You are on page 1of 10

Cisco Router Configuration Tutorial

Josh Gentry, jgentry@swcp.com


v.1.1, 23 February, 2005
This document covers basic Cisco router IP configuration using the command-line
interface
Acknowledgments
The following sources where extremely useful:
0 !einwan", #ins$y, an" %ul&e&&er. Cisco Router Configuration. 'n"iana&olis,
'n"iana: %isco #ress, 1(().
1 %isco *ystems, 'nc., htt&:++www.cisco.com
Disclaimer
This "ocument carries no ex&licit or im&lie" warranty. ,or is there any guarantee that the
information containe" in this "ocument is accurate. 't is offere" in the ho&es of hel&ing
others, but you use it at your own ris$. The author will not be liable for any "amages that
occur as a result of using this "ocument.
Conventions
'm&ortant terms an" conce&ts, when they are intro"uce", may be "is&laye" in bol".
%omman"s inclu"e" in the bo"y of the text will be "is&laye" in this font. -ll names
an" a""resses use" in exam&les are .ust that, exam&les, an" shoul" not be use" on your
networ$. /o not ty&e them in verbatim when configuring your system. Finally, in some
exam&les where the comman" r0uires an '# a""ress as an argument, the '# a""ress may
be re&resente" in this way, xx.xx.xx.xx, or aa.bb.cc."". 1ou will never actually use these
strings when configuring your system. They are mearly a convention of this "ocument to
s&ecify that you shoul" substitute the a&&ro&riate '# a""ress at that &oint.
1. hat this document covers
There are several metho"s available for configuring %isco routers. 't can be "one over the
networ$ from a TFT# server. 't can be "one through the menu interface &rovi"e" at
bootu&, an" it can be "one from the menu interface &rovi"e" by using the comman"
setup. This tutorial "oes not cover these metho"s. 't covers configuration from the '2*
comman"3line interface only.
!ote that this tutorial does not cover &hysically connecting the router to the networ$s it
will be routing for. 't covers o&erating system configuration only.
1.1 Reasons for using the command"line
The main reason for using the comman"3line interface instea" of a menu "riven interface
is s&ee". 2nce you have investe" the time to learn the comman"3line comman"s, you can
&erform many o&erations much more 0uic$ly than by using a menu. This is basically true
of all comman"3line vs. menu interfaces. 4hat ma$es it es&ecially efficient to learn the
comman"3line interface of the %isco '2* is that it is stan"ar" across all %isco routers.
#. Getting started
'nitially you will &robably configure your router from a terminal. 'f the router is alrea"y
configure" an" at least one &ort is configure" with an '# a""ress, an" it has a &hysical
connection to the networ$, you might be able to telnet to the router an" configure it
across the networ$. 'f it is not alrea"y configure", then you will have to "irectly connect
to it with a terminal an" a serial cable. 4ith any 4in"ows box you can use
5y&erterminal to easily connect to the router. #lug a serial cable into a serial 6%278 &ort
on the #% an" the other en" into the console &ort on the %isco router. *tart
5y&erterminal, tell it which %27 &ort to use an" clic$ OK. *et the s&ee" of the
connection to 9600 baud an" clic$ OK. 'f the router is not on, turn it on.
'f you wish to configure the router from a $inu% box, either *eyon or 7inicom shoul"
wor$. -t least one of them, an" maybe both, will come with your !inux "istribution.
2ften you will nee" to hit the Enter $ey to see the &rom&t from the router. 'f it is
unconfigure" it will loo$ li$e this:
Router>
'f it has been &reviously configure" with a hostname, it will loo$ li$e this:
hostname of router>
'f you have .ust turne" on the router, after it boots it will as$ you if you wish to begin
initial configuration. &ay no. 'f you say yes, it will &ut you in the menu interface. *ay no.
#.1 'odes
The %isco '2* comman"3line interface is organi9e" aroun" the i"ea of modes. 1ou move
in an" out of several "ifferent mo"es while configuring a router, an" which mo"e you are
in "etermines what comman"s you can use. :ach mo"e has a set of comman"s available
in that mo"e, an" some of these comman"s are only available in that mo"e. 'n any mo"e,
ty&ing a 0uestion mar$ will "is&lay a list of the comman"s available in that mo"e.
Router>?
#.# (n)rivileged and )rivileged modes
4hen you first connect to the router an" &rovi"e the &asswor" 6if necessary8, you enter
:;:% mo"e, the first mo"e in which you can issue comman"s from the comman"3line.
From here you can use such un)rivileged comman"s as ping, telnet, and rlogin.
1ou can also use some of the show comman"s to obtain information about the system. 'n
un&rivilege" mo"e you use comman"s li$e, show ersion to "is&lay the version of the
'2* the router is running. Ty&ing show ? will "i&lay all the show comman"s available in
the mo"e you are &resently in.
Router>show ?
1ou must enter &rivilege" mo"e to configure the router. 1ou "o this by using the
comman" enable. #rivilege" mo"e will usually be &asswor" &rotecte" unless the router
is unconfigure". 1ou have the o&tion of not &asswor" &rotecting &rivilege" mo"e, but it is
5'<5!1 recommen"e" that you "o. 4hen you issue the comman" enable an" &rovi"e
the &asswor", you will enter &rivilege" mo"e.
To hel& the user $ee& trac$ of what mo"e they are in, the comman"3line &rom&t changes
each time you enter a "ifferent mo"e. 4hen you switch from un&rivilege" mo"e to
&rivilege" mo"e, the &rom&t changes from:
Router>
to
Router!
This woul" &robably not be a big "eal if there were .ust two mo"es. There are, in fact,
numerous mo"es, an" this feature is &robably in"is&ensable. #ay close attention to the
&rom&t at all times.
4ithin &rivilege" mo"e there are many su*"modes. 'n this "ocument ' "o not closely
follow %isco terminology for this hierarchy of mo"es. ' thin$ that my ex&lanation is
clearer, fran$ly. %isco "escribes two mo"es, un&rivilege" an" &rivilege", an" then a
hierarchy of comman"s use" in &rivilege" mo"e. ' reason that it is much clearer to
un"erstan" if you .ust consi"er there to be many sub3mo"es of &rivilege" mo"e, which '
will also call )arent mo"e. 2nce you enter &rivilege" mo"e 6&arent mo"e8 the &rom&t
en"s with a &oun" sign 6=8. There are numerous mo"es you can enter only after entering
&rivilege" mo"e. :ach of these mo"es has a &rom&t of the form:
>outer6arguments8=
They still all en" with the &oun" sign. They are subsume" within &rivilege" mo"e. 7any
of these mo"es have sub3mo"es of their own. 2nce you enter &rilige" mo"e, you have
access to all the configuration information an" o&tions the '2* &rovi"es, either "irectly
from the &arent mo"e, or from one of its submo"es.
+. Configuring
'f you have .ust turne" on the router, it will be com&letely unconfigure". 'f it is alrea"y
configure", you may want to view its current configuration. :ven if it has not been
&reviously configure", you shoul" familiari9e yourself with the show comman"s before
beginning to configure the router. :nter &rivilege" mo"e by issuing the comman"
enable, then issue several show comman"s to see what they "is&lay. >emember, the
comman" show ? will "is&lay all the showcomman"s aavailable in the current mo"e.
/efinately try out the following comman"s:
Router!show interfa"es
Router!show ip proto"ols
Router!show ip route
Router!show ip arp
4hen you enter &rivilege" mo"e by using the comman" enable, you are in the to&3level
mo"e of &rivilege" mo"e, also $nown in this "ocument as ?&arent mo"e.? 't is in this to&3
level or &arent mo"e that you can "is&lay most of the information about the router. -s
you now $now, you "o this with the show comman"s. 5ere you can learn the
configuration of interfaces an" whether they are u& or "own. 1ou can "is&lay what '#
&rotocols are in use, such as "ynamic routing &rotocols. 1ou can view the route an" ->#
tables, an" these are .ust a few of the more im&ortant o&tions.
-s you configure the router, you will enter various sub3mo"es to set o&tions, then return
to the &arent mo"e to "is&lay the results of your comman"s. 1ou also return to the &arent
mo"e to enter other sub3mo"es. To return to the &arent mo"e, you hit "trl#$. This &uts
any comman"s you have .ust issue" into affect, an" returns you to &arent mo"e.
+.1 Glo*al configuration ,config-
To configure any feature of the router, you must enter configuration mo"e. This is the
first sub3mo"e of the &arent mo"e. 'n the &arent mo"e, you issue the comman" "onfig.
Router!"onfig
Router%"onfig&!
-s "emonstrate" above, the &rom&t changes to in"icate the mo"e that you are now in.
'n connfiguration mo"e you can set o&tions that a&&ly system3wi"e, also refere" to as
?global configurations.? For instance, it is a goo" i"ea to name your router so that you
can easily i"entify it. 1ou "o this in configuration mo"e with the hostname comman".
Router%"onfig&!hostname E'ample(ame
E'ample(ame%"onfig&!
-s "emonstrate" above, when you set the name of the host with the hostname comman",
the &rom&t imme"iately changes by re&lacing Router with E'ample(ame. 6!ote. 't is a
goo" i"ea to name your routers with an organi9e" naming scheme.8
-nother useful comman" issue" from config mo"e is the comman" to "esignate the /,*
server to be use" by the router:
E'ample(ame%"onfig&!ip name#serer aa.bb."".dd
E'ample(ame%"onfig&!"trl#)
E'ample(ame!
This is also where you set the &asswor" for &rivilege" mo"e.
E'ample(ame%"onfig&!enable se"ret e'amplepassword
E'ample(ame%"onfig&!"trl#)
E'ample(ame!
@ntil you hit "trl#) 6or ty&e e'it until you reach &arent mo"e8 your comman" has not
been &ut into affect. 1ou can enter config mo"e, issue several "ifferent comman"s, then
hit "trl#) to activate them all. :ach time you hit "trl#) you return to &arent mo"e an"
the &rom&t:
E'ample(ame!
5ere you use show comman"s to verify the results of the comman"s you issue" in config
mo"e. To verify the results of the ip name#serer comman", issue the comman" show
host.
+.# Configuring interfaces
%isco interface naming is straightforwar". 'n"ivi"ual interfaces are referre" to by this
convention:
media type slot!*port!
?7e"ia ty&e? refers to the ty&e of me"ia that the &ort is an interface for, such as :thernet,
To$en >ing, F//', serial, etc. *lot numbers are only a&&licable for routers that &rovi"e
slots into which you can install mo"ules. These mo"ules contain several &orts for a given
me"ia. The A200 series is an exam&le. These mo"ules are even hot3swa&able. 1ou can
remove a mo"ule from a slot an" re&lace it with a "ifferent mo"ule, without interru&ting
service &rovi"e" by the other mo"ules installe" in the router. These slots are numbere" on
the router.
#ort number refers to the &ort in reference to the other &orts in that mo"ule. ,umbering is
left3to3right, an" all numbering starts at 0, not at one.
For exam&le, a %isco A20B is a A200 series router with six slots. To refer to an interface
that is the thir" &ort of an :thernet mo"ule installe" in the sixth slot, it woul" be interface
ethernet B+2. Therefor, to "is&lay the configuration of that interface you use the
comman":
E'ample(ame!show interfa"e ethernet 6*+
'f your router "oes not have slots, li$e a 1B00, then the interface name consists only of:
media type port!
For exam&le:
E'ample(ame!show interfa"e serial 0
5ere is an exam&le of configuring a serial &ort with an '# a""ress:
E'ample(ame!"onfig
E'ample(ame%"onfig&!interfa"e serial ,*,
E'ample(ame%"onfig#if&!ip address ,9+.,6-.,...+ +...+...+...0
E'ample(ame%"onfig#if&!no shutdown
E'ample(ame%"onfig#if&!"trl#)
E'ample(ame!
Then to verify configuration:
E'ample(ame!show interfa"e serial ,*,
!ote the no shutdown comman". -n interface may be correctly configure" an"
&hysically connecte", yet be ?a"ministratively "own.? 'n this state it will not function.
The comman" for causing an interface to be a"ministratively "own is shutdown.
E'ample(ame%"onfig&!interfa"e serial ,*,
E'ample(ame%"onfig#if&!shutdown
E'ample(ame%"onfig#if&!"trl#)
E'ample(ame!show interfa"e serial ,*,
'n the %isco '2*, the way to reverse or "elete the results of any comman" is to sim&ly &ut
no infront of it. For instance, if we wante" to unassign the '# a""ress we ha" assigne" to
interface serial 1+1:
E'ample(ame%"onfig&!interfa"e serail ,*,
E'ample(ame%"onfig#if&!no ip address ,9+.,6-.,...+ +...+...+...0
E'ample(ame%"onfig#if&"trl#)
E'ample(ame!show interfa"e serial ,*,
%onfiguring most interfaces for !-, connections might consist only of assigning a
networ$ layer a""ress an" ma$ing sure the interface is not a"ministratively shut"own. 't
is usually not necessary to sti&ulate "ata3lin$ layer enca&sulation. !ote that it is often
necessary to sti&ulate the a&&ro&riate "ata3lin$ layer enca&sulation for 4-, connections,
such as frame3relay an" -T7. *erial interfaces "efault to using 5/!%. - "iscussion of
"ata3lin$ &rotocols is outsi"e the sco&e of this "ocument. 1ou will nee" to loo$ u& the
'2* comman" en"apsulation for more "etails.
+.+ Routing
'# routing is automatically enable" on %isco routers. 'f it has been &reviously "isable" on
your router, you turn it bac$ on in config mo"e with the comman" ip routing.
E'ample(ame%"onfig&!ip routing
E'ample(ame%"onfig&!"trl#)
There are two main ways a router $nows where to sen" &ac$ets. The a"ministrator can
assign static routes, or the router can learn routes by em&loying a dynamic routing
)rotocol.
These "ays static routes are generally use" in very sim&le networ$s or in &articular cases
that necessitate their use. To create a static route, the a"ministrator tells the router
o&erating system that any networ$ traffic "estine" for a s&ecifie" networ$ layer a""ress
shoul" be forwar"e" to a similiarly s&ecifie" networ$ layer a""ress. 'n the %isco '2* this
is "one with the ip route comman".
E'ample(ame!"onfig
E'ample(ame%"onfig&!ip route ,/+.,6.0.0 +...+...+...0 ,9+.,6-.,.0.,
E'ample(ame%"onfig&!"trl#)
E'ample(ame!show ip route
Two things to be sai" about this exam&le. First, the &ac$et "estination a""ress must
inclu"e the subnet mas$ for that "estination networ$. *econ", the a""ress it is to be
forwar"e" to is the s&ecifie" a""res of the next router along the &ath to the "estination.
This is the most common way of setting u& a static route, an" the only one this "ocument
covers. Ce aware, however, that there are other metho"s.
/ynamic routing &rotocols, running on connecte" routers, enable those routers to share
routing information. This enables routers to learn the routes available to them. The
a"vantage of this metho" is that routers are able to a".ust to changes in networ$
to&ologies. 'f a route is &hysically remove", or a neighbor router goes "own, the routing
&rotocol searches for a new route. >outing &rotocols can even "ynamically choose
between &ossible routes base" on variables such as networ$ congestion or networ$
reliability.
There are many "ifferent routing &rotocols, an" they all use "ifferent variables, $nown as
?metrics,? to "eci"e u&on a&&ro&riate routes. @nfortunately, a router nee"s to be running
the same routing &rotocols as its neighbors. 7any routers can, however, run mutli&le
&rotocols. -lso, many &rotocols are "esigne" to be able to &ass routing information to
other routing &rotocols. This is calle" ?re"istribution.? The author has no ex&erience with
trying to ma$e re"istribution wor$. There is an '2* redistribute comman" you can
research if you thin$ this is something you nee". This "ocumentDs com&agnion case stu"y
"escribes an alternative metho" to "eal with "ifferent routing &rotocols in some
circumstances.
>outing &rotocols are a com&lex to&ic an" this "ocument contains only this su&erficial
"escri&tion of them. There is much to learn about them, an" there are many sources of
information about them available. -n excelent source of information on this to&ic is
%iscoDs website, http0**www."is"o."om.
This "ocument "escribes how to configure the >outing 'nformation #rotocol 6>'#8 on
%isco routers. From the comman"3line, we must ex&licitly tell the router which &rotocol
to use, an" what networ$s the &rotocol will route for.
E'ample(ame!"onfig
E'ample(ame%"onfig&!router rip
E'ample(ame%"onfig#router&!networ1 aa.bb."".dd
E'ample(ame%"onfig#router&!networ1 ee.ff.gg.hh
E'ample(ame%"onfig#router&!"trl#)
E'ample(ame!show ip proto"ols
,ow when you issue the show ip proto"ols comman", you shoul" see an entry
"escribing >'# configuration.
+./ &aving your configuration
2nce you have configure" routing on the router, an" you have configure" in"ivi"ual
interfaces, your router shoul" be ca&able of routing traffic. <ive it a few moments to tal$
to its neighbors, then issue the comman"s show ip route an" show ip arp. There
shoul" now be entries in these tables learne" from the routing &rotocol.
'f you turne" the router off right now, an" turne" it on again, you woul" have to start
configuration over again. 1our running configuration is not save" to any &erminent
storage me"ia. 1ou can see this configuration with the comman" show running#"onfig.
E'ample(ame!show running#"onfig
1ou do want to save your successful running configuration. 'ssue the comman" "opy
running#"onfig startup#"onfig.
E'ample(ame!"opy running#"onfig startup#"onfig
1our configuration is now save" to non"volatile RA' 6,E>-78. 'ssue the comman"
show startup#"onfig.
E'ample(ame!show startup#"onfig
,ow any time you nee" to return your router to that configuration, issue the comman"
"opy startup#"onfig running#"onfig.
E'ample(ame!"opy startup#"onfig running#"onfig
+.0 1%am)le configuration
>outerFenable
>outer=config
>outer6config8=hostname ,1153A20B
,1153A20B6config8=interface serial 1+1
,1153A20B6config3if8i& a""ress 1(2.1B).155.2 255.255.255.0
,1153A20B6config3if8no shut"own
,1153A20B6config3if8ctrl39
,1153A20B=show interface serial 1+1
,1153A20B=config
,1153A20B6config8=interface ethernet 2+3
,1153A20B6config3if8=i& a""ress 1(2.1B).150.(0 255.255.255.0
,1153A20B6config3if8=no shut"own
,1153A20B6config3if8=ctrl39
,1153A20B=show interface ethernet 2+3
,1153A20B=config
,1153A20B6config8=router ri&
,1153A20B6config3router8=networ$ 1(2.1B).155.0
,1153A20B6config3router8=networ$ 1(2.1B).150.0
,1153A20B6config3router8=ctrl39
,1153A20B=show i& &rotocols
,1153A20B=&ing 1(2.1B).150.1
,1153A20B=config
,1153A20B6config8=i& name3server 1A2.1B.0.10
,1153A20B6config8=ctrl39
,1153A20B=&ing archie.au
,1153A20B=config
,1153A20B6config8=enable secret &asswor"
,1153A20B6config8=ctrl39
,1153A20B=co&y running3config startu&3config
,1153A20B=exit
/. Trou*leshooting
'nevitably, there will be &roblems. @sually, it will come in the form of a user notifying
you that they can not reach a certain "estination, or any "estinattion at all. 1ou will nee"
to be able to chec$ how the router is attem&ting to route traffic, an" you must be able to
trac$ "own the &oint of failure.
1ou are alrea"y familiar with the show comman"s, both s&ecific comman"s an" how to
learn what other show comman"s are available. *ome of the most basic, most useful
comman"s you will use for troubleshooting are:
E'ample(ame!show interfa"es
E'ample(ame!show ip proto"ols
E'ample(ame!show ip route
E'ample(ame!show ip arp
/.1 Testing connectivity
't is very &ossible that the &oint of failure is not in your router configuration, or at your
router at all. 'f you examine your routerDs configuration an" o&eration an" everything
loo$s goo", the &roblem might be be farther u& the line. 'n fact, it may be the line itself,
or it coul" be another router, which may or may not be un"er your a"ministration.
2ne extremely useful an" sim&le "iagnostic tool is the ping comman". #ing is an
im&lementation of the '# 7essage %ontrol #rotocol 6'%7#8. #ing sen"s an '%7# echo
re0uest to a "estination '# a""ress. 'f the "estination machine receives the re0uest, it
res&on"s with an '%7# echo res&onse. This is a very sim&le exchange that consists of:
ello! are you alive"
#es! I am.
E'ample(ame!ping ''.''.''.''
'f the &ing test is successful, you $now that the "estination you are having "ifficulty
reaching is alive an" &hysically reachable.
'f there are routers between your router an" the "estination you are having "ifficulty
reaching, the &roblem might be at one of the other routers. :ven if you ping a router an"
it res&on"s, it might have other interfaces that are "own, its routing table may be
corru&te", or any number of other &roblems may exist.
To see where &ac$ets that leave your router for a &articular "estination go, an" how far,
use the tra"e comman".
E'ample(ame!tra"e ''.''.''.''
't may ta$e a few minutes for this utility to finish, so give it some time. 't will "is&lay a
list of all the ho&s it ma$es on the way to the "estination.
/.# debug commands
There are several debug comman"s &rovi"e" by the '2*. These comman"s are not
covere" here. >efer to the %isco website for more information.
/.+ 2ardware and )hysical connections
/o not overloo$ the &ossibility that the &oint of failure is a har"ware or &hysical
connection failure. -ny number of things can go wrong, from boar" failures to cut cables
to &ower failures. This "ocument will not "escribew troubleshooting these &roblems,
exce&t for these sim&le things.
%hec$ to see that the router is turne" on. -lso ma$e sure that no cables are loose or
"amage". Finally, ma$e sure cables are &lugge" into the correct &orts. Ceyon" this sim&le
a"vice you will nee" to chec$ other sources.
/./ 3ut of your control
'f the &oint of failure is farther u& the line, the &rolem might lie with e0ui&ment not un"er
your a"ministration. 1our only o&tion might be to contact the e0ui&mentDs a"ministrator,
notify them of your &roblem, an" as$ them for hel&. 't is in your interest to be courtious
an" res&ectful. The other a"ministrator has their own &roblems, their own wor$loa" an"
their own &riorities. Their agen"a might even "irectly conflict with yours, such as their
intention to change "ynamic routing &rotocols, etc. 1ou must wor$ with them, even if the
situation is frustrating. -lienating someone with the &ower to bloc$ im&ortant routes to
your networ$ is not a goo" i"ea.
0. References