Basic router configurations login in router

In our last article I show you that how can you connect Cisco router. In this article I will show how can you can configure router. For demonstration purpose I used packet tracer software. If you haven’t install packet tracer read our pervious article to download and install packet tracer. Link is given on the top side of left. Create a simple topology by dragging dives on workspace as shown in figure.

Click inside the Router and select CLI and press Enter to get started. Setup mode start automatically if there is no startup configuration present. The answer inside the square brackets [ ], is the default answer. If this is the answer you want, just press enter. Pressing CTRL+C at any time will end the setup process, shut down all interfaces, and take you to user mode (Router>).
You cannot use setup mode to configure an entire router. It does only the basics. For example, you can only turn on either RIPv1 or Interior Gateway Routing Protocol (IGRP), but not Open Shortest Path First Protocol (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP). You cannot create access control lists (ACL) here or enable Network Address Translation (NAT). You can assign an IP address to an interface, but not to a subinterface. All in all, setup mode is very limiting.

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]:

Write no and press enter. To get router prompt You are now connected to Router and are in user mode prompt. The prompt is broken down into two parts, the hostname and the mode. “Router” is the Router0's hostname and “>” means you are in user mode.

Press RETURN to get started
Router>

User mode is indicated with the '>' next to the router name. in this mode you can look at settings but can not make changes.
In Privilege mode(indicated by the '#', you can do anything). To get into privilege mode the keyword is enable.
Next type the command enable to get to the privileged mode prompt.

Router > enable
Router#

To get back to the user mode, simply type disable. From the user mode type logout or exit to leave the router.

Router#disable
Router>
Router>exit
Router con0 is now available
Press RETURN to get started

press enter to get back router prompt

Router>

You are now in User mode. Type ?to view all the available commands at this prompt.

Router>?

From privilege mode you can enter in configuration mode by typing configure terminal you can exit configuration mode type exit or <CTL>+z

Router>enable
Router#config terminal
Router(config)#exit
Router#

To read more about Cisco mode read our previous article

To view all commands available from this mode type ? and press enter This will give you the list of all available commands for the router in your current mode. You can also use the question mark after you have started typing a command. For example if you want to use a show command but you do not remember which one it uses 'show ?' will output all commands that you can use with the show command.

Router#show ?
access-expression List access expression
access-lists List access lists
backup Backup status
cdp CDP information
clock Display the system clock
cls DLC user information
compress Show compression statistics
configuration Contents of Non-Volatile memory
--More--

Basic Global Configurations mode Commands

Configuring a Router Name

This command works on both routers and switches

Router(config)#hostname Lucknow
Lucknow(config)#

You could choose any descriptive name for your cisco devices

Configuring Passwords

This command works on both routers and switches

Router(config)#enable password test	Sets enable password to test
Router(config)#enable secret vinita	Sets enable secret password to vinita
Router(config)#line console 0	Enters console line mode
Router(config-line)#password console	Sets console line mode password to console
Router(config-line)#login	Enables password checking at login
Router(config)#line vty 0 4	Enters vty line mode for all five vty lines
Router(config-line)#password telnet	Sets vty password to telnet
Router(config-line)#login	Enables password checking at login
Router(config)#line aux 0	Enters auxiliary line mode
Router(config-line)#password aux	Sets auxiliary line mode password to aux
Router(config-line)#login	Enables password checking at login

CAUTION: The enable secret password is encrypted by default. The enable password is not. For this reason, recommended practice is that you never use the enable password command. Use only the enable secret password command in a router or switch configuration.
You cannot set both enable secret password and enable password to the same password. Doing so defeats the use of encryption.

Configuring a Fast Ethernet Interface

Router(config)#interface fastethernet 0/0	Moves to Fast Ethernet 0/0 interface configuration mode
Router(config-if)#description Student Lab LAN	Optional descriptor of the link is locally significant
Router(config-if)#ip address 192.168.20.1 255.255.255.0	Assigns address and subnet mask to interface
Router(config-if)#no shutdown	Turns interface on

Creating a Message of the Day Banner

Router(config)#banner motd # Next Schedule metting with manager is Postponed   #
Router(config)#

The MOTD banner is displayed on all terminals and is useful for sending messages that affect all users. Use the no banner motd command to disable the MOTD banner. The MOTD banner displays before the login prompt and the login banner, if one has been created.

Creating a Login Banner

Router(config)#banner login # Unauthorized access is prohibited !
Please enter your username and password. #
Router(config)#

The login banner displays before the username and password login prompts. Use the no banner login command to disable the login banner. The MOTD banner displays before the login banner.
# is known as a delimiting character. The delimiting character must surround the banner and login message and can be any character so long as it is not a character used within the body of the message

Assigning a Local Host Name to an IP Address

Router(config)#ip host Lucknow 172.16.1.1

Assigns a host name to the IP address. After this assignment, you can use the host name rather than an IP address when trying to Telnet or ping to that address

The no ip domain-lookup Command

Router(config)#no ip domain-lookup
Router(config)#

Turns off trying to automatically resolve an unrecognized command to a local host name
Ever type in a command incorrectly and are left having to wait for a minute or two as the router tries to translate your command to a domain server of 255.255.255.255? The router is set by default to try to resolve any word that is not a command to a Domain Name System (DNS) server at address 255.255.255.255. If you are not going to set up DNS, turn off this feature to save you time as you type, especially if you are a poor typist

The logging synchronous Command

Router(config)#line console 0
Router(config-line)#exec-timeout 0 0
Router(config-line)#

Sets the time limit when the console automatically logs off. Set to 0 0 (minutes seconds) means the console never logs off.
The command exec-timeout 0 0 is great for a lab environment because the console never logs out. This is considered to be bad security and is dangerous in the real world. The default for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).

Saving and erasing configurations

Router(config)#exit	Bring you back in Privilege exec mode
Router#copy running-config startup-config	Saves the running configuration to local NVRAM
Router#copy running-config tftp	Saves the running configuration remotely to a TFTP server
Router#erase startup-config	Deletes the startup configuration file from NVRAM

Configuration Example: Basic Router Configuration

For example purpose we will use the topology created in start of this article. Create a simple topology by dragging dives on workspace as shown in figure.

Click inside the Router and select CLI and press Enter to get started.

--- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: no

Press RETURN to get started!

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastethernet 0/0
R1(config-if)#description Student Lab LAN
R1(config-if)#ip address 192.168.20.1 255.255.255.0
R1(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#exit
R1(config)#banner motd # Next Schedule metting with is postponed #
R1(config)#banner login # Unauthorized access is prohibited !
 Enter you user name and password #
R1(config)#ip host Lucknow 172.16.1.1
R1(config)#no ip domain-lookup
R1(config)#line console 0
R1(config-line)#exec-timeout 0 0
R1(config-line)#logging synchronous
R1(config-line)#password consloe
R1(config-line)#login
R1(config-line)#exit
R1(config)#line vty 0 4
R1(config-line)#password telnet
R1(config-line)#login
R1(config-line)#exit
% Unrecognized command
R1(config)#enable password test
R1(config)#enable secret vinita
R1(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
R1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
R1#

Read more »

Posted in: ccnas

Cisco devices hardware component and booting process

ROM

ROM contains the necessary firmware to boot up your router and typically has the following four components:

• POST (power-on self-test) Performs tests on the router's hardware components.
• Bootstrap program Brings the router up and determines how the IOS image and configuration files will be found and loaded.
• ROM Monitor (ROMMON mode) A mini–operating system that allows you to perform low-level testing and troubleshooting, the password recovery procedure,
• Mini-IOS A stripped-down version of the IOS that contains only IP code. This should be used in emergency situations where the IOS image in flash can't be found and you want to boot up your router and load in another IOS image. This stripped-down IOS is referred to as RXBOOT mode.

RAM

RAM is like the memory in your PC. On a router, it (in most cases) contains the running IOS image; the active configuration file; any tables (including routing, ARP, CDP neighbor, and other tables); and internal buffers for temporarily storing information, such as interface input and output buffers. The IOS is responsible for managing memory. When you turn off your router, everything in RAM is erased.

Flash

Flash is a form of nonvolatile memory in that when you turn the router off, the information stored in flash is not lost. Routers store their IOS image in flash, but other information can also be stored here. Note that some lower-end Cisco routers actually run the IOS directly from flash (not RAM). Flash is slower than RAM, a fact that can create performance issues.

NVRAM

NVRAM is like flash in that its contents are not erased when you turn off your router. It is slightly different, though, in that it uses a battery to maintain the information when the Cisco device is turned off. Routers use NVRAM to store their configuration files. In newer versions of the IOS, you can store more than one configuration file here.

Router Boot up Process

A router typically goes through five steps when booting up:

• The router loads and runs POST (located in ROM), testing its hardware components, including memory and interfaces.
• The bootstrap program is loaded and executed.
• The bootstrap program finds and loads an IOS image: Possible locations: - flash, a TFTP server, or the Mini-IOS in ROM.
• Once the IOS is loaded, the IOS attempts to find and load a configuration file, stored in NVRAM
• After the configuration is loaded, you are presented with the CLI interface. you are placed into is User EXEC mode.

Setup Mode

Cisco devices include a feature called Setup mode to help you make a basic initial configuration. Setup mode will run only if there is no configuration file in NVRAM—either because the router is brand-new, or because it has been erased. Setup mode will ask you a series of questions and apply the configuration to the device based on your answers. You can abort Setup mode by typing CTRL+C or by saying "no" either when asked if you want to enter the initial configuration dialog or when asked if you want to save the configuration at the end of the question.

Configuration register

The configuration register is a special register in the router that determines many of its boot up and running options, including how the router finds the IOS image and its configuration file. The configuration register is a four-character hexadecimal value that can be changed to manipulate how the router behaves at bootup. The default value is 0x2102.
The characters "0x" indicate that the characters that follow are in hexadecimal. This makes it clear whether the value is "two thousand one hundred and two" or, as in this case, "two one zero two hexadecimal".
The fourth character in the configuration register is known as the boot field. Changing the value for this character will have the following effects:

• 0x2100 = Always boot to ROMMON.
• 0x2101 = Always boot to RXBOOT.
• 0x2102 through 0x210F = Load the first valid IOS in flash; values of 2 through F for the fourth character specify other IOS image files in flash.

The third character in the configuration register can modify how the router loads the configuration file. The setting of 0x2142 causes the router to ignore the startup-config file in NVRAM (which is where the password is stored) and proceed without a configuration—as if the router were brand new or had its configuration erased.

How to reset Router password

The Password Recovery process is simple and takes less than five minutes depending on how fast your router boots

1. Connect to the console port, start your terminal application, and power cycle the router. When you see the boot process beginning, hit the Break sequence. (This is usually Ctrl+Page Break, but it might differ for different terminal applications.) Doing this interrupts the boot process and drops the router into ROMMON.
2. At the ROMMON prompt, enter the command confreg 0x2142 to set the configuration register to 0x2142.
3. Restart the router by power cycling it or by issuing the command reset.
4. When the router reloads, the configuration register setting of 0x2142 instructs the router to ignore the startup-config file in NVRAM. You will be asked if you want to go through Setup mode because the router thinks it has no startup-configuration file. Exit from Setup mode.
5. Press Return and enable command enable to go into privileged EXEC command mode. No password is required because the startup config file was not loaded.
6. Load the configuration manually by entering copy startup-config running-config.
7. Go into the Global Configuration mode using the command configure terminal and change the password with the command enable password password or enable secret password.
8. Save the new password by entering copy running-config startup-config.
9. Go to the global config prompt, and change the configuration register back to the default setting with the command config-register 0x2102. Exit back to the privileged exec prompt.
10. Reboot the router using the reload command. You will be asked to save your changes; you can do so if you have made additional configuration changes.

Reset password on 1841

System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
################
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142
rommon 2 > reset
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
############################################################### [OK]

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M),
 Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
Image text-base: 0x60080608, data-base: 0x6270CD50

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M),
 Version 12.4(15)T1,  RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team

         --- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: no

Press RETURN to get started!
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
428 bytes copied in 0.416 secs (1028 bytes/sec)
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#enable password vinita
Router(config)#enable secret vinita
Router(config)#config-register 0x2102
Router(config)#exit
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#reload
Proceed with reload? [confirm]

Read more »

Posted in: ccnas

Interface of Router

Console

The console port is used for local management connections. This means that you must be able to physically reach the console port with a cable. The console port looks exactly like an Ethernet port. It uses the same connector, but it has different wiring and is often identified with a light blue label "CONSOLE."

Aux Port

The AUX port is really just another console port that is intended for use with a modem, so you can remotely connect and administer the device by phoning it. However using aux port for configuration create some security issues, so make sure that you get advice on addressing those before setting this up.

Ethernet Port

An Ethernet port (which might be a FastEthernet or even a GigabitEthernet port, depending on your router model) is intended to connect to the LAN. Some routers have more than one Ethernet or FastEthernet port; it really depends on what you need and of course what you purchase. The Ethernet port usually connects to the LAN switch with a straight-through cable.

Serial Port

A Cisco serial port is a proprietary design, a 60-pin D-sub. This connector can be configured for almost any kind of serial communication. You need a cable that has the Cisco connector on one end and the appropriate type of connector for the service you want to connect to on the other.

Other Connections

Your router may have some other port like T1 controller for wan services. Or you could have bri and pri port. But none of these ports are tested in CCNA exam so you need to concern about these ports.

Switch Interface Nomenclature

The Catalyst 2950 and 2960 switches support only fixed interfaces, while some of Cisco’s higher end switches, such as the 6500s, support modular slots with interface cards.
The nomenclature of an interface is type slot_#/port_#.
The type of interface is the media type, such as ethernet, fastethernet, or gigabit.
Following this is the slot number. For all fixed interfaces on a Cisco switch, the slot number is always 0.
The port number is the number of the port in the specified slot.
Unlike Cisco router ports, switch port numbers start at 1 and work their way up. For instance, on a 2960, the very first port is fastethernet 0/1, the second port is fastethernet 0/2, and so on. Some 2960 switches support Gigabit Ethernet interfaces, so the nomenclature for the interface would look like this:
gigabitethernet 0/1.

Router Interface Nomenclature

When referring to fixed interfaces, the interface numbers always begin with 0 (not 1, like the switches) and work their way up within a particular interface type.
For routers that have only fixed interfaces, the interface nomenclature is type port_#.
For example, if a router has two fixed Ethernet interfaces and two fixed serial interfaces, they would be called ethernet 0 and ethernet 1 and serial 0 and serial 1. The port numbers begin at 0 within each interface type. Through use of an interface type and a number, each of the interfaces can be uniquely identified.
However, if a router has modular slots, where you can insert interface cards into these slots, the interface nomenclature is like the Catalyst switches:
type slot_#/ port_#. Each slot has a unique slot number beginning with 0, and within each slot, the ports begin at 0 and work their way up.
For example, if you had a modular router with two slots, the first slot would be 0 and the second 1. If the first slot had four Ethernet interfaces, the interface numbers would be 0– 3 and if the second slot had two Ethernet interfaces, the interface numbers would be 0 and 1.
Here’s an example of a four-port serial module in the third slot of a 3640 router: serial 2/0, serial 2/1, serial 2/2, and serial 2/3. Here are some examples of routers with modular interfaces: 2600, 3600, 3700, 7000, 7200, and 7500.
The exception to this is the 1600 and 1700 routers; even though they are modular, you don’t configure any slot number when specifying a particular interface

Read more »

Posted in: ccnas

Exam Topics

The following topics are general guidelines for the content likely to be included on the Cisco Certified Network Associate exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe how a network works

• Describe the purpose and functions of various network devices
• Select the components required to meet a network specification
• Use the OSI and TCP/IP models and their associated protocols to explain how data flows in a network
• Describe common networked applications including web applications
• Describe the purpose and basic operation of the protocols in the OSI and TCP models
• Describe the impact of applications (Voice Over IP and Video Over IP) on a network
• Interpret network diagrams
• Determine the path between two hosts across a network
• Describe the components required for network and Internet communications
• Identify and correct common network problems at layers 1, 2, 3 and 7 using a layered model approach
• Differentiate between LAN/WAN operation and features

Configure, verify and troubleshoot a switch with VLANs and interswitch communications

• Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
• Explain the technology and media access control method for Ethernet networks
• Explain network segmentation and basic traffic management concepts
• Explain basic switching concepts and the operation of Cisco switches
• Perform and verify initial switch configuration tasks including remote access management
• Verify network status and switch operation using basic utilities (including: ping, traceroute, telnet, SSH, arp, ipconfig), SHOW & DEBUG commands
• Identify, prescribe, and resolve common switched network media issues, configuration issues, auto negotiation, and switch hardware failures
• Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q)
• Describe how VLANs create logically separate networks and the need for routing between them
• Configure, verify, and troubleshoot VLANs
• Configure, verify, and troubleshoot trunking on Cisco switches
• Configure, verify, and troubleshoot interVLAN routing
• Configure, verify, and troubleshoot VTP
• Configure, verify, and troubleshoot RSTP operation
• Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network.
• Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)

Implement an IP addressing scheme and IP Services to meet network requirements in a medium-size Enterprise branch office network

• Describe the operation and benefits of using private and public IP addressing
• Explain the operation and benefits of using DHCP and DNS
• Configure, verify and troubleshoot DHCP and DNS operation on a router.(including: CLI/SDM)
• Implement static and dynamic addressing services for hosts in a LAN environment
• Calculate and apply an addressing scheme including VLSM IP addressing design to a network
• Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment
• Describe the technological requirements for running IPv6 in conjunction with IPv4 (including: protocols, dual stack, tunneling, etc).
• Describe IPv6 addresses
• Identify and correct common problems associated with IP addressing and host configurations

Configure, verify, and troubleshoot basic router operation and routing on Cisco devices

• Describe basic routing concepts (including: packet forwarding, router lookup process)
• Describe the operation of Cisco routers (including: router bootup process, POST, router components)
• Select the appropriate media, cables, ports, and connectors to connect routers to other network devices and hosts
• Configure, verify, and troubleshoot RIPv2
• Access and utilize the router to set basic parameters.(including: CLI/SDM)
• Connect, configure, and verify operation status of a device interface
• Verify device configuration and network connectivity using ping, traceroute, telnet, SSH or other utilities
• Perform and verify routing configuration tasks for a static or default route given specific routing requirements
• Manage IOS configuration files. (including: save, edit, upgrade, restore)
• Manage Cisco IOS
• Compare and contrast methods of routing and routing protocols
• Configure, verify, and troubleshoot OSPF
• Configure, verify, and troubleshoot EIGRP
• Verify network connectivity (including: using ping, traceroute, and telnet or SSH)
• Troubleshoot routing issues
• Verify router hardware and software operation using SHOW & DEBUG commands.
• Implement basic router security

Explain and select the appropriate administrative tasks required for a WLAN

• Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)
• Identify and describe the purpose of the components in a small wireless network. (Including: SSID, BSS, ESS)
• Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point
• Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP, WPA-1/2)
• Identify common issues with implementing wireless networks. (Including: Interface, missconfiguration)

Identify security threats to a network and describe general methods to mitigate those threats

• Describe today's increasing network security threats and explain the need to implement a comprehensive security policy to mitigate the threats
• Explain general methods to mitigate common security threats to network devices, hosts, and applications
• Describe the functions of common security appliances and applications
• Describe security recommended practices including initial steps to secure network devices

Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network

• Describe the purpose and types of ACLs
• Configure and apply ACLs based on network filtering requirements.(including: CLI/SDM)
• Configure and apply an ACLs to limit telnet and SSH access to the router using (including: SDM/CLI)
• Verify and monitor ACLs in a network environment
• Troubleshoot ACL issues
• Explain the basic operation of NAT
• Configure NAT for given network requirements using (including: CLI/SDM)
• Troubleshoot NAT issues

Implement and verify WAN links

• Describe different methods for connecting to a WAN
• Configure and verify a basic WAN serial connection
• Configure and verify Frame Relay on Cisco routers
• Troubleshoot WAN implementation issues
• Describe VPN technology (including: importance, benefits, role, impact, components)
• Configure and verify a PPP connection between Cisco routers

Cisco system could change this syllabus without any notification. We suggest you to review Cisco’s official site before taking exam.

Read more »

Posted in: ccnas