5: Configuring Network Devices Working at a Small-to-Medium Business or ISP

Objectives

ISR What’s an ISR? One device that combines features LAN/WAN connectivity Security Wireless And more… Cisco has 70% of the market!

1841 ISR

The IOS Internetwork Operating System Describe what an OS does? IOS is offered in images Each image supports different features

What’s In The Box? Router Power Cable Serial Port Adapter Blue Console Cable Documentation

Setting Up the Router What’s an emulation program? Like DS can play Gameboy games, PS3 can play PS2 games, etc.

Stage 1: Bootup Process POST tests hardware (CPU, Memory) ROM: Bootstrap Boot Image Begins search for IOS

Stage 2: Bootup Process Locate & load IOS Could be in Flash (default) or TFTP server

Stage 3: Bootup Process Configuration File or Setup NVRAM (1st) TFTP Server If found, copies into RAM If not found, enters Setup Mode

The Config File

The Config File Startup Configuration Running Configuration Saved file with addressing, etc Stored in NVRAM Loads into RAM on start Running Configuration Config running in RAM (goes bye-bye) If you make a change, save it to the startup configuration copy running-config startup-config copy run start

Startup-Config File Saved file that starts up Stored in NVRAM Loads into RAM

Running-Config File Current config running Stored in RAM Goes away when shut down (unless saved) If you make a config change, it MUST be saved Copy running-config startup-config Copy run start

Show Version

Boot Problems IOS Fails ROMmon mode In ROM; troubleshoot boot errors Check flash for image Boot command from ROMmon If boots, check show version for the config-register setting

Lab 5.1.3.5 Power up an ISR and view the router system and configuration files using show commands. End of Day One

Review Where is the IOS stored? Where is the startup config stored? Flash Where is the startup config stored? NVRAM What happens 1st when the router boots? POST The IOS & startup config get loaded into what? RAM

Configuration Out-of-band management In-band management Initial configuration Console or AUX direct connection HyperTerminal In-band management Configuration changes over network/Internet HTTP or Telnet from outside of network One port must be active on router

Configuration Programs-CLI Command Line Interface Looks similar to DOS commands On ALL Cisco routers In or out-of-band management

Configuration Programs-SDM Security Device Manager GUI In-band management ONLY Configure additional LAN and WAN connections Create firewalls Configure VPN connections Perform security tasks Some advanced commands need to be done in CLI!

SDM Express SDM Express Initial router config

Activity CLI or SDM? Web-based? Text-based commands? Command-prompt based? Don’t need to know CLI commands? Step-by-step config process?

SDM Express- Basic Config

SDM Express- LAN IP Addresses

SDM Express- DHCP

Activity

SDM Express WAN Connect Serial Connection to WAN or ISP Serial is slower than LAN Ethernet 100Mbps LAN; 1.544Mbps T1 Serial to Serial connections MUST use the same protocol encapsulation (Layer 2) HDLC Frame Relay PPP

SDM Express WAN Connect

Getting the Serial IP Address HDLC, Frame Relay, PPP Static IP Address (You Set) IP Negotiated / Easy IP or IP Unnumbered Auto IP assignment through PPP encapsulation P unnumbered - Sets the serial interface address to match the IP address of one of the other functional interfaces of the router. Available with Frame Relay, PPP, and HDLC encapsulation types. IP negotiated - The router obtains an IP address automatically through PPP. Easy IP (IP Negotiated) - The router obtains an IP address automatically through PPP.

Lab 5.2.3.3 Configure an ISR using Cisco SDM Express

Review Which port connects to your PC serial port & is used for initial configuration of a router? Console Which band management method is this? Out-of-band Your network MUST be working in order to connect & monitor/make changes to the config file. What 2 methods can be used? HTTP/Telnet SDM

Review Other than the console port, which other port can be used with a modem for initial configuration? AUX Which connection method is used for in-band management from a remote location? Telnet Which memory type keeps its contents when there is no power? NVRAM

Review Where is the running-config stored? RAM Where is the startup-config stored? NVRAM Which mode is displayed when you log into the router? User EXEC mode

Review Which 3 encapsulations can be on the serial interface using SDM Express? HDLC PPP Frame Relay On the 1st (basic) config screen of SDM Express, which can you configure? Host name Ethernet IP Address DHCP Enable Secret Password NAT DNS Domain Name Your Name

Review SDM & CLI. Which service translates names to IP addresses? Which is GUI? SDM Which is used for in & out-band management? CLI Which service translates names to IP addresses? DNS Which memory stays, even with no power? NVRAM

NAT using SDM Use Basic NAT (Dynamic) Inside Locals share the WAN IP address (Inside Global) Must tell it which address will share

Lab 5.2.4.2 Configure Dynamic NAT using the Cisco SDM basic NAT wizard.

CLI Command Modes User Mode Privileged Mode Limited commands like Ping & Traceroute Type enable to enter privileged mode Privileged Mode Can alter router operation

Interface & Other Modes After privileged mode, you can configure Type configure terminal OR config t Once here, commands entered take effect immediately!

E-Lab 5.3.1 Step 3: int s0 Step 5: router rip Step 6: end You can use Ctrl-Z in a real router, too Step 9: line con 0

Getting Help in CLI Help or ?

Oops… I goofed!

Oops… I forgot! Command History Previous command Recent Command Tab Last 10 by default Max 256 Previous command Ctrl-P or ↑ Recent Command Ctrl-N or ↓ Tab Completes command entry

Activity & PT 5.3.2.5

Show Commands & PT 5.3.3.3 show running-config show interfaces show arp show ip route show users show version

Configuring w/ CLI

Configuring CLI & PT 5.3.4.4 Router(config)#banner motd # Blah # Text to show during login Usually a warning

Configuring an Interface Serial & Ethernet are common Serial (WAN) Your router is a DTE CSU/DSU is the DCE DCE provides a clocking rate

Labs, Labs, & More Labs E-Lab 5.3.5.3 Packet Tracer 5.3.5.4

Configuring a Default Route Router forwards packet to destination net Looks at routing table to see which port to go out Can set a default route to go out if not in routing table

Labs…Yup! Only one this time Packet Tracer 5.3.6.2

DHCP What is normally sent to a PC?

Configuring DHCP Create DHCP Address Pool Specify the Subnet Exclude any IP Addresses Specify the Domain Name- optional DNS Server IP Address- 1 or 2 usually Set the Default Gateway Address to be sent Set the Lease Duration- default one day

DHCP PT 5.3.7.2 & 5.3.7.3

Configuring Static NAT Inside server needs to be accessed from Internet Must translate the private IP to the SAME public IP

Configuring Static NAT

Verifying NAT Show ip nat translations Packet Tracer 5.3.8.3 Lab 5.3.8.4

Backing Up the Config File TFTP Copy start tftp To restore it: Copy tftp run PT 5.3.9.3

Backing Up the Config File HyperTerminal Will paste into Notepad Extra text needs to be removed No shutdown added Then, you can paste back into whenever PT 5.3.9.4

Switches- 2960 OSI Layer? TCP/IP Layer? 3-Layer Model Layer? Uses the destination ____ to forward frames. Use CLI or Cisco Network Assistant (GUI)

LEDs SYST RPS STAT (Port Status) Working or not Green or Amber Redundant power supply STAT (Port Status) Green- Link Blinking Green- Tx/Rx Amber- error

Speed of Ports 10/100/1000 Half-Duplex Full-Duplex Port & device MUST be set same Auto-negotiate (by default on Cisco) MUST be on both devices or else collisions

Switch IOS

Power On Some don’t have power switch POST 1st LEDs blink SYST LED blinks green fast= done POST Fails= AMBER (needs repair)

Configuring a Switch Switch ports DO NOT have IP addresses! Can config an IP to the switch for web-based management/configuration Comes ready to go CLI Device Manager (Web-based) Network Assistant (GUI)

Assign an IP Address to Switch

Configure It Switch IP Console Port Password Telnet Password Way out of network E-Lab 5.5.3.3 PT 5.5.3.4

Port Security Limit MAC addresses per port Security! Static Dynamic Sticky Violation: Shutdown port

Verify Port Security

Hooking It Up Can set up Port Security PT 5.5.4.4 Lab 5.5.4.5

Cisco Discovery Protocol- CDP Shares info between directly connected Cisco devices (neighbors) Runs on boot Sends periodic CDP advertisements Operate at Layer 2 Information gathered by CDP includes: Device host name Layer 3 addresses What the directly connected port is, “serial 0/0/0” Capabilities list – Router, Switch Platform, for example Cisco 1841

Show CDP Neighbors

Show CDP Neighbors Detail

Disabling CDP Why disable it? PT 5.4.4.5

WAN Connections Point-to-Point Circuit-Switched Packet-Switched Leased line Expensive $$$ Your own path Circuit-Switched Like phone call ISDN or dial-up Packet-Switched Virtual path Frame Relay

WAN Service Connections Lab 5.5.4.3

Monitoring Devices ISP to Customer Router/Switch Telnet= not secure, clear text Secure Shell (SSH)= encrypted Lab 5.5.5.2 Create a user acct with enable privileges Configure SSH for login

Serial Port Encapsulation HDLC is default Can be changed to PPP PT 5.5.6.2

Review

5: Configuring Network Devices Working at a Small-to-Medium Business or ISP