******** ---Proceed? [confirm]^C %Copy cancelled by user request. Press <control> C Router#

copy running-config startup-config

Router# copy running-config startup-config Or Router# copy running startup OR Router# copy run start OR Any usage of the command or parameters, so that they are still uniquely recognizable. WARNING This is also incorrect, and will overwrite the startup-config with a blank file.

Router#copy runningconfig startup-config Destination filename [startup-config]? ?Bad filename Router#

Incorrect file name! Press <control> C

Displaying the config files

show running-config

show startup-config

These commands can only be done in privilege mode because they display password information.

Executing adds, moves, and changes

Mistake: Should be: copy start run

Reinforcing What We Learned

Lab 12-6: Making configuration Changes, Page 262 Lab 12-7: Configuring Interface Descriptions, Page 266

Login banners and Configuring messageof-the-day (MOTD)

Wording is not the same, but you get the idea.

Login banners and Configuring messageof-the-day (MOTD) Lab 12-8: Configuring Message of the Day, Page 269
Router(config)#hostname Gateway Gateway(config)# MOTD Gateway(config)#banner motd # Enter TEXT message. End with the character '#'. Warning! Stay away! # Gateway(config)#end Gateway#exit Press RETURN to get started. Warning! Stay away! User Access Verification Password: Gateway#show run Building configuration... <text omitted> ! hostname Gateway ! <text omitted> ! banner motd ^C Warning! Stay away! ^C

Prompt changes (Message Of The Day)

Delimiter always shows as ^C

Host name resolution

Router# ping 172.16.32.1 Router# ping Auckland Router# telnet 192.168.53.1 Router# telnet Beirut Router# traceroute 192.168.89.1 Router# traceroute Capetown

The Cisco IOS software maintains a cache of host name-to-address mappings

for use by EXEC commands. This cache speeds up the process of converting names to addresses. Host names, unlike DNS names, are significant only on the router on which they are configured. (DNS is also an option later)

Host name resolution

Configuring Multiple IP Addresses
Router(config)# ip host SantaCruz 172.16.32.1 192.168.53.1

This does not make the router a DNS (Domain Name Server). This command does not turn your router into a DNS server. This command does not effect packets entering your router to be
routed. This only affects the IOS commands entered at the router prompt. Multiple ip addresses can be entered in case one interface is down. It is usually a good idea to use the same list of names on all your router configs.

Configuring host tables

Router(config)# ip domain-lookup Router#wreh Translating "wreh"...domain server (255.255.255.255) (Takes a few seconds) Translating "wreh"...domain server (255.255.255.255) (Takes a few seconds) Router(config)# no ip domain-lookup Router#wreh Translating "wreh" % Unknown command or computer name, or unable to find computer address

If you are not using the services of a DNS server, it is best to disable this process. DNS (Domain Name Service) is enabled by default with a server address of
255.255.255.255, which is a local broadcast. If enabled, with no DNS server on the network, may cause a slight, but irritable delay when making typing mistakes. Lab 12-9: Configuring Host Tables, Page 271

Configuration backup and documentation

Configuration files should be stored as backup files in the

event of a problem. Configuration files can be stored on a network server, on a TFTP server, or on a disk stored in a safe place.

Copying, editing, and pasting configurations

A TFTP server will allow image and configuration uploads and

downloads over the network. The TFTP server can be another router, or it can be a host system.

Copying, editing, and pasting configurations

The TFTP host can be any system that has TFTP software loaded and
operating and able to receive files from the TCP/IP network.

Copying, editing, and pasting configurations

running-config RAM IOS (running)

startup-config

IOS
copy flash tftp copy tftp flash

copy startup-config tftp copy tftp startup-config

copy running-config tftp copy tftp running-config

Copying, editing, and pasting configurations

Troubleshooting: Be sure you can ping the TFTP server.

TFTP Software and Servers

Router# copy flash tftp

When using Windows, the TFTP server software must be running. The copy can be performed from the console port or from a telnet session. The telnet session can be performed on the same computer where the TFTP
server is running (or to a different computer).

TFTP Software and Servers

TFTP software either comes free with the OS (Linux/Unix) or can be

downloaded for free.

TFTP Software and Servers

Cisco TFTP Server.lnk

Just double click on the shortcut Remember, TFTP is Trivial FTP:

No authentication No login No choice for directory Uses UDP and verified via a TFTP checksum (not TCP ACKs) Managing Configuration Files with TFTP, Page 323

Summary (1/2)
The router has several modes: User EXEC mode Privileged EXEC mode Global configuration mode Other configuration modes The command-line interface may be used to make changes to the configuration: Setting the hostname Setting passwords Configuring interfaces Modifying configurations Showing configurations

Summary (2/2)
An understanding of the following key points should have been achieved: Configuration standards are key elements in the success of any organization maintaining an efficient network. Interface descriptions can include important information to help network administrators understand and troubleshoot their networks. Login banners and messages-of-the-day provide users with information upon login to the router. Host name resolutions translate names to IP addresses to allow the router to quickly convert names to addresses. Configuration backup and documentation is extremely important to keep a network operating smoothly.