routers configuration

7/28/2019 Routers Configuration

1/25

1

Routers

S. E Training


2/25

2

Router Function Routers are responsible for interconnecting networks by selecting the

best path for a packet to travel and forwarding packets to their

destination A router connects multiple networks.

This means that it has multiple interfaces that each belong to a differentIP network.

When a router receives an IP packet on one interface, it determineswhich interface to use to forward the packet onto its destination.

The interface that the router uses to forward the packet may be thenetwork of the final destination of the packet (the network with thedestination IP address of this packet), or it may be a network connected toanother router that is used to reach the destination network.

Routers are the network center

-Routers generally have 2 connections:-WAN connection (Connection to ISP)

-LAN connection


3/25

3

Routers determine the best path

Routers examine a packets destination IP address and

determine the best path by enlisting the aid of a routing table


4/25

4

Router Components

CPU - Executes operating system instructions

such as system initialization, routing functions, and switching functions.Random access memory (RAM) -RAM stores the instructions and data neededto be executed by the CPU. RAM is used to store these components:

Operating System: The Cisco IOS (Internetwork Operating System) is copiedinto RAM during bootup.

Running Configuration File: This is the configuration file that stores the

configuration commands that the router IOS is currently using.IP Routing Table: This file stores information about directly connected andremote networks. It is used to determine the best path to forward the packet.

ARP Cache: This cache contains the IPv4 address to MAC addressmappings, similar to the ARP cache on a PC. The ARP cache is used onrouters that have LAN interfaces such as Ethernet interfaces.

Packet Buffer: Packets are temporarily stored in a buffer when received on aninterface or before they exit an interface.

RAM is volatile memory and loses its content when the router is powered down orrestarted.


5/25

5

Read-only memory (ROM) - Holds diagnostic software usedwhen router is powered up. Stores the routers bootstrapprogram.

ROM is a form of permanent storage.

Cisco devices use ROM to store:

The bootstrap instructionsBasic diagnostic software

Scaled-down version of IOS

ROM uses firmware, which is software that is embedded inside theintegrated circuit.

Firmware includes the software that does not normally need tobe modified or upgraded, such as the bootup instructions.

ROM does not lose its contents when the router loses poweror is restarted.

Router Components


6/25

6

Non-volatile RAM (NVRAM) - Stores startup configuration. This may include IPaddresses (Routing protocol, Hostname of router)

NVRAM (Nonvolatile RAM) does not lose its information when power is turned off. This is incontrast to the most common forms of RAM, such as DRAM, that requires continual power tomaintain its information.

NVRAM is used by the Cisco IOS as permanent storage for the startup configuration file.

All configuration changes are stored in the running-config file in RAM, and with fewexceptions, are implemented immediately by the IOS.

To save those changes in case the router is restarted or loses power, the running-config

must be copied to NVRAM, where it is stored as the startup-config file. NVRAM retains itscontents even when the router reloads or is powered off.

Flash memory - Contains the operating system (Cisco IOS)

In most models of Cisco routers, the IOS is permanently stored in flashmemory and copied into RAM during the bootup process, where it is thenexecuted by the CPU.

Flash consists of SIMMs or PCMCIA cards, which can be upgraded to

increase the amount of flash memory.Interfaces - There exist multiple physical interfaces that are used to connect network.

Examples of interface types:

-Ethernet / fast Ethernet interfaces

-Serial interfaces

-Management interfaces

Router Components


7/257

Router Internetwork Operating System (IOS)

The operating system software used in Cisco routers is known as CiscoInternetwork Operating System (IOS).

Cisco IOS is a multitasking operating system that is integrated with routing,switching, internetworking, and telecommunications functions.

Although the Cisco IOS may appear to be the same on many routers,there are many different IOS images.

An IOS image is a file that contains the entire IOS for that router. Ciscocreates many different types of IOS images, depending upon the model ofthe router and the features within the IOS.

Typically the more features in the IOS, the larger the IOS image, andtherefore, the more flash and RAM that is required to store and load the IOS.

Although some routers provide a graphical user interface (GUI), thecommand line interface (CLI) is a much more common method ofconfiguring Cisco routers.

Upon bootup, the startup-config file in NVRAM is copied into RAMand stored as the running-config file.

IOS executes the configuration commands in the running-config. Anychanges entered by the network administrator are stored in the running-config and are immediately implemented by the IOS.


8/258

Router boot-up process

Major phases to the router boot-up process

Step 1 and 2: Test router hardwarePower-On Self Test (POST)

During this self-test, the router executesdiagnostics from ROM on several hardwarecomponents including the CPU, RAM, andNVRAM

Execute bootstrap loader

The main task of the bootstrap program isto locate the Cisco IOS and load it intoRAM.

Note: At this point, if you have a consoleconnection to the router, you will begin tosee output on the screen.

Step 3 and 4: Locate & load Cisco IOS software

-Locate IOS and Load IOS

The IOS is typically stored in flashmemory, but can also be stored in other

places such as a TFTP server.If a full IOS image can not be located, ascaled-down version of the IOS is copiedfrom ROM into RAM. This version of IOS isused to help diagnose any problems andcan be used to load a complete version ofthe IOS into RAM.

Note: A TFTP server is usually used as abackup server for IOS but it can also be

used as a central point for storing andloading the IOS.


9/259

Step 5 and 6: Locate & load startup configuration file or enter setupmode

-After the IOS is loaded, the bootstrap program searches forthe startup configuration file, known as startup-config, inNVRAM. This parameters including:

interface addresses

routing information

passwords

any other configurations

If the startup-config, is located in NVRAM, it is copied intoRAM as the running-config.

The IOS loads the commands in the file, one line at atime.

If the startup configuration file does not exist in NVRAM, the

router may search for a TFTP server. If the router detects that it has an active link to anotherconfigured router, it sends a broadcast searching for aconfiguration file across the active link. You will eventuallysee message like the following one:

%Error opening tftp://255.255.255.255/network-confg(Timed out)

%Error opening tftp://255.255.255.255/cisconet.cfg(Timed out)



10/2510

Locate & load startup configuration file or enter setupmode

Enter Setup Mode (Optional). If the startupconfiguration file can not be located, the routerprompts the user to enter setup mode.

Setup mode is a series of questions promptingthe user for basic configuration information.Setup mode is not intended to be used to entercomplex router configurations, and it is notcommonly used by network administrators.

When booting a router that does not contain astartup configuration file, you will see the followingquestion after the IOS has been loaded:

Would you like to enter the initial configurationdialog? [yes/no]: no

Setup mode will not be used in this courseto configure the router. When prompted toenter setup mode, always answer no. If youanswer yes and enter setup mode, you canpress Ctrl-C at any time to terminate thesetup process.

When setup mode is not used, the IOS creates adefault running-config.

The default running-config is a basicconfiguration file that includes the routerinterfaces, management interfaces, and certaindefault information.

The default running-config does not contain anyinterface addresses, routing information,

passwords, or other specific configurationinformation.



11/2511



12/2512

Router Management Ports

Routers have physical connectors that areused to manage the router. These connectorsare known as management ports.

Unlike Ethernet and serial interfaces,management ports are not used for packetforwarding.

The most common management port is the

console port.The console port is used to connect a terminal,or most often a PC running terminal emulatorsoftware, to configure the router without theneed for network access to that router.

The console port must be used during initialconfiguration of the router.

Another management port is the auxiliary port.Not all routers have auxiliary ports.

At times the auxiliary port can be used in wayssimilar to a console port. It can also be used toattach a modem.

Auxiliary ports will not be used in thiscurriculum.


13/2513

Routers Interfaces

Router Interface is a physical connector thatenables a router to send or receive packets

Each interface connects to a separate network

different IP network

Typically, the interfaces connect to various

types of networks, which means that differenttypes of media and connectors are required.Types of router interfaces:

-Ethernet

-Fastethernet

-Serial

-DSL

-ISDN

-Cable


14/2514

Routers determine the best path PC1 operates at all seven layers, encapsulating the data and sending the frame out as a stream

of encoded bits to R1, its default gateway.

R1 receives the stream of encoded bits on its interface. The bits are decoded and passed up toLayer 2, where R1 decapsulates the frame. The router examines the destination address of thedata link frame to determine if it matches the receiving interface, including a broadcast ormulticast address. If there is a match with the data portion of the frame, the IP packet is passedup to Layer 3, where R1 makes its routing decision. R1 then re-encapsulates the packet into anew Layer 2 data link frame and forwards it out the outbound interface as a stream of encodedbits.

R2 receives the stream of bits, and the process repeats itself. R2 decapsulates the frame andpasses the data portion of the frame, the IP packet, to Layer 3 where R2 makes its routing

decision. R2 then re-encapsulates the packet into a new Layer 2 data link frame and forwards itout the outbound interface as a stream of encoded bits.

This process is repeated once again by router R3, which forwards the IP packet, encapsulatedinside a data link frame and encoded as bits, to PC2.


15/2515

Configure Devices and Apply Addresses


16/2516


Router>

Router>enable

Router#

Router#config t

Router(config)#enable secret class

Router(config)#enable password cisco

Router(config)#hostname R1

R1(config)#

R1(config)#line console 0

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#exit

R1(config)#line vty 0 4

R1(config-line)#password cisco

R1(config-line)#login

R1(config-line)#exit


17/2517


Configuring a Banner

From the global configuration mode, configure themessage-of-the-day (motd) banner. A delimitingcharacter, such as a "#" is used at the beginning andat the end of the message. The delimiter allows you to

configure a multiline banner, as shown here.

R1(config)#banner motd #

Enter TEXT message. End with the character '#'.

******************************************

WARNING!! Unauthorized Access Prohibited!!

******************************************

#

Configuring an appropriate banner is part of a goodsecurity plan. At a very minimum, a banner shouldwarn against unauthorized access. Never configure abanner that "welcomes" an unauthorized user.


18/2518

Limiting Device Access Enable and Enable Secret Passwords

To provide additional security, use enable password

orenable secret command to establishauthentication before accessing privileged EXEC(enable) mode.

Always use the enable secret command, not the olderenable password command, if possible.

The following commands are used to set the

passwords:Router(config)#enable password password

Router(config)#enable secret password

If no enable password or enable secret password isset, the IOS prevents privileged EXEC access from a

Telnet session.Without an enable password having been set, a Telnetsession would appear this way:

Switch>enable

% No password set

Switch>


19/2519

Limiting Device Access Enable and Enable Secret Passwords

Example of enable password and enable secret:


20/2520

Limiting Device Access VTY Password

The vty lines allow access to a router via Telnet.

By default, many Cisco devices support 5 VTY lines that arenumbered 0 to 4.

A password needs to be set for all available vty lines.

The same password can be set for all connections.

However, it is often desirable that a unique password be set forone line to provide a fall-back for administrative entry to thedevice if the other connections are in use.

The following commands are used to set a password:

Router(config)#line vty 0 4

Router(config-line)#password password

Router(config-line)#login

By default, the IOS includes the login command on the VTY

lines. This prevents Telnet access to the device without firstrequiring authentication.

If, by mistake, the no login command is set, which removes therequirement for authentication, unauthorized persons couldconnect to the line using Telnet. This would be a major securityrisk.


21/2521

Encrypting Password Display

Another useful command prevents passwords from

showing up as plain text when viewing theconfiguration files.

This is the service password-encryption command.

This command causes the encryption of passwords tooccur when a password is configured.

The service password-encryption command applies

weak encryption to all unencrypted passwords.

This encryption does not apply to passwords as they aresent over media only in the configuration.

The purpose of this command is to keep unauthorizedindividuals from viewing passwords in the configurationfile.

Once the encryption has been applied, removing theencryption service does not reverse the encryption.


22/2522


R1(config)#interface Serial0/0/0

R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#description Ciruit#VBN32696-123 (help desk:1-800-555-1234)

R1(config-if)#no shutdown

R1(config-if)#clock rate 64000

Note: When cabling a point-to-point serial link in our lab environment, one end ofthe cable is marked DTE and the other end is marked DCE.

The router that has the DCE end of the cable connected to its serial interface willneed the additional clock rate command configured on that serial interface.

This step is only necessary in a lab environment


23/2523


the FastEthernet interface needs to be configured

R1(config)#interface FastEthernet0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#description R1 LAN

R1(config-if)#no shutdown


24/25

24


Verify Basic Router Configuration

-Issue the show running-configcommand

displays the current running configuration that is stored in RAM.

-Issuing the copy running-config startup-configcommand

Save the basic router configuration-Additional commands that will enable you to further verifyrouter configuration are:

Show startup-config - Displays configuration file NVRAM

Show IP route - Displays routing table

Show interfaces - Displays all interface configurations

Show IP int brief- Displays abbreviated interfaceconfiguration information


25/25

Routing Table Structure The network/exit-interface association can also represent the destination network

address of the IP packet.

A directly connected network is a network that is directly attached to one of therouter interfaces.

A remote network is a network that is not directly connected to the router.

routers configuration

Documents