 |
 |
|
|
|
|
|
|
|
|
|
 |
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
 |
 |
 |
 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
 |
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||
|
Close Window | |
|
|
|||
|
|
|
|
|
|
|
|
|
All contents copyright © 2003 Cisco Systems, Inc. All rights reserved. | |
  |
Overview |
|
|
|
3.1 |
|
Configuring a Router | |
| 3.1.1 |
|
CLI command modes |
All command-line interface (CLI)
configuration changes to a Cisco router are made from the global
configuration mode. Other more specific modes are entered depending upon the
configuration change that is required, but these specific modes are all
subsets of the global configuration mode.
 Global configuration mode commands are used in a router to apply configuration statements that affect the system as a whole. The following command moves the router into global configuration mode and allows entry of commands from the terminal:
Global configuration mode, often shortened to global config, is the primary configuration mode. These are just a few of the modes that can be entered from global configuration mode:
When these specific modes are entered, the router prompt changes to indicate the current configuration mode. Any configuration changes that are made will apply only to the interfaces or processes covered by the particular mode. Typing exit from one of these specific configuration modes will return the router to global configuration mode. Pressing Ctrl-Z leaves the configuration modes completely and returns the router to privileged EXEC mode.
|
|
|
3.1 |
|
Configuring a Router | |
| 3.1.2 |
|
Configuring a router name |
A router should be given a unique name as
one of the first configuration tasks. This task is accomplished in global
configuration mode using the following commands:
As soon as the Enter key is pressed, the prompt changes from the default host name (Router) to the newly configured host name, which is Tokyo in the example.
|
|
|
3.1 |
|
Configuring a Router | |
| 3.1.3 |
|
Configuring router passwords |
| Passwords restrict access to routers.
Passwords should always be configured for virtual terminal lines and the
console line. Passwords are also used to control access to privileged EXEC
mode so that only authorized users may make changes to the configuration
file. The following commands are used to set an optional but recommended password on the console line:
A password must be set on one or more of the virtual terminal (VTY) lines for users to gain remote access to the router using Telnet. Typically Cisco routers support five VTY lines numbered 0 through 4, although different hardware platforms support different numbers on VTY connections. Often the same password is used for all lines but sometimes one line is set uniquely to provide a fall-back entry to the router if the other four connections are in use. The following commands are used to set the password on the VTY lines:
The enable password and the enable secret are used to restrict access to the privileged EXEC mode. The enable password is only used if the enable secret has not been set. It is recommended that the enable secret always be set and used because it is encrypted while the enable password is not encrypted. These are the commands that are used to set the enable passwords:
Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands. This command is used to encrypt passwords in configuration output:
The service password-encryption command applies a weak encryption to all unencrypted passwords. The enable secret <password> command uses a strong MD5 algorithm for encryption.
|
|
|
3.1 |
|
Configuring a Router | |
| 3.1.4 |
|
Examining the show commands |
There are many
show
commands that can be used to examine the contents of files in the router and
for troubleshooting. In both privileged EXEC and user EXEC modes, the
command show ?
provides a list of available
show commands. The list is
considerably longer in privileged EXEC mode than it is in user EXEC mode.
|
|
|
3.1 |
|
Configuring a Router | |
| 3.1.5 |
|
Configuring a serial interface |
A serial interface can be configured from
the console or through a virtual terminal line. To configure a serial
interface follow these steps:
Each connected serial interface must have an IP address and subnet mask if the interface is expected to route IP packets. Configure the IP address using the following commands:
Serial interfaces require a clock signal to control the timing of the communications. In most environments, a DCE device such as a CSU will provide the clock. By default, Cisco routers are DTE devices but they can be configured as DCE devices. On serial links that are directly interconnected, as in a lab environment, one side must be considered a DCE and provide a clocking signal. The clock is enabled and speed is specified with the clock rate command. The available clock rates in bits per second are: 1200, 2400, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, or 4000000. However, some bit rates might not be available on certain serial interfaces depending of their capacity. By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting the command shutdown is used to turn off the interface. In the lab environment, the clockrate setting that will be used is 56000. The commands for setting a clock rate and enabling a serial interface are as follows:
|
|
|
3.1 |
|
Configuring a Router | |
| 3.1.6 |
|
Executing adds, moves, and changes |
| If a configuration requires modification, go
to the appropriate mode and enter the proper command. For example, if an
interface must be enabled, enter global configuration mode, enter interface
mode, and issue the command no
shutdown.
To verify changes, use the show running-config command. This command will display the current configuration. If the variables displayed are not what was intended, the environment can be corrected by doing one or more of the following:
To save the configuration variables to the startup configuration file in NVRAM, enter the following command at the privileged EXEC prompt:
|
 |
3.1 |
|
Configuring a Router | |
| 3.1.7 |
|
Configuring an Ethernet interface |
| An Ethernet interface can be configured from
the console or a virtual terminal line.
Each Ethernet interface must have an IP address and subnet mask if the interface is expected to route IP packets. To configure an Ethernet interface follow these steps:
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting the command shutdown is used to turn off the interface.
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.1 |
|
Importance of configuration standards |
It is important for standards to be
developed for configuration files within an organization. This allows
control of the number of configuration files that must be maintained, how
the files are stored, and where the files are stored.
 A standard is a set of rules or procedures that are either widely used or officially specified. Without standards in an organization, a network could be in chaos should an interruption in service occur. In order to manage a network, there must be a centralized support standard. Configuration, security, performance, and other issues must be adequately addressed for the network to function smoothly. Creating standards for network consistency helps reduce network complexity, the amount of unplanned downtime, and exposure to events that may have an impact on network performance.
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.2 |
|
Interface descriptions |
| An interface description should be used to
identify important information such as a distant router, a circuit number,
or a specific network segment. A description of an interface can help a
network user remember specific information about the interface, such as what
network the interface services.
The description is meant solely as a comment about the interface. Although the description appears in the configuration files that exist in router memory, a description does not affect the operation of the router. Descriptions are created by following a standard format that applies to each interface. The description may include the purpose and location of the interface, other devices or locations connected to the interface, and circuit identifiers. Descriptions allow support personnel to better understand the scope of problems related to an interface and allow for faster resolution of problems.
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.3 |
|
Configuring interface description |
| To configure an interface description, enter
global configuration mode. From global configuration mode, enter interface
configuration mode. Use the command
description
followed by the information.
Procedure steps:
Here are two examples of interface descriptions:
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.4 |
|
Login banners |
| A login banner is a message that is
displayed at login and is useful for conveying messages that affect all
network users, such as notices of impending system shutdowns.
Login banners can be seen by anyone.
Therefore, careful attention should be used in the wording of a banner
message. Welcome is an invitation for anyone to enter a router and is
probably not an appropriate message.
A login banner should be a warning not to attempt login unless authorized. A message such as This is a secure system, authorized access only! instructs unwanted visitors that any further intrusion is unwanted and illegal.
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.5 |
|
Configuring message-of-the-day (MOTD) |
| A message-of-the-day (MOTD) banner can be
displayed on all connected terminals.
Enter global configuration mode to configure
a message-of-the-day (MOTD) banner. Use the
banner motd
command, followed by a space and a delimiting character, such as the pound
sign (#). Add a message-of-the-day (MOTD) followed by a space and the
delimiting character again.
Follow these steps to create and display a message-of-the-day:
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.6 |
|
Host name resolution |
| Host name resolution is the process that a
computer system uses to associate a host name with an IP address.
In order to use host names to communicate
with other IP devices, network devices such as routers must be able to
associate the host names with IP addresses. A list of host names and their
associated IP addresses is called a host table.
A host table might include all devices in a network organization. Each unique IP address can have a host name associated with it. The Cisco IOS software maintains a cache of host name-to-address mappings for use by EXEC commands. This cache speeds up the process of converting names to addresses. Host names, unlike DNS names, are significant
only on the router on which they are configured. The host table will allow
the network administrator to type either the host name such as Auckland or
the IP address to Telnet to a remote host.
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.7 |
|
Configuring host tables |
| To assign host names to addresses, first
enter global configuration mode. Issue the command
ip host
followed by the name of the destination and all IP addresses where the
device can be reached. This maps the host name to each of its interface IP
addresses. To reach the host, use a
telnet
or ping
command with the name of the router or an IP address that is associated with
the router name.
The procedure to configure the host table:
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.8 |
|
Configuration backup and documentation |
The configuration of network devices
determines how the the network will behave. Management of device
configuration includes the following tasks:
Configuration files should be stored as
backup files in the event of a problem. Configuration files can be stored on
a network server, on a TFTP server, or on a disk stored in a safe place.
|
|
|
3.2 |
|
Finishing the Configuration | |
| 3.2.9 |
|
Copying, editing, and pasting configurations |
A current copy of the configuration can be
stored on a TFTP server. The
copy running-config tftp command, as
shown in Figure
,
can be used to store the current configuration on a network TFTP server. To
do so, complete the following tasks:
A configuration file stored on one of the network servers can be used to configure a router. To do so, complete the following tasks:
 .
that the router prompt changes to
tokyo
immediately. This is evidence that the reconfiguration happens as soon as
the new file is downloaded.
The router configuration can also be saved to a disk by capturing text in the router and saving it to the disk or hard drive. If the file needs to be copied back to the router, use the standard edit features of a terminal emulator program to paste the command file into the router.
|
|
|
Summary |
| This section summarized the key points in
configuring a router.
The router has several modes:
The command-line interface may be used to make changes to the configuration:
An understanding of the following key points should have been achieved:
|
Web Links
Web Links