Chapter Two

Network Devices & Basic

Configuration

1
 Network Devices
• Network devices are components used to connect
computers or other electronic devices together so that they
can share files or resources like printers or fax machines.

• Router

• A router is a special type of computer. It has the same basic

components as a standard desktop PC.

• However, routers are designed to perform some very specific

functions. 2
 Cont.
• Routers/Switches need the IOS to run configuration files. These
configuration files contain the instructions and parameters that
control the flow of traffic in and out of the routers/switches

• Functions of routers

Router connects multiple networks:

 When a router receives an IP packet on one interface, it determines

which interface to use to forward the packet onto its destination.
 These interfaces are used to connect a combination of both Local Area
Networks (LANs) and Wide Area Networks (WANs).
3
• Routers determine the best path:

The router uses its routing table to determine the best path to
forward and send packets toward their destination the packet.
Router Components

Hardware Components

 Router memory components

 ROM (Read-Only Memory)
 Flash
 CPU: CPU executes operating system instructions
 NVRAM (Non-Volatile RAM)
 RAM (Random-Access
 Interface and Lines Memory)

Software Components : IOS 4

Router memory detail

5
 Router memory…
ROM: maintain instructions of POST diagnosis

• Stores bootstrap program and basic operating system software

• Mini IOS

RAM: also called dynamic RAM(DRAM)

• Contains the running copy of configuration file

• Stores routing tables

• Holds ARP cache

• Performs packet buffering (shared RAM)

• Provides temporary memory for the configuration file of the router

while the router is powered on 6

Non-Volatile RAM: Stores startup configuration

• Retains content when router is powered down or restarted

• Configuration Register – 16 bit register which decides the boot

sequence

FLASH Memory: Holds the operating system image (IOS)

• Allows software to be updated without removing and replacing chips

on the processor

• Retains content when router is powered down or restarted

• Can store multiple versions of IOS software

• Is a type of electronically erasable, programmable ROM (EEPROM)7

 Interfaces & Lines
• Cisco devices contain two distinctly different types of ports; interfaces and lines.

• Interfaces connect routers and switches to each other or

• traffic is actually routed or switched across interfaces.

• Ex. Serial Ethernet, Fast Ethernet, Token Ring, ATM, ISDN, Loopback
interfaces etc.

• It can identified both interface name and number

Ethernet0/FastEthernet0/2(module/interface for the version of 3600 routers).

• Lines identify ports that allow us to connect into, and then configure, Cisco devices.

• Example Console ports, Auxiliary ports and VTY (telnet) ports and identified like
Console 0
8
9
 Categories of router interfaces
Categories of interfaces Interfaces Function of interface
LAN interfaces Ethernet , Fast Used to connect router
Ethernet Ports, to LAN
Gigabit network

WAN Interfaces Serial Ports Used to connect routers

into external network
that internetwork LAN

Management Interfaces Console and auxiliary Used for configuration

ports purpose

10
 Using Lines to Configure the IOS
• The console port is generally a RJ-45 connector, and requires a rollover
cable to connect.

• The opposite side of the rollover cable connects to a PC’s serial port using
a serial terminal adapter.

• From the PC, software such as HyperTerminal is required to make a

connection from the local serial port to the router console port

• The auxiliary port functions the same with console except it support modem
commands providing dial-in access to Cisco devices. 11
• Telnet, and now SSH, are the most common
methods of remote access to routers and switches.

• There are two requirements before a router/switch will

accept a VTY connection:
An IP address must be configured on an interface

At least one VTY port must be configured with a

password
12
 Internetwork Operating System (IOS)
 Cisco IOS manages the hardware and software resources of the
router,
 IOS is a multitasking operating system that is integrated with
routing, switching, internetworking, and telecommunications
functions.

• CLI is a method of configuring Cisco routers

• Upon bootup, the startup-config file in NVRAM is copied into RAM

and stored as the running-config file.

• IOS executes the configuration commands in the running-config.

13
 Router Boot-up-Process
• There are four major phases to the boot up process

1. Performing the POST: After the POST has been

completed, the router executes the bootstrap program.

2. Loading the Bootstrap Program: After the POST, the

bootstrap program is copied from ROM into RAM.
 The main task of the bootstrap program is to locate the
Cisco IOS and load it into RAM.

14
3. Locating and Loading Cisco IOS:
 The IOS is typically stored in flash memory, but can
also be stored in other places such as a TFTP (Trivial File
Transfer Protocol) server.
 If a full IOS image cannot be located, a scaled-down
version of the IOS is copied from ROM into RAM.
 A TFTP server is usually used as a backup server for IOS
but it can also be used as a central point for storing and
loading the IOS. 15
4. Locating and Loading the Configuration File: After
the IOS is loaded, the bootstrap program searches for the
startup configuration file, known as startup-config, in
NVRAM.
 Parameters including: interface addresses, routing
information, passwords…
 If the startup configuration file, startup-config, is located
in NVRAM, it is copied into RAM as the running
configuration file, running-config.
16
 Basics configuration of router and switch
• Most of the router manufacturers provide SDM
(Security Device Manager) software along with
the router to enable users configure the router
graphically.

• Basic Configuration, LAN IP Address, DHCP,

Internet (WAN), Firewall, Security Settings and
Summary
17
 Cisco IOS Modes of Operation
• The Cisco IOS software provides two levels of access
to commands: user and privileged.

• The unprivileged user mode is called user

EXEC mode. The privileged mode is called
privileged EXEC mode and requires a password.

18
Most commonly used mode

19
User EXEC Mode:

When you are connected to the router, you are started in user EXEC mode. The
user

EXEC commands are a subset of the privileged EXEC commands.

Privileged EXEC Mode:

Privileged commands include the following:

• Configure – Changes the software configuration.

• Debug – Display process and hardware event messages.

• Setup – Enter configuration information at the prompts.

Enter the command disable to exit from the privileged EXEC mode and return to
user EXEC mode. 20
 Configuration Mode
• To enter configuration mode, enter the command configure
terminal and exit by pressing Ctrl-Z.
Basic Router/Switch Configuration- use the hole
configuration for the following topology

21
 1. Getting Help
In any command mode, you can get a list of available commands by entering a

question mark (?).

Router>?

To obtain a list of commands that begin with a particular character sequence, type in

Router#co?

Configure connect copy

abbreviate commands and keywords by entering just enough characters

to make the command unique from other commands. show command to sh 22

 2. Disabling DNS lookup
• DNS lookup can sometime take your time looking for the name
translations even if

• you didn’t configure any host name but we can disable the DNS
lookup from your cisco device.

• Example:

• Router>enable

• Router# configure terminal

• Router(config)#no ip domain-lookup

• Router(config)#exit 23
3. Rename the Router
• To specify or modify the host name for the router, global
configuration command HOSTNAME is used.

• Hostname is case sensitive. The host name is used in prompts

and default configuration filenames. For instance the first router
R1 can be renamed as DTUR1 as follow.

• Router (config) # hostname DTUR1

• DTUR1(config) #

• The factory-assigned default host name is router 24

4. Setting the System Clock
• The system clock runs from the moment the system starts up and
keeps track of the current date and time based on Coordinated
Universal Time (UTC), also known as Greenwich Mean Time
(GMT).

• To display the system clock, use the show clock EXEC

command.

Example

• Clock set hh:mm:ss day month yyyy

• clock set hh:mm:ss month day yyyy 25

5. Setting the Banner
 To specify a message-of-the-day (MOTD) banner, use the
banner motd global configuration command.
 The no form of this command deletes the MOTD banner.

 When someone connects to the router, the MOTD banner

appears before the login prompt.
 DTUR1(config)# banner motd # message #

26
 6. Setting Passwords

a. Console Password

• Console password is needed when logging into router at

user EXEC mode from console.

• DTUR1 (config)# line console 0

• DTUR1 (config-line)# password console Password

• DTUR1 (config-line)#login

27
 Next b. Vty lines password
• Virtual terminal lines (vty) are used to allow remote access
to the router (by telneting through its interfaces). The
router has five virtual terminal lines by default.

• DTUR1 (config)# line vty 0 4

• DTUR1 (config-line)# password vtyPassword

• DTUR1 (config-line)#login

28
 Privileged Access Password

• To set a local password to control access to various privilege levels, use

the enable password global configuration command.

• Use the no form of this command to remove the password requirement.

• Must contain from 1 to 25 uppercase and lowercase alphanumeric

characters.

• Must not have a number as the first character.

• Can have leading spaces, but they are ignored. However, intermediate
and trailing spaces are recognized

• DTUR1 (config)# enable password WeakPrivilegePassword

29
Setting Secret (Encrypted) Password
• To set an encrypted local password to control access to
various privilege levels, use

• the enable secret global configuration command. Use the

no form of this command to remove the password
requirement.

• DTUR1 (config)# enable secret StrongPrivilegePassword

30
 7. Bring up an interface
• show ip interface brief at the user privilege mode on cisco routers

• To bring up the status of an interface

• we use the no shutdown command to open the router interface.

Example:
DTUR1>enable
DTUR1#configure terminal
DTUR1 (config)#interface serial2/0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit
DTUR1 (config)#interface fastethernet0/0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit 31
 Clock rate on serial interfaces
• Serial interface with DCE ends of a router need to be
configured with the clock rate
DCE- Data Communication Equipment
Example:
DTUR1>enable
DTUR1#configure terminal
DTUR1 (config)#interface serial2/0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#clock rate 4800
DTUR1 (config-if)#exit
The clock rate can be set from some specific values.
32
 Setting the Description for an Interface
• To add a description to an interface configuration, use the description interface
configuration command.

• Use the no form of this command to remove the description.

Router(config)# interface serial 2/0

DTUR1 (config-if)# description T1 line to DTUR1- 128 Kb/s

The description "T1 line to DTUR1- 128 Kb/s" appears in the output of the following
EXEC commands: show startup-config, show interfaces, and show running-config

DTUR1# show startup-config

DTUR1# show interfaces

DTUR1# show running-config

33
 10. IP addressing
• Every interface need to be configured with an IP address
on the router to communicate over the network.
DTUR1>enable
DTUR1#configer terminal
DTUR1 (config)#interface fastethernet0/0
DTUR1 (config-if)#ip address 10.10.10.1 255.255.255.0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit
DTUR1 (config)#interface serial2/0
DTUR1 (config-if)#ip add 192.168.20.1 255.255.255.252
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit 34
 11. DHCP (Dynamic Host Configuration Protocol)

 DHCP DISCOVER, DHCP OFFER, DHCP REQUEST and DHCP

ACKNOWLEDGEMENT.
 abbreviated as DORA

 After receiving DHCP ACKNOWLEDGEMENT, the IP address is

leased to the DHCP Client.
 with the “ip helper-address …” command, the router will
accept that broadcast message and cover it into a unicast packet
and forward it to the DHCP Server.
35
 When a DHCP address conflict occurs
• During the IP assignment process, the DHCP Server uses
ping to test the availability of an IP before issuing it to the
client.

• If no one replies then the DHCP Server believes that IP has

not been allocated and it can safely assign that IP to a
client.

• If someone answers the ping, the DHCP Server records

a conflict.
36
 Configure a DHCP Server on Cisco router
Router(config)#ip dhcp pool CLIENTS

Router(dhcp-config)#network 10.1.1.0 /24 (/24subnet mask)

Router(dhcp-config)#default-router 10.1.1.1

Router(dhcp-config)#dns-server 10.1.1.2

Router(dhcp-config)#domain-name DTU.com

Router(dhcp-config)#lease 0 12-The syntax is “lease{days[hours] [minutes]

| infinite}”in this case the lease is 12 hours. The default is a one-day lease

Router(dhcp-config)#exit

Router(config)# ip dhcp excluded-address 10.1.1.3 10.1.1.10

37
 12. Handling configuration Files

• Any time you make changes to the router configuration.

• There are two types of configuration files: the running (current

operating) configuration and the startup configuration.

• Use the following privileged mode commands to work with

configuration files.
configure terminal – modify the running configuration manually
from the terminal.
show running-config – display the running configuration.

show startup-config – display the startup configuration. 38

Cont..
• copy running-config startup-config – copy the running configuration to
the startup configuration.

• copy startup-config running-config – copy the startup configuration to the

running configuration.

• erase startup-config – erase the startup-configuration in NVRAM.

• copy tftp running-config– load a configuration file stored on a Trivial File

Transfer

• Protocol (TFTP) server into the running configuration.

• copy running-config tftp– store the running configuration on a TFTP server.

39
 Viewing, saving and erasing configurations
 Viewing

DTUR1>enable

DTUR1#show running-config
 Saving

DTUR1>enable

DTUR1#copy running-config starup-config Or

DTUR1#write/Wr
 Erasing startup configurations

DTUR1>enable

DTUR1#erase startup-config 40
no and do commands
• Use the command without the keyword no to reenable a
disabled feature or to enable a feature that is disabled by
default

Example

DTUR1(config)#int fa0/0

DTUR1(config-if)#no ip address
Disabling Logging synchronous messages

DTUR1(config)#line console 0

DTUR1(config-line)#logging synchronous 41
 15. Remote Device Management (telnet & SSH)
• SSH i.e. Secure Shell and Telnet are the network protocols that serves the
same purpose that is to provide remote access to the system in order to
establish some sort of communication between the systems.
 SSH encrypts the data/packets being transferred between the systems so it
cannot be Decoded by the Hackers.
 In Public network mostly SSH is used for remote connection

 SSH uses authentication which ensures that the source of the data is still the
same system and not another
 SSH uses public and private keys, to identify hosts and users (authentication).

 By default SSH runs on port 22.

42
Telnet
The data transferred between the systems is in Plain text
(ASCII form) and not in encrypted format which is the major
security concern.
Telnet is mostly used in Private network as it's highly insecure
to use in Public network.
Telnet does not use Authentication which is again a security
issue.
Telnet runs on port 23. 43
Configuring Telnet
• A virtual terminal line is "virtual port" on the router.

Step 1. Enter line configuration mode.

Step 2. Enable login on the vty lines.

Step 3. Set a password for Telnet access.

Step 4. Set the exec-timeout interval.

44
Cont..
Router#configure terminal
Router(config)#banner motd #Welcome to DTU Router#
Router(config)#enable password dtu123
Router(config)#interface fastethernet0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#line vty 0 4
Router(config-line)#password dtuvty123
Router(config-line)#login
Router(config-line)#logging synchronous
Router(config-line)#exec-timeout 30
Router(config-line)#motd-banner 45
Testing Telnet Connectivity

PC>telnet 192.168.0.1

Trying 192.168.0.1 …Open Welcome to DTU Router

User Access Verification

Password:

Router>enable

Password:

Router#

If you need to disconnect the logged in remote connection type

46
Configuring SSH
Open the router Router console line and create domain and user name.

Router(config)#ip domain-name dtu.com

Router(config)#username dtu Password dtussh123

Router(config)#

If you don’t, just follow and generate the encryption keys for securing
the ssh session.

Router(config)#crypto key generate rsa

How many bits in the modulus [512]: 1024

47
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
Cont..
 Now enable SSH version 2, set time out duration and login
attempt time on the router.
Remember this message if you going to use ssh version 2
“Please create RSA keys (of at least 768 bits size) to enable
SSH v2.”
Router(config)#ip ssh version 2

Router(config)#ip ssh time-out 50

Router(config)#ip ssh authentication-retries 4 48

Cont..
Enable vty lines and configure access protocols.

Router(config)#line vty 0

Router(config-line)#transport input ssh

Router(config-line)#password dtu123

Router(config-line)#login

Router(config-line)#motd-banner

Router(config-line)#exit

Router(config)# 49
Testing SSH Connectivity

PC>ssh -l dtu 192.168.0.1

Open

Password:

Router>enable

Password:

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Connection established successfully and the connection is secured with Secure

Shell. 50
 Troubleshooting: TCP/IP Utilities

• Ping: To test if your network connection is complete between two

computers, you can use the Packet Internet Groper, better known as
ping

• Tracert: informs us of the route and number of hops the packet of

data took to arrive at its destination.

• Ipconfig/all: This command is useful on systems running DHCP,

allowing users to determine which TCP/IP configuration values have
been configured by DHCP.

• Nslookup: It can be a useful troubleshooting tool if the DNS server is not

working correctly. 51
• Netstat: The netstat command can be used to display
the currently active TCP connections on a computer

• Route: The route command can be used to display and

modify the routing table of a computer.

• Syslog: is an excellent tool for system monitoring

and is almost always included in your distribution

52
Places to store and display syslog
messages
Place to store syslog Command to use
messages
Internal buffer (inside a switch or logging buffered [size]
router)
Syslog server Logging

Flash memory logging file flash:filename

Nonconsole terminal (VTY terminal monitor

connection…)
Console line logging console

53
 Cont.
• seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text

• Seq no: a sequence number only if the service sequence-numbers global

configuration command is configured

• Timestamp: Date and time of the message or event. This information appears
only if the service timestamps global configuration command is configured.

• FACILITY: This tells the protocol, module, or process that generated the message.

• Some examples are SYS for the operating system, IF for an interface…

• SEVERITY: A number from 0 to 7 designating the importance of the action

reported.

• MNEMONIC: A code that identifies the action reported.

54
 o u !
k Y
h a n
T
55