Configuring Network Devices

Working at a Small-to-Medium Business or ISP

Chapter 5

Version 4.1
 Objectives
Configure a router with an initial
configuration.
Use Cisco SDM to configure a Cisco ISR
with LAN connectivity, Internet connectivity
and NAT.
Configure a Cisco router for LAN
connectivity, Internet connectivity and NAT
using the Cisco IOS CLI.
Configure a WAN connection from
customer premises to an ISP.
Describe, setup and configure a standalone
LAN switch.
 Initial ISR Router Configuration
ISR (Integrated Services Router combines routing, LAN
switching, security, voice, & WAN connectivity features.
Ideal for small to medium-sized businesses & ISP
managed customers.
 Initial ISR Router Configuration
Cisco IOS offered in modules called images
IP Base image: entry-level Cisco IOS
Images are specific to models of devices
 Cisco 1841 Modular router
Table 1 Memory Requirements for Cisco 1841 Modular Router
Flash RAM
Platform Feature Set Image Memory1 Memory
Cisco 1841 IP Base c1841-ipbase-mz 64 MB 128 MB
IP Voice c1841-ipvoice-mz 64 MB 192 MB

Enterprise Base c1841-entbase-mz 32 MB 128 MB

Advanced Security c1841-advsecurityk9- 64 MB 192 MB

mz
SP Services c1841-spservicesk9-mz 64 MB 192 MB

Enterprise Services c1841-entservicesk9- 64 MB 192 MB

mz

Advanced IP c1841-advipservicesk9- 64 MB 192 MB

Services mz

Advanced Enterprise c1841-adventerprisek9- 64 MB 192 MB

Services mz
CISCO IOS Image: Types of Images
Two main types of image your router may use:
1. System image - complete Cisco IOS software. This image is
loaded when your router boots and is used most of the time.
On most platforms, the image is located in Flash memory.
2. Boot image - A subset of the Cisco IOS software. This
image is used to perform network booting or to load
Cisco IOS images onto the router. This image is also used if
the router cannot find a valid system image. Depending on
your platform, this image may be called xboot image, rxboot
image, bootstrap image, or boot loader/helper image.
On some platforms, the boot image is contained in ROM. In
others, the boot image can be stored in Flash memory. On
these platforms, you can specify which image should be used
as the boot image using the boot bootldr global configuration
command. Refer to your hardware documentation for
information about the boot image used on your router.
 Image Naming Convention
You can identify the platform, features and
image location by the image name.
Naming convention is: platform features
type
Example: c2600-js-l_121-3.bin
c2600 - hardware platform
js - features set (enterprise)
l - file format (relocatable, not compressed)
121-3 - version & release # (version 12.1 release 3)
Image Naming Convention - continued
Platform variable platform that can use image
For example c1700, c2600, c7000
Features feature sets supported by image.
Type can contain following characters
fThe image runs from Flash memory.
mThe image runs from RAM.
rThe image runs from ROM.
lThe image is relocatable.
zThe image is zip compressed.
xThe image is mzip compressed.
 Initial ISR Router Configuration
Tools and equipment required for setup:
 Initial ISR Router Configuration
Three-stage bootup process:
Power-on self test (POST)
Locate and load Cisco IOS
Locate startup configuration file or enter setup mode
 Bootup Process - contd
POST (Power On Self Test) test hardware
After POST, the bootstrap program is loaded
Bootstrap locates IOS and loads it into RAM
IOS can be located flash memory, TFTP server,
or another location
By default, IOS loads from flash
After IOS is loaded, bootstrap locates startup
configuration file in NVRAM (non-volatile random
access memory)
Startup configuration when loaded into RAM
(working memory), it become the running
configuration.
Loading Cisco IOS
Get default IOS from FLASH
Flash empty

Get IOS from TFTP Server

TFTP Server empty

Get limited Cisco IOS from ROM

 Show version command output
Router>show version
IOS version
Bootstrap program stored in ROM
Complete filename of IOS
Type of CPU; amount of RAM
Number & type of interfaces
Amount of NVRAM (used to store startup config)
Amount of Flash (used to store IOS
Configuration register in hex
 Configuration register
Default setting 0x2102 (remember this?)
Loads IOS from flash
Loads startup-config from NVRAM
Most common settings
0x2142 ignores contents of NVRAM/configuration
0x2120 The router into ROMmon mode
http://www.cisco.com/en/US/products/hw/routers/ps13
3/products_tech_note09186a008022493f.shtml
**Go to Configuration Register Values & Their
Meaning.
 Initial ISR Router Configuration
Verifying and troubleshooting bootup process:
View output from the show version command
Use dir flash: and boot flash: in ROMmon mode
View boot system commands [see miage below on next slide]
Initial ISR Router Configuration (continued)
Initial ISR Router Configuration
(continued)

Out-of-band management for initial configuration

In-band management over a network connection
In-Band Out-of-Band

Terminal emulation

HTTP or Telnet
 Initial ISR Router Configuration
(continued)

Command Line Interface (CLI): text-

based program
Can be used in both in-band or out-of-
band
Extensive help system [see image below
on next slide]
Initial ISR Router Configuration
(continued)
 SDM
Security Device Manager (SDM): web-based
GUI
In-Band only
SDM Express (Basic) or Full package
(Advanced configuration)
Comes preinstalled in flash
 CLI vs. SDM

CLI SDM
User Interface Term Emulation software Web-based browser

Telnet
Configuration Method Text-based Cisco commands GUI buttons & text boxes
Expertise in Cisco Depends on the config task Do not need knowledge of CLI
Device Config. commands
Help Features Command-prompt based GUI based online help &
tutorials
Flash Requirements Covered by IOS requirements 6MB of free memory

Availability ALL Cisco devices Cisco 830 series thru Cisco

7301
What Its Used When device does not support Initial config of SDM equipped
SDM device
 Using Cisco SDM Express and
SDM
Follow best practices for installing a new
device to ensure correct functions
 Using Cisco SDM Express and
SDM
Eight SDM Express configuration screens:
Overview
Basic configuration
LAN IP address
DHCP
Internet (WAN)
Firewall
Security settings
Summary
 Using Cisco SDM Express and
SDM
Use Basic NAT Wizard to configure dynamic
NAT with PAT
 Configuring a Router Using IOS
CLI
CLI command modes: two levels of access
 Configuring a Router Using IOS
CLI
Configuration modes can alter the operation of
the device
 Configuring a Router Using IOS
CLI
Help features:
Command completion
Error indicators
Command history
Enabled by default
Records 10 command
Max 256 commands
history size command
Arrow and function keys
Configuring a Router Using IOS
CLI
Show commands
display
configuration and
operation
information
R#show run
R#show
interfaces
R#show ip route
R#show protocols
Configuring a Router Using IOS
CLI
Use Cisco IOS CLI to perform an initial router
configuration
Configuring a Router Using IOS
CLI
Configure serial and Ethernet interfaces on a
router

(DTE) Data Terminal Equipment

endpoint of users device on the WAN
link; Cisco routers
(DCE) Data Communications
Equipment; provides clock rate;
modem; converts data from router to
acceptable format to cross the WAN
If back-to-back router scenario, one of
the routers will be DCE and one DTE.
Configuring a Router Using IOS
CLI
Configure a default route for the Cisco
router
Default route used when router does not
know where to send a packet.
IP address of
next-hop router
Or
port number
Configuring a Router Using IOS
CLI
Configure a Cisco router to function as a
DHCP server
Configuring a Router Using IOS
CLI
Configure static NAT on a Cisco router to
enable Internet access for an internal server
Configuring a Router Using IOS
CLI
Back up and restore configuration files using a
TFTP server
Configuring a Router Using IOS
CLI
Capture and save configuration file output from
a terminal session
Connecting the CPE to the ISP
Customer Premise Equipment (CPE) network devices installed
at customer location.
Configuration checklists ensure that all configuration
requirements are met
Connecting the CPE to the ISP
Use inventory and configuration checklists and
an installation plan to ensure successful
installation
Connecting the CPE to the ISP
Documentation includes diagrams, checklists,
and activity logs
Connecting the CPE to the ISP
Types of customer connections over a WAN:
Point-to-point: often called leased lines;
typically most expensive; price based on
bandwidth & distance between 2 points
Circuit-switched similar to a phone call made
over a phone network; example is ISDN or
dialup connection; physical circuit reserved
from source to destination
Packet-switched each customer has a virtual
circuit; example is Frame Relay
 Customer Connections over
WAN
Bandwidth and cost influence WAN choices
Connecting the CPE to the ISP
Clock rate and serial encapsulation are needed when configuring serial
WAN connections
Clock rate is set by DCE
DTE accepts clock rate
Leased WAN connections use serial connection & require Channel
Service Unit/Data Service Unit (CSU/DSU

DCE

DTE
 Initial Cisco 2960 Switch
Configuration
Fixed-configuration, standalone devices does not use modules or flash
card slots. Physical configuration cant be changed.
Layer 2 device that directs stream of message coming in from one port,
our of another based on destination MAC address.
Configured using GUI or CLI
 Cisco 2960 switch
Comes preconfigured
Needs to be assigned basic security info
Basic commands (ex: hostname,
passwords) sames as ISR switch.
Configure management IP address
One virtual local area network, VLAN 1 is
preconfigured to provide access to
management functions.
 Initial Cisco 2960 Switch
Configuration
Switch settings can be configured using the
Cisco IOS CLI
Assign an IP address to the default
management virtual local area network,
VLAN1
 Initial Cisco 2960 Switch
Configuration
Check switch components
Connect cables to the switch
Power up the switch and observe POST
 Initial Cisco 2960 Switch
Configuration
Connect the stand-alone LAN switch to the
router and verify connectivity
Configure port security to prevent
unauthorized use
Shut down unused ports
 Switch port security
Port security limits the # of MAC addresses allowed per port.
Set port to access mode using switchport mode access
command
3 ways to configure port security:
Static MAC addresses are manually assigned using
switchport port-security mac-address [mac-address] interface
config command.
S1# configure terminal
S1(config-if)#interface fastethernet 0/20
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security mac-address 1000.2000.3000
S1(config-if)#end


 Switch port - contd

Dynamic MAC addresses are

dynamically learned & stored in address
table
# of addresses stored can be controlled;
default is one address.
If port is shut down or switch is restarted,
address learned are cleared from the
table
S1# configure terminal
S1(config-if)#interface fastethernet 0/20
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#end
 Switch port - contd
Sticky similar to dynamic
Addresses learned are saved to the
running-config
S1# configure terminal
S1(config-if)#interface fastethernet 0/20
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security
S1(config-if)#switchport port-security maximum 50
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#end
 Initial Cisco 2960 Switch
Configuration
Cisco Discovery Protocol (CDP) gathers
information about directly-connected Cisco
network devices
Two Cisco devices directly connected on the
same local network are called neighbors
 Summary
The Integrated Services Router (ISR) is
a good choice for small to medium
businesses and ISP-managed
customers.
ISRs can be initially configured using
SDM or the router IOS CLI.
When using the CLI, show commands
verify configuration elements.
An installation plan can minimize
disruption to a network when new
devices are being added.