SlideShare ist ein Scribd-Unternehmen logo
1 von 69
Downloaden Sie, um offline zu lesen
Router Components

     Bootstrap – stored in ROM microcode – brings router up
     during initialisation, boots router and loads the IOS.

     POST – Power On Self Test - stored in ROM microcode –
     checks for basic functionality of router hardware and
     determines which interfaces are present

     ROM Monitor – stored in ROM microcode – used for
     manufacturing, testing and troubleshooting

      Mini-IOS – a.k.a RXBOOT/boot loader by Cisco – small IOS
     ROM used to bring up an interface and load a Cisco IOS into
     flash memory from a TFTP server; can also do a few other
     maintenance operations

Cisco Router Configuration                       AfNOG 2003 / Track 2 # 1
Router Components

      RAM – holds packet buffers, ARP cache, routing table,
     software and data structure that allows the router to function;
     running-config is stored in RAM, as well as the decompressed
     IOS in later router models
      ROM – starts and maintains the router
      Flash memory – holds the IOS; is not erased when the router is
     reloaded; is an EEPROM [Electrically Erasable Programmable
     Read-Only Memory] created by Intel, that can be erased and
     reprogrammed repeatedly through an application of higher than
     normal electric voltage
     NVRAM – Non-Volatile RAM - holds router configuration; is
     not erased when router is reloaded

Cisco Router Configuration                          AfNOG 2003 / Track 2 # 2
Router Components

      Config-Register – controls how router boots; value
     can be seen with “show version” command; is
     typically 0x2102, which tells the router to load the
     IOS from flash memory and the startup-config
     file from NVRAM




Cisco Router Configuration                       AfNOG 2003 / Track 2 # 3
Why Modify The Config-Register

      Reasons why you would want to modify the config-
     register:
      –      Force the router into ROM Monitor Mode
      –      Select a boot source and default boot
                  filename
      –      Enable/Disable the Break function
      –      Control broadcast addresses
      –      Set console terminal baud rate
      –      Load operating software from ROM
      –      Enable booting from a TFTP server


Cisco Router Configuration                AfNOG 2003 / Track 2 # 4
System Startup

     POST – loaded from ROM and runs diagnostics on all router
     hardware

      Bootstrap – locates and loads the IOS image; default setting is
     to load the IOS from flash memory

      IOS – locates and loads a valid configuration from NVRAM;
     files is called startup-config; only exists if you copy
     running-config to NVRAM

     Startup-config – if found, router loads it and runs embedded
     configuration; if not found, router enters setup mode


Cisco Router Configuration                           AfNOG 2003 / Track 2 # 5
Overview

      Router configuration controls the operation of the
     router’s:

              Interface IP address and netmask

              Routing information (static, dynamic or default)

              Boot and startup information

              Security (passwords)


Cisco Router Configuration                             AfNOG 2003 / Track 2 # 6
Where Is The Configuration?
       Router always has two configurations:

       Running configuration
               In RAM, determines how the router is currently operating
               Is modified using the configure command
               To see it: show running-config

       Startup confguration
              In NVRAM, determines how the router will operate after
              next reload
              Is modified using the copy command
              To see it: show startup-config
Cisco Router Configuration                            AfNOG 2003 / Track 2 # 7
Where Is The Configuration?
      Can also be stored in more permanent places:
             External hosts, using TFTP (Trivial File Transfer Protocol)

             In flash memory in the router

      Copy command is used to move it around

              copy run start
                             copy   run tftp
                             copy   start tftp
                             copy   tftp start
                             copy   flash start
                             copy   start flash



Cisco Router Configuration                                    AfNOG 2003 / Track 2 # 8
Router Access Modes

      User EXEC mode - limited examination of router
      – Router>

      Privileged EXEC mode - detailed examination of
     router, debugging, testing, file manipulation
      – Router#

      ROM Monitor - useful for password recovery & new
     IOS upload session

     Setup Mode – available when router has no
     startup-config file
Cisco Router Configuration                 AfNOG 2003 / Track 2 # 9
External Configuration Sources

      Console – direct PC serial access

      Auxilliary port – Modem access

      Virtual terminals – Telnet access

     TFTP Server – copy configuration file into router
     RAM

      Network Management Software - CiscoWorks


Cisco Router Configuration                  AfNOG 2003 / Track 2 # 10
Changing The Configuration
    Configuration statements can be entered interactively -
   changes are made (almost) immediately, to the running
   configuration

    Can use direct serial connection to console port, or

    Telnet to vty’s (“virtual terminals”), or

    Modem connection to aux port

    Or, edited in a text file and uploaded to the router at a
   later time via tftp; copy tftp start or config
   net
Cisco Router Configuration                      AfNOG 2003 / Track 2 # 11
Logging Into The Router

      Connect router to console port or telnet to router
      – router>
      – router>enable                 USER MODE
      – password                      PROMPT
      – router#
      – router#?
                                     PRIVILEDGED
                                     MODE PROMPT
      Configuring the router
      – Terminal (entering the commands
        directly)
      – router# configure terminal
      – router(config)#

Cisco Router Configuration                    AfNOG 2003 / Track 2 # 12
Connecting Your FreeBSD Machine To
              The Router’s Console Port
         Connect your machine to the console port using the
        rollover serial cable provide

         Go to /etc/remote to see the device configured to be
        used with "tip”. you will see at the end, a line begin
        with com1
            bash$ tip com1 <enter>
            router>
            router>enable
            router#




Cisco Router Configuration                    AfNOG 2003 / Track 2 # 13
Address Allocation
                                               SWITCH


                                               .1             .2
                  A                                                                        B
                      81.199.108.80/28                                      81.199.108.96/28
                                          .3                          .4
                  C                                                                        D




                                                    81.199.108.0/28
                   81.199.108.112/28                                        81.199.108.128/28
                                         .5                            .6
                  E                                                                         F
                   81.199.108.144/28                                        81.199.108.160/28
                                         .7                            .8
                  G                                                                        H
                   81.199.108.176/28                                        81.199.108.192/28
                                           .9                     .10
                  I                                                                            J
                   81.199.108.208/28                                        81.199.108.224/28
Cisco Router Configuration                                                          AfNOG 2003 / Track 2 # 14
New Router Configuration Process

      Load configuration parameters into RAM

              Router#configure terminal

      Personalize router identification

              Router#(config)hostname RouterA

      Assign access passwords

              RouterA#(config)line console 0

              RouterA#(config-line)password cisco

              RouterA#(config-line)login
Cisco Router Configuration                          AfNOG 2003 / Track 2 # 15
New Router Configuration Process

      Configure interfaces
              RouterA#(config)interface ethernet 0/0

              RouterA#(config-if)ip address n.n.n.n m.m.m.m

              RouterA#(config-if)no shutdown

      Configure routing/routed protocols

      Save configuration parameters to NVRAM
             RouterA#copy running-config startup-config or write
             memory
Cisco Router Configuration                             AfNOG 2003 / Track 2 # 16
Router Prompts – How To Tell Where You
               Are On The Router
     You can tell in which area of the router’s configuration you are, by looking
     at the router prompts:
        Router> - USER prompt mode
        Router# - PRVILEDGED EXEC prompt mode
        Router(config) – terminal configuration
                         prompt
        Router(config-if) – interface
                              configuration prompt
        Router(config-subif) – sub-interface
                                    configuration
         prompt
        Router(config-route-map) – route-map
                                       configuration
         prompt



Cisco Router Configuration                                   AfNOG 2003 / Track 2 # 17
Router Prompts – How To Tell Where You
                   Are On The Router

      Router(config-router) – router
                              configuration
                              prompt

     Router(config-line) – line configuration
                           prompt

     rommon 1> - ROM Monitor mode




Cisco Router Configuration           AfNOG 2003 / Track 2 # 18
Configuring Your Router
     Set the enable password:
      router(config)# enable password t2@afnog
          If you see in your config file, using “show running-config”,
          you will see that the enable password is displayed in clear text -- that
          is not safe, you have to encrypt it.
      router(config)# service password-encryption
      router(config)# enable secret "your pswd"(MD5
        encryption)
     To configure interface you should go to interface configuration prompt
           router(config) interface ethernet0 (or 0/x)
           router(config-if)#
     Save your configuration
         router#copy running-config startup-config (or
        write memory)
Cisco Router Configuration                                   AfNOG 2003 / Track 2 # 19
Configuring Your Router
           Configuration statements have different contexts:
                   Global:
                                enable-password t2@afnog

                   Interface:
                                interface ethernet0/0
                                ip address n.n.n.n m.m.m.m

                   Router:
                                router ospf 1
                                network n.n.n.n w.w.w.w area 0

                   Line:
                                line vty 0 4
Cisco Router Configuration                         AfNOG 2003 / Track 2 # 20
Global Configuration

      Global configuration statements are independent of
     any particular interface or routing protocol, e.g.:

      hostname track2-afnog

      enable-password track2

      service password-encryption

      logging facility local0
      logging n.n.n.n


Cisco Router Configuration                  AfNOG 2003 / Track 2 # 21
Global Configuration

      IP-specific global configuration statements:

      ip classless
      ip name-server n.n.n.n


      Static route creation:
      Ip route n.n.n.n m.m.m.m g.g.g.g

      n.n.n.n = network block
      m.m.m.m = network mask denoting block size
      g.g.g.g = next hop gateway destination packets are sent
                to

Cisco Router Configuration                      AfNOG 2003 / Track 2 # 22
The NO Command

      Used to reverse or disable commands e.g
              ip domain-lookup

              no ip domain-lookup

              router ospf 1

              no router ospf 1

              ip address 1.1.1.1 255.255.255.0

              no ip address

Cisco Router Configuration                       AfNOG 2003 / Track 2 # 23
Interface Configuration

      Interfaces are named by slot/type; e.g.:
      ethernet0, ethernet1,... Ethernet5/1
      Serial0/0, serial1 ... serial3

      And can be abbreviated:
      ethernet0 or eth0 or e0
      Serial0/0 or ser0/0 or s0/0




Cisco Router Configuration                       AfNOG 2003 / Track 2 # 24
Interface Configuration


 IP address and netmask configuration, using interface
commands (interactive configuration example,
showing prompts):
router#configure terminal
router(config)#interface e0/0
router(config-if)#ip address n.n.n.n m.m.m.m
router(config-if)#no shutdown
router(config-if)#^Z
router#



Cisco Router Configuration                   AfNOG 2003 / Track 2 # 25
Interface Configuration

      Administratively enable/disable the interface
      router(config-if)#no shutdown
      router(config-if)#shutdown


      Description
      router(config-if)#description ethernet
       link to admin building router




Cisco Router Configuration                   AfNOG 2003 / Track 2 # 26
Global Configuration Commands
      Cisco global config should always include:
           ip classless

           ip subnet-zero

           no ip domain-lookup

      Cisco interface config should usually include:
           no shutdown

           no ip proxy-arp

           no ip redirects
Cisco Router Configuration                  AfNOG 2003 / Track 2 # 27
Looking At The Configuration


      Use “show running-configuration” to see the
     current configuration

      Use “show startup-configuration” to see the
     configuration in NVRAM, that will be loaded the next
     time the router is rebooted or reloaded




Cisco Router Configuration                 AfNOG 2003 / Track 2 # 28
Interactive Configuration

 Enter configuration mode, using “configure term”

 Prompt gives a hint about where you are:
 router#configure term
 router(config)#ip classless
 router(config)#ip subnet-zero
 router(config)#int e0/1
 router(config-if)#ip addr n.n.n.n m.m.m.m
 router(config-if)#no shut
 router(config-if)#^Z




Cisco Router Configuration                  AfNOG 2003 / Track 2 # 29
Storing The Configuration On A Host

  Requires: `tftpd’on a unix host; destination file must
  exist before the file is written and must be world writable...
   copy run tftp
   router#copy run tftp
   Remote host []? n.n.n.n
   Name of configuration file to write [hostel-rtr-confg]?
                        /usr/local/tftpd/hostel-rtr-confg
   Write file /usr/local/tftpd/hostel-rtr-confg on...
                        Host n.n.n.n? [confirm]
   Building configuration...

   Writing /usr/local/tftpd/hostel-rtr-confg !![OK]


Cisco Router Configuration                   AfNOG 2003 / Track 2 # 30
Restoring The Configuration From A Host

      Use ‘tftp’ to pull file from UNIX host, copying to
     running config or startup
      router#copy tftp start
      Address of remote host [255.255.255.255]? n.n.n.n
      Name of configuration file [hostel-rtr-confg]?
      Configure using hostel-rtr-confg from n.n.n.n?
        [confirm]
      Loading hostel-rtr-confg from n.n.n.n(via
        Ethernet0/0): !
      [OK - 1005/128975 bytes]
      [OK]
      hostel-rtr# reload


Cisco Router Configuration                   AfNOG 2003 / Track 2 # 31
Getting Online Help

      IOS has a built-in help facility; use “?” to get a list of
     possible configuration statements

      “?” after the prompt lists all possible commands:

      router#?

       “<partial command> ?” lists all possible
     subcommands, e.g.:

      router#show ?
      router#show ip ?

Cisco Router Configuration                      AfNOG 2003 / Track 2 # 32
Getting Online Help

  “<partial command>?” shows all possible command completions

   router#con?
   configure connect

  This is different:

   hostel-rtr#conf ?
     memory                       Configure from NVRAM
     network                      Configure from a TFTP network host
     overwrite-network            Overwrite NV memory from TFTP...
                                                     network host
      terminal                    Configure from the terminal
      <cr>

Cisco Router Configuration                         AfNOG 2003 / Track 2 # 33
Getting Online Help

      This also works in configuration mode:

      router(config)#ip a?
      accounting-list accounting-threshold
       accounting-transits address-pool alias
       as-path

      router(config)#int e0/0
      router(config-if)#ip a?
      access-group accounting               address



Cisco Router Configuration                         AfNOG 2003 / Track 2 # 34
Getting Online Help
   Can “explore” a command to figure out the syntax:
   router(config-if)#ip addr ?
     A.B.C.D IP address

   router(config-if)#ip addr n.n.n.n ?
     A.B.C.D IP subnet mask

   router(config-if)#ip addr n.n.n.n m.m.m.m ?
     secondary Make this IP address a secondary address
     <cr>

   router(config-if)#ip addr n.n.n.n m.m.m.m
   router(config-if)#


Cisco Router Configuration                         AfNOG 2003 / Track 2 # 35
Getting Lazy Help

     TAB character will complete a partial word
      hostel-rtr(config)#int<TAB>
      hostel-rtr(config)#interface et<TAB>
      hostel-rtr(config)#interface ethernet 0
      hostel-rtr(config-if)#ip add<TAB>
      hostel-rtr(config-if)#ip address ...
                  n.n.n.n m.m.m.m

     Not really necessary; partial commands can be used:
      router#conf t
      router(config)#int e0/0
      router(config-if)#ip addr n.n.n.n

Cisco Router Configuration                       AfNOG 2003 / Track 2 # 36
Getting Lazy Online Help
     Command history
            IOS maintains short list of previously typed commands

            up-arrow or ‘^p’ recalls previous command

            down-arrow or ‘^n’ recalls next command

     Line editing
            left-arrow, right-arrow moves cursor inside command

            ‘^d’ or backspace will delete character in front of cursor

            Ctrl-a takes you to start of line

            Ctrl-e takes you to end of line

Cisco Router Configuration                                   AfNOG 2003 / Track 2 # 37
Connecting Your FreeBSD Machine To The
                 Router’s Console Port

      Look at your running
     configuration
     Configure an IP address for e0/0
     depending on your table - use
     n.n.n.n for table A etc

     Look at your running configuration
     and your startup configuration

      What difference is there if any

Cisco Router Configuration          AfNOG 2003 / Track 2 # 38
Deleting Your Router’s Configuration

      To delete your router’s configuration

           Router#erase startup-config

                                  OR

           Router#write erase

           Router#reload

         Router will startup again, but in setup mode, since
         startup-config file does not exists

Cisco Router Configuration                           AfNOG 2003 / Track 2 # 39
Using Access Control Lists
      Access Control Lists used to implement security in
     routers


      – powerful tool for network control

      – filter packets flow in or out of router
        interfaces

      – restrict network use by certain users or
        devices

      – deny or permit traffic

Cisco Router Configuration                  AfNOG 2003 / Track 2 # 40
Rules Followed When Traffic Is Compared
             To An Access Control List

      Is done in sequential order; line 1, line 2, line 3 e.t.c

     Is compared with the access list until a match is
     made; then NO further comparisons are made

      There is an implicit “deny” at the end of each access
     list; if a packet does not match in the access list, it will
     be discarded




Cisco Router Configuration                       AfNOG 2003 / Track 2 # 41
Using Access Control Lists
      Standard IP Access Lists (1 - 99)
      – simpler address specifications
      – generally permits or denies entire
        protocol suite

      Extended IP Access Lists (100 - 199)
      – more complex address specification
      – generally permits or denies specific
        protocols




Cisco Router Configuration                   AfNOG 2003 / Track 2 # 42
Access Control List Syntax

      Standard IP Access List Configuration Syntax
      – access-list access-list-number {permit |
        deny} source {source-mask}
      – ip access-group access-list-number {in |
        out}

      Extended IP Access List Configuration Syntax
      – access-list access-list-number {permit |
        deny} protocol source {source-mask}
        destination {destination-mask}
      – ip access-group access-list-number {in |
        out}

Cisco Router Configuration                 AfNOG 2003 / Track 2 # 43
Where To Place Access Control Lists



      Place Standard IP access list close to destination

      Place Extended IP access lists close to the source of
     the traffic you want to manage




Cisco Router Configuration                   AfNOG 2003 / Track 2 # 44
What Are Wild Card Masks

      Are used with access lists to specify a host, network
     or part of a network

      To specify an address range, choose the next largest
     block size e.g.
      –      to specify 34 hosts, you need a 64
             block size
      –      to specify 18 hosts, you need a 32
             block size
      –      to specify 2 hosts, you need a 4 block
             size
Cisco Router Configuration                   AfNOG 2003 / Track 2 # 45
What Are Wild Card Masks

      Are used with the host/network address to tell the router a
     range of addresses to filter

      Examples:
      – to specify a host:
          81.199.108.1 0.0.0.0
      – to specify a small subnet:
                  81.199.108.8 – 81.199.108.15 (would
                    be a /29)

               – Block size is 8, and wildcard is always one
                 number less than the block size
               – Cisco access list then becomes: 81.199.108.8
                 0.0.0.7
Cisco Router Configuration                          AfNOG 2003 / Track 2 # 46
What Are Wild Card Masks

      Examples cont’d:
      – to specify all hosts on a Class C
       network:

                             81.199.108.0 0.0.0.255




Cisco Router Configuration                      AfNOG 2003 / Track 2 # 47
What Are Wild Card Masks

      Short cut method to a quick calculation of a network
     subnet to wildcard:
      – 255 – {netmask bits on subnet mask}

      – to create wild card mask for
       81.199.108.160 255.255.255.240

         81.199.108.160 0.0.0.15 {255 – 240}

      – to create wild card mask for
       81.199.108.0 255.255.252.0

         81.199.108.0 0.0.3.255
Cisco Router Configuration                  AfNOG 2003 / Track 2 # 48
Access Control List Example

       Router(config)#Access-list access-list-number {permit|deny}{test
       conditions}

        Router(config)#{protocol} access-group access-list-number

        e.g check for IP subnets 81.199.108.80 to 81.199.108.95
         81.199.108.80

                                         Address and Wilcard Mask:
                                         81.199.108.80 0.0.0.15
                   0001 0000

                0000         1111
               check         ignore

Cisco Router Configuration                                AfNOG 2003 / Track 2 # 49
Access Control List Example
      Wildcard bits indicate how to check corresponding
     address bit
      – 0=check or match
      – 1=ignore

      Matching Any IP Address
      0.0.0.0 255.255.255.255
      or abbreviate the expression using the
       keyword any

      Matching a specific host
      81.199.108.8 0.0.0.0
      or abbreviate the wildcard using the IP
       address preceded by the keyword host
Cisco Router Configuration                 AfNOG 2003 / Track 2 # 50
Permit Telnet Access For My Network Only


   access-list 1 permit 81.199.108.192 0.0.0.15

   access-list 1 deny any

   line vty 0 4
      access-class 1 in




Cisco Router Configuration                 AfNOG 2003 / Track 2 # 51
Standard IP Access Control Lists Example
                  Permit Only My Network

          81.199.108.1                                 81.199.108.81
                                  Non 81.199.108.0


                             E0      S0   E1                81.199.108.82



                      Access-list 1 permit 81.199.108.80 0.0.0.15

                      Interface ethernet 0
                      ip access-group 1 out
                      interface ethernet 1
                      ip access-group 1 out

Cisco Router Configuration                                    AfNOG 2003 / Track 2 # 52
Extended IP Access Control Lists Example
            Deny FTP Access Through Interface E0

          81.199.108.10                              81.199.108.225
                                  Non 81.199.108.0


                             E0      S0   E1             81.199.108.226



       access-list 101 deny tcp 81.199.108.0 0.0.0.15 81.199.108.225 0.0.0.15 eq 21
       access-list 101 deny tcp 81.199.108.0 0.0.0.15 81.199.108.225 0.0.0.15 eq 20
       access-list 101 permit ip 81.199.108.225 0.0.0.15 0.0.0.0 255.255.255.255
       interface ethernet 0
       ip access-group 101 out

Cisco Router Configuration                                 AfNOG 2003 / Track 2 # 53
Prefix Lists

      Cisco first introduced prefix lists in IOS 12.0 +

     Generally used to filter routes, and can be combined with route
     maps for route filtering and manipulation

     Are more scalable and flexible than access control lists and
     distribute lists

     Unlike access control lists, you don’t have to delete the entire
     access list when adding or deleting entries

      Prefix lists use sequence numbers for this to happen

      Prefix lists scale as the network grows
Cisco Router Configuration                           AfNOG 2003 / Track 2 # 54
Prefix Lists

      Prefix lists have an implicit “deny” at the end of
     them, like access control lists

      Are quicker to process than regular access control
     lists

      If you do have IOS 12.0 +, it would be a better idea to
     use prefix lists rather than distribute or access lists, for
     route filtering and manipulation



Cisco Router Configuration                      AfNOG 2003 / Track 2 # 55
Prefix List Configuration Syntax

      Prefix list configuration syntax
         config t
          ip prefix-list list-name {seq seq-value}
         {permit|deny} network/len {ge ge-value}
         {le le-value}

      list-name – name to use for the prefix
                  list
      seq-value – numeric value of the sequence;
                  optional
      network/len – CIDR network address
                               notation

Cisco Router Configuration               AfNOG 2003 / Track 2 # 56
Prefix List Configuration Syntax

      Prefix list configuration Syntax

           ge-value – “from” value of range;
                       matches equal or longer
                       prefixes (more bits in the
                       prefix, smaller blocks of
                            address space)
           le-value – “to” value of range;
         matches                 equal or shorter
         prefixes                (less bits in
         the prefix,                  bigger
         blocks of address                 space)

Cisco Router Configuration               AfNOG 2003 / Track 2 # 57
Prefix List Configuration Example

     Prefix list configuration example

         ip prefix-list t2afnog seq 10 deny
         81.199.108.192/28

      To accept prefixes with a prefix length of /8 up
        to /24:

        ip prefix-list test1 seq 5 permit 81.0.0.0/0 ge 8
         le 24

      To deny prefixes with a mask greater than 25 in
        81.199.108.0/24:

      ip prefix-list test2 seq 10 deny 81.199.108.0/24
        ge 25


Cisco Router Configuration                    AfNOG 2003 / Track 2 # 58
Prefix List Configuration Example

      To allow all routes:

      ip prefix-list test3 seq 15 permit
       0.0.0.0/0 le 32




Cisco Router Configuration            AfNOG 2003 / Track 2 # 59
Disaster Recovery – ROM Monitor

      ROM Monitor is very helpful in recovering from
     emergency failures such as:
      –      Password recovery
      –      Upload new IOS into router with NO IOS
             installed
      –      Selecting a boot source and default
             boot filename
      –      Set console terminal baud rate to
             upload new IOS quicker
      –      Load operating software from ROM
      –      Enable booting from a TFTP server

Cisco Router Configuration                AfNOG 2003 / Track 2 # 60
Disaster Recovery – ROM Monitor

      How to get the router into ROM Monitor mode:

      Windows using HyperTerminal for the console
     session
      –      Ctrl-Break




Cisco Router Configuration                AfNOG 2003 / Track 2 # 61
Disaster Recovery – ROM Monitor

      How to get the router into ROM Monitor mode:

      FreeBSD/UNIX using Tip for the console session
      –      <Enter>, then ~# OR
      –      Ctrl-], then Break or Ctrl-C




Cisco Router Configuration                AfNOG 2003 / Track 2 # 62
Disaster Recovery – ROM Monitor

      How to get the router into ROM Monitor mode:

      Linux using Minicom for the console session
      – Ctrl-A F




Cisco Router Configuration                 AfNOG 2003 / Track 2 # 63
Disaster Recovery – How To Recover A
                     Lost Password

      Connect your PC’s serial port to the router’s console
     port

      Configure your PC’s serial port:

         9600 baud rate
         No parity
         8 data bits
         1 stop bit
         No flow control



Cisco Router Configuration                   AfNOG 2003 / Track 2 # 64
Disaster Recovery – How To Recover A Lost
                       Password

      Your configuration register should be 0x2102; use
     “show version” command to check

     Reboot the router and apply the Break-sequence
     within 60 seconds of powering the router, to put it into
     ROMMON mode

      Rommon 1>confreg 0x2142
      Rommon 2>reset

      Router reboots, bypassing startup-config
       file
Cisco Router Configuration                   AfNOG 2003 / Track 2 # 65
Disaster Recovery – How To Recover A Lost
                       Password
      Type Ctrl-C to exit Setup mode

      Router>enable
      Router#conf m or copy start run (only!!!)
      Router#show running or write terminal
      Router#conf t
      Router(config)enable secret forgotten
      Router(config)int e0/0…
      Router(config-if)no shut
      Router(config)config-register 0x2102
      Router(config)Ctrl-Z or end
      Router#copy run start or write memory
      Router#reload
Cisco Router Configuration             AfNOG 2003 / Track 2 # 66
Using TFTP To Manage Your Router’s
                      Software

      Enable TFTP on your FreeBSD machine:

         #vi /etc/inetd.conf
           (uncomment the #tftp line)
         #killall –HUP inetd
           (restart INETD and load TFTPD)
         #netstat –an
           (check to see TFTP port is bound)
         #touch /tftpboot/cisco-router
           (create the router data for TFTP)
         #chmod 666 /tftp/cisco-router
           (make the data file world writeable)

Cisco Router Configuration              AfNOG 2003 / Track 2 # 67
Using TFTP To Manage Your Router’s
                        Software
      Your router’s configuration
         Router#copy start tftp

         Router#copy tftp start

         Router#copy flash tftp

         Router#copy tftp flash

         Router#copy run tftp



Cisco Router Configuration            AfNOG 2003 / Track 2 # 68
END




Cisco Router Configuration         AfNOG 2003 / Track 2 # 69

Weitere ähnliche Inhalte

Was ist angesagt?

Configuracionde router camilaloaiza
Configuracionde router camilaloaizaConfiguracionde router camilaloaiza
Configuracionde router camilaloaizaOnce Redes
 
Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)Netwax Lab
 
Armboot process zeelogic
Armboot process zeelogicArmboot process zeelogic
Armboot process zeelogicAleem Shariff
 
Hacom%20pf sense%20quick start%20guide
Hacom%20pf sense%20quick start%20guideHacom%20pf sense%20quick start%20guide
Hacom%20pf sense%20quick start%20guideHARRY CHAN PUTRA
 
Cis81 ccna1v5-2-configuring networkoperatingsystem
Cis81 ccna1v5-2-configuring networkoperatingsystemCis81 ccna1v5-2-configuring networkoperatingsystem
Cis81 ccna1v5-2-configuring networkoperatingsystemBetselove
 
operating and configuring cisco a cisco IOS device
operating and configuring cisco a cisco IOS deviceoperating and configuring cisco a cisco IOS device
operating and configuring cisco a cisco IOS devicescooby_doo
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Linaro
 
SBC6020 SAM9G20 based Single Board Computer
SBC6020 SAM9G20 based Single Board ComputerSBC6020 SAM9G20 based Single Board Computer
SBC6020 SAM9G20 based Single Board Computeryclinda666
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Kernel Features for Reducing Power Consumption on Embedded Devices
Kernel Features for Reducing Power Consumption on Embedded DevicesKernel Features for Reducing Power Consumption on Embedded Devices
Kernel Features for Reducing Power Consumption on Embedded DevicesRyo Jin
 

Was ist angesagt? (17)

Cisco how-to
Cisco how-toCisco how-to
Cisco how-to
 
Configuracionde router camilaloaiza
Configuracionde router camilaloaizaConfiguracionde router camilaloaiza
Configuracionde router camilaloaiza
 
Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)Cisco IOS (internetworking operating system)
Cisco IOS (internetworking operating system)
 
Armboot process zeelogic
Armboot process zeelogicArmboot process zeelogic
Armboot process zeelogic
 
Fortigate 200 b-quickstart
Fortigate 200 b-quickstartFortigate 200 b-quickstart
Fortigate 200 b-quickstart
 
Pfsense%20%20note
Pfsense%20%20notePfsense%20%20note
Pfsense%20%20note
 
Hacom%20pf sense%20quick start%20guide
Hacom%20pf sense%20quick start%20guideHacom%20pf sense%20quick start%20guide
Hacom%20pf sense%20quick start%20guide
 
Cis82 e2-1-packet forwarding
Cis82 e2-1-packet forwardingCis82 e2-1-packet forwarding
Cis82 e2-1-packet forwarding
 
Cis81 ccna1v5-2-configuring networkoperatingsystem
Cis81 ccna1v5-2-configuring networkoperatingsystemCis81 ccna1v5-2-configuring networkoperatingsystem
Cis81 ccna1v5-2-configuring networkoperatingsystem
 
operating and configuring cisco a cisco IOS device
operating and configuring cisco a cisco IOS deviceoperating and configuring cisco a cisco IOS device
operating and configuring cisco a cisco IOS device
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
Sh080272a
Sh080272aSh080272a
Sh080272a
 
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
 
SBC6020 SAM9G20 based Single Board Computer
SBC6020 SAM9G20 based Single Board ComputerSBC6020 SAM9G20 based Single Board Computer
SBC6020 SAM9G20 based Single Board Computer
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
Ccna2 ass
Ccna2 assCcna2 ass
Ccna2 ass
 
Kernel Features for Reducing Power Consumption on Embedded Devices
Kernel Features for Reducing Power Consumption on Embedded DevicesKernel Features for Reducing Power Consumption on Embedded Devices
Kernel Features for Reducing Power Consumption on Embedded Devices
 

Ähnlich wie Ciscointro

introduction-to-cisco-routers.ppt
introduction-to-cisco-routers.pptintroduction-to-cisco-routers.ppt
introduction-to-cisco-routers.pptRobelTsada
 
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 NotesCisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 NotesAhmed Gad
 
Ccna day2-140715152313-phpapp02
Ccna day2-140715152313-phpapp02Ccna day2-140715152313-phpapp02
Ccna day2-140715152313-phpapp02Sachin Morya
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2AIRTEL
 
VESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptVESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptzmulani8
 
VESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptVESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptzmulani8
 
VESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptVESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptzmulani8
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccnarobertoxe
 
Day 6 - Manage CISCO IOS
Day 6 - Manage CISCO IOSDay 6 - Manage CISCO IOS
Day 6 - Manage CISCO IOSanilinvns
 
Manage CISCO IOS
Manage CISCO IOSManage CISCO IOS
Manage CISCO IOSanilinvns
 
Managing cisco internetwork
Managing cisco internetworkManaging cisco internetwork
Managing cisco internetworkNOWAY
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Macpaul Lin
 
U-Boot Porting on New Hardware
U-Boot Porting on New HardwareU-Boot Porting on New Hardware
U-Boot Porting on New HardwareRuggedBoardGroup
 

Ähnlich wie Ciscointro (20)

CCNA complete.ppt
CCNA complete.pptCCNA complete.ppt
CCNA complete.ppt
 
introduction-to-cisco-routers.ppt
introduction-to-cisco-routers.pptintroduction-to-cisco-routers.ppt
introduction-to-cisco-routers.ppt
 
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 NotesCisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
Cisco Certified Network Associate (CCNA) - R&S - Semester 2 Notes
 
C C N A Day2
C C N A  Day2C C N A  Day2
C C N A Day2
 
Ccna day2-140715152313-phpapp02
Ccna day2-140715152313-phpapp02Ccna day2-140715152313-phpapp02
Ccna day2-140715152313-phpapp02
 
Ccna day2
Ccna day2Ccna day2
Ccna day2
 
Ccna PPT2
Ccna PPT2Ccna PPT2
Ccna PPT2
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
 
VESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptVESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.ppt
 
VESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptVESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.ppt
 
VESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.pptVESIT WORKSHOP SIMULATIONS.ppt
VESIT WORKSHOP SIMULATIONS.ppt
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Chapter5ccna
Chapter5ccnaChapter5ccna
Chapter5ccna
 
Day 6 - Manage CISCO IOS
Day 6 - Manage CISCO IOSDay 6 - Manage CISCO IOS
Day 6 - Manage CISCO IOS
 
Manage CISCO IOS
Manage CISCO IOSManage CISCO IOS
Manage CISCO IOS
 
CCNA presentation.
CCNA presentation.CCNA presentation.
CCNA presentation.
 
CCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukarCCNA CHAPTER 5 BY jetarvind kumar madhukar
CCNA CHAPTER 5 BY jetarvind kumar madhukar
 
Managing cisco internetwork
Managing cisco internetworkManaging cisco internetwork
Managing cisco internetwork
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)
 
U-Boot Porting on New Hardware
U-Boot Porting on New HardwareU-Boot Porting on New Hardware
U-Boot Porting on New Hardware
 

Mehr von 97148881557

03 router-configuration
03 router-configuration03 router-configuration
03 router-configuration97148881557
 
Wisp mode aprouter
Wisp mode aprouterWisp mode aprouter
Wisp mode aprouter97148881557
 
Wireless router setupmanual
Wireless router setupmanualWireless router setupmanual
Wireless router setupmanual97148881557
 
Simply bb-customer-router-setup(1)
Simply bb-customer-router-setup(1)Simply bb-customer-router-setup(1)
Simply bb-customer-router-setup(1)97148881557
 
Simply bb-customer-router-setup
Simply bb-customer-router-setupSimply bb-customer-router-setup
Simply bb-customer-router-setup97148881557
 
Router configuration(1)
Router configuration(1)Router configuration(1)
Router configuration(1)97148881557
 
Router configuration
Router configurationRouter configuration
Router configuration97148881557
 
Router configuration
Router configurationRouter configuration
Router configuration97148881557
 
Netgear wnr834 b_v2
Netgear wnr834 b_v2Netgear wnr834 b_v2
Netgear wnr834 b_v297148881557
 
Mcitp server administrator
Mcitp server administratorMcitp server administrator
Mcitp server administrator97148881557
 
Intro to router_config
Intro to router_configIntro to router_config
Intro to router_config97148881557
 
D link router_setup_example
D link router_setup_exampleD link router_setup_example
D link router_setup_example97148881557
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router97148881557
 

Mehr von 97148881557 (19)

03 router-configuration
03 router-configuration03 router-configuration
03 router-configuration
 
Wisp mode aprouter
Wisp mode aprouterWisp mode aprouter
Wisp mode aprouter
 
Wireless router setupmanual
Wireless router setupmanualWireless router setupmanual
Wireless router setupmanual
 
Simply bb-customer-router-setup(1)
Simply bb-customer-router-setup(1)Simply bb-customer-router-setup(1)
Simply bb-customer-router-setup(1)
 
Simply bb-customer-router-setup
Simply bb-customer-router-setupSimply bb-customer-router-setup
Simply bb-customer-router-setup
 
Rtr config
Rtr configRtr config
Rtr config
 
Router configuration(1)
Router configuration(1)Router configuration(1)
Router configuration(1)
 
Router configuration
Router configurationRouter configuration
Router configuration
 
Router configuration
Router configurationRouter configuration
Router configuration
 
Routconf
RoutconfRoutconf
Routconf
 
Netgear wnr834 b_v2
Netgear wnr834 b_v2Netgear wnr834 b_v2
Netgear wnr834 b_v2
 
Mcitp server administrator
Mcitp server administratorMcitp server administrator
Mcitp server administrator
 
Intro to router_config
Intro to router_configIntro to router_config
Intro to router_config
 
D link router_setup_example
D link router_setup_exampleD link router_setup_example
D link router_setup_example
 
Cisco config
Cisco configCisco config
Cisco config
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router
 
C4 040 r-02(1)
C4 040 r-02(1)C4 040 r-02(1)
C4 040 r-02(1)
 
C4 040 r-02
C4 040 r-02C4 040 r-02
C4 040 r-02
 
520scg basic
520scg basic520scg basic
520scg basic
 

Ciscointro

  • 1. Router Components Bootstrap – stored in ROM microcode – brings router up during initialisation, boots router and loads the IOS. POST – Power On Self Test - stored in ROM microcode – checks for basic functionality of router hardware and determines which interfaces are present ROM Monitor – stored in ROM microcode – used for manufacturing, testing and troubleshooting Mini-IOS – a.k.a RXBOOT/boot loader by Cisco – small IOS ROM used to bring up an interface and load a Cisco IOS into flash memory from a TFTP server; can also do a few other maintenance operations Cisco Router Configuration AfNOG 2003 / Track 2 # 1
  • 2. Router Components RAM – holds packet buffers, ARP cache, routing table, software and data structure that allows the router to function; running-config is stored in RAM, as well as the decompressed IOS in later router models ROM – starts and maintains the router Flash memory – holds the IOS; is not erased when the router is reloaded; is an EEPROM [Electrically Erasable Programmable Read-Only Memory] created by Intel, that can be erased and reprogrammed repeatedly through an application of higher than normal electric voltage NVRAM – Non-Volatile RAM - holds router configuration; is not erased when router is reloaded Cisco Router Configuration AfNOG 2003 / Track 2 # 2
  • 3. Router Components Config-Register – controls how router boots; value can be seen with “show version” command; is typically 0x2102, which tells the router to load the IOS from flash memory and the startup-config file from NVRAM Cisco Router Configuration AfNOG 2003 / Track 2 # 3
  • 4. Why Modify The Config-Register Reasons why you would want to modify the config- register: – Force the router into ROM Monitor Mode – Select a boot source and default boot filename – Enable/Disable the Break function – Control broadcast addresses – Set console terminal baud rate – Load operating software from ROM – Enable booting from a TFTP server Cisco Router Configuration AfNOG 2003 / Track 2 # 4
  • 5. System Startup POST – loaded from ROM and runs diagnostics on all router hardware Bootstrap – locates and loads the IOS image; default setting is to load the IOS from flash memory IOS – locates and loads a valid configuration from NVRAM; files is called startup-config; only exists if you copy running-config to NVRAM Startup-config – if found, router loads it and runs embedded configuration; if not found, router enters setup mode Cisco Router Configuration AfNOG 2003 / Track 2 # 5
  • 6. Overview Router configuration controls the operation of the router’s: Interface IP address and netmask Routing information (static, dynamic or default) Boot and startup information Security (passwords) Cisco Router Configuration AfNOG 2003 / Track 2 # 6
  • 7. Where Is The Configuration? Router always has two configurations: Running configuration In RAM, determines how the router is currently operating Is modified using the configure command To see it: show running-config Startup confguration In NVRAM, determines how the router will operate after next reload Is modified using the copy command To see it: show startup-config Cisco Router Configuration AfNOG 2003 / Track 2 # 7
  • 8. Where Is The Configuration? Can also be stored in more permanent places: External hosts, using TFTP (Trivial File Transfer Protocol) In flash memory in the router Copy command is used to move it around copy run start copy run tftp copy start tftp copy tftp start copy flash start copy start flash Cisco Router Configuration AfNOG 2003 / Track 2 # 8
  • 9. Router Access Modes User EXEC mode - limited examination of router – Router> Privileged EXEC mode - detailed examination of router, debugging, testing, file manipulation – Router# ROM Monitor - useful for password recovery & new IOS upload session Setup Mode – available when router has no startup-config file Cisco Router Configuration AfNOG 2003 / Track 2 # 9
  • 10. External Configuration Sources Console – direct PC serial access Auxilliary port – Modem access Virtual terminals – Telnet access TFTP Server – copy configuration file into router RAM Network Management Software - CiscoWorks Cisco Router Configuration AfNOG 2003 / Track 2 # 10
  • 11. Changing The Configuration Configuration statements can be entered interactively - changes are made (almost) immediately, to the running configuration Can use direct serial connection to console port, or Telnet to vty’s (“virtual terminals”), or Modem connection to aux port Or, edited in a text file and uploaded to the router at a later time via tftp; copy tftp start or config net Cisco Router Configuration AfNOG 2003 / Track 2 # 11
  • 12. Logging Into The Router Connect router to console port or telnet to router – router> – router>enable USER MODE – password PROMPT – router# – router#? PRIVILEDGED MODE PROMPT Configuring the router – Terminal (entering the commands directly) – router# configure terminal – router(config)# Cisco Router Configuration AfNOG 2003 / Track 2 # 12
  • 13. Connecting Your FreeBSD Machine To The Router’s Console Port Connect your machine to the console port using the rollover serial cable provide Go to /etc/remote to see the device configured to be used with "tip”. you will see at the end, a line begin with com1 bash$ tip com1 <enter> router> router>enable router# Cisco Router Configuration AfNOG 2003 / Track 2 # 13
  • 14. Address Allocation SWITCH .1 .2 A B 81.199.108.80/28 81.199.108.96/28 .3 .4 C D 81.199.108.0/28 81.199.108.112/28 81.199.108.128/28 .5 .6 E F 81.199.108.144/28 81.199.108.160/28 .7 .8 G H 81.199.108.176/28 81.199.108.192/28 .9 .10 I J 81.199.108.208/28 81.199.108.224/28 Cisco Router Configuration AfNOG 2003 / Track 2 # 14
  • 15. New Router Configuration Process Load configuration parameters into RAM Router#configure terminal Personalize router identification Router#(config)hostname RouterA Assign access passwords RouterA#(config)line console 0 RouterA#(config-line)password cisco RouterA#(config-line)login Cisco Router Configuration AfNOG 2003 / Track 2 # 15
  • 16. New Router Configuration Process Configure interfaces RouterA#(config)interface ethernet 0/0 RouterA#(config-if)ip address n.n.n.n m.m.m.m RouterA#(config-if)no shutdown Configure routing/routed protocols Save configuration parameters to NVRAM RouterA#copy running-config startup-config or write memory Cisco Router Configuration AfNOG 2003 / Track 2 # 16
  • 17. Router Prompts – How To Tell Where You Are On The Router You can tell in which area of the router’s configuration you are, by looking at the router prompts: Router> - USER prompt mode Router# - PRVILEDGED EXEC prompt mode Router(config) – terminal configuration prompt Router(config-if) – interface configuration prompt Router(config-subif) – sub-interface configuration prompt Router(config-route-map) – route-map configuration prompt Cisco Router Configuration AfNOG 2003 / Track 2 # 17
  • 18. Router Prompts – How To Tell Where You Are On The Router Router(config-router) – router configuration prompt Router(config-line) – line configuration prompt rommon 1> - ROM Monitor mode Cisco Router Configuration AfNOG 2003 / Track 2 # 18
  • 19. Configuring Your Router Set the enable password: router(config)# enable password t2@afnog If you see in your config file, using “show running-config”, you will see that the enable password is displayed in clear text -- that is not safe, you have to encrypt it. router(config)# service password-encryption router(config)# enable secret "your pswd"(MD5 encryption) To configure interface you should go to interface configuration prompt router(config) interface ethernet0 (or 0/x) router(config-if)# Save your configuration router#copy running-config startup-config (or write memory) Cisco Router Configuration AfNOG 2003 / Track 2 # 19
  • 20. Configuring Your Router Configuration statements have different contexts: Global: enable-password t2@afnog Interface: interface ethernet0/0 ip address n.n.n.n m.m.m.m Router: router ospf 1 network n.n.n.n w.w.w.w area 0 Line: line vty 0 4 Cisco Router Configuration AfNOG 2003 / Track 2 # 20
  • 21. Global Configuration Global configuration statements are independent of any particular interface or routing protocol, e.g.: hostname track2-afnog enable-password track2 service password-encryption logging facility local0 logging n.n.n.n Cisco Router Configuration AfNOG 2003 / Track 2 # 21
  • 22. Global Configuration IP-specific global configuration statements: ip classless ip name-server n.n.n.n Static route creation: Ip route n.n.n.n m.m.m.m g.g.g.g n.n.n.n = network block m.m.m.m = network mask denoting block size g.g.g.g = next hop gateway destination packets are sent to Cisco Router Configuration AfNOG 2003 / Track 2 # 22
  • 23. The NO Command Used to reverse or disable commands e.g ip domain-lookup no ip domain-lookup router ospf 1 no router ospf 1 ip address 1.1.1.1 255.255.255.0 no ip address Cisco Router Configuration AfNOG 2003 / Track 2 # 23
  • 24. Interface Configuration Interfaces are named by slot/type; e.g.: ethernet0, ethernet1,... Ethernet5/1 Serial0/0, serial1 ... serial3 And can be abbreviated: ethernet0 or eth0 or e0 Serial0/0 or ser0/0 or s0/0 Cisco Router Configuration AfNOG 2003 / Track 2 # 24
  • 25. Interface Configuration IP address and netmask configuration, using interface commands (interactive configuration example, showing prompts): router#configure terminal router(config)#interface e0/0 router(config-if)#ip address n.n.n.n m.m.m.m router(config-if)#no shutdown router(config-if)#^Z router# Cisco Router Configuration AfNOG 2003 / Track 2 # 25
  • 26. Interface Configuration Administratively enable/disable the interface router(config-if)#no shutdown router(config-if)#shutdown Description router(config-if)#description ethernet link to admin building router Cisco Router Configuration AfNOG 2003 / Track 2 # 26
  • 27. Global Configuration Commands Cisco global config should always include: ip classless ip subnet-zero no ip domain-lookup Cisco interface config should usually include: no shutdown no ip proxy-arp no ip redirects Cisco Router Configuration AfNOG 2003 / Track 2 # 27
  • 28. Looking At The Configuration Use “show running-configuration” to see the current configuration Use “show startup-configuration” to see the configuration in NVRAM, that will be loaded the next time the router is rebooted or reloaded Cisco Router Configuration AfNOG 2003 / Track 2 # 28
  • 29. Interactive Configuration Enter configuration mode, using “configure term” Prompt gives a hint about where you are: router#configure term router(config)#ip classless router(config)#ip subnet-zero router(config)#int e0/1 router(config-if)#ip addr n.n.n.n m.m.m.m router(config-if)#no shut router(config-if)#^Z Cisco Router Configuration AfNOG 2003 / Track 2 # 29
  • 30. Storing The Configuration On A Host Requires: `tftpd’on a unix host; destination file must exist before the file is written and must be world writable... copy run tftp router#copy run tftp Remote host []? n.n.n.n Name of configuration file to write [hostel-rtr-confg]? /usr/local/tftpd/hostel-rtr-confg Write file /usr/local/tftpd/hostel-rtr-confg on... Host n.n.n.n? [confirm] Building configuration... Writing /usr/local/tftpd/hostel-rtr-confg !![OK] Cisco Router Configuration AfNOG 2003 / Track 2 # 30
  • 31. Restoring The Configuration From A Host Use ‘tftp’ to pull file from UNIX host, copying to running config or startup router#copy tftp start Address of remote host [255.255.255.255]? n.n.n.n Name of configuration file [hostel-rtr-confg]? Configure using hostel-rtr-confg from n.n.n.n? [confirm] Loading hostel-rtr-confg from n.n.n.n(via Ethernet0/0): ! [OK - 1005/128975 bytes] [OK] hostel-rtr# reload Cisco Router Configuration AfNOG 2003 / Track 2 # 31
  • 32. Getting Online Help IOS has a built-in help facility; use “?” to get a list of possible configuration statements “?” after the prompt lists all possible commands: router#? “<partial command> ?” lists all possible subcommands, e.g.: router#show ? router#show ip ? Cisco Router Configuration AfNOG 2003 / Track 2 # 32
  • 33. Getting Online Help “<partial command>?” shows all possible command completions router#con? configure connect This is different: hostel-rtr#conf ? memory Configure from NVRAM network Configure from a TFTP network host overwrite-network Overwrite NV memory from TFTP... network host terminal Configure from the terminal <cr> Cisco Router Configuration AfNOG 2003 / Track 2 # 33
  • 34. Getting Online Help This also works in configuration mode: router(config)#ip a? accounting-list accounting-threshold accounting-transits address-pool alias as-path router(config)#int e0/0 router(config-if)#ip a? access-group accounting address Cisco Router Configuration AfNOG 2003 / Track 2 # 34
  • 35. Getting Online Help Can “explore” a command to figure out the syntax: router(config-if)#ip addr ? A.B.C.D IP address router(config-if)#ip addr n.n.n.n ? A.B.C.D IP subnet mask router(config-if)#ip addr n.n.n.n m.m.m.m ? secondary Make this IP address a secondary address <cr> router(config-if)#ip addr n.n.n.n m.m.m.m router(config-if)# Cisco Router Configuration AfNOG 2003 / Track 2 # 35
  • 36. Getting Lazy Help TAB character will complete a partial word hostel-rtr(config)#int<TAB> hostel-rtr(config)#interface et<TAB> hostel-rtr(config)#interface ethernet 0 hostel-rtr(config-if)#ip add<TAB> hostel-rtr(config-if)#ip address ... n.n.n.n m.m.m.m Not really necessary; partial commands can be used: router#conf t router(config)#int e0/0 router(config-if)#ip addr n.n.n.n Cisco Router Configuration AfNOG 2003 / Track 2 # 36
  • 37. Getting Lazy Online Help Command history IOS maintains short list of previously typed commands up-arrow or ‘^p’ recalls previous command down-arrow or ‘^n’ recalls next command Line editing left-arrow, right-arrow moves cursor inside command ‘^d’ or backspace will delete character in front of cursor Ctrl-a takes you to start of line Ctrl-e takes you to end of line Cisco Router Configuration AfNOG 2003 / Track 2 # 37
  • 38. Connecting Your FreeBSD Machine To The Router’s Console Port Look at your running configuration Configure an IP address for e0/0 depending on your table - use n.n.n.n for table A etc Look at your running configuration and your startup configuration What difference is there if any Cisco Router Configuration AfNOG 2003 / Track 2 # 38
  • 39. Deleting Your Router’s Configuration To delete your router’s configuration Router#erase startup-config OR Router#write erase Router#reload Router will startup again, but in setup mode, since startup-config file does not exists Cisco Router Configuration AfNOG 2003 / Track 2 # 39
  • 40. Using Access Control Lists Access Control Lists used to implement security in routers – powerful tool for network control – filter packets flow in or out of router interfaces – restrict network use by certain users or devices – deny or permit traffic Cisco Router Configuration AfNOG 2003 / Track 2 # 40
  • 41. Rules Followed When Traffic Is Compared To An Access Control List Is done in sequential order; line 1, line 2, line 3 e.t.c Is compared with the access list until a match is made; then NO further comparisons are made There is an implicit “deny” at the end of each access list; if a packet does not match in the access list, it will be discarded Cisco Router Configuration AfNOG 2003 / Track 2 # 41
  • 42. Using Access Control Lists Standard IP Access Lists (1 - 99) – simpler address specifications – generally permits or denies entire protocol suite Extended IP Access Lists (100 - 199) – more complex address specification – generally permits or denies specific protocols Cisco Router Configuration AfNOG 2003 / Track 2 # 42
  • 43. Access Control List Syntax Standard IP Access List Configuration Syntax – access-list access-list-number {permit | deny} source {source-mask} – ip access-group access-list-number {in | out} Extended IP Access List Configuration Syntax – access-list access-list-number {permit | deny} protocol source {source-mask} destination {destination-mask} – ip access-group access-list-number {in | out} Cisco Router Configuration AfNOG 2003 / Track 2 # 43
  • 44. Where To Place Access Control Lists Place Standard IP access list close to destination Place Extended IP access lists close to the source of the traffic you want to manage Cisco Router Configuration AfNOG 2003 / Track 2 # 44
  • 45. What Are Wild Card Masks Are used with access lists to specify a host, network or part of a network To specify an address range, choose the next largest block size e.g. – to specify 34 hosts, you need a 64 block size – to specify 18 hosts, you need a 32 block size – to specify 2 hosts, you need a 4 block size Cisco Router Configuration AfNOG 2003 / Track 2 # 45
  • 46. What Are Wild Card Masks Are used with the host/network address to tell the router a range of addresses to filter Examples: – to specify a host: 81.199.108.1 0.0.0.0 – to specify a small subnet: 81.199.108.8 – 81.199.108.15 (would be a /29) – Block size is 8, and wildcard is always one number less than the block size – Cisco access list then becomes: 81.199.108.8 0.0.0.7 Cisco Router Configuration AfNOG 2003 / Track 2 # 46
  • 47. What Are Wild Card Masks Examples cont’d: – to specify all hosts on a Class C network: 81.199.108.0 0.0.0.255 Cisco Router Configuration AfNOG 2003 / Track 2 # 47
  • 48. What Are Wild Card Masks Short cut method to a quick calculation of a network subnet to wildcard: – 255 – {netmask bits on subnet mask} – to create wild card mask for 81.199.108.160 255.255.255.240 81.199.108.160 0.0.0.15 {255 – 240} – to create wild card mask for 81.199.108.0 255.255.252.0 81.199.108.0 0.0.3.255 Cisco Router Configuration AfNOG 2003 / Track 2 # 48
  • 49. Access Control List Example Router(config)#Access-list access-list-number {permit|deny}{test conditions} Router(config)#{protocol} access-group access-list-number e.g check for IP subnets 81.199.108.80 to 81.199.108.95 81.199.108.80 Address and Wilcard Mask: 81.199.108.80 0.0.0.15 0001 0000 0000 1111 check ignore Cisco Router Configuration AfNOG 2003 / Track 2 # 49
  • 50. Access Control List Example Wildcard bits indicate how to check corresponding address bit – 0=check or match – 1=ignore Matching Any IP Address 0.0.0.0 255.255.255.255 or abbreviate the expression using the keyword any Matching a specific host 81.199.108.8 0.0.0.0 or abbreviate the wildcard using the IP address preceded by the keyword host Cisco Router Configuration AfNOG 2003 / Track 2 # 50
  • 51. Permit Telnet Access For My Network Only access-list 1 permit 81.199.108.192 0.0.0.15 access-list 1 deny any line vty 0 4 access-class 1 in Cisco Router Configuration AfNOG 2003 / Track 2 # 51
  • 52. Standard IP Access Control Lists Example Permit Only My Network 81.199.108.1 81.199.108.81 Non 81.199.108.0 E0 S0 E1 81.199.108.82 Access-list 1 permit 81.199.108.80 0.0.0.15 Interface ethernet 0 ip access-group 1 out interface ethernet 1 ip access-group 1 out Cisco Router Configuration AfNOG 2003 / Track 2 # 52
  • 53. Extended IP Access Control Lists Example Deny FTP Access Through Interface E0 81.199.108.10 81.199.108.225 Non 81.199.108.0 E0 S0 E1 81.199.108.226 access-list 101 deny tcp 81.199.108.0 0.0.0.15 81.199.108.225 0.0.0.15 eq 21 access-list 101 deny tcp 81.199.108.0 0.0.0.15 81.199.108.225 0.0.0.15 eq 20 access-list 101 permit ip 81.199.108.225 0.0.0.15 0.0.0.0 255.255.255.255 interface ethernet 0 ip access-group 101 out Cisco Router Configuration AfNOG 2003 / Track 2 # 53
  • 54. Prefix Lists Cisco first introduced prefix lists in IOS 12.0 + Generally used to filter routes, and can be combined with route maps for route filtering and manipulation Are more scalable and flexible than access control lists and distribute lists Unlike access control lists, you don’t have to delete the entire access list when adding or deleting entries Prefix lists use sequence numbers for this to happen Prefix lists scale as the network grows Cisco Router Configuration AfNOG 2003 / Track 2 # 54
  • 55. Prefix Lists Prefix lists have an implicit “deny” at the end of them, like access control lists Are quicker to process than regular access control lists If you do have IOS 12.0 +, it would be a better idea to use prefix lists rather than distribute or access lists, for route filtering and manipulation Cisco Router Configuration AfNOG 2003 / Track 2 # 55
  • 56. Prefix List Configuration Syntax Prefix list configuration syntax config t ip prefix-list list-name {seq seq-value} {permit|deny} network/len {ge ge-value} {le le-value} list-name – name to use for the prefix list seq-value – numeric value of the sequence; optional network/len – CIDR network address notation Cisco Router Configuration AfNOG 2003 / Track 2 # 56
  • 57. Prefix List Configuration Syntax Prefix list configuration Syntax ge-value – “from” value of range; matches equal or longer prefixes (more bits in the prefix, smaller blocks of address space) le-value – “to” value of range; matches equal or shorter prefixes (less bits in the prefix, bigger blocks of address space) Cisco Router Configuration AfNOG 2003 / Track 2 # 57
  • 58. Prefix List Configuration Example Prefix list configuration example ip prefix-list t2afnog seq 10 deny 81.199.108.192/28 To accept prefixes with a prefix length of /8 up to /24: ip prefix-list test1 seq 5 permit 81.0.0.0/0 ge 8 le 24 To deny prefixes with a mask greater than 25 in 81.199.108.0/24: ip prefix-list test2 seq 10 deny 81.199.108.0/24 ge 25 Cisco Router Configuration AfNOG 2003 / Track 2 # 58
  • 59. Prefix List Configuration Example To allow all routes: ip prefix-list test3 seq 15 permit 0.0.0.0/0 le 32 Cisco Router Configuration AfNOG 2003 / Track 2 # 59
  • 60. Disaster Recovery – ROM Monitor ROM Monitor is very helpful in recovering from emergency failures such as: – Password recovery – Upload new IOS into router with NO IOS installed – Selecting a boot source and default boot filename – Set console terminal baud rate to upload new IOS quicker – Load operating software from ROM – Enable booting from a TFTP server Cisco Router Configuration AfNOG 2003 / Track 2 # 60
  • 61. Disaster Recovery – ROM Monitor How to get the router into ROM Monitor mode: Windows using HyperTerminal for the console session – Ctrl-Break Cisco Router Configuration AfNOG 2003 / Track 2 # 61
  • 62. Disaster Recovery – ROM Monitor How to get the router into ROM Monitor mode: FreeBSD/UNIX using Tip for the console session – <Enter>, then ~# OR – Ctrl-], then Break or Ctrl-C Cisco Router Configuration AfNOG 2003 / Track 2 # 62
  • 63. Disaster Recovery – ROM Monitor How to get the router into ROM Monitor mode: Linux using Minicom for the console session – Ctrl-A F Cisco Router Configuration AfNOG 2003 / Track 2 # 63
  • 64. Disaster Recovery – How To Recover A Lost Password Connect your PC’s serial port to the router’s console port Configure your PC’s serial port: 9600 baud rate No parity 8 data bits 1 stop bit No flow control Cisco Router Configuration AfNOG 2003 / Track 2 # 64
  • 65. Disaster Recovery – How To Recover A Lost Password Your configuration register should be 0x2102; use “show version” command to check Reboot the router and apply the Break-sequence within 60 seconds of powering the router, to put it into ROMMON mode Rommon 1>confreg 0x2142 Rommon 2>reset Router reboots, bypassing startup-config file Cisco Router Configuration AfNOG 2003 / Track 2 # 65
  • 66. Disaster Recovery – How To Recover A Lost Password Type Ctrl-C to exit Setup mode Router>enable Router#conf m or copy start run (only!!!) Router#show running or write terminal Router#conf t Router(config)enable secret forgotten Router(config)int e0/0… Router(config-if)no shut Router(config)config-register 0x2102 Router(config)Ctrl-Z or end Router#copy run start or write memory Router#reload Cisco Router Configuration AfNOG 2003 / Track 2 # 66
  • 67. Using TFTP To Manage Your Router’s Software Enable TFTP on your FreeBSD machine: #vi /etc/inetd.conf (uncomment the #tftp line) #killall –HUP inetd (restart INETD and load TFTPD) #netstat –an (check to see TFTP port is bound) #touch /tftpboot/cisco-router (create the router data for TFTP) #chmod 666 /tftp/cisco-router (make the data file world writeable) Cisco Router Configuration AfNOG 2003 / Track 2 # 67
  • 68. Using TFTP To Manage Your Router’s Software Your router’s configuration Router#copy start tftp Router#copy tftp start Router#copy flash tftp Router#copy tftp flash Router#copy run tftp Cisco Router Configuration AfNOG 2003 / Track 2 # 68
  • 69. END Cisco Router Configuration AfNOG 2003 / Track 2 # 69