This chapter provides information and commands concerning the following topics: • Configuring a router, specifically: — Names — Passwords — Interfaces — MOTD banners — IP host tables — Saving and erasing your configurations • show commands to verify the router configurations Router Modes TIP: There are other modes than these. Not all commands work in all modes. Be careful. If you type in a command that you know is correct—show run, for example—and you get an error, make sure that you are in the correct mode. Router> User mode Router# Privileged mode Router(config)# Global configuration mode Router(config-if)# Interface mode Router(config-subif)# Subinterface mode Router(config-line)# Line mode Router(config-router)# Router configuration mode 18 Configuring Passwords Global Configuration Mode Configuring a Router Name This command works on both routers and switches. Configuring Passwords Works on both routers and switches. Router> Can see config, but not change Router# Can see config and move to make changes Router#config t Router(config)# Moves to global config mode This prompt indicates that you can start making changes Router(config)#hostname Cisco Name can be any word you choose Cisco(config)# Router(config)#enable password cisco Sets enable password Router(config)#enable secret class Sets enable secret password Router(config)#line con 0 Enters console-line mode Router(config-line)#password console Sets console-line mode password to console Router(config-line)#login Enables password checking at login Router(config)#line vty 0 4 Enters vty line mode for all 5 vty lines Router(config-line)#password telnet Sets vty password to telnet Router(config-line)#login Enables password checking at login show Commands 19 CAUTION: Enable secret password is encrypted by default. Enable password is not. For this reason, recommended practice is that you never use the enable password. Use only the enable secret password in a router configuration. CAUTION: You cannot set both enable secret and enable password to the same password. Doing so defeats the use of encryption. Password Encryption CAUTION: If you have turned on service password encryption, used it, and then turned it off, any passwords that you have encrypted will stay encrypted. New passwords will remain unencrypted show Commands Router(config)#line aux 0 Enters auxiliary line mode Router(config-line)#password backdoor Sets auxiliary line mode password to backdoor Router(config-line)#login Enables password checking at login Router(config)#service passwordencryption Applies a weak encryption to passwords Router(config)#enable password cisco Sets enable password to cisco Router(config)#line con 0 … Router(config-line)#password Cisco Continue setting passwords as above … Router(config)#no service passwordencryption Turns off password encryption Router#show ? Lists all show commands available Router#show interfaces Displays statistics for all interfaces Router#show interface serial 0 Displays statistics for a specific interface, in this case Serial 0 Router#show ip interface brief Displays a summary of all interfaces, including status and IP address assigned 20 Interface Names Interface Names One of the biggest problems that new administrators face is the names of the interfaces on the different models of routers. The following chart lists the names of the Ethernet, Fast Ethernet, and Serial interfaces on the 2500, 1700, and 2600 series of routers. Router#show controllers serial 0 Displays statistics for interface hardware. Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached Router#show clock Displays time set on device Router#show hosts Displays local host-to-IP address cache. These are the names and addresses of hosts on the network to which you can connect Router#show users Displays all users connected to device Router#show history Displays history of commands used Router#show flash Displays info about Flash memory Router#show version Displays info about loaded software version Router#show arp Displays the ARP table Router#show protocols Displays status of configured Layer 3 protocols Router#show startup-config Displays configuration saved in NVRAM Router#show running-config Displays configuration currently running in RAM Fixed Interfaces (2500 Series) Modular (Removable) Interfaces (1700 Series) Modular (Removable) Interfaces (2600 Series) Router(config)#int erface type port Router(config)#interf ace type port Router(config)#interface type slot/port Router(config)#int serial0 (s0) Router(config)#interf ace serial 0 Router(config)#int serial 0/0 (s0/0) Router(config)#int ethernet 0 (e0) Router(config)#interf ace fastethernet 0 Router(config)#int fastethernet 0/0 (fa0/0) Configuring an Ethernet/Fast Ethernet Interface 21 Moving Between Interfaces What happens in Column 1 is the same thing as is occurring in Column 2. Configuring a Serial Interface TIP: The clock rate command is used only on a serial interface that has a DCE cable plugged into it. There must be a clock rate set on every serial link between routers. It does not matter which router has the DCE cable plugged into it, or which interface the cable is plugged into. Serial 0 on one router can be plugged into Serial 1 on another router. Configuring an Ethernet/Fast Ethernet Interface Router(config)#int s0 Router(config)#int s0 Moves to interface S0 mode Router(config-if)#exit Router(config-if)#int e0 In int S0, move to E0 Router(config)#int e0 Router(config-if)# In E0 mode now Router(config-if)# Prompt does not change; be careful Router(config)#int s0/0 Moves to interface Serial 0/0 mode Router(config-if)#description Link to ISP Optional descriptor of the link is locally significant Router(config-if)#ip address 192.168.10.1 255.255.255.0 Assigns address and subnet mask to interface Router(config-if)#clock rate 56000 Assigns a clock rate for the interface Router(config-if)#no shut Turns interface on Router(config)#int fa0/0 Moves to Fast Ethernet 0/0 interface mode Router(config-if)#description Accounting LAN Optional descriptor of the link is locally significant 22 Assigning a Local Host Name to an IP Address Creating a MOTD Banner Setting the Clock Time Zone Assigning a Local Host Name to an IP Address TIP: The default port number in the ip host command is 23, or Telnet. If you want to Telnet to a device, just enter the IP host name itself: Router#london = Router#telnet london = Router#telnet 172.16.1.3 Router(config-if)#ip address 192.168.20.1 255.255.255.0 Assigns address and subnet mask to interface Router(config-if)#no shut Turns interface on Router(config)#banner motd # This is a secure system. Authorized Personnel Only! # Router(config)# # is known as a delimiting character. The delimiting character must surround the banner message and can be any character so long as it is not a character used within the body of the message Router(config)#clock timezone EST –5 Sets the time zone for display purposes. Based on coordinated universal time (Eastern Standard Time is 5 hours behind UTC) Router(config)#ip host london 172.16.1.3 Assigns a host name to the IP address. After this assignment, you can use the host name instead of an IP address when trying to Telnet or ping to that address Router#ping london = Router#ping 172.16.1.3 exec-timeout Command 23 no ip domain-lookup Command TIP: Ever type in a command incorrectly and left having to wait for a minute or two as the router tries to translate your command to a domain server of 255.255.255.255? The router is set by default to try to resolve any word that is not a command to a DNS server at address 255.255.255.255. If you are not going to set up DNS, turn this feature off to save you time as you type, especially if you are a poor typist. logging synchronous Command TIP: Ever try to type in a command and an informational line appears in the middle of what you were typing? Lose your place? Do not know where you are in the command, so you just press ® and start all over? The logging synchronous command will tell the router that if any informational items get displayed on the screen, your prompt and command line should be moved to a new line, so as not to confuse you. The informational line does not get inserted into the middle of the command you are trying to type. If you were to continue typing, the command would execute properly, even though it looks wrong on the screen exec-timeout Command Router(config)#no ip domain-lookup Router(config)# Turns off trying to automatically resolve an unrecognized command to a local host name Router(config)#line con 0 Router(config-line)#logging synchronous Turns on synchronous logging. Information items sent to console will not interrupt the command you are typing. The command will be moved to a new line Router(config)#line con 0 Router(config-line)#exec-timeout 0 0 Sets time limit when console automatically logs off. Set to 0 0 (minutes seconds) means console never logs off Router(config-line)# 24 Configuration Example: Basic Router Configuration TIP: exec-timeout 0 0 is great for a lab because the console never logs out. This is very dangerous in the real world (bad security). Saving Configurations Erasing Configurations TIP: Running-config is still in dynamic memory. Reload the router to clear the running-config. Configuration Example: Basic Router Configuration Figure 3-1 shows the network topology for the configuration that follows, which shows a basic router configuration using the commands covered in this chapter. Figure 3-1 Network Topology for Basic Router Configuration Router#copy run start Saves the running-config to local NVRAM Router#copy run tftp Saves the running-config remotely to TFTP server Router#erase start Deletes the startup-config file from NVRAM Boston Router Router>en Enters privileged mode Router#clock set 18:30:00 15 Nov 2004 Sets local time on router Router#config t Enters global config mode Boston Network 172.16.10.0/24 Network 172.16.20.0/24 Network 172.16.30.0/24 fa0/0 fa0/0 172.16.20.1 172.16.10.10 s0/0 172.16.10.1 172.16.30.1 172.16.30.30 DCE s0/1 172.16.20.2 Buffalo Configuration Example: Basic Router Configuration 25 Router(config)#hostname Boston Sets router name to Boston Boston(config)#no ip domain-lookup Turns off name resolution on unrecog-nized commands (spelling mistakes) Boston(config)#banner motd # This is the Boston Router. Authorized Access Only # Creates an MOTD banner Boston(config)#clock timezone EST –5 Sets time zone to Eastern Standard Time (–5 from UTC) Boston(config)#enable secret cisco Enable secret password set to cisco Boston(config)#service password-encryption Passwords will be given weak encryption Boston(config)#line con 0 Enters line console mode Boston(config-line)#logging sync Commands will not be interrupted by unsolicited messages Boston(config-line)#password class Sets password to class Boston(config-line)#login Enables password checking at login Boston(config-line)#line vty 0 4 Moves to virtual Telnet lines 0 through 4 Boston(config-line)#password class Sets password to class Boston(config-line)#login Enables password checking at login Boston(config-line)#line aux 0 Moves to line auxiliary mode Boston(config-line)#password class Sets password to class Boston(config-line)#login Enables password checking at login Boston(config-line)#exit Moves back to global config mode 26 Configuration Example: Basic Router Configuration Boston(config)#no service passwordencryption Turns off password encryption Boston(config)#int fa 0/0 Moves to Fast Ethernet 0/0 mode Boston(config-if)#desc Engineering LAN Sets locally significant description of the interface Boston(config-if)#ip address 172.16.10.1 255.255.255.0 Assigns IP address and subnet mask to the interface Boston(config-if)#no shut Turns on the interface Boston(config-if)#int s0/0 Moves directly to Serial 0/0 mode Boston(config-if)#desc Link to Buffalo Router Sets locally significant description of the interface Boston(config-if)#ip address 172.16.20.1 255.255.255.0 Assigns IP address and subnet mask to the interface Boston(config-if)#clock rate 56000 Sets a clock rate for serial transmission (DCE cable must be plugged into this interface) Boston(config-if)#no shut Turns on the interface Boston(config-if)#exit Moves back to global config mode Boston(config)#ip host buffalo 172.16.20.2 Sets a local host name resolution to IP address 172.16.20.2 Boston(config)#exit Moves back to privileged mode Boston#copy run start Saves running-config to
