Saturday, March 6, 2010
This chapter provides information and commands concerning the following topics:
Configuring a Router
This chapter provides information and commands concerning the following topics:
• Configuring a router, specifically:
— Names
— Passwords
— Interfaces
— MOTD banners
— IP host tables
— Saving and erasing your configurations
• show commands to verify the router configurations
Router Modes
TIP: There are other modes than these. Not all commands work in all
modes. Be careful. If you type in a command that you know is correct—show
run, for example—and you get an error, make sure that you are in the correct
mode.
Router> User mode
Router# Privileged mode
Router(config)# Global configuration mode
Router(config-if)# Interface mode
Router(config-subif)# Subinterface mode
Router(config-line)# Line mode
Router(config-router)# Router configuration mode
18 Configuring Passwords
Global Configuration Mode
Configuring a Router Name
This command works on both routers and switches.
Configuring Passwords
Works on both routers and switches.
Router> Can see config, but not change
Router# Can see config and move to make
changes
Router#config t
Router(config)#
Moves to global config mode
This prompt indicates that you can
start making changes
Router(config)#hostname Cisco Name can be any word you choose
Cisco(config)#
Router(config)#enable password cisco Sets enable password
Router(config)#enable secret class Sets enable secret password
Router(config)#line con 0 Enters console-line mode
Router(config-line)#password console Sets console-line mode password to
console
Router(config-line)#login Enables password checking at login
Router(config)#line vty 0 4 Enters vty line mode for all 5 vty
lines
Router(config-line)#password telnet Sets vty password to telnet
Router(config-line)#login Enables password checking at login
show Commands 19
CAUTION: Enable secret password is encrypted by default. Enable password is
not. For this reason, recommended practice is that you never use the enable
password. Use only the enable secret password in a router configuration.
CAUTION: You cannot set both enable secret and enable password to the same
password. Doing so defeats the use of encryption.
Password Encryption
CAUTION: If you have turned on service password encryption, used it, and then
turned it off, any passwords that you have encrypted will stay encrypted. New
passwords will remain unencrypted
show Commands
Router(config)#line aux 0 Enters auxiliary line mode
Router(config-line)#password backdoor Sets auxiliary line mode password to
backdoor
Router(config-line)#login Enables password checking at login
Router(config)#service passwordencryption
Applies a weak encryption to
passwords
Router(config)#enable password cisco Sets enable password to cisco
Router(config)#line con 0 …
Router(config-line)#password Cisco Continue setting passwords as above
…
Router(config)#no service passwordencryption
Turns off password encryption
Router#show ? Lists all show commands available
Router#show interfaces Displays statistics for all interfaces
Router#show interface serial 0 Displays statistics for a specific
interface, in this case Serial 0
Router#show ip interface brief Displays a summary of all
interfaces, including status and IP
address assigned
20 Interface Names
Interface Names
One of the biggest problems that new administrators face is the names of the interfaces on
the different models of routers. The following chart lists the names of the Ethernet, Fast
Ethernet, and Serial interfaces on the 2500, 1700, and 2600 series of routers.
Router#show controllers serial 0 Displays statistics for interface
hardware. Statistics display if the
clock rate is set and if the cable is
DCE, DTE, or not attached
Router#show clock Displays time set on device
Router#show hosts Displays local host-to-IP address
cache. These are the names and
addresses of hosts on the network to
which you can connect
Router#show users Displays all users connected to
device
Router#show history Displays history of commands used
Router#show flash Displays info about Flash memory
Router#show version Displays info about loaded
software version
Router#show arp Displays the ARP table
Router#show protocols Displays status of configured Layer
3 protocols
Router#show startup-config Displays configuration saved in
NVRAM
Router#show running-config Displays configuration currently
running in RAM
Fixed Interfaces (2500
Series)
Modular (Removable)
Interfaces (1700 Series)
Modular (Removable)
Interfaces (2600 Series)
Router(config)#int
erface type port
Router(config)#interf
ace type port
Router(config)#interface
type slot/port
Router(config)#int
serial0 (s0)
Router(config)#interf
ace serial 0
Router(config)#int serial
0/0 (s0/0)
Router(config)#int
ethernet 0 (e0)
Router(config)#interf
ace fastethernet 0
Router(config)#int
fastethernet 0/0 (fa0/0)
Configuring an Ethernet/Fast Ethernet Interface 21
Moving Between Interfaces
What happens in Column 1 is the same thing as is occurring in Column 2.
Configuring a Serial Interface
TIP: The clock rate command is used only on a serial interface that has a DCE
cable plugged into it. There must be a clock rate set on every serial link between
routers. It does not matter which router has the DCE cable plugged into it, or which
interface the cable is plugged into. Serial 0 on one router can be plugged into
Serial 1 on another router.
Configuring an Ethernet/Fast Ethernet Interface
Router(config)#int s0 Router(config)#int s0 Moves to interface S0
mode
Router(config-if)#exit Router(config-if)#int e0 In int S0, move to E0
Router(config)#int e0 Router(config-if)# In E0 mode now
Router(config-if)# Prompt does not
change; be careful
Router(config)#int s0/0 Moves to interface Serial 0/0
mode
Router(config-if)#description Link to ISP Optional descriptor of the link is
locally significant
Router(config-if)#ip address 192.168.10.1
255.255.255.0
Assigns address and subnet
mask to interface
Router(config-if)#clock rate 56000 Assigns a clock rate for the
interface
Router(config-if)#no shut Turns interface on
Router(config)#int fa0/0 Moves to Fast Ethernet 0/0
interface mode
Router(config-if)#description Accounting LAN Optional descriptor of the
link is locally significant
22 Assigning a Local Host Name to an IP Address
Creating a MOTD Banner
Setting the Clock Time Zone
Assigning a Local Host Name to an IP Address
TIP: The default port number in the ip host command is 23, or Telnet. If you want
to Telnet to a device, just enter the IP host name itself:
Router#london = Router#telnet london = Router#telnet 172.16.1.3
Router(config-if)#ip address 192.168.20.1
255.255.255.0
Assigns address and subnet
mask to interface
Router(config-if)#no shut Turns interface on
Router(config)#banner motd # This is a
secure system. Authorized Personnel Only! #
Router(config)#
# is known as a delimiting
character. The delimiting
character must surround the
banner message and can be
any character so long as it is
not a character used within
the body of the message
Router(config)#clock timezone EST –5 Sets the time zone for
display purposes. Based on
coordinated universal time
(Eastern Standard Time is 5
hours behind UTC)
Router(config)#ip host london 172.16.1.3 Assigns a host name to the
IP address. After this
assignment, you can use the
host name instead of an IP
address when trying to
Telnet or ping to that
address
Router#ping london
=
Router#ping 172.16.1.3
exec-timeout Command 23
no ip domain-lookup Command
TIP: Ever type in a command incorrectly and left having to wait for a minute or
two as the router tries to translate your command to a domain server of
255.255.255.255? The router is set by default to try to resolve any word that is not
a command to a DNS server at address 255.255.255.255. If you are not going to set
up DNS, turn this feature off to save you time as you type, especially if you are a
poor typist.
logging synchronous Command
TIP: Ever try to type in a command and an informational line appears in the
middle of what you were typing? Lose your place? Do not know where you are in
the command, so you just press ® and start all over? The logging
synchronous command will tell the router that if any informational items get
displayed on the screen, your prompt and command line should be moved to a
new line, so as not to confuse you.
The informational line does not get inserted into the middle of the command you
are trying to type. If you were to continue typing, the command would execute
properly, even though it looks wrong on the screen
exec-timeout Command
Router(config)#no ip domain-lookup
Router(config)#
Turns off trying to
automatically resolve an
unrecognized command to a
local host name
Router(config)#line con 0
Router(config-line)#logging synchronous Turns on synchronous
logging. Information items
sent to console will not
interrupt the command you
are typing. The command
will be moved to a new line
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0 Sets time limit when console
automatically logs off. Set to
0 0 (minutes seconds) means
console never logs off
Router(config-line)#
24 Configuration Example: Basic Router Configuration
TIP: exec-timeout 0 0 is great for a lab because the console never logs out. This
is very dangerous in the real world (bad security).
Saving Configurations
Erasing Configurations
TIP: Running-config is still in dynamic memory. Reload the router to clear the
running-config.
Configuration Example: Basic Router Configuration
Figure 3-1 shows the network topology for the configuration that follows, which shows a
basic router configuration using the commands covered in this chapter.
Figure 3-1 Network Topology for Basic Router Configuration
Router#copy run start Saves the running-config to local NVRAM
Router#copy run tftp Saves the running-config remotely to TFTP server
Router#erase start Deletes the startup-config file from NVRAM
Boston Router
Router>en Enters privileged mode
Router#clock set 18:30:00 15 Nov 2004 Sets local time on router
Router#config t Enters global config mode
Boston
Network 172.16.10.0/24 Network 172.16.20.0/24 Network 172.16.30.0/24
fa0/0 fa0/0
172.16.20.1
172.16.10.10 s0/0
172.16.10.1 172.16.30.1
172.16.30.30
DCE
s0/1
172.16.20.2 Buffalo
Configuration Example: Basic Router Configuration 25
Router(config)#hostname Boston Sets router name to Boston
Boston(config)#no ip domain-lookup Turns off name resolution on
unrecog-nized commands
(spelling mistakes)
Boston(config)#banner motd #
This is the Boston Router.
Authorized Access Only
#
Creates an MOTD banner
Boston(config)#clock timezone EST –5 Sets time zone to Eastern
Standard Time (–5 from UTC)
Boston(config)#enable secret cisco Enable secret password set to
cisco
Boston(config)#service password-encryption Passwords will be given weak
encryption
Boston(config)#line con 0 Enters line console mode
Boston(config-line)#logging sync Commands will not be
interrupted by unsolicited
messages
Boston(config-line)#password class Sets password to class
Boston(config-line)#login Enables password checking at
login
Boston(config-line)#line vty 0 4 Moves to virtual Telnet lines 0
through 4
Boston(config-line)#password class Sets password to class
Boston(config-line)#login Enables password checking at
login
Boston(config-line)#line aux 0 Moves to line auxiliary mode
Boston(config-line)#password class Sets password to class
Boston(config-line)#login Enables password checking at
login
Boston(config-line)#exit Moves back to global config
mode
26 Configuration Example: Basic Router Configuration
Boston(config)#no service passwordencryption
Turns off password encryption
Boston(config)#int fa 0/0 Moves to Fast Ethernet 0/0
mode
Boston(config-if)#desc Engineering LAN Sets locally significant
description of the interface
Boston(config-if)#ip address 172.16.10.1
255.255.255.0
Assigns IP address and subnet
mask to the interface
Boston(config-if)#no shut Turns on the interface
Boston(config-if)#int s0/0 Moves directly to Serial 0/0
mode
Boston(config-if)#desc Link to Buffalo
Router
Sets locally significant
description of the interface
Boston(config-if)#ip address 172.16.20.1
255.255.255.0
Assigns IP address and subnet
mask to the interface
Boston(config-if)#clock rate 56000 Sets a clock rate for serial
transmission (DCE cable must
be plugged into this interface)
Boston(config-if)#no shut Turns on the interface
Boston(config-if)#exit Moves back to global config
mode
Boston(config)#ip host buffalo 172.16.20.2 Sets a local host name
resolution to IP address
172.16.20.2
Boston(config)#exit Moves back to privileged
mode
Boston#copy run start Saves running-config to
NVRAM
This chapter provides information and commands concerning the following topics:
• Configuring a router, specifically:
— Names
— Passwords
— Interfaces
— MOTD banners
— IP host tables
— Saving and erasing your configurations
• show commands to verify the router configurations
Router Modes
TIP: There are other modes than these. Not all commands work in all
modes. Be careful. If you type in a command that you know is correct—show
run, for example—and you get an error, make sure that you are in the correct
mode.
Router> User mode
Router# Privileged mode
Router(config)# Global configuration mode
Router(config-if)# Interface mode
Router(config-subif)# Subinterface mode
Router(config-line)# Line mode
Router(config-router)# Router configuration mode
18 Configuring Passwords
Global Configuration Mode
Configuring a Router Name
This command works on both routers and switches.
Configuring Passwords
Works on both routers and switches.
Router> Can see config, but not change
Router# Can see config and move to make
changes
Router#config t
Router(config)#
Moves to global config mode
This prompt indicates that you can
start making changes
Router(config)#hostname Cisco Name can be any word you choose
Cisco(config)#
Router(config)#enable password cisco Sets enable password
Router(config)#enable secret class Sets enable secret password
Router(config)#line con 0 Enters console-line mode
Router(config-line)#password console Sets console-line mode password to
console
Router(config-line)#login Enables password checking at login
Router(config)#line vty 0 4 Enters vty line mode for all 5 vty
lines
Router(config-line)#password telnet Sets vty password to telnet
Router(config-line)#login Enables password checking at login
show Commands 19
CAUTION: Enable secret password is encrypted by default. Enable password is
not. For this reason, recommended practice is that you never use the enable
password. Use only the enable secret password in a router configuration.
CAUTION: You cannot set both enable secret and enable password to the same
password. Doing so defeats the use of encryption.
Password Encryption
CAUTION: If you have turned on service password encryption, used it, and then
turned it off, any passwords that you have encrypted will stay encrypted. New
passwords will remain unencrypted
show Commands
Router(config)#line aux 0 Enters auxiliary line mode
Router(config-line)#password backdoor Sets auxiliary line mode password to
backdoor
Router(config-line)#login Enables password checking at login
Router(config)#service passwordencryption
Applies a weak encryption to
passwords
Router(config)#enable password cisco Sets enable password to cisco
Router(config)#line con 0 …
Router(config-line)#password Cisco Continue setting passwords as above
…
Router(config)#no service passwordencryption
Turns off password encryption
Router#show ? Lists all show commands available
Router#show interfaces Displays statistics for all interfaces
Router#show interface serial 0 Displays statistics for a specific
interface, in this case Serial 0
Router#show ip interface brief Displays a summary of all
interfaces, including status and IP
address assigned
20 Interface Names
Interface Names
One of the biggest problems that new administrators face is the names of the interfaces on
the different models of routers. The following chart lists the names of the Ethernet, Fast
Ethernet, and Serial interfaces on the 2500, 1700, and 2600 series of routers.
Router#show controllers serial 0 Displays statistics for interface
hardware. Statistics display if the
clock rate is set and if the cable is
DCE, DTE, or not attached
Router#show clock Displays time set on device
Router#show hosts Displays local host-to-IP address
cache. These are the names and
addresses of hosts on the network to
which you can connect
Router#show users Displays all users connected to
device
Router#show history Displays history of commands used
Router#show flash Displays info about Flash memory
Router#show version Displays info about loaded
software version
Router#show arp Displays the ARP table
Router#show protocols Displays status of configured Layer
3 protocols
Router#show startup-config Displays configuration saved in
NVRAM
Router#show running-config Displays configuration currently
running in RAM
Fixed Interfaces (2500
Series)
Modular (Removable)
Interfaces (1700 Series)
Modular (Removable)
Interfaces (2600 Series)
Router(config)#int
erface type port
Router(config)#interf
ace type port
Router(config)#interface
type slot/port
Router(config)#int
serial0 (s0)
Router(config)#interf
ace serial 0
Router(config)#int serial
0/0 (s0/0)
Router(config)#int
ethernet 0 (e0)
Router(config)#interf
ace fastethernet 0
Router(config)#int
fastethernet 0/0 (fa0/0)
Configuring an Ethernet/Fast Ethernet Interface 21
Moving Between Interfaces
What happens in Column 1 is the same thing as is occurring in Column 2.
Configuring a Serial Interface
TIP: The clock rate command is used only on a serial interface that has a DCE
cable plugged into it. There must be a clock rate set on every serial link between
routers. It does not matter which router has the DCE cable plugged into it, or which
interface the cable is plugged into. Serial 0 on one router can be plugged into
Serial 1 on another router.
Configuring an Ethernet/Fast Ethernet Interface
Router(config)#int s0 Router(config)#int s0 Moves to interface S0
mode
Router(config-if)#exit Router(config-if)#int e0 In int S0, move to E0
Router(config)#int e0 Router(config-if)# In E0 mode now
Router(config-if)# Prompt does not
change; be careful
Router(config)#int s0/0 Moves to interface Serial 0/0
mode
Router(config-if)#description Link to ISP Optional descriptor of the link is
locally significant
Router(config-if)#ip address 192.168.10.1
255.255.255.0
Assigns address and subnet
mask to interface
Router(config-if)#clock rate 56000 Assigns a clock rate for the
interface
Router(config-if)#no shut Turns interface on
Router(config)#int fa0/0 Moves to Fast Ethernet 0/0
interface mode
Router(config-if)#description Accounting LAN Optional descriptor of the
link is locally significant
22 Assigning a Local Host Name to an IP Address
Creating a MOTD Banner
Setting the Clock Time Zone
Assigning a Local Host Name to an IP Address
TIP: The default port number in the ip host command is 23, or Telnet. If you want
to Telnet to a device, just enter the IP host name itself:
Router#london = Router#telnet london = Router#telnet 172.16.1.3
Router(config-if)#ip address 192.168.20.1
255.255.255.0
Assigns address and subnet
mask to interface
Router(config-if)#no shut Turns interface on
Router(config)#banner motd # This is a
secure system. Authorized Personnel Only! #
Router(config)#
# is known as a delimiting
character. The delimiting
character must surround the
banner message and can be
any character so long as it is
not a character used within
the body of the message
Router(config)#clock timezone EST –5 Sets the time zone for
display purposes. Based on
coordinated universal time
(Eastern Standard Time is 5
hours behind UTC)
Router(config)#ip host london 172.16.1.3 Assigns a host name to the
IP address. After this
assignment, you can use the
host name instead of an IP
address when trying to
Telnet or ping to that
address
Router#ping london
=
Router#ping 172.16.1.3
exec-timeout Command 23
no ip domain-lookup Command
TIP: Ever type in a command incorrectly and left having to wait for a minute or
two as the router tries to translate your command to a domain server of
255.255.255.255? The router is set by default to try to resolve any word that is not
a command to a DNS server at address 255.255.255.255. If you are not going to set
up DNS, turn this feature off to save you time as you type, especially if you are a
poor typist.
logging synchronous Command
TIP: Ever try to type in a command and an informational line appears in the
middle of what you were typing? Lose your place? Do not know where you are in
the command, so you just press ® and start all over? The logging
synchronous command will tell the router that if any informational items get
displayed on the screen, your prompt and command line should be moved to a
new line, so as not to confuse you.
The informational line does not get inserted into the middle of the command you
are trying to type. If you were to continue typing, the command would execute
properly, even though it looks wrong on the screen
exec-timeout Command
Router(config)#no ip domain-lookup
Router(config)#
Turns off trying to
automatically resolve an
unrecognized command to a
local host name
Router(config)#line con 0
Router(config-line)#logging synchronous Turns on synchronous
logging. Information items
sent to console will not
interrupt the command you
are typing. The command
will be moved to a new line
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0 Sets time limit when console
automatically logs off. Set to
0 0 (minutes seconds) means
console never logs off
Router(config-line)#
24 Configuration Example: Basic Router Configuration
TIP: exec-timeout 0 0 is great for a lab because the console never logs out. This
is very dangerous in the real world (bad security).
Saving Configurations
Erasing Configurations
TIP: Running-config is still in dynamic memory. Reload the router to clear the
running-config.
Configuration Example: Basic Router Configuration
Figure 3-1 shows the network topology for the configuration that follows, which shows a
basic router configuration using the commands covered in this chapter.
Figure 3-1 Network Topology for Basic Router Configuration
Router#copy run start Saves the running-config to local NVRAM
Router#copy run tftp Saves the running-config remotely to TFTP server
Router#erase start Deletes the startup-config file from NVRAM
Boston Router
Router>en Enters privileged mode
Router#clock set 18:30:00 15 Nov 2004 Sets local time on router
Router#config t Enters global config mode
Boston
Network 172.16.10.0/24 Network 172.16.20.0/24 Network 172.16.30.0/24
fa0/0 fa0/0
172.16.20.1
172.16.10.10 s0/0
172.16.10.1 172.16.30.1
172.16.30.30
DCE
s0/1
172.16.20.2 Buffalo
Configuration Example: Basic Router Configuration 25
Router(config)#hostname Boston Sets router name to Boston
Boston(config)#no ip domain-lookup Turns off name resolution on
unrecog-nized commands
(spelling mistakes)
Boston(config)#banner motd #
This is the Boston Router.
Authorized Access Only
#
Creates an MOTD banner
Boston(config)#clock timezone EST –5 Sets time zone to Eastern
Standard Time (–5 from UTC)
Boston(config)#enable secret cisco Enable secret password set to
cisco
Boston(config)#service password-encryption Passwords will be given weak
encryption
Boston(config)#line con 0 Enters line console mode
Boston(config-line)#logging sync Commands will not be
interrupted by unsolicited
messages
Boston(config-line)#password class Sets password to class
Boston(config-line)#login Enables password checking at
login
Boston(config-line)#line vty 0 4 Moves to virtual Telnet lines 0
through 4
Boston(config-line)#password class Sets password to class
Boston(config-line)#login Enables password checking at
login
Boston(config-line)#line aux 0 Moves to line auxiliary mode
Boston(config-line)#password class Sets password to class
Boston(config-line)#login Enables password checking at
login
Boston(config-line)#exit Moves back to global config
mode
26 Configuration Example: Basic Router Configuration
Boston(config)#no service passwordencryption
Turns off password encryption
Boston(config)#int fa 0/0 Moves to Fast Ethernet 0/0
mode
Boston(config-if)#desc Engineering LAN Sets locally significant
description of the interface
Boston(config-if)#ip address 172.16.10.1
255.255.255.0
Assigns IP address and subnet
mask to the interface
Boston(config-if)#no shut Turns on the interface
Boston(config-if)#int s0/0 Moves directly to Serial 0/0
mode
Boston(config-if)#desc Link to Buffalo
Router
Sets locally significant
description of the interface
Boston(config-if)#ip address 172.16.20.1
255.255.255.0
Assigns IP address and subnet
mask to the interface
Boston(config-if)#clock rate 56000 Sets a clock rate for serial
transmission (DCE cable must
be plugged into this interface)
Boston(config-if)#no shut Turns on the interface
Boston(config-if)#exit Moves back to global config
mode
Boston(config)#ip host buffalo 172.16.20.2 Sets a local host name
resolution to IP address
172.16.20.2
Boston(config)#exit Moves back to privileged
mode
Boston#copy run start Saves running-config to
NVRAM
Subscribe to:
Posts (Atom)