In this section, we will talk about the basic management commands for the router. Most commands we learned in switch are still applied to router. These commands are so basic that we repeated them again and again during the course.
In the following exercise, our goals are:
- Connect to a router through console port.
- configure the console settings with commands "exec-timeout 20 10" and "logging synchronous"
- Set various passwords on the Router.
- Change the router’s name with command "hostname routername".
- Set banner with command "banner motd # message #".
- Manage terminal history with commands "show history", "terminal history", and "terminal history size 5".
- Configure router's IP address and subnet mask with command "interface FastEthernet 0/1" and its subcommands "ip address 192.168.1.100 255.255.255.0".
- Configure a description for a specific router interface with command "description blablabla".
- Configure Telnet and SSH connection on the router.
- Verify the router's status with various "show" commands.
- Save configuration file with command "copy running-config startup-config".
The router used in the exercise is a cisco 2811 router.
In step one, we physically connect the router's console port to the Pc0's RS232 port with a console cable.
console connect |
Then, we configure the hyper terminal program on the PC with the following configurations.
terminal |
If the hyper terminal program successfully logged into the router via console line, the following CLI will show up.
System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Self decompressing the image :
########################################################################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
Image text-base: 0x400A925C, data-base: 0x4372CE20
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Press RETURN to get started!
So we press RETURN to get started. Our next step is to configure password, exec-timeout, and logging synchronous on the console port.
Router>enable
Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line console 0
Router(config-line)#password console
Router(config-line)#login
Router(config-line)#exec-timeout 20 10
Router(config-line)#logging synchronous
Router(config-line)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#write memory
Building configuration...
[OK]
Router#logout
Next, we logout of the router then login the router in order to make sure the password works. As you have already guessed, it works. The password is "console" as we configured on line console 0.
Router con0 is now available
Press RETURN to get started.
User Access Verification
Password:
Our next goal is to configure passwords for privileged mode and vty lines. We also encryt our passwords with command "service password-encrytion"
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable password ccent
Router(config)#enable secret cisco
Router(config)#service password-encryption
Router(config)#line vty 0 4
Router(config-line)#password vty
Router(config-line)#login
Router(config-line)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#wr
Building configuration...
[OK]
Now, it's time to configure the message of tody (motd).
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#banner motd # authorized user only! #
In the next step, we configured the FasterEthernet 0/0 interface. We add a brief descrition for the interface, then configured the ip address and network mask, finally we bring the interface up with command "no shutdown".
Router(config)#interface FastEthernet 0/0
Router(config-if)#description this port is configured for telnet and ssh connection.
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
Router(config-if)#
Router(config-if)#exit
Router(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
We have entered many commands, let's see what they are.
Router#show history
enable
config t
banner motd # authorized user only! #
wr
config t
show history
Router#terminal history size 50
Router#wr
Building configuration...
[OK]
Router#
Next step is to configure telnet and ssh on the router. Note that we have already configured the Ethernet 0/0 interface and vty line 0 4 for telnet connection, so the work left is to configure the remote PC correctly.
The router's FastEthernet0/0 port is connected to the PC1's FastEthernet port via a cross-over cable. Note that for switch, straight-through cable should be used instead.
telnet |
Since Telnet need Layer 3 address, the Pc1's FasterEthernet port must be configured with IP address, in our case, it is 192.168.1.100.
Now we bring up a microsoft command promt window, type in "telnet 192.168.1.1". The telnet program is executed, and started a telnet session on the router for us. Of couse a password is needed, we know the password is "vty", because we set it previously when configuring vty line 0 4. Note that the message of today is shown up before login.
During this telnet session, our task is to configure ssh on the router. Note that the password to enter the privileged mode is "cisco" instead of "ccent", because command "enable secrete cisco" takes priority over command "enable password ccent".
PC>ipconfig /all
IP Address......................: 192.168.1.100
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 0.0.0.0
DNS Servers.....................: 0.0.0.0
PC>telnet 192.168.1.1
Trying 192.168.1.1 ...
authorized user only!
User Access Verification
Password:
Router>enable
Password:
Router#show ip ssh
SSH Disabled - version 1.5
%Please create RSA keys (of atleast 768 bits size) to enable SSH v2.
Authentication timeout: 120 secs; Authentication retries: 3
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname RouterA
RouterA(config)#ip domain-name domain.net
RouterA(config)#crypto key generate rsa
The name for the keys will be: RouterA.domain.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
RouterA(config)#line vty 0 4
RouterA(config-line)#transport input ssh
RouterA(config-line)#login local
RouterA(config-line)#exit
RouterA(config)#username ccent password ccent
RouterA(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console
RouterA#write memory
Building configuration...
[OK]
RouterA#logout
[Connection to 192.168.1.1 closed by foreign host]
Now, it's time to login with ssh program. Before we do that, we should verify that the telnet login is really disabled on the FastEthernet port by the command "transport input ssh". The password for ssh login is "ccent" as we configured in command "username ccent password ccent".
PC>ipconfig /all
Physical Address................: 0010.1194.8786
IP Address......................: 192.168.1.100
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 0.0.0.0
DNS Servers.....................: 0.0.0.0
PC>telnet 192.168.1.1
Trying 192.168.1.1 ...
[Connection to 192.168.1.1 closed by foreign host]
PC>ssh -l ccent 192.168.1.1
Password:
authorized user only!
RouterA>enable
Password:
After successfully log in with ssh, we issued many "show" commands to check the router's current status.
RouterA#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
System returned to ROM by power-on
System image file is "c2800nm-advipservicesk9-mz.124-15.T1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
239K bytes of NVRAM.
62720K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
RouterA#show interface FastEthernet0/0
FastEthernet0/0 is up, line protocol is up (connected)
Hardware is Lance, address is 0060.2f94.a501 (bia 0060.2f94.a501)
Description: this port is configured for telnet and ssh connection.
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 207 bits/sec, 0 packets/sec
5 minute output rate 203 bits/sec, 0 packets/sec
409 packets input, 26440 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
374 packets output, 25037 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
RouterA#show ssh
Connection Version Encryption State Username
67 1.99 3DES Session Started ccent
%No SSHv1 server connections running.
%No SSHv2 server connections running.
RouterA#show running-config
Building configuration...
Current configuration : 763 bytes
!
version 12.4
service password-encryption
!
hostname RouterA
!
!
enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
enable password 7 08224F4B070D
!
!
!
!
username ccent password 7 08224F4B070D
!
ip ssh version 1
ip domain-name domain.net
!
!
interface FastEthernet0/0
description this port is configured for telnet and ssh connection.
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
!
!
!
!
banner motd ^C authorized user only! ^C
line con 0
history size 50
exec-timeout 20 10
password 7 082243401A160912
logging synchronous
login
line vty 0 4
password 7 08375857
login local
transport input ssh
!
!
end
Finally, we save all the above configuration in the startup-config file, so that they will not lost after the router is powered off.
RouterA#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
RouterA#
hai.. I have a Mikrotik Tutorial site. It pretty
ReplyDeletemuch covers Mikrotik related stuff. Come and check it out if you get time :-)
how to find out which is the configuration command which is one
ReplyDeletewhat are the operation performed in configuration mode?
ReplyDeleteto configure any feature of the router, you must enter configuration mode. under enable mode, you issue the command config (config terminal).
ReplyDeleteRouter>enable
Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
search "Router#config"
ReplyDeletesearch “Router#config”
ReplyDelete