cisco router & switch configuration 1. configuration modes: global configuration mode...

Cisco Router & Switch Configuration

1

Configuration modes: Global configuration mode

– SwitchX#configure terminal

– SwitchX(config)#

Interface configuration mode

– SwitchX(config)#interface fa0/1

– SwitchX(config-if)#

Configuring the Switch

Configuring Switch Identification

• Sets the local identity for the switch

Example:SwitchX(config)#interface vlan 1

SwitchX(config-if)#ip address 10.5.5.11 255.255.255.0

SwitchX(config-if)#no shutdown

Note: It is necessary to use the no shutdown command to make the interface operational.

SwitchX(config)#interface vlan 1

SwitchX(config-if)#ip address {ip address} {mask}

Configuring the Switch IP Address

SwitchX(config)#ip default-gateway 172.20.137.1

Example:

SwitchX(config)#ip default-gateway {ip address}

Configuring the Switch Default Gateway

Saving Configurations

Copies the current configuration to NVRAM

SwitchX#

SwitchX#copy running-config startup-config

Destination filename [startup-config]?

Building configuration…

SwitchX#

Configuring a Switch Password

Configuring the Login Banner

– Defines and enables a customized banner to be displayed before the username and password login prompts.

SwitchX# banner login " Access for authorized users only. Please enter your

username and password. "

Telnet vs. SSH Access

– Telnet• Most common access method• Insecure

– SSH-encrypted

!– The username command create the username and password for the SSH session

Username cisco password cisco

ip domain-name mydomain.com

crypto key generate rsa

ip ssh version 2

line vty 0 4

login local

transport input ssh

Cisco Catalyst 2960 Series

SwitchX(config-if)#switchport port-security [ mac-address mac-address | mac-address sticky [mac-address] | maximum value | violation {restrict | shutdown}]

SwitchX(config)#interface fa0/5

SwitchX(config-if)#switchport mode access

SwitchX(config-if)#switchport port-security

SwitchX(config-if)#switchport port-security maximum 1

SwitchX(config-if)#switchport port-security mac-address sticky

SwitchX(config-if)#switchport port-security violation shutdown

Configuring Port Security

SwitchX#show port-security [interface interface-id] [address] [ | {begin | exclude | include} expression]SwitchX#show port-security interface fastethernet 0/5

Port Security              : Enabled

Port Status                : Secure-up

Violation Mode             : Shutdown

Aging Time                 : 20 mins

Aging Type                 : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses      : 1

Total MAC Addresses        : 1

Configured MAC Addresses   : 0

Sticky MAC Addresses       : 0

Last Source Address        : 0000.0000.0000

Security Violation Count   : 0

Verifying Port Security on the Catalyst 2960 Series

SwitchX#sh port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

--------------------------------------------------------------------------

Fa0/5 1 1 0 Shutdown

---------------------------------------------------------------------------

Total Addresses in System (excluding one mac per port) : 0

Max Addresses limit in System (excluding one mac per port) : 1024

SwitchX#sh port-security address

Secure Mac Address Table

-------------------------------------------------------------------

Vlan Mac Address Type Ports Remaining Age

(mins)

---- ----------- ---- ----- -------------

1 0008.dddd.eeee SecureConfigured Fa0/5 -

-------------------------------------------------------------------

Total Addresses in System (excluding one mac per port) : 0

Max Addresses limit in System (excluding one mac per port) : 1024

Verifying Port Security on the Catalyst 2960 Series (Cont.)

Half Duplex (CSMA/CD)

Unidirectional data flow

Higher potential for collision

Hub connectivity

Full Duplex

Point-to-point only

Attached to dedicated switched port

Requires full-duplex support on both ends

Collision-free

Collision detect circuit disabled

Duplex Overview

Cisco Catalyst 2960 Series

SwitchX(config)#interface fa0/1

SwitchX(config-if)#duplex {auto | full | half}

Cisco Catalyst 2960 Series

SwitchX(config)#interface fa0/1

SwitchX(config-if)#speed {10 | 100 | 1000 | auto}

Setting Duplex and Speed Options

SwitchX#show interfaces fastethernet0/2

FastEthernet0/2 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0008.a445.9b42 (bia 0008.a445.9b42)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Half-duplex, 10Mb/s

input flow-control is unsupported output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:57, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

323479 packets input, 44931071 bytes, 0 no buffer

Received 98960 broadcasts (0 multicast)

1 runts, 0 giants, 0 throttles

1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 36374 multicast, 0 pause input

0 input packets with dribble condition detected

1284934 packets output, 103121707 bytes, 0 underruns

Showing Duplex Options

Router Configuration

16

Locating Cisco IOS Software

Using the boot system Command

Configuration Register Values

The order in which the router looks for system bootstrap information depends on the Boot Field setting in the configuration register. You can change the default configuration register setting with the global configuration mode command config-register. Use a hexadecimal number as the argument for this command.

Identifying Boot Image Source

Software Components in Memory

Fields in the IOS Name

The confreg Command

The tftpdnld Command

Configuring Router Passwords

Enhanced Username Password Security

router(config)#

username name secret {[0] password | 5 encrypted-secret}

• Uses MD5 hashing for strong password protection

• Better than the type 7 encryption found in service password-encryption command

Boston(config)#username rtradmin secret 0 CISCO

Boston(config)#username rtradmin secret 5 cisco

router(config)#

username name password {[0] password | 7 hidden-password}

• Traditional user configuration with plaintext password

Configuring Banner Messagesrouter(config)#

banner {exec | incoming | login | motd | slip-ppp}d message d

• Specifies what is “proper use” of the system

• Specifies that the system is being monitored

• Specifies that privacy should not be expected when using this system

Boston(config)#banner motd %WARNING: You are connected to $(hostname) on the Cisco Systems, Incorporated network. Unauthorized access and use of this network will be vigorously prosecuted. %

Configuring Router Identification

RouterX(config)#interface type number

RouterX(config-if)#

type includes serial, ethernet, token ring, fddi, hssi, loopback, dialer, null, async, atm, bri, tunnel, and so on

number is used to identify individual interfaces

RouterX(config-if)#exit

Quits from current interface configuration mode

RouterX(config)#interface type slot/port

RouterX(config-if)#

For modular routers, selects an interface

Configuring an Interface

RouterX(config-if)# description string

string is a comment or a description to help you remember what is attached to this interface.

The maximum number of characters for the string argument is 238.

Configuring an Interface Description

Configuring interface description

Rick Graziani graziani@cabrillo.ed

u

31

RouterX#configure terminal

RouterX(config)#interface serial 0

RouterX(config-if)#no shutdown

%LINK-3-UPDOWN: Interface Serial0, changed state to up

%LINEPROTO-5-UPDOWN: Line Protocol on Interface Serial0, changed state to up Enables an interface that is administratively shut down

RouterX#configure terminal

RouterX(config)#interface serial 0

RouterX(config-if)#shutdown

%LINK-5-CHANGED: Interface Serial0, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down Administratively turns off an interface

Disabling or Enabling an Interface

Configuring IP Addresses

– Unique addressing allows communication between end stations

– Path choice is based on destination address

Configuring Interfaces

Router(config-if)#exit

Router(config)#interface serial 0

Router(config-if)#ip add 172.16.10.1 255.255.255.0

Router(config-if)#clock rate 64000 (only if DCE)

Router(config-if)#no shutdown

Rick Graziani graziani@cabrillo.ed

u

34

Configuring an SSH Server forSecure Management and

Reporting•Austin2#configure terminalAustin2(config)#ip domain-name cisco.comAustin2(config)#crypto key generate rsa general-keys modulus 1024

•Sept 22 13:20:45: %SSH-5-ENABLED: SSH 1.5 has been enabled

•Austin2(config)#ip ssh timeout 120Austin2(config)#ip ssh authentication-retries 4Austin2(config)#line vty 0 4Austin2(config-line)#no transport input telnetAustin2(config-line)#transport input sshAustin2(config-line)#end

1. Configure the IP domain name2. Generate the RSA keys3. Configure the SSH timeout interval4. Configure the SSH retries5. Disable vty inbound Telnet sessions6. Enable vty inbound SSH sessions

Configuring a Static Default Route

– The CPE can use a static default route to reach all remote destinations.

ip route 0.0.0.0 0.0.0.0 interface number

router(config)#

Host name resolution

Router# ping 172.16.32.1Router# ping Auckland

Router# telnet 192.168.53.1Router# telnet Beirut

Router# traceroute 192.168.89.1Router# traceroute Capetown

Rick Graziani graziani@cabrillo.ed

u

37

• The Cisco IOS software maintains a cache of host name-to-address mappings for use by EXEC commands.

• This cache speeds up the process of converting names to addresses.

• Host names, unlike DNS names, are significant only on the router on which they are configured. (DNS is also an option – later)

Host name resolution

• This does not make the router a DNS (Domain Name Server).• This command does not turn your router into a DNS server.• This command does not effect packets entering your router to be routed.• This only affects the IOS commands entered at the router prompt.• Multiple ip addresses can be entered in case one interface is down.• It is usually a good idea to use the same list of names on all your router

configs.

Rick Graziani graziani@cabrillo.ed

u

38

Router(config)# ip host SantaCruz 172.16.32.1 192.168.53.1

Configuring Multiple IP Addresses

Configuring host tables

Rick Graziani graziani@cabrillo.ed

u

39

show and debug Commands

Considerations When Using debug Commands

– May generate output in a variety of formats that may not identify the problem

– Require high overhead, possibly disrupting network device operation

– Useful for obtaining information about network traffic and router status

Commands Related to debug

service timestamps debug datetime msec

RouteX(config)#

Adds a time stamp to a debug or log message

no debug all

RouteX#

Disables all debug commands

show processes

RouteX#

Displays the CPU utilization for each process

RouteX#

terminal monitor

Displays debug output on your current vty session