5: Configuring Network DevicesWorking at a Small-to-Medium Business or ISP

Objectives

ISR

• What’s an ISR?– One device that combines features

• LAN/WAN connectivity• Security• Wireless• And more…

1841 ISR

The IOS

• Internetwork Operating System• Describe what an OS does?

• IOS is offered in images– Each image supports different features

What’s In The Box?• Router

• Power Cable

• Serial Port Adapter

• Blue Console Cable

• Documentation

Setting Up the Router

Stage 1: Bootup Process

• POST tests hardware (CPU, Memory)• ROM: Bootstrap

– Boot Image– Begins search for IOS

Stage 2: Bootup Process

• Locate & load IOS– Could be in Flash (default) or TFTP server

Stage 3: Bootup Process

• Configuration File or Setup– NVRAM (1st)– TFTP Server– If found, copies into RAM– If not found, enters Setup Mode

The Config File

The Config File

• Startup Configuration– Saved file with addressing, etc– Stored in NVRAM– Loads into RAM on start

• Running Configuration– Config running in RAM (goes bye-bye)– If you make a change, save it to the startup

configuration• copy running-config startup-config• copy run start

Startup-Config File

• Saved file that starts up

• Stored in NVRAM

• Loads into RAM

Running-Config File

• Current config running

• Stored in RAM– Goes away when shut down (unless saved)

• If you make a config change, it MUST be saved– Copy running-config startup-config– Copy run start

Show Version

Boot Problems

• IOS Fails– ROMmon mode– In ROM; troubleshoot boot errors

• Check flash for image• Boot command from ROMmon

– If boots, check show version for the config-register setting

End of Day One

Lab 5.1.3.5

• Power up an ISR and view the router system and configuration files using show commands.

Review

• Where is the IOS stored?– Flash

• Where is the startup config stored?– NVRAM

• What happens 1st when the router boots?– POST

• The IOS & startup config get loaded into what?– RAM

Configuration

• Out-of-band management– Initial configuration– Console or AUX direct connection– HyperTerminal

• In-band management– Configuration changes over network/Internet

• HTTP or Telnet from outside of network

– One port must be active on router

Configuration Programs-CLI

• Command Line Interface– Looks similar to DOS commands– On ALL Cisco routers– In or out-of-band management

Configuration Programs-SDM

• Security Device Manager– GUI– In-band management ONLY– Configure additional LAN and WAN

connections– Create firewalls– Configure VPN connections– Perform security tasks

SDM Express

• SDM Express– Initial router config

Activity

• CLI or SDM?

• Web-based?• Text-based commands?• Command-prompt based?• Don’t need to know CLI commands?• Step-by-step config process?

SDM Express- Basic Config

SDM Express- LAN IP Addresses

SDM Express- DHCP

Activity

SDM Express WAN Connect

• Serial Connection to WAN or ISP– Serial is slower than LAN Ethernet– 100Mbps LAN; 1.544Mbps T1

• Serial to Serial connections MUST use the same protocol encapsulation (Layer 2)– HDLC– Frame Relay– PPP

SDM Express WAN Connect

Getting the Serial IP Address

• HDLC, Frame Relay, PPP– Static IP Address (You Set)– IP Negotiated / Easy IP or IP Unnumbered

• Auto IP assignment through PPP encapsulation

Lab 5.2.3.3

• Configure an ISR using Cisco SDM Express

Review• Which port connects to your PC serial port

& is used for initial configuration of a router?– Console

• Which band management method is this?– Out-of-band

• Your network MUST be working in order to connect & monitor/make changes to the config file. What 2 methods can be used?– HTTP/Telnet– SDM

Review• Other than the console port, which other

port can be used with a modem for initial configuration?– AUX

• Which connection method is used for in-band management from a remote location?– Telnet

• Which memory type keeps its contents when there is no power?– NVRAM

Review

• Where is the running-config stored?– RAM

• Where is the startup-config stored?– NVRAM

• Which mode is displayed when you log into the router?– User EXEC mode

Review

• Which 3 encapsulations can be on the serial interface using SDM Express?– HDLC– PPP– Frame Relay

• On the 1st (basic) config screen of SDM Express, which can you configure?Host name Ethernet IP AddressDHCP Enable Secret PasswordNAT DNSDomain Name Your Name

Review

• SDM & CLI. – Which is GUI?

• SDM

– Which is used for in & out-band management?• CLI

• Which service translates names to IP addresses?– DNS

• Which memory stays, even with no power?– NVRAM

NAT using SDM

• Use Basic NAT (Dynamic)– Inside Locals share the WAN IP address

(Inside Global)– Must tell it which address will share

Lab 5.2.4.2

• Configure Dynamic NAT using the Cisco SDM basic NAT wizard.

CLI Command Modes

• User Mode– Limited commands like Ping & Traceroute– Type enable to enter privileged mode

• Privileged Mode– Can alter router operation

Interface & Other Modes

• After privileged mode, you can configure– Type configure terminal OR config t– Once here, commands entered take effect

immediately!

E-Lab 5.3.1

• Step 3: int s0

• Step 5: router rip

• Step 6: end – You can use Ctrl-Z in a real router, too

• Step 9: line con 0

Getting Help in CLI

• Help or ?

Oops… I goofed!

Oops… I forgot!

• Command History– Last 10 by default– Max 256

• Previous command– Ctrl-P or ↑

• Recent Command– Ctrl-N or ↓

• Tab– Completes command entry

Activity & PT 5.3.2.5

Show Commands & PT 5.3.3.3

• show running-config• show interfaces• show arp• show ip route• show users• show version

Configuring w/ CLI

Configuring CLI & PT 5.3.4.4

• Router(config)#banner motd # Blah #– Text to show during login– Usually a warning

Configuring an Interface

• Serial & Ethernet are common• Serial (WAN)

– Your router is a DTE– CSU/DSU is the DCE– DCE provides a clocking rate

Labs, Labs, & More Labs

• E-Lab 5.3.5.3

• Packet Tracer 5.3.5.4

• Lab 5.3.5.5

Configuring a Default Route

• Router forwards packet to destination net– Looks at routing table to see which port to go

out

– Can set a default route to go out if not in routing table

Labs…Yup!

• Only one this time

• Packet Tracer 5.3.6.2

DHCP

• What is normally sent to a PC?

Configuring DHCP

1. Create DHCP Address Pool

2. Specify the Subnet

3. Exclude any IP Addresses

4. Specify the Domain Name- optional

5. DNS Server IP Address- 1 or 2 usually

6. Set the Default Gateway Address to be sent

7. Set the Lease Duration- default one day

DHCP PT 5.3.7.2 & 5.3.7.3

Configuring Static NAT

• Inside server needs to be accessed from Internet– Must translate the private IP to the SAME

public IP

Configuring Static NAT

Verifying NAT

• Show ip nat translations

• Packet Tracer 5.3.8.3

• Lab 5.3.8.4

Backing Up the Config File

• TFTP• Copy start tftp

• To restore it:• Copy tftp run

PT 5.3.9.3

Backing Up the Config File

• HyperTerminal– Will paste into Notepad– Extra text needs to be

removed– No shutdown added

• Then, you can paste back into whenever

PT 5.3.9.4

Switches- 2960

• OSI Layer?• TCP/IP Layer?• 3-Layer Model Layer?• Uses the destination ____ to forward

frames.• Use CLI or Cisco Network Assistant (GUI)

LEDs

• SYST– Working or not– Green or Amber

• RPS– Redundant power supply

• STAT (Port Status)– Green- Link– Blinking Green- Tx/Rx– Amber- error

Speed of Ports

• 10/100/1000• Half-Duplex• Full-Duplex• Port & device MUST be set same

– Auto-negotiate (by default on Cisco)– MUST be on both devices or else collisions

Switch IOS

Power On

• Some don’t have power switch• POST 1st • LEDs blink• SYST LED blinks green fast= done POST

– Fails= AMBER (needs repair)

Configuring a Switch

• Switch ports DO NOT have IP addresses!– Can config an IP to the switch for web-based

management/configuration• Comes ready to go

• CLI• Device Manager (Web-based)• Network Assistant (GUI)

Assign an IP Address to Switch

Configure It• Switch IP• Console Port

Password• Telnet Password• Way out of network

• E-Lab 5.5.3.3

• PT 5.5.3.4

Port Security

• Limit MAC addresses per port• Security!

• Static• Dynamic• Sticky

• Violation: Shutdown port

Verify Port Security

Hooking It Up

• PT 5.5.4.4

• Lab 5.5.4.5

Can set up Port Security

Cisco Discovery Protocol- CDP

• Shares info between directly connected Cisco devices (neighbors)– Runs on boot– Sends periodic CDP advertisements– Operate at Layer 2

• Information gathered by CDP includes:– Device host name– Layer 3 addresses– What the directly connected port is, “serial 0/0/0”– Capabilities list – Router, Switch– Platform, for example Cisco 1841

Show CDP Neighbors

Show CDP Neighbors Detail

Disabling CDP

• Why disable it?

• PT 5.4.4.5

WAN Connections• Point-to-Point

– Leased line– Expensive $$$– Your own path

• Circuit-Switched– Like phone call– ISDN or dial-up

• Packet-Switched– Virtual path– Frame Relay

WAN Service Connections

Lab 5.5.4.3

Monitoring Devices

• ISP to Customer Router/Switch

• Telnet= not secure, clear text

• Secure Shell (SSH)= encrypted

• Lab 5.5.5.2

– Create a user acct with enable privileges

– Configure SSH for login

Serial Port Encapsulation

• HDLC is default• Can be changed to PPP• PT 5.5.6.2

Review

5: Configuring Network DevicesWorking at a Small-to-Medium Business or ISP