Tuesday, November 15, 2011

Initial configuration on cisco router

Good day!!!

Just want to apologize for my English. I am from Belarus and if there are errors, then feel free to write about them, I will correct them :).
From that post I start writing about cisco equipment. I will publish various examples of variants, scenarios, diagrams networks and an equipment configuration cisco.
I hope that for somebody will be easier to learn, understand or obtain something new in network equipment configuring on basis cisco.
Ok, first post I will dedicate for initial configuration of cisco router. I invite all of you …

I do not have any cisco router, so I will be use GNS3 to emulate device. In this program are used real IOS devices and all commands of configuration are available and identical to commands on real devices. Differences can be insignificant only because of version IOS.
Let’s launch GNS3, then add any router to the working area (I selected 3745) and then launch device. We assign to router IDLE-PC parameter and go on it through console. How do all these steps, I told in the posts devoted to installing, configuring and adding of devices in GNS3.
After all manipulation you should be see this window:

Cisco devices have different mode of configuration. Here they:
  • Router> - Restricted review of a configuration. You cannot make changes in this mode;
    Router# - this is privilege mode, where you can view all configuration and make some changes in configuration (this mode known as «EXEC-level mode»);
    Router(config)# - this is global configuration mode of the device (here introduced the basic commands for configuration);
    Router(config-if)# - this is interface configuration mode;
    Router(config-subif)# - this is subinterface configuration mode;
    Router(config-line)# - this is line configuration mode (you can make configure vty (telnet, ssh) and console);
    Router(config-router)# - this is router configuration mode (here you make configuration dynamic routing (such as RIP, IS-IS, OSPF, BGP).
So, we go to global configuration mode and begin our working:
  • R1>enable
    R1#configure terminal
Now, we name our router with this command:
  • R1(config)#hostname Router_1
Next we configure name and password for administrator and set password to enter in global configuration mode:
  • Router_1(config)#username administrator password cisco
  • Router_1(config)#enable secret ciscocisco
By default IOS encrypts only password to enter in global configuration mode, other passwords are stored in clear text. If you want to encrypt other passwords, use next command:
  • Router_1(config)#service password-encryption
Ok, now we will adjust our vty and console lines.
For this purpose, we go to line vty configuration mode and configure to use local database for authenticate us (username and password which we set hardly above), use telnet and ssh for connection, session idle time 10 (ten) minutes and option "carriage return" when you enter commands and issuing system messages:
  • Router_1(config)#line vty 0 14
    Router_1(config-line)#login local
    Router_1(config-line)#transport input telnet ssh
    Router_1(config-line)#exec-timeout 10
    Router_1(config-line)#logging synchronous
Then we come into line console configuration mode and do same options (except parametres telnet and ssh):
  • Router_1(config)#line console 0
    Router_1(config-line)#login local
    Router_1(config-line)#logging synchronous
    Router_1(config-line)#exec-timeout 10 0
Ok, now we create banner that will be seen when we will be connecting to the router:
  • Router_1(config)#banner login с "your text" с – «с» - a separator, its presence is required
If you do not want lose your time, you should turn off parameter «ip domain-lookup», which means name-to-address translation. For this purpose, use this command:
  • Router_1(config)#no ip domain-lookup
Save our configuration. For this purpose you may out from global configuration mode by execute «exit» command or use «do» before a command:
  • Router_1(config)#do wr
    Building configuration...
Parameter «do» sometimes may be very useful when you need execute commands of group «show», commands to save configuration etc without leaving a mode in which you are.
Now go out into the privileged mode and take a look our configuration:
  • Router_1(config)#exit
    Router_1#show running-config

Now, let’s check our work. Logout with command «exit». Then again login on our router. You should see this:

  • 1 – our banner;
  • 2 – our user;
  • 3 – our password for user;
  • 4 – our password enable secret.
Now, let’s make access by telnet and ssh. For begin let’s configure IP-address for connection.
Go to interface configuration mode:
  • Router_1#conf t
    Router_1(config)#int fa 0/0
    Router_1(config-if)#ip address
    Router_1(config-if)#no shutdown
After that, you must generate key pair. For generate keys, IOS will use a domain name. Make following commands:
  • Router_1(config)#ip domain-name
    Router_1(config)#crypto key generate rsa
    *Mar 1 02:18:20.731: %SSH-5-ENABLED: SSH 1.5 has been enabled
When you see a question about length of key, specify 512 bit (for version 1.5). If you want to use ssh version 2 then length of key must be higher 768 bit.
Ok, ssh was started, telnet working by default. Save your configuration («do wr»).
For check, I must to connect our virtual router with physical network (how to do this, I described in this post). In the end, you must have this topology for check:

Let's start Putty on local PC and check access (telnet and ssh) on IP - the address of our router.

As you can see, telnet is working.

In this picture, we propose to keep the key from the router on our computer. Press "Yes".

As you can see, ssh is working.
Congratulate you!!! We are finished.

On this step, I want to finish my post. Thanks for attention, I hope, you have received for yourselves the helpful information.

If you have a questions or comments, then do not be afraid to write me!!!! This is my contact information. I will pleased to answer!!!!

I’m waiting for you in next posts!!!

With best regards, Ant0ni0n

No comments:

Post a Comment