Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter 5
Objectives Configure a router with an initial configuration. Use Cisco SDM to configure a Cisco ISR with LAN connectivity, Internet connectivity and NAT. Configure a Cisco router for LAN connectivity, Internet connectivity and NAT using the Cisco IOS CLI. Configure a WAN connection from customer premises to an ISP. Describe, setup and configure a standalone LAN switch.
Initial ISR Router Configuration ISR (Integrated Services Router combines routing, LAN switching, security, voice, & WAN connectivity features. Ideal for small to medium-sized businesses & ISP managed customers.
Initial ISR Router Configuration Cisco IOS – offered in modules called images IP Base image: entry-level Cisco IOS Images are specific to models of devices
Cisco 1841 Modular router Table 1 Memory Requirements for Cisco 1841 Modular Router PlatformFeature Set FlashRAM ImageMemory 1 1 Memory Cisco 1841IP Basec1841-ipbase-mz64 MB128 MB IP Voicec1841-ipvoice-mz64 MB192 MB Enterprise Basec1841-entbase-mz32 MB128 MB Advanced Securityc1841-advsecurityk9- mz 64 MB192 MB SP Servicesc1841-spservicesk9-mz64 MB192 MB Enterprise Servicesc1841-entservicesk9- mz 64 MB192 MB Advanced IP Services c1841-advipservicesk9- mz 64 MB192 MB Advanced Enterprise Services c1841-adventerprisek9- mz 64 MB192 MB
CISCO IOS Image: Types of Images Two main types of image your router may use: 1. System image - complete Cisco IOS software. This image is loaded when your router boots and is used most of the time. – On most platforms, the image is located in Flash memory. 2. Boot image - A subset of the Cisco IOS software. This image is used to perform network booting or to load Cisco IOS images onto the router. This image is also used if the router cannot find a valid system image. Depending on your platform, this image may be called xboot image, rxboot image, bootstrap image, or boot loader/helper image. On some platforms, the boot image is contained in ROM. In others, the boot image can be stored in Flash memory. On these platforms, you can specify which image should be used as the boot image using the boot bootldr global configuration command. Refer to your hardware documentation for information about the boot image used on your router.
Image Naming Convention You can identify the platform, features and image location by the image name. Naming convention is: platform – features – type Example: c2600-js-l_121-3.bin c hardware platform js - features set (enterprise) l - file format (relocatable, not compressed) version & release # (version 12.1 release 3)
Image Naming Convention - continued Platform – variable platform that can use image –For example c1700, c2600, c7000 Features –feature sets supported by image. Type – can contain following characters f—The image runs from Flash memory. m—The image runs from RAM. r—The image runs from ROM. l—The image is relocatable. z—The image is zip compressed. x—The image is mzip compressed.
Initial ISR Router Configuration Tools and equipment required for setup:
Initial ISR Router Configuration Three-stage bootup process: Power-on self test (POST) Locate and load Cisco IOS Locate startup configuration file or enter setup mode
Bootup Process - contd POST (Power On Self Test) – test hardware After POST, the bootstrap program is loaded Bootstrap locates IOS and loads it into RAM – IOS can be located – flash memory, TFTP server, or another location – By default, IOS loads from flash After IOS is loaded, bootstrap locates startup configuration file in NVRAM (non-volatile random access memory) Startup configuration – when loaded into RAM (working memory), it become the “running” configuration.
Loading Cisco IOS Get default IOS from FLASH Flash empty Get IOS from TFTP Server TFTP Server empty Get limited Cisco IOS from ROM
Show version command output Router>show version IOS version Bootstrap program stored in ROM Complete filename of IOS Type of CPU; amount of RAM Number & type of interfaces Amount of NVRAM (used to store startup config) Amount of Flash (used to store IOS Configuration register in hex
Configuration register Default setting – 0x2102 (remember this?) – Loads IOS from flash – Loads startup-config from NVRAM Most common settings 0x2142 –ignores contents of NVRAM/configuration 0x2120 – The router into ROMmon mode 3/products_tech_note09186a f.shtmlhttp:// 3/products_tech_note09186a f.shtml –**Go to Configuration Register Values & Their Meaning.
Initial ISR Router Configuration Verifying and troubleshooting bootup process: View output from the show version command Use dir flash: and boot flash: in ROMmon mode View boot system commands [see miage below on next slide]
Initial ISR Router Configuration ( continued)
Out-of-band management for initial configuration In-band management over a network connection In-Band Out-of-Band HTTP or Telnet Terminal emulation
Initial ISR Router Configuration ( continued) Command Line Interface (CLI): text- based program Can be used in both in-band or out-of- band Extensive help system [see image below on next slide]
Initial ISR Router Configuration ( continued)
SDM Security Device Manager (SDM): web-based GUI In-Band only SDM Express (Basic) or Full package (Advanced configuration) Comes preinstalled in flash
CLI vs. SDM CLISDM User InterfaceTerm Emulation softwareWeb-based browser Telnet Configuration MethodText-based Cisco commandsGUI buttons & text boxes Expertise in Cisco Device Config. Depends on the config taskDo not need knowledge of CLI commands Help FeaturesCommand-prompt basedGUI based online help & tutorials Flash RequirementsCovered by IOS requirements6MB of free memory AvailabilityALL Cisco devicesCisco 830 series thru Cisco 7301 What It’s UsedWhen device does not support SDM Initial config of SDM equipped device
Using Cisco SDM Express and SDM Follow best practices for installing a new device to ensure correct functions
Using Cisco SDM Express and SDM Eight SDM Express configuration screens: Overview Basic configuration LAN IP address DHCP Internet (WAN) Firewall Security settings Summary
Using Cisco SDM Express and SDM Use Basic NAT Wizard to configure dynamic NAT with PAT
Configuring a Router Using IOS CLI CLI command modes: two levels of access
Configuring a Router Using IOS CLI Configuration modes can alter the operation of the device
Configuring a Router Using IOS CLI Help features: Command completion Error indicators Command history – Enabled by default – Records 10 command – Max 256 commands – history size command Arrow and function keys
Configuring a Router Using IOS CLI Show commands display configuration and operation information R#show run R#show interfaces R#show ip route R#show protocols
Configuring a Router Using IOS CLI Use Cisco IOS CLI to perform an initial router configuration
Configuring a Router Using IOS CLI Configure serial and Ethernet interfaces on a router (DTE) Data Terminal Equipment endpoint of user’s device on the WAN link; Cisco routers (DCE) Data Communications Equipment; provides clock rate; modem; converts data from router to acceptable format to cross the WAN If back-to-back router scenario, one of the routers will be DCE and one DTE.
Configuring a Router Using IOS CLI Configure a default route for the Cisco router Default route used when router does not know where to send a packet. IP address of next-hop router Or port number
Configuring a Router Using IOS CLI Configure a Cisco router to function as a DHCP server
Configuring a Router Using IOS CLI Configure static NAT on a Cisco router to enable Internet access for an internal server
Configuring a Router Using IOS CLI Back up and restore configuration files using a TFTP server
Configuring a Router Using IOS CLI Capture and save configuration file output from a terminal session
Connecting the CPE to the ISP Customer Premise Equipment (CPE) – network devices installed at customer location. Configuration checklists ensure that all configuration requirements are met
Connecting the CPE to the ISP Use inventory and configuration checklists and an installation plan to ensure successful installation
Connecting the CPE to the ISP Documentation includes diagrams, checklists, and activity logs
Connecting the CPE to the ISP Types of customer connections over a WAN: Point-to-point: often called leased lines; typically most expensive; price based on bandwidth & distance between 2 points Circuit-switched – similar to a phone call made over a phone network; example is ISDN or dialup connection; physical circuit reserved from source to destination Packet-switched – each customer has a virtual circuit; example is Frame Relay
Customer Connections over WAN Bandwidth and cost influence WAN choices
Connecting the CPE to the ISP Clock rate and serial encapsulation are needed when configuring serial WAN connections – Clock rate is set by DCE – DTE accepts clock rate Leased WAN connections use serial connection & require Channel Service Unit/Data Service Unit (CSU/DSU DCE DTE
Initial Cisco 2960 Switch Configuration Fixed-configuration, standalone devices – does not use modules or flash card slots. Physical configuration can’t be changed. Layer 2 device that directs stream of message coming in from one port, our of another based on destination MAC address. Configured using GUI or CLI
Cisco 2960 switch Comes preconfigured Needs to be assigned basic security info Basic commands (ex: hostname, passwords) sames as ISR switch. Configure management IP address One virtual local area network, VLAN 1 is preconfigured to provide access to management functions.
Initial Cisco 2960 Switch Configuration Switch settings can be configured using the Cisco IOS CLI Assign an IP address to the default management virtual local area network, VLAN1
Initial Cisco 2960 Switch Configuration Check switch components Connect cables to the switch Power up the switch and observe POST
Initial Cisco 2960 Switch Configuration Connect the stand-alone LAN switch to the router and verify connectivity Configure port security to prevent unauthorized use Shut down unused ports
Switch port security Port security limits the # of MAC addresses allowed per port. Set port to access mode using switchport mode access command 3 ways to configure port security: Static – MAC addresses are manually assigned using switchport port-security mac-address [mac-address] interface config command. – S1# configure terminal –S1(config-if)#interface fastethernet 0/20 – S1(config-if)#switchport mode access – S1(config-if)#switchport port-security mac-address – S1(config-if)#end –
Switch port - contd Dynamic MAC addresses are dynamically learned & stored in address table # of addresses stored can be controlled; default is one address. If port is shut down or switch is restarted, address learned are cleared from the table S1# configure terminal –S1(config-if)#interface fastethernet 0/20 – S1(config-if)#switchport mode access – S1(config-if)#switchport port-security – S1(config-if)#end
Switch port - contd Sticky – similar to dynamic Addresses learned are saved to the running-config – S1# configure terminal – S1(config-if)#interface fastethernet 0/20 – S1(config-if)#switchport mode access – S1(config-if)#switchport port-security – S1(config-if)#switchport port-security maximum 50 – S1(config-if)#switchport port-security mac-address sticky – S1(config-if)#end
Initial Cisco 2960 Switch Configuration Cisco Discovery Protocol (CDP) gathers information about directly-connected Cisco network devices Two Cisco devices directly connected on the same local network are called neighbors
Summary The Integrated Services Router (ISR) is a good choice for small to medium businesses and ISP-managed customers. ISRs can be initially configured using SDM or the router IOS CLI. When using the CLI, “show” commands verify configuration elements. An installation plan can minimize disruption to a network when new devices are being added. Documentation is necessary, both when configuring and when installing network devices. Switches are assigned IP addresses by configuring them on the management interface, VLAN 1.