Scribd
Upload
6 views

Basic-Config

Uploaded by

Mushfiqur Rahman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views

Basic-Config

Uploaded by

Mushfiqur Rahman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 41

Basic Switch and End Device Configuration

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
Cisco IOS Access

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Cisco IOS Access
Operating Systems
• Shell - The user interface that allows
users to request specific tasks from
the computer. These requests can be
made either through the CLI or GUI
interfaces.
• Kernel - Communicates between the
hardware and software of a computer
and manages how hardware
resources are used to meet software
requirements.
• Hardware - The physical part of a
computer including underlying
electronics.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Cisco IOS Access
Access Methods
• Console – A physical management port
used to access a device in order to
provide maintenance, such as
performing the initial configurations.
• Secure Shell (SSH) – Establishes a
secure remote CLI connection to a
device, through a virtual interface, over a
network. (Note: This is the recommended
method for remotely connecting to a
device.)

• Telnet – Establishes an insecure remote


CLI connection to a device over the
network. (Note: User authentication,
passwords and commands are sent over the
network in plaintext.)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Terminal Emulation Programs
• Terminal emulation programs are used to connect to a network device by either a console
port or by an SSH/Telnet connection.
• There are several terminal emulation programs to chose from such as PuTTY, Tera Term,
etc

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
IOS Navigation

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
IOS Navigation
Primary Command Modes
User EXEC Mode:
• Allows access to only a limited
number of basic monitoring
commands
• Identified by the CLI prompt
that ends with the > symbol

Privileged EXEC Mode:


• Allows access to all
commands and features
• Identified by the CLI prompt
that ends with the # symbol

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
IOS Navigation
Navigation Between IOS Modes
 Privileged EXEC Mode:
• To move from user EXEC mode to privilege
EXEC mode, use the enabled command.
 Global Configuration Mode:
• To move in and out of global configuration
mode, use the configure terminal
command. To return to privilege EXEC
mode, use the exit command.
 Line Configuration Mode:
• To move in and out of line configuration
mode, use the line command followed by
the management line type. To return to
global configuration mode, use the exit
command.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
The Command Structure

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
The Command Structure
Basic IOS Command Structure

• Keyword – This is a specific parameter defined in the operating system (in the figure, ip
protocols).

• Argument - This is not predefined; it is a value or variable defined by the user (in the
figure, 192.168.10.5).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
The Command Structure
Hot Keys and Shortcuts
• The IOS CLI provides hot keys and shortcuts that make configuring, monitoring, and
troubleshooting easier.
• Commands and keywords can be shortened to the minimum number of characters
that identify a unique selection. For example, the configure command can be
shortened to conf because configure is the only command that begins with conf.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Hot Keys and Shortcuts
• When a command output produces more text
than can be displayed in a terminal window, • The table below lists commands that can
the IOS will display a “--More--” prompt. The be used to exit out of an operation.
table below describes the keystrokes that can
be used when this prompt is displayed.

Keystroke Description Keystroke Description


When in any configuration mode, ends the
Enter Key Displays the next line. Ctrl-C configuration mode and returns to privileged EXEC
mode.
When in any configuration mode, ends the
Space Bar Displays the next screen. Ctrl-Z configuration mode and returns to privileged EXEC
mode.
Ends the display string, returning to All-purpose break sequence used to abort DNS
Any other key Ctrl-Shift-6
privileged EXEC mode. lookups, traceroutes, pings, etc.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Basic Device Configuration

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Basic Device Configuration
Device Names
• The first configuration command on any device : unique hostname.

• By default, all devices are assigned a factory default name. For example, a Cisco
IOS switch is "Switch.”

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Configure Passwords
Securing user EXEC mode access:
• First enter line console configuration mode
using the line console 0 command in global
configuration mode.
• Next, specify the user EXEC mode password
using the password password command.
• Finally, enable user EXEC access using
the login command.

Securing privileged EXEC mode access:


• First enter global configuration mode.
• Next, use the enable secret password command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Configure Passwords: VTY

Securing VTY line access:


• First enter line VTY configuration mode
using the line vty 0 15 command in
global configuration mode.
• Next, specify the VTY password using
the password password command.
• Finally, enable VTY access using
the login command.

 Note: VTY lines enable remote access using Telnet or SSH to the device. Many Cisco
switches support up to 16 VTY lines that are numbered 0 to 15.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Encrypt Passwords
 The startup-config and running-config files  Use the show running-config command
display most passwords in plaintext. to verify that the passwords on the device
are now encrypted.
 To encrypt all plaintext passwords, use
the service password-encryption global config
command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Banner Messages

 A banner message is important to warn


unauthorized personnel from attempting
to access the device.
 To create a banner message of the day
on a network device, use the banner The banner will be displayed on attempts to access the device.
motd # the message of the day # global
config command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Save Configurations

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Save Configurations
Configuration Files
 There are two system files that store the device configuration:
• startup-config - This is the saved configuration file that is stored in NVRAM. It contains all the commands that will be
used by the device upon startup or reboot. Flash does not lose its contents when the device is powered off.
• running-config - This is stored in Random Access Memory (RAM). It reflects the current configuration. Modifying a
running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its
content when the device is powered off or restarted.
• To save changes made to the running configuration to the startup configuration file, use:
• copy running-config startup-config

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Save Configurations
Alter the Running Configurations
If changes made to the running config do not
have the desired effect and the running-config
has not yet been saved, you can restore the
device to its previous configuration. To do this
you can:
• Remove the changed commands individually.
• Reload the device using the reload command
in privilege EXEC mode. Note: This will cause
the device to briefly go offline, leading to
network downtime.
If the undesired changes were saved to the
startup-config, it may be necessary to clear all
the configurations using the erase startup-
config command in privilege EXEC mode.
• After erasing the startup-config, reload the
device to clear the running-config file from
RAM.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Ports and Addresses

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Ports and Addresses
IP Addresses
• The use of IP addresses is the primary means of
enabling devices to locate one another and
establish end-to-end communication on the
internet.
• The structure of an IPv4 address is called dotted
decimal notation and is represented by four
decimal numbers between 0 and 255.
• An IPv4 subnet mask is a 32-bit value that
differentiates the network portion of the address
from the host portion. Coupled with the IPv4
address, the subnet mask determines to which
subnet the device is a member.
• The default gateway address is the IP address of
the router that the host will use to access remote
networks, including the internet.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
IPv6 Addresses
• IPv6 addresses are 128 bits in length and
written as a string of hexadecimal values.
Every four bits is represented by a single
hexadecimal digit; for a total of 32
hexadecimal values. Groups of four
hexadecimal digits are separated by a colon
“:”.
• IPv6 addresses are not case-sensitive and
can be written in either lowercase or
uppercase.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Configure IP Addressing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Configure IP Addressing
Manual IP Address Configuration for End Devices
• End devices on the network need an IP address in
order to communicate with other devices on the
network.
• IPv4 address information can be entered into end
devices manually, or automatically using Dynamic
Host Configuration Protocol (DHCP).
• To manually configure an IPv4 address on a Windows
PC, open the Control Panel > Network Sharing
Center > Change adapter settings and choose the
adapter. Next right-click and select Properties to
display the Local Area Connection Properties.
• Next, click Properties to open the Internet Protocol
Version 4 (TCP/IPv4) Properties window. Then
configure the IPv4 address and subnet mask
information, and default gateway. Note: IPv6 addressing and
configuration options are similar to
IPv4.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Configure IP Addressing
Automatic IP Address Configuration for End Devices
• DHCP enables automatic IPv4 address
configuration for every end device that is
DHCP-enabled.
• End devices are typically by default
using DHCP for automatic IPv4 address
configuration.
• To configure DHCP on a Windows PC, open
the Control Panel > Network Sharing
Center > Change adapter settings and
choose the adapter. Next right-click and
select Properties to display the Local Area
Connection Properties.
• Next, click Properties to open the Internet
Protocol Version 4 (TCP/IPv4)
Properties window, then select Obtain an Note: IPv6 uses DHCPv6 and SLAAC (Stateless
IP address automatically and Obtain DNS Address Autoconfiguration) for dynamic address
server address automatically. allocation.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Switch Virtual Interface Configuration

To access the switch remotely, an IP address and a subnet mask must be configured on
the SVI.
To configure an SVI on a switch:
• Enter the interface vlan 1 command in global configuration mode.
• Next assign an IPv4 address using the ip address ip-address subnet-mask command.
• Finally, enable the virtual interface using the no shutdown command.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Configure Router

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Configure Initial Router Settings
Basic Router Configuration Steps
• Configure the device name. Router(config)# hostname hostname

• Secure privileged EXEC Router(config)# enable secret password


mode. Router(config)# line console 0
Router(config-line)# password password
• Secure user EXEC mode. Router(config-line)# login

• Secure remote Telnet / SSH Router(config)# line vty 0 4


access. Router(config-line)# password password
Router(config-line)# login
• Encrypt all plaintext Router(config-line)# transport input {ssh | telnet}
passwords.
Router(config)# service password encryption
• Provide legal notification and
Router(config)# banner motd # message #
save the configuration. Router(config)# end
Router# copy running-config startup-config

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Configure Initial Router Settings
Basic Router Configuration Example
• Commands for basic router R1(config)# hostname R1
R1(config)# enable secret class
configuration on R1. R1(config)# line console 0
R1(config-line)# password cisco
• Configuration is saved to R1(config-line)# login
NVRAM. R1(config-line)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)# service password encryption
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
**********************************************
R1(config)# exit
R1# copy running-config startup-config

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Configure Interfaces

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Configure Interfaces
Configure Router Interfaces
Configuring a router interface includes issuing the following commands:

Router(config)# interface type-and-number


Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown

• It is a good practice to use the description command to add


information about the network connected to the interface.
• The no shutdown command activates the interface.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Configure Interfaces
Configure Router Interfaces Example
The commands to configure interface G0/0/0 on R1 are shown here:

R1(config)# interface gigabitEthernet 0/0/0


R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,
changed state to up

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Configure Interfaces
Configure Router Interfaces Example (Cont.)
The commands to configure interface G0/0/1 on R1 are shown here:

R1(config)# interface gigabitEthernet 0/0/1


R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,
changed state to up

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Configure Interfaces
Verify Interface Configuration
To verify interface configuration use the show ip interface brief and
show ipv6 interface brief commands shown here:

R1# show ip interface brief


Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down

R1# show ipv6 interface brief


GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Configure Interfaces
Configure Verification Commands

The table summarizes show commands used to verify interface configuration.

Commands Description

show ip interface brief Displays all interfaces, their IP addresses, and their current
show ipv6 interface brief status.
show ip route Displays the contents of the IP routing tables stored in
show ipv6 route RAM.
show interfaces Displays statistics for all interfaces on the device. Only
displays the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.

show ipv6 interfaces Displays the IPv6 statistics for all interfaces on a router.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Configure Interfaces
Configure Verification Commands (Cont.)
View status of all interfaces with the show ip interface brief and show ipv6 interface
brief commands, shown here:

R1# show ip interface brief


Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down
R1#

R1# show ipv6 interface brief


GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Configure Interfaces
Configure Verification Commands (Cont.)
Display the contents of the IP routing tables with the show ip route and show ipv6
route commands as shown here:
R1# show ip route
< output omitted>
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.224/30 is directly connected, GigabitEthernet0/0/1
L 209.165.200.225/32 is directly connected, GigabitEthernet0/0/1
R1#

R1# show ipv6 route


<output omitted>
C 2001:DB8:ACAD:10::/64 [0/0]
via GigabitEthernet0/0/0, directly connected
L 2001:DB8:ACAD:10::1/128 [0/0]
via GigabitEthernet0/0/0, receive
C 2001:DB8:FEED:224::/64 [0/0]
via GigabitEthernet0/0/1, directly connected
L 2001:DB8:FEED:224::1/128 [0/0]
via GigabitEthernet0/0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R1# © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ip interface g0/0/0
Display IPv4 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the Internet address is 192.168.10.1/24
Broadcast address is 255.255.255.255
show ip interface Address determined by setup command
command, as shown here: MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled

<output omitted>

R1#
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Topics Learned
• The tasks that should be completed when configuring initial settings on a router.
• Configure the device name.
• Secure privileged EXEC mode.
• Secure user EXEC mode.
• Secure remote Telnet / SSH access.
• Secure all passwords in the config file.
• Provide legal notification.
• Save the configuration.
• For routers to be reachable, the router interfaces must be configured.
• Using the no shutdown command activates the interface. The interface must also be
connected to another device, such as a switch or a router, for the physical layer to be
active. There are several commands that can be used to verify interface configuration
including the show ip interface brief and show ipv6 interface brief, the show ip route
and show ipv6 route, as well as show interfaces, show ip interface and show ipv6
interface.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

You might also like