routers configuration
TRANSCRIPT
-
7/28/2019 Routers Configuration
1/25
1
Routers
S. E Training
-
7/28/2019 Routers Configuration
2/25
2
Router Function Routers are responsible for interconnecting networks by selecting the
best path for a packet to travel and forwarding packets to their
destination A router connects multiple networks.
This means that it has multiple interfaces that each belong to a differentIP network.
When a router receives an IP packet on one interface, it determineswhich interface to use to forward the packet onto its destination.
The interface that the router uses to forward the packet may be thenetwork of the final destination of the packet (the network with thedestination IP address of this packet), or it may be a network connected toanother router that is used to reach the destination network.
Routers are the network center
-Routers generally have 2 connections:-WAN connection (Connection to ISP)
-LAN connection
-
7/28/2019 Routers Configuration
3/25
3
Routers determine the best path
Routers examine a packets destination IP address and
determine the best path by enlisting the aid of a routing table
-
7/28/2019 Routers Configuration
4/25
4
Router Components
CPU - Executes operating system instructions
such as system initialization, routing functions, and switching functions.Random access memory (RAM) -RAM stores the instructions and data neededto be executed by the CPU. RAM is used to store these components:
Operating System: The Cisco IOS (Internetwork Operating System) is copiedinto RAM during bootup.
Running Configuration File: This is the configuration file that stores the
configuration commands that the router IOS is currently using.IP Routing Table: This file stores information about directly connected andremote networks. It is used to determine the best path to forward the packet.
ARP Cache: This cache contains the IPv4 address to MAC addressmappings, similar to the ARP cache on a PC. The ARP cache is used onrouters that have LAN interfaces such as Ethernet interfaces.
Packet Buffer: Packets are temporarily stored in a buffer when received on aninterface or before they exit an interface.
RAM is volatile memory and loses its content when the router is powered down orrestarted.
-
7/28/2019 Routers Configuration
5/25
5
Read-only memory (ROM) - Holds diagnostic software usedwhen router is powered up. Stores the routers bootstrapprogram.
ROM is a form of permanent storage.
Cisco devices use ROM to store:
The bootstrap instructionsBasic diagnostic software
Scaled-down version of IOS
ROM uses firmware, which is software that is embedded inside theintegrated circuit.
Firmware includes the software that does not normally need tobe modified or upgraded, such as the bootup instructions.
ROM does not lose its contents when the router loses poweror is restarted.
Router Components
-
7/28/2019 Routers Configuration
6/25
6
Non-volatile RAM (NVRAM) - Stores startup configuration. This may include IPaddresses (Routing protocol, Hostname of router)
NVRAM (Nonvolatile RAM) does not lose its information when power is turned off. This is incontrast to the most common forms of RAM, such as DRAM, that requires continual power tomaintain its information.
NVRAM is used by the Cisco IOS as permanent storage for the startup configuration file.
All configuration changes are stored in the running-config file in RAM, and with fewexceptions, are implemented immediately by the IOS.
To save those changes in case the router is restarted or loses power, the running-config
must be copied to NVRAM, where it is stored as the startup-config file. NVRAM retains itscontents even when the router reloads or is powered off.
Flash memory - Contains the operating system (Cisco IOS)
In most models of Cisco routers, the IOS is permanently stored in flashmemory and copied into RAM during the bootup process, where it is thenexecuted by the CPU.
Flash consists of SIMMs or PCMCIA cards, which can be upgraded to
increase the amount of flash memory.Interfaces - There exist multiple physical interfaces that are used to connect network.
Examples of interface types:
-Ethernet / fast Ethernet interfaces
-Serial interfaces
-Management interfaces
Router Components
-
7/28/2019 Routers Configuration
7/257
Router Internetwork Operating System (IOS)
The operating system software used in Cisco routers is known as CiscoInternetwork Operating System (IOS).
Cisco IOS is a multitasking operating system that is integrated with routing,switching, internetworking, and telecommunications functions.
Although the Cisco IOS may appear to be the same on many routers,there are many different IOS images.
An IOS image is a file that contains the entire IOS for that router. Ciscocreates many different types of IOS images, depending upon the model ofthe router and the features within the IOS.
Typically the more features in the IOS, the larger the IOS image, andtherefore, the more flash and RAM that is required to store and load the IOS.
Although some routers provide a graphical user interface (GUI), thecommand line interface (CLI) is a much more common method ofconfiguring Cisco routers.
Upon bootup, the startup-config file in NVRAM is copied into RAMand stored as the running-config file.
IOS executes the configuration commands in the running-config. Anychanges entered by the network administrator are stored in the running-config and are immediately implemented by the IOS.
-
7/28/2019 Routers Configuration
8/258
Router boot-up process
Major phases to the router boot-up process
Step 1 and 2: Test router hardwarePower-On Self Test (POST)
During this self-test, the router executesdiagnostics from ROM on several hardwarecomponents including the CPU, RAM, andNVRAM
Execute bootstrap loader
The main task of the bootstrap program isto locate the Cisco IOS and load it intoRAM.
Note: At this point, if you have a consoleconnection to the router, you will begin tosee output on the screen.
Step 3 and 4: Locate & load Cisco IOS software
-Locate IOS and Load IOS
The IOS is typically stored in flashmemory, but can also be stored in other
places such as a TFTP server.If a full IOS image can not be located, ascaled-down version of the IOS is copiedfrom ROM into RAM. This version of IOS isused to help diagnose any problems andcan be used to load a complete version ofthe IOS into RAM.
Note: A TFTP server is usually used as abackup server for IOS but it can also be
used as a central point for storing andloading the IOS.
-
7/28/2019 Routers Configuration
9/259
Step 5 and 6: Locate & load startup configuration file or enter setupmode
-After the IOS is loaded, the bootstrap program searches forthe startup configuration file, known as startup-config, inNVRAM. This parameters including:
interface addresses
routing information
passwords
any other configurations
If the startup-config, is located in NVRAM, it is copied intoRAM as the running-config.
The IOS loads the commands in the file, one line at atime.
If the startup configuration file does not exist in NVRAM, the
router may search for a TFTP server. If the router detects that it has an active link to anotherconfigured router, it sends a broadcast searching for aconfiguration file across the active link. You will eventuallysee message like the following one:
%Error opening tftp://255.255.255.255/network-confg(Timed out)
%Error opening tftp://255.255.255.255/cisconet.cfg(Timed out)
Router boot-up process
-
7/28/2019 Routers Configuration
10/2510
Locate & load startup configuration file or enter setupmode
Enter Setup Mode (Optional). If the startupconfiguration file can not be located, the routerprompts the user to enter setup mode.
Setup mode is a series of questions promptingthe user for basic configuration information.Setup mode is not intended to be used to entercomplex router configurations, and it is notcommonly used by network administrators.
When booting a router that does not contain astartup configuration file, you will see the followingquestion after the IOS has been loaded:
Would you like to enter the initial configurationdialog? [yes/no]: no
Setup mode will not be used in this courseto configure the router. When prompted toenter setup mode, always answer no. If youanswer yes and enter setup mode, you canpress Ctrl-C at any time to terminate thesetup process.
When setup mode is not used, the IOS creates adefault running-config.
The default running-config is a basicconfiguration file that includes the routerinterfaces, management interfaces, and certaindefault information.
The default running-config does not contain anyinterface addresses, routing information,
passwords, or other specific configurationinformation.
Router boot-up process
-
7/28/2019 Routers Configuration
11/2511
Router boot-up process
-
7/28/2019 Routers Configuration
12/2512
Router Management Ports
Routers have physical connectors that areused to manage the router. These connectorsare known as management ports.
Unlike Ethernet and serial interfaces,management ports are not used for packetforwarding.
The most common management port is the
console port.The console port is used to connect a terminal,or most often a PC running terminal emulatorsoftware, to configure the router without theneed for network access to that router.
The console port must be used during initialconfiguration of the router.
Another management port is the auxiliary port.Not all routers have auxiliary ports.
At times the auxiliary port can be used in wayssimilar to a console port. It can also be used toattach a modem.
Auxiliary ports will not be used in thiscurriculum.
-
7/28/2019 Routers Configuration
13/2513
Routers Interfaces
Router Interface is a physical connector thatenables a router to send or receive packets
Each interface connects to a separate network
different IP network
Typically, the interfaces connect to various
types of networks, which means that differenttypes of media and connectors are required.Types of router interfaces:
-Ethernet
-Fastethernet
-Serial
-DSL
-ISDN
-Cable
-
7/28/2019 Routers Configuration
14/2514
Routers determine the best path PC1 operates at all seven layers, encapsulating the data and sending the frame out as a stream
of encoded bits to R1, its default gateway.
R1 receives the stream of encoded bits on its interface. The bits are decoded and passed up toLayer 2, where R1 decapsulates the frame. The router examines the destination address of thedata link frame to determine if it matches the receiving interface, including a broadcast ormulticast address. If there is a match with the data portion of the frame, the IP packet is passedup to Layer 3, where R1 makes its routing decision. R1 then re-encapsulates the packet into anew Layer 2 data link frame and forwards it out the outbound interface as a stream of encodedbits.
R2 receives the stream of bits, and the process repeats itself. R2 decapsulates the frame andpasses the data portion of the frame, the IP packet, to Layer 3 where R2 makes its routing
decision. R2 then re-encapsulates the packet into a new Layer 2 data link frame and forwards itout the outbound interface as a stream of encoded bits.
This process is repeated once again by router R3, which forwards the IP packet, encapsulatedinside a data link frame and encoded as bits, to PC2.
-
7/28/2019 Routers Configuration
15/2515
Configure Devices and Apply Addresses
-
7/28/2019 Routers Configuration
16/2516
Configure Devices and Apply Addresses
Router>
Router>enable
Router#
Router#config t
Router(config)#enable secret class
Router(config)#enable password cisco
Router(config)#hostname R1
R1(config)#
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
-
7/28/2019 Routers Configuration
17/2517
Configure Devices and Apply Addresses
Configuring a Banner
From the global configuration mode, configure themessage-of-the-day (motd) banner. A delimitingcharacter, such as a "#" is used at the beginning andat the end of the message. The delimiter allows you to
configure a multiline banner, as shown here.
R1(config)#banner motd #
Enter TEXT message. End with the character '#'.
******************************************
WARNING!! Unauthorized Access Prohibited!!
******************************************
#
Configuring an appropriate banner is part of a goodsecurity plan. At a very minimum, a banner shouldwarn against unauthorized access. Never configure abanner that "welcomes" an unauthorized user.
-
7/28/2019 Routers Configuration
18/2518
Limiting Device Access Enable and Enable Secret Passwords
To provide additional security, use enable password
orenable secret command to establishauthentication before accessing privileged EXEC(enable) mode.
Always use the enable secret command, not the olderenable password command, if possible.
The following commands are used to set the
passwords:Router(config)#enable password password
Router(config)#enable secret password
If no enable password or enable secret password isset, the IOS prevents privileged EXEC access from a
Telnet session.Without an enable password having been set, a Telnetsession would appear this way:
Switch>enable
% No password set
Switch>
-
7/28/2019 Routers Configuration
19/2519
Limiting Device Access Enable and Enable Secret Passwords
Example of enable password and enable secret:
-
7/28/2019 Routers Configuration
20/2520
Limiting Device Access VTY Password
The vty lines allow access to a router via Telnet.
By default, many Cisco devices support 5 VTY lines that arenumbered 0 to 4.
A password needs to be set for all available vty lines.
The same password can be set for all connections.
However, it is often desirable that a unique password be set forone line to provide a fall-back for administrative entry to thedevice if the other connections are in use.
The following commands are used to set a password:
Router(config)#line vty 0 4
Router(config-line)#password password
Router(config-line)#login
By default, the IOS includes the login command on the VTY
lines. This prevents Telnet access to the device without firstrequiring authentication.
If, by mistake, the no login command is set, which removes therequirement for authentication, unauthorized persons couldconnect to the line using Telnet. This would be a major securityrisk.
-
7/28/2019 Routers Configuration
21/2521
Encrypting Password Display
Another useful command prevents passwords from
showing up as plain text when viewing theconfiguration files.
This is the service password-encryption command.
This command causes the encryption of passwords tooccur when a password is configured.
The service password-encryption command applies
weak encryption to all unencrypted passwords.
This encryption does not apply to passwords as they aresent over media only in the configuration.
The purpose of this command is to keep unauthorizedindividuals from viewing passwords in the configurationfile.
Once the encryption has been applied, removing theencryption service does not reverse the encryption.
-
7/28/2019 Routers Configuration
22/2522
Configure Devices and Apply Addresses
R1(config)#interface Serial0/0/0
R1(config-if)#ip address 192.168.2.1 255.255.255.0
R1(config-if)#description Ciruit#VBN32696-123 (help desk:1-800-555-1234)
R1(config-if)#no shutdown
R1(config-if)#clock rate 64000
Note: When cabling a point-to-point serial link in our lab environment, one end ofthe cable is marked DTE and the other end is marked DCE.
The router that has the DCE end of the cable connected to its serial interface willneed the additional clock rate command configured on that serial interface.
This step is only necessary in a lab environment
-
7/28/2019 Routers Configuration
23/2523
Configure Devices and Apply Addresses
the FastEthernet interface needs to be configured
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#description R1 LAN
R1(config-if)#no shutdown
-
7/28/2019 Routers Configuration
24/25
24
Configure Devices and Apply Addresses
Verify Basic Router Configuration
-Issue the show running-configcommand
displays the current running configuration that is stored in RAM.
-Issuing the copy running-config startup-configcommand
Save the basic router configuration-Additional commands that will enable you to further verifyrouter configuration are:
Show startup-config - Displays configuration file NVRAM
Show IP route - Displays routing table
Show interfaces - Displays all interface configurations
Show IP int brief- Displays abbreviated interfaceconfiguration information
-
7/28/2019 Routers Configuration
25/25
Routing Table Structure The network/exit-interface association can also represent the destination network
address of the IP packet.
A directly connected network is a network that is directly attached to one of therouter interfaces.
A remote network is a network that is not directly connected to the router.