Professional Documents
Culture Documents
Cisco Systems (Routers and Switches) : Advanced Systems Administration Course
Cisco Systems (Routers and Switches) : Advanced Systems Administration Course
Fred Msumeno University computing Centre Ltd, University of Dar es salaam, E-mail: mfred@udsm.ac.tz Website: www.ucc.co.tz
Router Components
Bootstrap stored in ROM microcode brings router up during initialisation, boots router and loads the IOS. POST Power On Self Test - stored in ROM microcode checks for basic functionality of router hardware and determines which interfaces are present ROM Monitor stored in ROM microcode used for manufacturing, testing and troubleshooting Mini-IOS a.k.a RXBOOT/boot loader by Cisco small IOS ROM used to bring up an interface and load a Cisco IOS into flash memory from a TFTP server; can also perform a few other maintenance operations
Router Components
RAM holds packet buffers, ARP cache, routing table, software and data structure that allows the router to function; running-config is stored in RAM, as well as the decompressed IOS in later router models ROM starts and maintains the router Flash memory holds the IOS; is not erased when the router is reloaded; is an EEPROM [Electrically Erasable Programmable Read-Only Memory] created by Intel, that can be erased and reprogrammed repeatedly through an application of higher than normal electric voltage NVRAM Non-Volatile RAM - holds router configuration; is not erased when router is reloaded
Router Components
Config-Register controls how router boots; value can be seen with show version command; is typically 0x2102, which tells the router to load the IOS from flash memory and the startup-config file from NVRAM
System Startup
POST loaded from ROM and runs diagnostics on all router hardware Bootstrap locates and loads the IOS image; default setting is to load the IOS from flash memory IOS locates and loads a valid configuration from NVRAM; file is called startup-config; only exists if you copy the running-config to NVRAM startup-config if found, router loads it and runs embedded configuration; if not found, router enters setup mode
Overview
Router configuration controls the operation of the routers: Interface IP address and netmask Routing information (static, dynamic or default) Security (passwords and authentication)
Startup confguration
In NVRAM, determines how the router will operate after next reload Is modified using the copy command To see it: show startup-config
Privileged EXEC mode detailed examination of router, debugging, testing, file manipulation (router prompt changes to an octothorp)
Router#
ROM Monitor useful for password recovery & new IOS upload session Setup Mode available when router has no startupconfig file
Can use direct serial connection to console port, or Telnet/SSH to vtys (virtual terminals), or Modem connection to aux port, or Edited in a text file and uploaded to the router at a later time via tftp; copy tftp start or config net
Enter the port settings and press inter to start configuration of your Cisco device
configure terminal modify the running configuration manually from the terminal show running-config display the running configuration.
copy startup-config running-config copy the startup configuration to the running configuration erase startup-config erase the startupconfiguration in NVRAM.
Router configuration
Hostname configuration Router>enable Router#configure terminal Router(config)#hostname TEST-ROUTER Setting console password TEST-ROUTER(config)#line console 0 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco
Router configuration
Setting telnet password TEST-ROUTER(config)#line vty 0 4 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco Setting Setting telnet password TEST-ROUTER(config)#line vty 0 4 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco
Router configuration
Enable secret password TEST-ROUTER(config)#enable secret cisco Enable password TEST-ROUTER(config)#enable password cisco1 Note: Do not save the configuration before you confirm that the setting are correct, to do that exit the privileged mode and try to login using the passwords, for telnet login the router must have been configured with IP address on one of its interfaces. To save the configurations TEST-ROUTER#copy running-config startup-config or type TEST-ROUTER#write
IP Address Configuration
IP addresses are configured on interfaces (Fast Ethernet or Ethernets), VLANS(for a layer 2/layer 3 switch), serial interfaces. Enter privileged EXEC mode Enter global configuration mode Enter in an interface to configure TEST-ROUTER(config)#interface ethernet 0 Configure the IP addres
IP Address Configuration
TEST-ROUTER(config-if)#ip address 192.168.200.1 255.255.255.0 If the interface is connected /to connect two different subnet you add a secondary IP address TEST-ROUTER(config-if)#ip address 192.168.100.1 255.255.255.0 secondary Enable the interface TEST-ROUTER(config-if)#no shutdown Exit the interface configuration and global configuration by end or Ctrl-Z TEST-ROUTER(config-if)#end
IP ROUTING CONFIGURATION
Static routes configurations Enter privileged EXEC mode Enter global configuration mode Configure the default gateway TEST-ROUTER(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 Configure other static routes TEST-ROUTER(config)#ip route 192.168.10.0 255.255.255.0 192.168.200.2 TEST-ROUTER(config)#ip route 192.168.8.0 255.255.255.0 192.168.100.2 TEST-ROUTER(config)#ip route 192.168.0.0 255.255.254.0 192.168.200.3
DHCP
Configure the router as dhcp server TEST-DIST-SW(config)#ip dhcp-server 196.44.160.137 Exlude some addresses to be used in static assignment(including the default-gateway/dhcp address) TEST-DIST-SW(config)#ip dhcp excluded-address 196.44.160.137 196.44.160.139 Dis-able ping of the dhcp server TEST-DIST-SW(config)#ip dhcp ping packets 0 Allow server to offer IP addresses to the clients TEST-DIST-SW(config)#$ 107 permit udp host 196.44.160.137 any eq bootps TEST-DIST-SW(config)#$ 107 permit udp any host196.44.160.137 eq bootps TEST-DIST-SW(config)#$ 107 permit udp any host 255.255.255.255 eq bootps
DHCP
Apply the access control list on router interface that clients on LAN connect TEST-DIST-SW(config)#interface vlan 1 TEST-DIST-SW(config-if)#ip access-group 107 in
NAT CONFIGURATION
Configure your router as NAT TEST-DIST-SW#config t Configure DHCP service TEST-DIST-SW(config)#ip dhcp pool nat TEST-DIST-SW(dhcp-config)#network 192.168.8.0 255.255.255.0 TEST-DIST-SW(dhcp-config)#default-router 192.168.8.1 TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10 196.44.161.10 TEST-DIST-SW(dhcp-config)# domain-name nat.ucc.co.tz TEST-DIST-SW(dhcp-config)#exit Configure NAT ip nat inside source list 100 interface FastEthernet0/1 overload
NAT
Access list to assign dhcp addresses to clients TEST-DIST-SW(config)#ipaccess-list 107 permit udp host 192.168.8.1 any eq bootps TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host 192.168.8.1 eq bootps TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host 255.255.255.255 eq bootps Apply the access list above to the private network interface Access control list for the natted addresses access-list 100 permit ip 192.168.8.0 0.0.0.255 any
NAT .
Configure natting on router interfaces TEST-DIST-SW(config)# interface FastEthernet0/0 TEST-DIST-SW(config-if)# ip address 192.168.8.1 255.255.255.0 TEST-DIST-SW(config-if)# ip nat inside TEST-DIST-SW(config-if)# interface FastEthernet0/1 TEST-DIST-SW(config-if)# ip address 196.44.161.241 255.255.255.0 TEST-DIST-SW(config-if)# ip nat outside Save the configurations
EXERCISE
Configure your Cisco router 1. Host name 2. Set the console, telnet(limit number of concurrent access to 4 ), secret and enable passwords 3.WAN IP 196.44.161.X and set LAN subnet 196.44.160.136/29. 4. Configure static routes, default gateway 196.44.161.1, and a route to 196.44.160.128/29 via 196.44.161.13
Exercise cont
5. Add users (with privilege 5)who can login to the router 6. Configure snmp parameters 7. Enable IP cache on the interfaces