Академический Документы
Профессиональный Документы
Культура Документы
Contents
1. Cisco CLI mode
6. VTP configuration
9. SVI Configuration
44. SNMPv3
46. NTP
Extra
Cisco routers have different configuration modes based on the model. Mainly two modes :
To be able to get into either User Exec or Privileged mode a password is needed if password is
configured. From Privileged Mode, you can then enter Global Configuration Mode (password not needed
here) to then further configure interfaces, routing protocols, access lists and many more.
Some of the specific configuration modes can be entered from Global Configuration Mode and other
from Privileged mode:
User Exec Mode (distinguished by the ">" prompt) is your first mode, which is used to get statistics
from router, see which version IOS you're running, check memory resources and a few more things.
Privileged Mode (distinguished by the "#" prompt) is the second mode. Here you can enable or disable
interfaces on the router, get more detailed information on the router, for example, view the running
configuration of the router, copy the configuration, load a new configuration to the router, backup or
delete the configuration, backup or delete the IOS and a lot more.
Global Configuration Mode (distingushed by the (config)# prompt) is accessable via Privileged Mode.
In this mode you're able to configure each interface individually, setup banners and passwords, enable
secrets (encrypted passwords), enable and configure routing protocols and a lot more. We dare say
that almost every time you want to configure or change something on the router, you will need to be in
this mode.
Examples :
================================================================================
Objective:
hostname
login banner
enable password for accessing privilege mode
assign console password to prevent console login
assign IP for vlan 1 (Management VLAN)
configure virtual terminal for telnet session
set default gateway for the switch
hostname
login banner
enable password for accessing privilege mode
assign console password to prevent console login
configure virtual terminal for telnet session
Assign IP Address on Router Interface
5. Verification
Configuration of a switch:
1. First check the startup-config and running-config ..if there any configuration is exist
When you type a command in the global configuration mode it is stored in the running configuration. A
running configuration resides in a devices RAM, so if a device loses power, all configured commands
will be lost.
So you need to copy your current configuration into a startup configuration. A startup configuration is
stored in the NVRAM of a device, Now all configurations are saved even if the device loses power.
or
Switch#show startup-config
startup-config is not present
Switch#show running-config
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname DU
DU(config)#
Enable password will restrict one's access to privilege mode which is like a root user's password. We can
set it in two ways : enable password / enable secret command.
enable secret password provides encryption automatically using MD5 hash algorithm.
The enable password password does not encrypt the password and can be view in clear text in the
running-config. In order to encrypt the enable password password , use the service password-
encryption command. Actually, the enable secret password command provides stronger encryption
than the service password-encryption command.
A login banner is displayed whenever someone connects to the router by telnet or console connections
5. Console Password
We can protect console port of Cisco devices using console port password.
DU(config)#line console 0
DU(config-line)#password ashish123
DU(config-line)#login
DU(config-line)#exit
DU(config)#
Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices.
The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a
function of software - there is no hardware associated with them. They appear in the configuration as
line vty 0 4.
DU#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DU(config)#line vty 0 4
DU(config-line)#password ashish@123#
DU(config-line)#login
DU(config-line)#exit
DU(config)#
By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain
user traffic.
By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet,
SNMP, and syslog.
DU(config)#interface vlan 1
DU(config-if)#ip address 192.168.10.10 255.255.255.0
DU(config-if)#no shutdown
DU(config-if)#exit
DU(config)#
The switch should be configured with a default gateway if the switch will be managed remotely from
networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on
the same management VLAN network to which the switch connects. The switch will forward IP packets
with destination IP addresses outside the local network to the default gateway.
----------------------------------------------------------------------------------------------------------------------------
Switch#show startup-config
startup-config is not present
Switch#show running-config
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname BUET
BUET(config)#
5. Console password
BUET(config)#line console 0
BUET(config-line)#password ashish123
BUET(config-line)#login
BUET(config-line)#exit
BUET(config)#
6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely
BUET(config)#line vty 0 4
BUET(config-line)#password ashish@123#
BUET(config-line)#login
BUET(config-line)#exit
BUET(config)#
BUET(config)#
By default, all interfaces on a Cisco router are Administratively Down. To bring an interface up, issue
the no shutdown command.
BUET(config-if)#no shutdown
BUET(config-if)#exit
BUET(config)#
8. Save Configuration
BUET#write memory
Building configuration...
[OK]
BUET#
DU#write memory
Building configuration...
[OK]
C:\>ping 192.168.10.2
C:\>ping 192.168.10.3
C:\>ping 192.168.10.1
C:\>telnet 192.168.10.1
Password:
Password:
BUET>
C:\>telnet 192.168.10.10
Password:
DU>
N.B. if the switch is L3 you can assign IP address to its interfaces as follows:
DU(config-if)# no switchport
DU(config-if)# no shutdown
DU(config)# ip routing
===============================================================================