Cisco Router & Switch Configuration 1
Configuration modes: Global configuration mode –SwitchX#configure terminal –SwitchX(config)# Interface configuration mode –SwitchX(config)#interface fa0/1 –SwitchX(config-if)# Configuring the Switch
Configuring Switch Identification Sets the local identity for the switch
Example: SwitchX(config)#interface vlan 1 SwitchX(config-if)#ip address SwitchX(config-if)#no shutdown Note: It is necessary to use the no shutdown command to make the interface operational. SwitchX(config)#interface vlan 1 SwitchX(config-if)#ip address {ip address} {mask} Configuring the Switch IP Address
SwitchX(config)#ip default-gateway Example: SwitchX(config)#ip default-gateway {ip address} Configuring the Switch Default Gateway
Saving Configurations Copies the current configuration to NVRAM SwitchX# SwitchX#copy running-config startup-config Destination filename [startup-config]? Building configuration… SwitchX#
Configuring a Switch Password
Configuring the Login Banner – Defines and enables a customized banner to be displayed before the username and password login prompts. SwitchX# banner login " Access for authorized users only. Please enter your username and password. "
Telnet vs. SSH Access – Telnet Most common access method Insecure – SSH-encrypted !– The username command create the username and password for the SSH session Username cisco password cisco ip domain-name mydomain.com crypto key generate rsa ip ssh version 2 line vty 0 4 login local transport input ssh
Cisco Catalyst 2960 Series SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown}] SwitchX(config)#interface fa0/5 SwitchX(config-if)#switchport mode access SwitchX(config-if)#switchport port-security SwitchX(config-if)#switchport port-security maximum 1 SwitchX(config-if)#switchport port-security mac-address sticky SwitchX(config-if)#switchport port-security violation shutdown Configuring Port Security
SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression] SwitchX#show port-security interface fastethernet 0/5 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 20 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : Security Violation Count : 0 Verifying Port Security on the Catalyst 2960 Series
SwitchX#sh port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) Fa0/ Shutdown Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 SwitchX#sh port-security address Secure Mac Address Table Vlan Mac Address Type Ports Remaining Age (mins) dddd.eeee SecureConfigured Fa0/ Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Verifying Port Security on the Catalyst 2960 Series (Cont.)
Half Duplex (CSMA/CD) Unidirectional data flow Higher potential for collision Hub connectivity Full Duplex Point-to-point only Attached to dedicated switched port Requires full-duplex support on both ends Collision-free Collision detect circuit disabled Duplex Overview
Cisco Catalyst 2960 Series SwitchX(config)#interface fa0/1 SwitchX(config-if)#duplex {auto | full | half} Cisco Catalyst 2960 Series SwitchX(config)#interface fa0/1 SwitchX(config-if)#speed {10 | 100 | 1000 | auto} Setting Duplex and Speed Options
SwitchX#show interfaces fastethernet0/2 FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42) MTU 1500 bytes, BW Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input flow-control is unsupported output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:57, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec packets input, bytes, 0 no buffer Received broadcasts (0 multicast) 1 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, multicast, 0 pause input 0 input packets with dribble condition detected packets output, bytes, 0 underruns Showing Duplex Options
Router Configuration 16
Locating Cisco IOS Software
Using the boot system Command
Configuration Register Values The order in which the router looks for system bootstrap information depends on the Boot Field setting in the configuration register. You can change the default configuration register setting with the global configuration mode command config-register. Use a hexadecimal number as the argument for this command.
Identifying Boot Image Source
Software Components in Memory
Fields in the IOS Name
The confreg Command
The tftpdnld Command
Configuring Router Passwords
Enhanced Username Password Security router(config)# username name secret {[0] password | 5 encrypted-secret} Uses MD5 hashing for strong password protection Better than the type 7 encryption found in service password- encryption command Boston(config)#username rtradmin secret 0 CISCO Boston(config)#username rtradmin secret 5 cisco router(config)# username name password {[0] password | 7 hidden-password} Traditional user configuration with plaintext password
Configuring Banner Messages router(config)# banner {exec | incoming | login | motd | slip-ppp} d message d Specifies what is “proper use” of the system Specifies that the system is being monitored Specifies that privacy should not be expected when using this system Boston(config)#banner motd % WARNING: You are connected to $(hostname) on the Cisco Systems, Incorporated network. Unauthorized access and use of this network will be vigorously prosecuted. %
Configuring Router Identification
RouterX(config)#interface type number RouterX(config-if)# type includes serial, ethernet, token ring, fddi, hssi, loopback, dialer, null, async, atm, bri, tunnel, and so on number is used to identify individual interfaces RouterX(config-if)#exit Quits from current interface configuration mode RouterX(config)#interface type slot/port RouterX(config-if)# For modular routers, selects an interface Configuring an Interface
RouterX(config-if)# description string string is a comment or a description to help you remember what is attached to this interface. The maximum number of characters for the string argument is 238. Configuring an Interface Description
Configuring interface description Rick Grazi ani grazia abrillo.edu 31
RouterX#configure terminal RouterX(config)#interface serial 0 RouterX(config-if)#no shutdown %LINK-3-UPDOWN: Interface Serial0, changed state to up %LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up Enables an interface that is administratively shut down RouterX#configure terminal RouterX(config)#interface serial 0 RouterX(config-if)#shutdown %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down Administratively turns off an interface Disabling or Enabling an Interface
Configuring IP Addresses – Unique addressing allows communication between end stations – Path choice is based on destination address
Configuring Interfaces Router(config-if)#exit Router(config)#interface serial 0 Router(config-if)#ip add Router(config-if)#clock rate (only if DCE) Router(config-if)#no shutdown Rick Grazi ani grazia abrillo.edu 34
Configuring an SSH Server for Secure Management and Reporting Austin2#configure terminal Austin2(config)#ip domain-name cisco.com Austin2(config)#crypto key generate rsa general-keys modulus 1024 Sept 22 13:20:45: %SSH-5-ENABLED: SSH 1.5 has been enabled Austin2(config)#ip ssh timeout 120 Austin2(config)#ip ssh authentication-retries 4 Austin2(config)#line vty 0 4 Austin2(config-line)#no transport input telnet Austin2(config-line)#transport input ssh Austin2(config-line)#end 1.Configure the IP domain name 2.Generate the RSA keys 3.Configure the SSH timeout interval 4.Configure the SSH retries 5.Disable vty inbound Telnet sessions 6.Enable vty inbound SSH sessions
Configuring a Static Default Route – The CPE can use a static default route to reach all remote destinations. ip route interface number router(config)#
Host name resolution Router# ping Router# ping Auckland Router# telnet Router# telnet Beirut Router# traceroute Router# traceroute Capetown Rick Grazi ani grazia abrillo.edu 37 The Cisco IOS software maintains a cache of host name-to-address mappings for use by EXEC commands. This cache speeds up the process of converting names to addresses. Host names, unlike DNS names, are significant only on the router on which they are configured. (DNS is also an option – later)
Host name resolution This does not make the router a DNS (Domain Name Server). This command does not turn your router into a DNS server. This command does not effect packets entering your router to be routed. This only affects the IOS commands entered at the router prompt. Multiple ip addresses can be entered in case one interface is down. It is usually a good idea to use the same list of names on all your router configs. Rick Grazi ani grazia abrillo.edu 38 Router(config)# ip host SantaCruz Configuring Multiple IP Addresses
Configuring host tables Rick Grazi ani grazia abrillo.edu 39
show and debug Commands
Considerations When Using debug Commands – May generate output in a variety of formats that may not identify the problem – Require high overhead, possibly disrupting network device operation – Useful for obtaining information about network traffic and router status
Commands Related to debug service timestamps debug datetime msec RouteX(config)# Adds a time stamp to a debug or log message no debug all RouteX# Disables all debug commands show processes RouteX# Displays the CPU utilization for each process RouteX# terminal monitor Displays debug output on your current vty session