The Cisco Internetwork Operating System (IOS):- is the
kernel of Cisco routers and most switches. The Cisco IOS is a
proprietary kernel that provides routing, switching, internetworking,
and tele-communications features. These are some important things that
the Cisco router IOS software is responsible for:
1. Carrying network protocols and functions
2. Connecting high-speed traffic between devices
Adding security to control access and stop unauthorized network use providing scalability for ease of network growth and redundancy Supplying network reliability for connecting to network resources.
We can access the Cisco IOS through the console port of a router, from a modem into the auxiliary (or Aux) port, or even through Telnet.
Connecting to a Cisco Router
We can connect to a Cisco router to configure it, verify its configuration, and check statistics. There are different ways to do this, the first place you would connect to is the console port. The console port is usually an RJ-45 (8-pin modular) connection located at the back of the router. You can also connect to a Cisco router through an auxiliary port—which is really the same thing as a console port, the third way to connect to a Cisco router is in-band, through the program Telnet.
Bringing Up a Router
When you first bring up a Cisco router, it will run a power-on self-test (POST). If it passes, it will then look for and load the Cisco IOS from flash memory—if an IOS file is present. After that, the IOS loads and looks for a valid configuration—the startup-config—that’s stored in nonvolatile RAM, or NVRAM.
1. Carrying network protocols and functions
2. Connecting high-speed traffic between devices
Adding security to control access and stop unauthorized network use providing scalability for ease of network growth and redundancy Supplying network reliability for connecting to network resources.
We can access the Cisco IOS through the console port of a router, from a modem into the auxiliary (or Aux) port, or even through Telnet.
We can connect to a Cisco router to configure it, verify its configuration, and check statistics. There are different ways to do this, the first place you would connect to is the console port. The console port is usually an RJ-45 (8-pin modular) connection located at the back of the router. You can also connect to a Cisco router through an auxiliary port—which is really the same thing as a console port, the third way to connect to a Cisco router is in-band, through the program Telnet.
Bringing Up a Router
When you first bring up a Cisco router, it will run a power-on self-test (POST). If it passes, it will then look for and load the Cisco IOS from flash memory—if an IOS file is present. After that, the IOS loads and looks for a valid configuration—the startup-config—that’s stored in nonvolatile RAM, or NVRAM.
- Router Modes:-
Entering the CLI from a Non-ISR Router
After the interface status messages appear and you press Enter, the Router> prompt will appear. This is called user exec mode (user mode), and it’s mostly used to view statistics, But it’s also a stepping stone to logging in to privileged mode. We can only view and change the configuration of a Cisco router in privileged exec mode (privileged mode), which you can enter with the enable command. Here’s how:
Router>enable
Router#
We now end up with a Router# prompt, which indicates that you’re in Privileged mode, where you can both view and change the router’s configuration. We can go back from privileged mode into user mode by using the disable command, as seen here:
Router# disable
Router>
At this point, you can type logout
from either mode to exit the console: Router>logout
Overview of Router Modes
To configure from a CLI, you can make global changes to the router by typing configure terminal (or config t for short), which puts you in global configuration mode and changes what’s known as the running-config. A global command (a command run from global config) is set only once and affects the entire router. We can type config from the privileged-mode prompt and then just press Enter to take the default of terminal, as seen here:
Router# config
Configuring from terminal, memory, or network [terminal]? [ press enter ] Here are some of the other options under the configure command:
Router (config) # exit
or press
Cntl-z
Router# config?
Confirm Confirm replacement of running-config with a new config file
Memory Configure from NV memory
Network Configure from a TFTP network host
Overwrite-network Overwrite NV memory from TFTP network host
Replace Replace the running-config with a new config file
Terminal Configure from the terminal
Interfaces
To make changes to an interface, you use the interface command from global configuration mode:
Router (config) # interface?
Async Async interface BVI Bridge-Group Virtual Interface CDMA-Ix CDMA Ix interface CTunnel CTunnel interface Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Group-Async Async Group interface Lex Lex interface Loopback Loopback interface MFR Multilink Frame Relay bundle interface Multilink Multilink-group interface Null Null interface Port-channel Ethernet Channel of interfaces Serial Serial Tunnel Tunnel interface Vif PGM Multicast Host interface Virtual-PPP Virtual PPP interface Virtual-Template Virtual Template interface Virtual-TokenRing Virtual Token Ring Range interface range command
Router (config) # interface
fastEthernet 0/0
Router (config-if) #
Did you notice that the prompt changed to Router (config-if) #? This tells us that we’re in interface configuration mode. And wouldn’t it be nice if the prompt also gave us an indication of what interface you were configuring? Well, at least for now we’ll have to live without the prompt information, because it doesn’t. One thing is for sure: You really have to pay attention when configuring a router!
- Gathering Basic Routing Information
The show version command will provide basic configuration for the system hardware as well as the software version and the boot images. Here’s an example:
Router# show version
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1) - Administrative Function
The administrative functions that you can configure on a router and switch are Hostnames, Banners, Passwords and Interface descriptions.
Remember, none of these will make your routers or switches work better or faster, but we just take the time to set these configurations on each of your network devices. That’s because doing this makes troubleshooting and maintaining your network so much easier.- Hostnames
We can set the identity of the router with the hostname command. This is only locally significant, which means that it has no bearing on how the router performs name lookups or how the router works on the internetwork.
Here’s an example:
Router # config t Router (config) # hostname Todd Todd (config) # hostname Atlanta Atlanta (config) # hostname Todd Todd (config) #
- Banners
A Banner is more than just a little cool—one very good reason for having a banner is to give any and all who dare attempt to telnet or dial into our internetwork a little security notice. And we can create a banner to give anyone who shows up on the router exactly the information we want them to have.login banner, and message of the day banner (all illustrated in the following code):
Router (config) # banner? login Set login banner motd Set Message of the Day banner
Message of the day (MOTD) is the most extensively used banner. It gives a message to every person dialing into or connecting to the router via Telnet or an auxiliary port, or even through a console port as seen here:
Router (config) # banner motd? LINE c banner-text c, where ‘c’ is a delimiting character Router (config) # banner motd # Enter TEXT message. End with the character ‘#’.$ Acme.com network, then you must disconnect immediately. # Router (config) # ^Z Router # or Router (config) # banner motd x Unauthorized access prohibited! x
Login banner
We can configure a login banner to be displayed on all connected terminals. This banner is displayed after the MOTD banner but before the login prompts. The login banner can’t be disabled on a per-line basis, so to globally disable it, you’ve got to delete it with the no banner login command. - Setting Passwords
Five passwords are used to secure your Cisco routers: console, auxiliary, telnet (VTY), enable password, and enable secret. The enable secret and enable password are used to set the password that’s used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed through the console port, through the auxiliary port, or via Telnet.
Enable Passwords
We set the enable passwords from global configuration mode like this:
Router (config) # enable?
password Assign the privileged level password secret Assign the privileged level secret
The following points describe the enable password parameters:
Router (config) # enable secret Todd
Router (config) # enable password Todd
The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password. If we try to set the enable secret and enable passwords the same, the router will give you a nice, polite warning to change the second password. If you don’t have older legacy routers, don’t even bother to use the enable password.
User-mode passwords are assigned by using the line command:
Router (config) # line?
<0-337> First Line number
aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems x/y/z Slot/Subslot/Port for Modems
Here are the lines to be concerned with:
aux
Sets the user-mode password for the auxiliary port. It’s usually used for attaching a modem to the router, but it can be used as a console as well.
console
Sets a console user-mode password.
vty
Sets a Telnet password on the router. If this password isn’t set, then Telnet can’t be used by default. To configure the user-mode passwords, you configure the line you want and use either the login or no login command to tell the router to prompt for authentication. The next sections will provide a line-by-line example of the configuration of each line configuration
Auxiliary Password
To configure the auxiliary password, go into global configuration mode and type
line aux ?
We can see here that you only get a choice of 0–0 (that’s because there’s only one port):
Router# config t Router (config) # line aux 0 Router (config-line) password cisco Router (config-line) # login Router (config-line) # exit
Console Password To set the console password, use the line console 0 command.
Router# config t Router (config) # line consol 0 Router (config-line) password cisco Router (config-line) # login Router (config-line) # exit
Telnet Password
Router# config t Router (config) # line vty 0 1180 Router (config-line) # password telnet Router (config-line) # login
Encrypting Your Passwords
Because only the enable secret password is encrypted by default, you’ll need to manually configure the user-mode and enable passwords for encryption. To manually encrypt your passwords, use the service password-encryption command.
Router# config t Router (config) # service password-encryption Router (config) # exit Router # sh run Router # config t Router (config) # no service password-encryption Router (config) # ^Z
- Hostnames
- Setting Up Secure Shell (SSH)
Instead of Telnet, you can use Secure Shell, which creates a more secure session than the Telnet application that uses an unencrypted data stream. Secure Shell (SSH) uses encrypted keys to send data so that your username and password are not sent in the clear. Here are the steps to setting up SSH: - Configuring an IP Address on an Interface
Even though we don’t have to use IP on your routers, it’s most often what people actually do use. To configure IP addresses on an interface, use the ip address command from interface configuration mode:
Router (config) #int f0/1
Router (config-if) # ip address 172.16.10.2 255.255.255.0
Don’t forget to enable the interface with the no shutdown command. If you want to add a second subnet address to an interface, you have to use the secondary parameter. If we type another IP address and press Enter, it will replace the existing IP address and mask. This is definitely a most excellent feature of the Cisco IOS.
Router (config-if) #ip address 172.16.20.2 255.255.255.0? secondary Make this IP address a secondary address < cr > Router (config-if) # ip address 172.16.20.2 255.255.255.0 secondary Router (config-if) # ^Z Router (config-if) # do sh run
0 comments:
Post a Comment