Thursday, September 16, 2010

Router configuration

ISR - combines features such as routing and Lan switching functions, security, voice, WAN connections into a single device
- allows a network to be broken into multiple local networks using subnetting 
IP Base image – is the entry – level Cisco IOS image 
Items shipped with a new Cisco 1841 ISR include: 
  • RJ45 to DB9 console cable
  • DB9 to DB25 modem adapter
  • power cord
  • product registration card
  • safety information for Cisco 1841 routers
  • Router and Security Device Manager (SDM) Quick Start guide
  • Cisco 1800 Series Integrated Services Router (Modular) Quick Start guide
The router boot process has 3 stages: 
1.) Perform POST and load the bootstrap program
2.) Locate and load the Cisco IOS software
3.) Loacate and execute the startup configuration file or enter setup mode 
POST is used to test the router hardware 
Configuration file contains the previously saved configuration commands and parametes, interface addresses, routing information, passwords and other configuration parameters. 
Startup Configuration File
- is the saved configuration file that sets the properties of the device each time the device is powered up
- this file is stored in NVRAM (non volatile Ram) – it is saved even when power to the device is turned off 
Running Configuration File
- refers to the current configuration running in RAM on the device
- contains the commands used to determine how the device operates on the network
- it is stored in the working memory 
copy run start - saves the running configuration to the startup configuration file 
show version – can be used to verify and troubleshoot some of the basic hardware and software components
                            – contains:  
  • IOS version
  • Bootstrap version
  • IOS image file
  • Model and CPU
  • Amount of Ram
  • Number and type of interfaces
  • Amount of NVRAM
  • Amount of flash
  • Configuration register
rommon software – is a simple command set stored in read only memory (Rom) than can be used to troubleshoot boot errors and recover the router when the IOS is not present         ’ 
show startup-config – command to see if there is a boot system command that instructs the router to use a different location for the Cisco IOS image 
Methods to connect a PC to a network device to perform configuration and monitoring tasks: 
a.) Out-of-band Management
         – requires a computer to be directly connected to the console port or auxiliary port of the network device being configured
         – technicians use out-of-band management to initially configure a network device
         – is useful when the network connectivity is not functioning properly 
b.) In-band Management
         – monitor and make configuration changes to a network device over a network connection
         – at least one network interface on the device must be connected to a network and be operational 
 Cisco IOS command line interface is a text based program that enables entering and executing Cisco IOS commands to configure, monitor and maintain Cisco devices. 
SDM (Security Device Manager)
- SDM is a web based GUI device management tool
- can be used only for in-band management tasks
- SDM package includes:
          – configuring additional LAN and WAN connections
          – creating firewalls
          – configuring VPN connections
          – performing configuring tasks  
Best practices when installing a network device:  
  1. Obtain and document all information before beginning the configuration
  2. Create a network diagram showing how cables will be connected
  3. Create a checklist of configuration steps
  4. Verify the configuration using  a network simulator
  5. Update the network documentation and keep a copy in a safe place
 SDM Express – a tool that makes it easy to create a basic router configuration
- uses eight configuration screens: 
  • Overview
  • Basic Configuration
  • Lan IP Address
  • DHCP
  • Internet (WAN)
  • Firewall
  • Security Settings
  • Summary
 - after the initial configuration the router is available in the Lan 
- the router can also have a WAN connection, a firewall and up to 30 security enhancements configured 
1.) Basic Configuration
- host name – the name of the router
- domain name for the organization : eg. cisco.com
- username and password – used to access SDM Express to configure and monitor the router
- enable secret password – controls user access to the router (ability to use the CLI, Telnet, or the console ports). 
2.) Lan IP Address
- enable the router interface to participate on the connected network
- IP address – address for the Lan interface
- Subnet Mask
- Subnet bits
- Wireless parameters – if the router has a wireless interface 
3.) DHCP
- is a simple way to assign IP addresses to host devices
- to configure a device for DHCP select Enable DHCP server on the Lan interface
- starting IP address – the lowest in the range
- ending IP address – the highest in the range
- additional parameters : domain name, primary and secondary domain server
- “Use these DNS values for DHCP settings” – enables the DHCP server to assign DHCP clients with the configured DNS settings. 
4.) Internet (WAN)
- a serial connection can be used between networks that are separated by large geographic distances
- these Wan connections require a TSP – Telecommunications Service Provider
- Encapsulation: – HDLC – High level Data Link Control
                                  – Frame Relay
                                  – PPP (Point to point Protocol)
- Address type list: 
a.) Static IP address – enter the IP address and the subnet mask
b.) IP numbered – sets the serial interfaceto match the IP address of one of the other interfaces on the router
c.) IP negotiated – the router obtains an IP address automatically through PPP
d.) Easy IP (IP negotiated) – the router obtains an IP address automatically through PPP 
  • Configuring NAT using Cisco SDM
    - enabling NAT requires the use of SDM
    - steps for configuring NAT: – Enable NAT configuration using SDM
                                                              – Navigate through the Basic Nat Wizard
                                                              – Select the interface and set IP ranges
                                                              – Review Configuration

                    CLI Commands Modes  
a.) Router>  – User-mode Prompt (User EXEC mode) 
- used for obtaining information and troubleshooting using show, ping and traceroute 
b.) Router#  – Privileged-mode Prompt ( Privileged EXEC mode) 
Router#configure terminal – global configuration mode command 
c.) Router(config)# – any command entered in this field mode take effect immediately and can alter the operation of the device
- the administrator can enter other sub-modes 
Router#help – a brief description of the help system 
% – marks the beginning of an error message
     – % incomplete command
     – % invalid input detected 
^ – poins the mistake 
Show commands:  
  • show running-config
  • show interfaces
  •  show arp
  • show protocols
  • show ip route
  • show version
Basic Configuration 
a.) Set device name
         router(config)#hostname Bob
         Bob(config)# 
b.) Enable Password
         router(config)#enable password cisco 
c.) Enable Encrypted Password
        router(config)#enable secret class 
d.) Console password
         router(config)#line console 0
         router(config)#password cisco
         router(config)#login 
e.) Virtual terminal password
- when the device is accessed through the network, it is considered a vty connection
          router(config)#line vty 0 4
          router(config)#password cisco
          router(config)#login         
f.) Perform Password Encryption
         router(config)#service password-encryption 

Configuring an interface 
  Serial interfaces require a clock signal to control the timing of the communications, called a clock rate. DCE (Data Communications Equipment) devices, such as a modem or CSU/DSU provide the clock rate 
a.) Fast Ethernet 
router(config)#interface fastethernet 0/0
router(config-if)#description connection to Admin LAN
router(config-if)#ip address 192.168.2.1 255.255.255.0
router(config-if)#no shutdown
router(config-if)#exit 
b.) Serial 
router(config)#interface serial 0/0/0
router(config-if)#description connection to Router2
router(config-if)#ip address 192.168.1.125 255.255.255.0
router(config-if)#clock rate 64000
router(config-if)#noshutdown 
FastEthernet C/P – Controller/Port
Serial  C/S/P – Controller/Slot/Port 
Configuring the default route on a Cisco ISR:
router(config-if)#ip route 0.0.0.0 0.0.0.0 [next hop Ip address] or
router(config-if)#ip route 0.0.0.0 0.0.0.0 [interface type][number] 

Configuring DHCP services 
 
1.) Create a DHCP address pool
router(config-if)#ip dhcp pool LAN address  
2.) Specify the network or subnet
router(dhcp-config)#network 172.16.0.0 255.255.0.0 
3.) Exclude specific IP addresses
router(config)#ip dhcp excluded-address 172.16.1.100 etc 
4.) Specify the domain name
router(dhcp-config)#domain-name cisco.com 
5.) Specify the IP address of the DNS server
router(dhcp-config)#dns-server 172.16.1.103 172.16.2.103 
6.) Set the default gateway
router(dhcp-config)#default-router 172.16.1.100 
7.) Set the lease duration
router(dhcp-config)#lease {days [hours] [minutes]| infinite}
router(dhcp-config)#end 
8.) Verify connectivity
router#show running-config 
Configuring Static NAT 
Nat enables hosts with internal private addresses to communicate on the Internet. 
1.)Specify the inside interface
router(config)#interface fastethernet 0/0 
2.) Set the primary IP address of the inside interface
router(config-if)#ip address 172.31.232.182 255.255.255.0 
3.)Identify the inside interface using the ip nat inside command
router(config-if)#ip nat inside
router(config-if)#no shutdown
router(config-if)#exit 
  4.)Specify the outside interface
router(config)#interface serial 0/0  5.) Set the primary IP address of the outside interface
router(config-if)#ip address 209.165.201.1 255.255.255.252   6.)Identify the inside interface using the ip nat inside command
router(config-if)#ip nat inside
router(config-if)#no shutdown
router(config-if)#exit

7.)Define the static address translation
router(config)#ip nat inside source static 172.31.232.14
router(config)#exit
8.)Verify connectivity
router#show running-config

 Backing Up a Cisco Router Configuration
- saving a configuration: router#copy startup-config tfty
- restoring: router#copy tftp running-config
CPE -Customer Premises Equipment – network devices installed at the customer location (routers, modems, switchies)
  • configuration checklist – provides a list of theconfigured components
  • inventory checklist – used to verify that all necesarry equipment needed to install the router is present
  • installation checklist – created to ensure that equipment is installed appropriately
- documentation includes:
          – equipment configuration
          - diagrams of equipment installation
          – checklists
          – activity logs – used to track modifications and access to equipment
Types of serial WAN connections
a.) Point to point
  • is a predefined communications path from the cutomer premises through a TSP network
  • a dedicated circuit with fixed bandwidth available at all the time
  • are usually leased from the TSP
  • are typically the most expensive
  • example: T1 or E1 link
b.) Circuit-Switched
  • functions similarly to the way a phone call is made over a telephone network
  • example: ISDN or dial-up
c.) Packet-switched
  • networks have connections into the TSP switched network
  • example: Frame Relay

         Switchies
A switch is a device that diretcs a stream of messages from one port to another based on the destination MAC address within the frame.Performs Layer 2 functions: Data Link.
Cisco Catalyst 2960 Series Ethernet Switch
  • designed for the networks of medium-sized bussinesses and branch offices
  • are fixed-configuration, standalone devices that don`t support modules or flash card slots
  • can provide 10/100 Fast Ethernet and 10.100.1000 Gigabit Ethernet connectivity
  • use Cisco IOS software
  • can be configures using GUI or CLI
All switchies support both half-duplex or full-duplex mode. Both the port and the connected device must be set to the same suplex mode.
Ways to configure and manage a Cisco Lan switch:
  • Cisco Network Assistant
  • Cisco Device manager
  • Cisco IOS CLI
  • Cisco View
  • SNMP Products
The Cisco Catalyst 2960 switch comes preconfigures and only needs to be assigned basic security information before being connected to the network.
switch>enable
switch#conf t
switch(config)#interface vlan 1
switch(config-if)#ip address 192.168.1.1 255.255.255.0
switch(config-if)#noshutdown
switch(config-if)#exit
switch(config)#ip default-gateway 192.168.1.1
switch(config)#end
switch#copy running-config startup-config
Switchies provide a feature called port security.Port security limits the number of valid MAC addresses allowed per port.Three ways to configure port security:
1.)Static
S1#conf t
S1(config)#interface fastethernet 0/12
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security mac-address [mac-address]
S1(config-if)#end
2.)Dynamic
S1#conf t
S1(config)#interface fastethernet 0/12
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#end
3.)Sticky
-similar to dynamic, except that the addresses are also saved to the running configuration
S1#conf t
S1(config)#interface fastethernet 0/12
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security maximum 50
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#end
CDP (Cisco Discovery Protocol) - is an information gathering tool used on a switch or ISR to share information with other directly connected devices. Operates on Layer 2.
Neighbour – two Cisco devices that are directly connected on the same local network
Information gathered by CDP:
  • device identifiers
  • address list
  • port identifier
  • capabilities list
  • platform
CDP consumes bandwidth and impact network performance.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)