Upload
egbert-quinn
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
5: Configuring Network DevicesWorking at a Small-to-Medium Business or ISP
Objectives
ISR
• What’s an ISR?– One device that combines features
• LAN/WAN connectivity• Security• Wireless• And more…
1841 ISR
The IOS
• Internetwork Operating System• Describe what an OS does?
• IOS is offered in images– Each image supports different features
What’s In The Box?• Router
• Power Cable
• Serial Port Adapter
• Blue Console Cable
• Documentation
Setting Up the Router
Stage 1: Bootup Process
• POST tests hardware (CPU, Memory)• ROM: Bootstrap
– Boot Image– Begins search for IOS
Stage 2: Bootup Process
• Locate & load IOS– Could be in Flash (default) or TFTP server
Stage 3: Bootup Process
• Configuration File or Setup– NVRAM (1st)– TFTP Server– If found, copies into RAM– If not found, enters Setup Mode
The Config File
The Config File
• Startup Configuration– Saved file with addressing, etc– Stored in NVRAM– Loads into RAM on start
• Running Configuration– Config running in RAM (goes bye-bye)– If you make a change, save it to the startup
configuration• copy running-config startup-config• copy run start
Startup-Config File
• Saved file that starts up
• Stored in NVRAM
• Loads into RAM
Running-Config File
• Current config running
• Stored in RAM– Goes away when shut down (unless saved)
• If you make a config change, it MUST be saved– Copy running-config startup-config– Copy run start
Show Version
Boot Problems
• IOS Fails– ROMmon mode– In ROM; troubleshoot boot errors
• Check flash for image• Boot command from ROMmon
– If boots, check show version for the config-register setting
End of Day One
Lab 5.1.3.5
• Power up an ISR and view the router system and configuration files using show commands.
Review
• Where is the IOS stored?– Flash
• Where is the startup config stored?– NVRAM
• What happens 1st when the router boots?– POST
• The IOS & startup config get loaded into what?– RAM
Configuration
• Out-of-band management– Initial configuration– Console or AUX direct connection– HyperTerminal
• In-band management– Configuration changes over network/Internet
• HTTP or Telnet from outside of network
– One port must be active on router
Configuration Programs-CLI
• Command Line Interface– Looks similar to DOS commands– On ALL Cisco routers– In or out-of-band management
Configuration Programs-SDM
• Security Device Manager– GUI– In-band management ONLY– Configure additional LAN and WAN
connections– Create firewalls– Configure VPN connections– Perform security tasks
SDM Express
• SDM Express– Initial router config
Activity
• CLI or SDM?
• Web-based?• Text-based commands?• Command-prompt based?• Don’t need to know CLI commands?• Step-by-step config process?
SDM Express- Basic Config
SDM Express- LAN IP Addresses
SDM Express- DHCP
Activity
SDM Express WAN Connect
• Serial Connection to WAN or ISP– Serial is slower than LAN Ethernet– 100Mbps LAN; 1.544Mbps T1
• Serial to Serial connections MUST use the same protocol encapsulation (Layer 2)– HDLC– Frame Relay– PPP
SDM Express WAN Connect
Getting the Serial IP Address
• HDLC, Frame Relay, PPP– Static IP Address (You Set)– IP Negotiated / Easy IP or IP Unnumbered
• Auto IP assignment through PPP encapsulation
Lab 5.2.3.3
• Configure an ISR using Cisco SDM Express
Review• Which port connects to your PC serial port
& is used for initial configuration of a router?– Console
• Which band management method is this?– Out-of-band
• Your network MUST be working in order to connect & monitor/make changes to the config file. What 2 methods can be used?– HTTP/Telnet– SDM
Review• Other than the console port, which other
port can be used with a modem for initial configuration?– AUX
• Which connection method is used for in-band management from a remote location?– Telnet
• Which memory type keeps its contents when there is no power?– NVRAM
Review
• Where is the running-config stored?– RAM
• Where is the startup-config stored?– NVRAM
• Which mode is displayed when you log into the router?– User EXEC mode
Review
• Which 3 encapsulations can be on the serial interface using SDM Express?– HDLC– PPP– Frame Relay
• On the 1st (basic) config screen of SDM Express, which can you configure?Host name Ethernet IP AddressDHCP Enable Secret PasswordNAT DNSDomain Name Your Name
Review
• SDM & CLI. – Which is GUI?
• SDM
– Which is used for in & out-band management?• CLI
• Which service translates names to IP addresses?– DNS
• Which memory stays, even with no power?– NVRAM
NAT using SDM
• Use Basic NAT (Dynamic)– Inside Locals share the WAN IP address
(Inside Global)– Must tell it which address will share
Lab 5.2.4.2
• Configure Dynamic NAT using the Cisco SDM basic NAT wizard.
CLI Command Modes
• User Mode– Limited commands like Ping & Traceroute– Type enable to enter privileged mode
• Privileged Mode– Can alter router operation
Interface & Other Modes
• After privileged mode, you can configure– Type configure terminal OR config t– Once here, commands entered take effect
immediately!
E-Lab 5.3.1
• Step 3: int s0
• Step 5: router rip
• Step 6: end – You can use Ctrl-Z in a real router, too
• Step 9: line con 0
Getting Help in CLI
• Help or ?
Oops… I goofed!
Oops… I forgot!
• Command History– Last 10 by default– Max 256
• Previous command– Ctrl-P or ↑
• Recent Command– Ctrl-N or ↓
• Tab– Completes command entry
Activity & PT 5.3.2.5
Show Commands & PT 5.3.3.3
• show running-config• show interfaces• show arp• show ip route• show users• show version
Configuring w/ CLI
Configuring CLI & PT 5.3.4.4
• Router(config)#banner motd # Blah #– Text to show during login– Usually a warning
Configuring an Interface
• Serial & Ethernet are common• Serial (WAN)
– Your router is a DTE– CSU/DSU is the DCE– DCE provides a clocking rate
Labs, Labs, & More Labs
• E-Lab 5.3.5.3
• Packet Tracer 5.3.5.4
• Lab 5.3.5.5
Configuring a Default Route
• Router forwards packet to destination net– Looks at routing table to see which port to go
out
– Can set a default route to go out if not in routing table
Labs…Yup!
• Only one this time
• Packet Tracer 5.3.6.2
DHCP
• What is normally sent to a PC?
Configuring DHCP
1. Create DHCP Address Pool
2. Specify the Subnet
3. Exclude any IP Addresses
4. Specify the Domain Name- optional
5. DNS Server IP Address- 1 or 2 usually
6. Set the Default Gateway Address to be sent
7. Set the Lease Duration- default one day
DHCP PT 5.3.7.2 & 5.3.7.3
Configuring Static NAT
• Inside server needs to be accessed from Internet– Must translate the private IP to the SAME
public IP
Configuring Static NAT
Verifying NAT
• Show ip nat translations
• Packet Tracer 5.3.8.3
• Lab 5.3.8.4
Backing Up the Config File
• TFTP• Copy start tftp
• To restore it:• Copy tftp run
PT 5.3.9.3
Backing Up the Config File
• HyperTerminal– Will paste into Notepad– Extra text needs to be
removed– No shutdown added
• Then, you can paste back into whenever
PT 5.3.9.4
Switches- 2960
• OSI Layer?• TCP/IP Layer?• 3-Layer Model Layer?• Uses the destination ____ to forward
frames.• Use CLI or Cisco Network Assistant (GUI)
LEDs
• SYST– Working or not– Green or Amber
• RPS– Redundant power supply
• STAT (Port Status)– Green- Link– Blinking Green- Tx/Rx– Amber- error
Speed of Ports
• 10/100/1000• Half-Duplex• Full-Duplex• Port & device MUST be set same
– Auto-negotiate (by default on Cisco)– MUST be on both devices or else collisions
Switch IOS
Power On
• Some don’t have power switch• POST 1st • LEDs blink• SYST LED blinks green fast= done POST
– Fails= AMBER (needs repair)
Configuring a Switch
• Switch ports DO NOT have IP addresses!– Can config an IP to the switch for web-based
management/configuration• Comes ready to go
• CLI• Device Manager (Web-based)• Network Assistant (GUI)
Assign an IP Address to Switch
Configure It• Switch IP• Console Port
Password• Telnet Password• Way out of network
• E-Lab 5.5.3.3
• PT 5.5.3.4
Port Security
• Limit MAC addresses per port• Security!
• Static• Dynamic• Sticky
• Violation: Shutdown port
Verify Port Security
Hooking It Up
• PT 5.5.4.4
• Lab 5.5.4.5
Can set up Port Security
Cisco Discovery Protocol- CDP
• Shares info between directly connected Cisco devices (neighbors)– Runs on boot– Sends periodic CDP advertisements– Operate at Layer 2
• Information gathered by CDP includes:– Device host name– Layer 3 addresses– What the directly connected port is, “serial 0/0/0”– Capabilities list – Router, Switch– Platform, for example Cisco 1841
Show CDP Neighbors
Show CDP Neighbors Detail
Disabling CDP
• Why disable it?
• PT 5.4.4.5
WAN Connections• Point-to-Point
– Leased line– Expensive $$$– Your own path
• Circuit-Switched– Like phone call– ISDN or dial-up
• Packet-Switched– Virtual path– Frame Relay
WAN Service Connections
Lab 5.5.4.3
Monitoring Devices
• ISP to Customer Router/Switch
• Telnet= not secure, clear text
• Secure Shell (SSH)= encrypted
• Lab 5.5.5.2
– Create a user acct with enable privileges
– Configure SSH for login
Serial Port Encapsulation
• HDLC is default• Can be changed to PPP• PT 5.5.6.2
Review
5: Configuring Network DevicesWorking at a Small-to-Medium Business or ISP