Ch.3 – Configuring a Router CCNA 1 version 3.0
Overview Students completing this module should be able to: Name a router Set passwords Examine show commands Configure a serial interface Configure an Ethernet interface Execute changes to a router Save changes to a router Configure an interface description Configure a message-of-the-day banner Configure host tables Understand the importance of backups and documentation
CLI command modes Router#configure terminal Router(config)#
exit end Using exit, end and Control-Z
Router>ena Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#? Configure commands: aaa Authentication, Authorization and Acc.. access-list Add an access list entry alias Create command alias appletalk Appletalk global configuration commands arap Appletalk Remote Access Protocol arp Set a static ARP entry Router(config)#exit 00:03:20: %SYS-5-CONFIG_I: Configured from console by con Router# Router(config)#interface interface Router(config-if)#exit Router(config)#router routing-protocol Router(config-router)#exit Router(config)#exit Router# Message each time you exit “global configuration mode” Must be in privileged mode Using exit, end and Control-Z
Router# conf t (abbreviated) Router(config)# router protocol Router(config-router)# (commands) Router(config-router)# exit Router(config)# exit Router# Router(config)# interface type port Router(config-if)# (commands) Router(config-if)# end (or Control-Z) Router# Using exit, end and Control-Z
Configuring a router name Router#config t Router(config)#hostname Tokyo Tokyo(config)# Lab 12-1: Command Mode and Router Identification: Page 244
Configuring router passwords Not recommended, clear text Router(config)#enable secret Use this command instead, password is encryped Encrypts the passwords above, but…
WARNING service password-encryption uses a Cisco Level 7 encryption which is very easy to decrypt. For the GetPass! software However, the enable secret uses a stronger encryption method and cannot be easily hacked. service password-encryption command
Doesn’t work for enable secret! More later! enable secret command Lab 12-2: Configuring Router Passwords. Page 247
Router Passwords Used in the Cisco Lab Privilege Password cisco Console password conpass VTY 0 4 password vtypass Auxiliary auxpass
Examining the show commands show interfaces – Displays all the statistics for all the interfaces on the router. To view the statistics for a specific interface, enter the show interfaces command followed by the specific interface and port number. show controllers serial – Displays information-specific to the interface hardware show clock – Shows the time set in the router show hosts – Displays a cached list of host names and addresses show users – Displays all users who are connected to the router show history – Displays a history of commands that have been entered show flash – Displays information about flash memory and what IOS files are stored there show version – Displays information about the router and the IOS that is running in RAM show ARP – Displays the ARP table of the router show protocol – Displays the global and interface specific status of any configured Layer 3 protocols show startup-configuration – Displays the saved configuration located in NVRAM s how running-configuration – Displays the configuration currently running in RAM
Router>show interface ethernet 0 Ethernet0 is administratively down, line protocol is down, using hub 0 Hardware is Lance, address is b3a.cf84 (bia b3a.cf84) MTU 1500 bytes, BW Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 01:05:35, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 input packets with dribble condition detected 63 packets output, bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router> Status MAC Address Routing metric information (later) Data link encapsulation (Ethernet-II) ARP cache entries timer show interfaces command
Examining the show commands We will log into a router and examine some of the show commands. Lab 12-3: Using Router Show Commands, Page 251
Configuring a serial interface Router(config)#interface serial 0/0 Router(config-if)#ip address Configuring an IP Address on an interface…
show ip interface command A serial interface will not show “up” and “up” unless both ends are properly configured (mostly) and the no shutdown command is used. If one router’s configuration looks okay, check the other router’s configuration. Router# show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet YES manual up up Serial YES manual administratively down down What is wrong here? The administrator has either done a “shutdown” on the interface or has forgotten to do a “no shutdown”.
Lab Real world On serial links that are directly interconnected, as in a lab environment, one side must be considered a DCE and provide a clocking signal. The clock is enabled and speed is specified with the clock rate command. Router(config)#interface serial 0/0 Router(config-if)#clock rate Router(config-if)#no shutdown Configuring a serial interface
RouterB(config)#inter serial 1 RouterB(config-if)#clock rate ? Speed (bits per second) Choose clockrate from list above RouterB(config-if)#clock rate RouterB(config-if)# RouterB DCE cable RouterA DTE cable Configuring a serial interface
How can you tell which end is the DTE and which end is the DCE? Look at the label on the cable. Look at the connecter between the two cables - The DTE cable will always be male and the DCE cable will always be female. DTE CableDCE Cable Configuring a serial interface
RouterA#show controllers serial 0 HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8 buffer size 1524 HD unit 0, V.35 DTE cable cpb = 0x62, eda = 0x403C, cda = 0x4050 RX ring with 16 entries at 0x bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22 RouterB#show controllers serial 0 buffer size 1524 HD unit 0, V.35 DCE cable, clockrate cpb = 0x62, eda = 0x408C, cda = 0x40A0 RX ring with 16 entries at 0x bd_ptr=0x4000 pak=0x0F2F04 ds=0x status=80 pak_size=22 RouterB DCE cable RouterA DTE cable How can you tell which end is the DTE and which end is the DCE? Use the show controllers command! It will also tell you the type of cable, in our labs we will be using a V.35 cable. This is one of few commands where there must be a space between the interface type and the port. Configuring a serial interface
Please be very careful when connecting the male and female V.35 cables together AND when connecting the serial cable to the router! They only connect ONE WAY! Be sure the two ends match! Don’t force it! This end up! (The wider end is up.) Configuring a serial interface Lab 12-4: Configuring a Serial Interface, Page 256
Configuring an Ethernet Interface
Interface descriptions RouterB#show inter e 0 Serial0 is up, line protocol is up Hardware is HD64570 Description: Engineering LAN, Bldg. 18 Internet address is /24
Gateway(config)#inter e 0 Gateway(config-if)#description LAN interface for Marketing Gateway(config-if)#end Gateway# Gateway#show run Building configuration... ! interface Ethernet0 description LAN interface for Marketing no ip address no ip directed-broadcast shutdown Gateway#show interface ethernet 0 Ethernet0 is administratively down, line protocol is down Hardware is Lance, address is c34.9ebb (bia c34.9ebb) Description: LAN interface for Marketing MTU 1500 bytes, BW Kbit, DLY 1000 usec, rely 252/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Gateway#copy run start Destination filename [startup-config]? Building configuration... Gateway# Don’t forget this or next time router reboots these changes will be lost! Interface descriptions
Configuring interface description Lab 12-5: Configuring an Ethernet Interface, Page 260
Importance of configuration standards In order to manage a network, there must be a centralized support standard. Configuration, security, performance, and other issues must be adequately addressed for the network to function smoothly. Creating standards for network consistency helps reduce network complexity, the amount of unplanned downtime, and exposure to events that may have an impact on network performance.
running-config IOS (running) startup-configIOS ios (partial) Bootup program Executing adds, moves, and changes
Router#show startup-config % Non-volatile configuration memory is not present Router#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ip subnet-zero ! interface Ethernet0 no ip address no ip directed-broadcast shutdown ! interface Serial0 no ip address no ip directed-broadcast shutdown No startup-config file in NVRAM Default running-config file, created in RAM Executing adds, moves, and changes
The running-config The configuration file contains global, process, and interface information that directly affects the operation of the router and its interface ports. All changes to the router are made to the running-config file and take affect immediately on the router (with just a couple of exceptions). –IP address –Routing Protocols –Router’s Name –etc. Router#show running-config Building configuration... Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ip subnet-zero ! interface Ethernet0 no ip address no ip directed-broadcast shutdown Executing adds, moves, and changes
startup-config RAM running-config During bootup Changes to the router are automatically put in the running-config file. If the router loses power or reboots, everything in RAM is lost including the running- config file. To make sure the changes to the router’s configuration remain saved, you must copy the running-config from RAM into the startup-config into NVRAM: Router# copy running-config startup-config copy running-config startup-config
Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... Router#show startup-config ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! ip subnet-zero ! interface Ethernet0 no ip address no ip directed-broadcast shutdown ! The startup-config file now identical to running-config and the router will also have these changes if the router reboots. copy running-config startup-config
Router# copy running-config startup-config Or Router# copy running startup OR Router# copy run start OR Any usage of the command or parameters, so that they are still uniquely recognizable. WARNING Using an incorrect configuration file name could overwrite the router’s IOS in flash, as the router believes you are trying to copy a blank file into flash. Router#copy running-config start-up **** NOTICE **** Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation ******** ---- Proceed? [confirm]^C %Copy cancelled by user request. Router# Incorrect file name! Press C copy running-config startup-config
Router# copy running-config startup-config Or Router# copy running startup OR Router# copy run start OR Any usage of the command or parameters, so that they are still uniquely recognizable. WARNING This is also incorrect, and will overwrite the startup-config with a blank file. Router#copy runningconfig startup-config Destination filename [startup-config]? ?Bad filename Router# Incorrect file name! Press C copy running-config startup-config
show startup-config show running-config These commands can only be done in privilege mode because they display password information. 1 Displaying the config files
Executing adds, moves, and changes Mistake: Should be: copy start run
Reinforcing What We Learned Lab 12-6: Making configuration Changes, Page 262 Lab 12-7: Configuring Interface Descriptions, Page 266
Login banners and Configuring message- of-the-day (MOTD) Wording is not the same, but you get the idea.
Router(config)#hostname Gateway Gateway(config)# Gateway(config)#banner motd # Enter TEXT message. End with the character '#'. Warning! Stay away! # Gateway(config)#end Gateway#exit Press RETURN to get started. Warning! Stay away! User Access Verification Password: Gateway#show run Building configuration... ! hostname Gateway ! ! banner motd ^C Warning! Stay away! ^C Delimiter always shows as “^C” MOTD (Message Of The Day) Prompt changes Login banners and Configuring message- of-the-day (MOTD) Lab 12-8: Configuring Message of the Day, Page 269
Host name resolution Router# ping Router# ping Auckland Router# telnet Router# telnet Beirut Router# traceroute Router# traceroute Capetown The Cisco IOS software maintains a cache of host name-to-address mappings for use by EXEC commands. This cache speeds up the process of converting names to addresses. Host names, unlike DNS names, are significant only on the router on which they are configured. (DNS is also an option – later)
Host name resolution This does not make the router a DNS (Domain Name Server). This command does not turn your router into a DNS server. This command does not effect packets entering your router to be routed. This only affects the IOS commands entered at the router prompt. Multiple ip addresses can be entered in case one interface is down. It is usually a good idea to use the same list of names on all your router configs. Router(config)# ip host SantaCruz Configuring Multiple IP Addresses
Configuring host tables
If you are not using the services of a DNS server, it is best to disable this process. DNS (Domain Name Service) is enabled by default with a server address of , which is a local broadcast. If enabled, with no DNS server on the network, may cause a slight, but irritable delay when making typing mistakes. Lab 12-9: Configuring Host Tables, Page 271 Router(config)# ip domain-lookup Router#wreh Translating "wreh"...domain server ( ) (Takes a few seconds) Router(config)# no ip domain-lookup Router#wreh Translating "wreh" % Unknown command or computer name, or unable to find computer address
Configuration backup and documentation Configuration files should be stored as backup files in the event of a problem. Configuration files can be stored on a network server, on a TFTP server, or on a disk stored in a safe place.
Copying, editing, and pasting configurations A TFTP server will allow image and configuration uploads and downloads over the network. The TFTP server can be another router, or it can be a host system.
The TFTP host can be any system that has TFTP software loaded and operating and able to receive files from the TCP/IP network. Copying, editing, and pasting configurations
RAM IOS (running) running-config startup-config IOS copy startup-config tftp copy tftp startup-config copy running-config tftp copy tftp running-config copy flash tftp copy tftp flash Copying, editing, and pasting configurations
Troubleshooting: Be sure you can ping the TFTP server.
When using Windows, the TFTP server software must be running. The copy can be performed from the console port or from a telnet session. The telnet session can be performed on the same computer where the TFTP server is running (or to a different computer). Router# copy flash tftp TFTP Software and Servers
TFTP software either comes free with the OS (Linux/Unix) or can be downloaded for free. TFTP Software and Servers
Just double click on the shortcut… Remember, TFTP is “Trivial” FTP: –No authentication –No login –No choice for directory –Uses UDP and verified via a TFTP checksum (not TCP ACKs) Managing Configuration Files with TFTP, Page 323 TFTP Software and Servers
Summary (1/2) The router has several modes: User EXEC mode Privileged EXEC mode Global configuration mode Other configuration modes The command-line interface may be used to make changes to the configuration: Setting the hostname Setting passwords Configuring interfaces Modifying configurations Showing configurations
Summary (2/2) An understanding of the following key points should have been achieved: Configuration standards are key elements in the success of any organization maintaining an efficient network. Interface descriptions can include important information to help network administrators understand and troubleshoot their networks. Login banners and messages-of-the-day provide users with information upon login to the router. Host name resolutions translate names to IP addresses to allow the router to quickly convert names to addresses. Configuration backup and documentation is extremely important to keep a network operating smoothly.