CISCO SYSTEMS (ROUTERS AND SWITCHES)

Advanced Systems Administration Course

Fred Msumeno University computing Centre Ltd, University of Dar es salaam, E-mail: mfred@udsm.ac.tz Website: www.ucc.co.tz

Installation and configurations

Pre-requisities
Knowledge of LAN and WAN Knowledge of IP addressing Knowledge of sub-netting and super-netting Knowledge of TCP/IP configurations on client Computers

Router Components
Bootstrap stored in ROM microcode brings router up during initialisation, boots router and loads the IOS. POST Power On Self Test - stored in ROM microcode checks for basic functionality of router hardware and determines which interfaces are present ROM Monitor stored in ROM microcode used for manufacturing, testing and troubleshooting Mini-IOS a.k.a RXBOOT/boot loader by Cisco small IOS ROM used to bring up an interface and load a Cisco IOS into flash memory from a TFTP server; can also perform a few other maintenance operations

Router Components
RAM holds packet buffers, ARP cache, routing table, software and data structure that allows the router to function; running-config is stored in RAM, as well as the decompressed IOS in later router models ROM starts and maintains the router Flash memory holds the IOS; is not erased when the router is reloaded; is an EEPROM [Electrically Erasable Programmable Read-Only Memory] created by Intel, that can be erased and reprogrammed repeatedly through an application of higher than normal electric voltage NVRAM Non-Volatile RAM - holds router configuration; is not erased when router is reloaded

Router Components
Config-Register controls how router boots; value can be seen with show version command; is typically 0x2102, which tells the router to load the IOS from flash memory and the startup-config file from NVRAM

Purpose of the Config Register

Reasons why you would want to modify the config-register: Force the router into ROM Monitor Mode Select a boot source and default boot filename Enable/Disable the Break function Control broadcast addresses Set console terminal baud rate Load operating software from ROM Enable booting from a TFTP server

System Startup
POST loaded from ROM and runs diagnostics on all router hardware Bootstrap locates and loads the IOS image; default setting is to load the IOS from flash memory IOS locates and loads a valid configuration from NVRAM; file is called startup-config; only exists if you copy the running-config to NVRAM startup-config if found, router loads it and runs embedded configuration; if not found, router enters setup mode

Overview
Router configuration controls the operation of the routers: Interface IP address and netmask Routing information (static, dynamic or default) Security (passwords and authentication)

Boot and startup information

Where is the Configuration?

Router always has two configurations: Running configuration
In RAM, determines how the router is currently operating Is modified using the configure command To see it: show running-config

Startup confguration
In NVRAM, determines how the router will operate after next reload Is modified using the copy command To see it: show startup-config

Where is the Configuration?

Can also be stored in more permanent places:
External hosts, using TFTP (Trivial File Transfer Protocol) In flash memory in the router

Copy command is used to move it around

copy run start copy start tftp copy flash start copy run tftp copy tftp start copy start flash

Router Access Modes

User EXEC mode limited examination of router
Router>

Privileged EXEC mode detailed examination of router, debugging, testing, file manipulation (router prompt changes to an octothorp)
Router#

ROM Monitor useful for password recovery & new IOS upload session Setup Mode available when router has no startupconfig file

External Configuration Sources

Console Direct PC serial access Auxiliary port Modem access Virtual terminals Telnet/SSH access TFTP Server Copy configuration file into router RAM Network Management Software e.g., CiscoWorks

Changing the Configuration

Configuration statements can be entered interactively
changes are made (almost) immediately, to the running configuration

Can use direct serial connection to console port, or Telnet/SSH to vtys (virtual terminals), or Modem connection to aux port, or Edited in a text file and uploaded to the router at a later time via tftp; copy tftp start or config net

Logging into the Router/switch

Cisco devices can be configured through :Console ,SSH, Telnet, SNMP & TFTP protocols

Configuration using Console

Console login to a Cisco device using windows operating system installed PC Console is used to make initial configuration to a Cisco device or if the device can not be accessed using SSH, Telnet, SNMP and TFTP protocols.

Logging into the Router/switch

Steps:Connect a console cable to a Cisco device console port and then to your computer Communication port Open the hyper terminal window , go to Start Programs Accessories Communications Hyper Terminal

Logging into the Router/switch

Logging into the Router/switch

Enter the connection name and select the first icon for the connection

Enter the connection details and select the communication port

Enter the port settings and press inter to start configuration of your Cisco device

New Router Configuration Process

Any time you make changes to the router configuration, you must save the changes to memory because if you do not they will be lost if there is a system reload or power outage. There are two types of configuration files: the running (current operating) configuration and the startup configuration. Use the following privileged mode commands to work with configuration files.

configure terminal modify the running configuration manually from the terminal show running-config display the running configuration.

New Router Configuration Process

show startup-config display the startup configuration copy running-config startup-config copy the running configuration to the startup configuration

copy startup-config running-config copy the startup configuration to the running configuration erase startup-config erase the startupconfiguration in NVRAM.

New Router Configuration Process

copy tftp running-config load a configuration file stored on a Trivial File Transfer Protocol (TFTP) server into the running configuration copy running-config tftp store the running configuration on a TFTP server

Router configuration
Hostname configuration Router>enable Router#configure terminal Router(config)#hostname TEST-ROUTER Setting console password TEST-ROUTER(config)#line console 0 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco

Router configuration
Setting telnet password TEST-ROUTER(config)#line vty 0 4 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco Setting Setting telnet password TEST-ROUTER(config)#line vty 0 4 TEST-ROUTER(config-line)#login TEST-ROUTER(config-line)#password cisco

Router configuration
Enable secret password TEST-ROUTER(config)#enable secret cisco Enable password TEST-ROUTER(config)#enable password cisco1 Note: Do not save the configuration before you confirm that the setting are correct, to do that exit the privileged mode and try to login using the passwords, for telnet login the router must have been configured with IP address on one of its interfaces. To save the configurations TEST-ROUTER#copy running-config startup-config or type TEST-ROUTER#write

IP Address Configuration
IP addresses are configured on interfaces (Fast Ethernet or Ethernets), VLANS(for a layer 2/layer 3 switch), serial interfaces. Enter privileged EXEC mode Enter global configuration mode Enter in an interface to configure TEST-ROUTER(config)#interface ethernet 0 Configure the IP addres

IP Address Configuration
TEST-ROUTER(config-if)#ip address 192.168.200.1 255.255.255.0 If the interface is connected /to connect two different subnet you add a secondary IP address TEST-ROUTER(config-if)#ip address 192.168.100.1 255.255.255.0 secondary Enable the interface TEST-ROUTER(config-if)#no shutdown Exit the interface configuration and global configuration by end or Ctrl-Z TEST-ROUTER(config-if)#end

IP ROUTING CONFIGURATION
Static routes configurations Enter privileged EXEC mode Enter global configuration mode Configure the default gateway TEST-ROUTER(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 Configure other static routes TEST-ROUTER(config)#ip route 192.168.10.0 255.255.255.0 192.168.200.2 TEST-ROUTER(config)#ip route 192.168.8.0 255.255.255.0 192.168.100.2 TEST-ROUTER(config)#ip route 192.168.0.0 255.255.254.0 192.168.200.3

DHCP SERVICE CONFIGURATION

TEST-DIST-SW#config t TEST-DIST-SW(config)#ip dhcp database test Configure DHCP pool address TEST-DIST-SW(config)#ip dhcp pool test TEST-DIST-SW(dhcp-config)#network 196.44.160.136 255.255.255.248 Configure DNS servers to be used by cliets TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10 196.44.161.10 Configure the domain name to be used by clients TEST-DIST-SW(dhcp-config)#domain-name test.ucc.co.tz Configure default gateway TEST-DIST-SW(dhcp-config)#default-router 196.44.160.137 TEST-DIST-SW(dhcp-config)#exit

DHCP
Configure the router as dhcp server TEST-DIST-SW(config)#ip dhcp-server 196.44.160.137 Exlude some addresses to be used in static assignment(including the default-gateway/dhcp address) TEST-DIST-SW(config)#ip dhcp excluded-address 196.44.160.137 196.44.160.139 Dis-able ping of the dhcp server TEST-DIST-SW(config)#ip dhcp ping packets 0 Allow server to offer IP addresses to the clients TEST-DIST-SW(config)#$ 107 permit udp host 196.44.160.137 any eq bootps TEST-DIST-SW(config)#$ 107 permit udp any host196.44.160.137 eq bootps TEST-DIST-SW(config)#$ 107 permit udp any host 255.255.255.255 eq bootps

DHCP
Apply the access control list on router interface that clients on LAN connect TEST-DIST-SW(config)#interface vlan 1 TEST-DIST-SW(config-if)#ip access-group 107 in

NAT CONFIGURATION
Configure your router as NAT TEST-DIST-SW#config t Configure DHCP service TEST-DIST-SW(config)#ip dhcp pool nat TEST-DIST-SW(dhcp-config)#network 192.168.8.0 255.255.255.0 TEST-DIST-SW(dhcp-config)#default-router 192.168.8.1 TEST-DIST-SW(dhcp-config)#dns-server 196.44.168.10 196.44.161.10 TEST-DIST-SW(dhcp-config)# domain-name nat.ucc.co.tz TEST-DIST-SW(dhcp-config)#exit Configure NAT ip nat inside source list 100 interface FastEthernet0/1 overload

NAT
Access list to assign dhcp addresses to clients TEST-DIST-SW(config)#ipaccess-list 107 permit udp host 192.168.8.1 any eq bootps TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host 192.168.8.1 eq bootps TEST-DIST-SW(config)#ipaccess-list 107 permit udp any host 255.255.255.255 eq bootps Apply the access list above to the private network interface Access control list for the natted addresses access-list 100 permit ip 192.168.8.0 0.0.0.255 any

NAT .
Configure natting on router interfaces TEST-DIST-SW(config)# interface FastEthernet0/0 TEST-DIST-SW(config-if)# ip address 192.168.8.1 255.255.255.0 TEST-DIST-SW(config-if)# ip nat inside TEST-DIST-SW(config-if)# interface FastEthernet0/1 TEST-DIST-SW(config-if)# ip address 196.44.161.241 255.255.255.0 TEST-DIST-SW(config-if)# ip nat outside Save the configurations

VLAN CONFIGURATION IN CISCO SWITCHES

Configure VLAN on switches and assign ports to the VLANS TEST-DIST-SW#config t TEST-DIST-SW#vlan database TEST-DIST-SW(vlan)#vlan 2 name WLAN EST-DIST-SW(vlan)#exit Assign the ports to the WLAN VLAN TEST-DIST-SW#config t TEST-DIST-SW(config)#interface fastEthernet 0/1 TEST-DIST-SW(config-if)#switchport access vlan 2

EXERCISE
Configure your Cisco router 1. Host name 2. Set the console, telnet(limit number of concurrent access to 4 ), secret and enable passwords 3.WAN IP 196.44.161.X and set LAN subnet 196.44.160.136/29. 4. Configure static routes, default gateway 196.44.161.1, and a route to 196.44.160.128/29 via 196.44.161.13

Exercise cont
5. Add users (with privilege 5)who can login to the router 6. Configure snmp parameters 7. Enable IP cache on the interfaces