Initial Router Configurations: This post shows how to configure the router initially from router
boot process to optimizing router for best user experience to securing routers console and telnet ports.
I am using GNS3 and router 2691 image in gns3.
Initial Router Boot Process : Router boot Process consist of
1> POST : Power On Self Test
2> Booting IOS (operationg system of cisco devices) from routers flash memory.
3> Initial Configuration Setup : I basically prefer not to set up router from initial config
When you chose no to initial config dialog router will enter into user mode which is designated as
Router> This mode is known as user mode, you can do ?
For the commands you can enter in this mode. you can only use very general show commands
from this mode.
Router>?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
modemui Start a modem-like user interface
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
resume Resume an active network connection
rlogin Open an rlogin connection
show Show running system information
slip Start Serial-line IP (SLIP)
ssh Open a secure shell client connection
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
telnet Open a telnet connection
terminal Set terminal line parameters
tn3270 Open a tn3270 connection
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
To Enter into privilege mode do
Router>en
Router# In this mode you can do some show commands, copy commands to save your
running-configuration to your routers startup configuration
To enter to the main configuration mode do
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# (This is the main mode for configuring basically everything in the router)
So lets start configuring the router
How to change the hostname of router
Router(config)#hostname testrouter
testrouter(config)#
here above you can see the change in hostname from default hostname Router to testrouter
How to configure log on banner on router
testrouter(config)#banner motd *
Enter TEXT message. End with the character '*'.
Personal Router Unauthorized access Restricted
*
Above motd means message of the day and this banner is displayed at first log on.
You have to enter the same Character at the start and end of each motd in this case it is *.
Below you can see how the banner is displayed
testrouter con0 is now available
Press RETURN to get started.
*Mar 1 00:24:00.555: %SYS-5-CONFIG_I: Configured from console by console
Personal Router Unauthorized access Restricted
How to Secure the console login of router : ( When you connect your router to P.C with console cable,
this console password is required)
testrouter(config)#line console 0
testrouter(config-line)#password cisco
testrouter(config-line)#login (The opposite of login i.e no login will not ask for password when loggin
through console of the router , which can be very risky)
How to secure telnet login of the router : This will secure the login when telneting from the remote P.C
testrouter(config)#line vty 0 ?
<1-935> Last Line number
The above command shows that this router supports 936 vty ports (virtual tele terminal i.e 936 connections )
testrouter(config)#line vty 0
testrouter(config-line)#line vty 0 4
testrouter(config-line)#login
% Login disabled on line 66, until 'password' is set
% Login disabled on line 67, until 'password' is set
% Login disabled on line 68, until 'password' is set
% Login disabled on line 69, until 'password' is set
% Login disabled on line 70, until 'password' is set
testrouter(config-line)#password test
The commands allows the telnet login for vty 0 4 and requires password test to enter
to the router through telnet.
How to secure privelege/enable mode on router : This configuration will ask for the password
when entering from the user mode to privilege mode
testrouter(config)#enable secret test
testrouter(config)#exit
testrouter#exit
Below shows how this router asks for the password
testrouter con0 is now available
Press RETURN to get started.
*Mar 1 00:37:34.707: %SYS-5-CONFIG_I: Configured from console by console
Personal Router Unauthorized access Restricted
User Access Verification
Password:
testrouter>en
Password:
testrouter#
How to optimize router for best user experience:
Below command should be entered both for line console and for line vty, I will be showing in console,
you can do the same in line vty
testrouter(config)#line co
testrouter(config)#line console 0
testrouter(config-line)#log
testrouter(config-line)#logg
testrouter(config-line)#logging sy
testrouter(config-line)#logging synchronous
loggin synchronous will keep the status messages from interrupting what you are typing
testrouter(config-line)#exec-timeout 20 0 : exec timeout will give the timeout interval i.e here if
no command is typed for 20 minutes the router will throw the user to user mode
Thank You,
In my next post of cisco basics I'll be configuring interfaces. Hope this will be informative for you
How to Configure Interface on Routers :
There may be various kinds of interfaces on the router like fastethernet, serial etc, but for all the
interface, configuration are basically similar. I am going to show you here the commands
for configuring the most popular interfaces i.e fastethernet and serial
testrouter#show ip interface brief (This command will show you all the interface, configured ip address,
interface status, protocol status etc)
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
If you want more detailed description then you can do
testrouter#show interfaces ( This will show you detailed view of the interfaces like MTU size,
Encapsulation on the interface, Erros etc which will be discussed later on other topics.)
you can also do
testrouter#show interfaces fastEthernet 0/0
for detailed configuration of specific interfaces.
To configure interface goto the interface in your routers
testrouter#config t
testrouter(config)#interface fastEthernet 0/0
testrouter(config-if)#ip address 192.168.1.20 255.255.255.0
testrouter(config-if)#no shutdown
*Mar 1 00:07:17.667: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:07:18.667: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0
changed state to up
testrouter(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.20 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
As you can see from the above that now FastEthernet0/0 is configured with ip address 192.168.1.20 and its status and protocol are both up. Any time you see status up but protocol down then it means the interface is administratively down and you have to issue no shutdown commands on the interface. If status is down then you have to check your physical connection as Status deals with physical layer. By the way , you can use show commands from any mode, but you have to use it with do.
boot process to optimizing router for best user experience to securing routers console and telnet ports.
I am using GNS3 and router 2691 image in gns3.
Initial Router Boot Process : Router boot Process consist of
1> POST : Power On Self Test
2> Booting IOS (operationg system of cisco devices) from routers flash memory.
3> Initial Configuration Setup : I basically prefer not to set up router from initial config
When you chose no to initial config dialog router will enter into user mode which is designated as
Router> This mode is known as user mode, you can do ?
For the commands you can enter in this mode. you can only use very general show commands
from this mode.
Router>?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
modemui Start a modem-like user interface
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
resume Resume an active network connection
rlogin Open an rlogin connection
show Show running system information
slip Start Serial-line IP (SLIP)
ssh Open a secure shell client connection
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
telnet Open a telnet connection
terminal Set terminal line parameters
tn3270 Open a tn3270 connection
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
To Enter into privilege mode do
Router>en
Router# In this mode you can do some show commands, copy commands to save your
running-configuration to your routers startup configuration
To enter to the main configuration mode do
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# (This is the main mode for configuring basically everything in the router)
So lets start configuring the router
How to change the hostname of router
Router(config)#hostname testrouter
testrouter(config)#
here above you can see the change in hostname from default hostname Router to testrouter
How to configure log on banner on router
testrouter(config)#banner motd *
Enter TEXT message. End with the character '*'.
Personal Router Unauthorized access Restricted
*
Above motd means message of the day and this banner is displayed at first log on.
You have to enter the same Character at the start and end of each motd in this case it is *.
Below you can see how the banner is displayed
testrouter con0 is now available
Press RETURN to get started.
*Mar 1 00:24:00.555: %SYS-5-CONFIG_I: Configured from console by console
Personal Router Unauthorized access Restricted
How to Secure the console login of router : ( When you connect your router to P.C with console cable,
this console password is required)
testrouter(config)#line console 0
testrouter(config-line)#password cisco
testrouter(config-line)#login (The opposite of login i.e no login will not ask for password when loggin
through console of the router , which can be very risky)
How to secure telnet login of the router : This will secure the login when telneting from the remote P.C
testrouter(config)#line vty 0 ?
<1-935> Last Line number
The above command shows that this router supports 936 vty ports (virtual tele terminal i.e 936 connections )
testrouter(config)#line vty 0
testrouter(config-line)#line vty 0 4
testrouter(config-line)#login
% Login disabled on line 66, until 'password' is set
% Login disabled on line 67, until 'password' is set
% Login disabled on line 68, until 'password' is set
% Login disabled on line 69, until 'password' is set
% Login disabled on line 70, until 'password' is set
testrouter(config-line)#password test
The commands allows the telnet login for vty 0 4 and requires password test to enter
How to secure privelege/enable mode on router : This configuration will ask for the password
testrouter(config)#enable secret test
testrouter(config)#exit
testrouter#exit
Below shows how this router asks for the password
testrouter con0 is now available
Press RETURN to get started.
*Mar 1 00:37:34.707: %SYS-5-CONFIG_I: Configured from console by console
Personal Router Unauthorized access Restricted
User Access Verification
Password:
testrouter>en
Password:
testrouter#
How to optimize router for best user experience:
Below command should be entered both for line console and for line vty, I will be showing in console,
testrouter(config)#line co
testrouter(config)#line console 0
testrouter(config-line)#log
testrouter(config-line)#logg
testrouter(config-line)#logging sy
testrouter(config-line)#logging synchronous
loggin synchronous will keep the status messages from interrupting what you are typing
testrouter(config-line)#exec-timeout 20 0 : exec timeout will give the timeout interval i.e here if
Thank You,
In my next post of cisco basics I'll be configuring interfaces. Hope this will be informative for you
How to Configure Interface on Routers :
There may be various kinds of interfaces on the router like fastethernet, serial etc, but for all the
testrouter#show ip interface brief (This command will show you all the interface, configured ip address,
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
If you want more detailed description then you can do
testrouter#show interfaces ( This will show you detailed view of the interfaces like MTU size,
you can also do
testrouter#show interfaces fastEthernet 0/0
for detailed configuration of specific interfaces.
To configure interface goto the interface in your routers
testrouter#config t
testrouter(config)#interface fastEthernet 0/0
testrouter(config-if)#ip address 192.168.1.20 255.255.255.0
testrouter(config-if)#no shutdown
*Mar 1 00:07:17.667: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:07:18.667: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0
testrouter(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.20 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
As you can see from the above that now FastEthernet0/0 is configured with ip address 192.168.1.20 and its status and protocol are both up. Any time you see status up but protocol down then it means the interface is administratively down and you have to issue no shutdown commands on the interface. If status is down then you have to check your physical connection as Status deals with physical layer. By the way , you can use show commands from any mode, but you have to use it with do.
No comments:
Post a Comment