ICND1 100-105

ICND1 100-105

Configuring a Cisco Router

In order to help us complete the basic configuration of our Cisco routers, this lesson introduces the use of configuration modes, and how they interact to help us configure the router from the command-line interface (CLI). We will see configuration examples for basic interface components including IP addresses and then an overview of the show commands to verify proper configuration and operations.

Overview of Router Modes

The first step in configuring a router is to be located at privileged mode. Remember, exact modes have two sublevels: user and privileged. You go from user to privilege using the enable command and then from there you can only do monitoring and maintenance commands. If you want to configure, you have to go into global configuration mode at least, and you can accomplish that by typing configure terminal. That changes you to a different mode and the commands that you will have available are going to be different.

While in global configuration mode, anything you configure in that particular mode will affect the router as a whole typically, for example, the router’s host name and passwords and banners. If you want to configure specific components, then you would have to go into that components configuration mode from global configuration.

Router con0 is now available

Press RETURN to get started.

Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#hostname Branch
Branch(config)#^Z
Branch#
*Feb 4 20:09:54.192: %SYS-5-CONFIG_I: Configured from console by console
Branch#

Interface configuration mode requires a command from global config and then the prompt changes to tell you that you are in a different configuration mode. This is similar for sub-interfaces, controllers, access lines and routing protocols. If you want to navigate back and forth between modes, exit takes you one mode back and Ctrl+Z takes you all the way back to privileged EXEC mode with no regards to your location. If you want to navigate between second level configuration modes, then you can do so without having to go back to global configuration mode.

Saving Configuration

The configuration process is typically ongoing and incremental. Administrators may even start the process by cutting text from configuration files and pasting it into the command-line interface. After that, they gradually configure different functions and different components of the router. During change management, new configurations and sections may appear. At all times, for every line that I type into or copy into the command-line interface and hit Enter, that configuration command is going to be active and available in the running configuration. If I boot up the router at that point, I will lose my configurations if I do not save them into the nonvolatile memory. This is again what is called the startup configuration. This command will help you save those configurations into NVRAM and it is recommended to use it frequently, especially during change management.

Branch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Branch#

Or:

Branch#write memory
Building configuration...
[OK]

Configuring Router Identification

Accurate and effective documentation in sign posting is always a good practice. Router configuration is no exception and so here we see some commands that will allow you to document your settings and provide visual aids to identify certain components. For example, the host name of the router will be used as your router prompt.

At the command-line interface, the first word you see is the host name. For users connecting to the router, a good banner when they log in or when they access via any of the access lines will be an effective tool to convey the message of policies, access times, or support information. In configuring and changing the router configuration, it is probably important to provide descriptions to different components and so you will have a description command in interface configuration mode that allows you to then identify the interface when you use the show commands.

Console-Line Commands

Another important function in configuring the router is security and access control. The first command there could mitigate the exposure caused by lack of physical security. If someone accesses the console, and they suddenly leave, someone else could come in and use that session to their advantage: view the configurations, view the passwords, or even change them. The exec-timeout command allows you to set up a time out for command-line interface shells. In example, the console connection will time out and relogin the users after 20 minutes and 30 seconds.

Branch(config)#
Branch(config)#line vty 0 4
Branch(config-line)#exec-timeout ?
<0-35791> Timeout in minutes

Branch(config-line)#exec-timeout 20 ?
<0-2147483> Timeout in seconds
<cr>

Branch(config-line)#exec-timeout 20 30 ?
<cr>

Branch(config-line)#exec-timeout 20 30

Some other times you may want to prevent a denial of service attack that we inflict on ourselves. For example, when you are troubleshooting a router, you may enable a good number of messages to be displayed on the console, so that you can see what is going on. Well, that may prevent you from typing commands to fix a problem and so logging synchronous is a command that allows us to redisplay the interrupted console input after a message has been displayed. In other words, I am typing, a message is displayed, well the command I was typing is redisplayed on the screen, so I can follow up and continue typing and fixing the problems.

Branch(config-line)#logging synchronous
Branch(config-line)#end
Branch#wr
Building configuration...
[OK]
Branch#

Configuring an Interface

Interfaces are the door to other networks and are one of the things that makes the router a router, the device capable of connecting multiple segments, so their configuration is going to be critical. You can configure interfaces by going into the interface configuration mode, and you do this by typing the command interface and then the interface identifier.

Typically, the interface identifier will depend on the type of router we have and so there are some fixed configuration routers that will simply have Ethernet 0 as an example or Serial 0 as another example. In modular routers, the interface identifier depends on the location of the interface in terms of the various slots and modules in the router chassis. At that point, you would identify the interface with a number and the number is going to be a slot followed by a / followed by a port, and so if the interface I want to accesses is on slot 1 and it is port number 3, then it would be 1/3.

Configuring an Interface Description

It is very important to be able to identify quickly the various components of our configuration. Interface names and numbers are sometimes not too pneumonic or suitable to remember what they are all about. It will be better to know an interface by calling it interface 2 branch 1 than by calling it as 00.

So good description will come handy; it will improve your documentation and will be very effective in troubleshooting. That is the command to assign an interface, a description, and as you can imagine, it is an interface configuration mode command.

Disabling or Enabling an Interface

Interfaces have multiple statuses, and they relate to layers 1 and 2 in the display of our commands. For example, if I do show IP interfaces brief, the output of that command will display the layer 1 status and layer 2 status. One possible status is down and this could happen due to lack of service or signal on a certain interface or due to misconfigurations.

At some point, during troubleshooting or during change management, administrators may want to bring the interface down administratively. These commands show how to do it. The shut down command in interface configuration mode disables the interface, while the no version of the same command will enable the interface. The no keyword is valid for several commands, not only this one, and allows you to negate or revert the action of a certain command.

Configuring IP Address

IP addresses are the building block to IP communications. In a router, any active IP interface will require an IP address. Setting the IP address includes setting of the address itself plus the mask. The mask tells the router how to read the IP address and understand in terms of networks and hosts. Following proper design guidelines you should reach a consensus in terms of how IP addresses are going to be allocated and assigned to different segments and hosts in the network.

In routers, again, all interfaces that transport IP will need one; this also helps the router in defining the topology of the directly connected networks and be able to advertise those networks to other devices via routing protocols. The router’s IP addresses will also sometimes serve as a default gateway to configure on other devices and hosts.

Branch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)#interface fa0/0
Branch(config-if)#ip address 192.168.10.1 255.255.255.0
Branch(config-if)#description ### LAN ###
Branch(config-if)#no shutdown
Branch(config-if)#
*Feb 4 20:21:05.434: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Feb 4 20:21:06.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Branch(config-if)#
Branch(config-if)#exi
Branch(config)#int fa0/1
Branch(config-if)#ip address 10.1.5.2 255.255.255.252
Branch(config-if)#description ### Internet ###
Branch(config-if)#no shu
*Feb 4 20:22:32.896: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Feb 4 20:22:33.899: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Branch(config-if)#end
Branch#
Branch#wr
Building configuration...
[OK]
Branch#

Router show interface Command

Multiple commands are available to verify your configuration; show interfaces is perhaps one of the commands that displays the most information in its output. The basic version of the command will actually display the MAC addresses and IP addresses as well as valuable statistics in terms of number received and transmitted packets and put an output rates and layer 1 and layer 2 counters. Do yourself a favour and try to memorize the following two very useful and important commands!

Branch#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.10.1    YES manual up                    up
FastEthernet0/1            10.1.5.2        YES manual up                    up

Branch#show interfaces description
Interface                      Status         Protocol Description
Fa0/0                          up             up       ### LAN ###
Fa0/1                          up             up       ### Internet ###
...
Branch#

Interpreting the Interface Status

The first line of our show interfaces command is the actual status of the interface, and again this is broken into two different statuses, one per layer. The first status is layer 1, the second status is layer 2, and so you can see here some of the combinations that will represent a different overall status of the interface.

Router#sh int fa 0
FastEthernet0 is up, line protocol is up
  Hardware is PQ3_TSEC, address is 0021.a09d.1b6c (bia 0021.a09d.1b6c)
  Description: ### PROVIDER ###
  Internet address is 192.168.0.65/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 39
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 1 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
     491094 packets input, 487489009 bytes
     Received 245 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     386363 packets output, 74996232 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

If both components are up, then status is operational. If the physical layer is up, but the data link layer is down, then there may be a connection problem related to say Ethernet. In the case of serial interfaces, this may be an indication of lack of keepalives or mismatched encapsulation types. If both statuses are down, then that probably means that there is no cable attached to the port. Finally, when you shut down the interface, it will show as administratively down.

Navigating the CLI

Let's review the navigation tools and some of the commands that may come handy. We know that here at privileged mode, we can go into global configuration by doing the config T, and then from there, to further other configuration modes like interface configuration mode, like that, for that particular interface. Now from here, we cannot do show commands initially because those belong to the EXEC mode and we are in interface configuration mode. So, if I do things like show ip int brief from here, it says no, you can’t because it is not available in this mode. Well, I can always use a do version of the command. Do will invoke commands that belong to EXEC mode. And so, if I do that, then it displays the output of the show IP interface brief while I am still at the interface configuration mode. Now, if I wanted to navigate and move back and forth, I can use the exit command to go back one level or one section. If I go back to interface configuration mode, though, and want to go all the way back into the EXEC mode, I can do Ctrl-Z, and then that is going to do it. Another command that may come handy is how to break, or abort, certain things. For example, the default behavior if I type an unknown command is to look up that word via DNS and try to resolve it to an IP address and Telnet to it. All that may take a little time. So, if I do that and start looking it up, I can use the keywords to abort, which are Ctrl-Shift-6, and that thing aborts certain commands like this translation, and also ping and trace for testing. And that is going to come handy if you do not want to waste your time here. Useful stuff. Let's move on.

Router#
Router#
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int fa 0
Router(config-if)#
Router(config-if)#sh ip int brie
                                  ^
% Invalid input detected at '^' marker.

Router(config-if)#do sh ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
BRI0                       unassigned      YES NVRAM  administratively down down
BRI0:1                     unassigned      YES unset  administratively down down
BRI0:2                     unassigned      YES unset  administratively down down
FastEthernet0              192.168.0.65    YES NVRAM  up                    up
FastEthernet1              unassigned      YES NVRAM  administratively down down
FastEthernet2              unassigned      YES unset  down                  down
FastEthernet3              unassigned      YES unset  down                  down
FastEthernet4              unassigned      YES unset  up                    down
FastEthernet5              unassigned      YES unset  up                    down
FastEthernet6              unassigned      YES unset  up                    up
FastEthernet7              unassigned      YES unset  up                    up
FastEthernet8              unassigned      YES unset  up                    up
FastEthernet9              unassigned      YES unset  down                  down
NVI0                       192.168.0.65    YES unset  up                    up
Tunnel1                    10.10.1.65      YES NVRAM  up                    up
Tunnel2                    10.10.2.65      YES NVRAM  up                    up
Vlan1                      192.168.65.192  YES NVRAM  up                    up
Router(config-if)#
Router(config-if)#exi
Router(config)#
Router(config)#
Router(config)#int fa 0
Router(config-if)#
Router(config-if)#^Z
Router#
Router#unknown
Translating "unknown"

Translating "unknown"

% Bad IP address or host name
% Unknown command or computer name, or unable to find computer address
Router#