version 4.1. 5.1: router setup 5.1: router setup 5.2: sdm 5.2: sdm 5.3: router configuration 5.3:...
Post on 23-Dec-2015
242 Views
Preview:
TRANSCRIPT
Contents 5.1: Router Setup 5.2: SDM 5.3: Router Configuration 5.4: Connecting to the ISP 5.5: Switch Configuration
5.1: Routers A router is a specialized computer that
connects LANS together, through WAN connections
Routers are similar to PCs in many ways: 1. They have an operating system: Cisco IOS2. They use Configuration Files: contain the instructions
and parameters that control the flow of traffic in and out of the routers
3. They have the same basic internal hardware components as a PC
Routers have 2 specialized functions1. To determine the best path for data to travel
through the connected networks 2. To switch data packets to the correct outgoing
interface
Integrated Services Router
An ISR Router is a router that combines the functions of routing, LAN switching, security, voice, and WAN connectivity features into one device› Optional integrated switch module which
allows small businesses to connect LAN devices directly to the 1841 ISR
It is ideal for small to medium-sized businesses and for ISP-managed customers.
Router Components RAM/DRAM: Random Access Memory
– Temporary memory that stores the current configuration file of the router
– Also stores routing tables, ARP cache, and provides packet buffering – Loses content when router is powered down or restarted
NVRAM: Non-Volatile RAM– Permanent memory which stores the saved configuration file– Retains content when router is powered down or restarted
FLASH: EPROM memory (erasable, programmable ROM)– Permanent memory which stores the IOS image file– Can store multiple versions of IOS software for easier updates– Is a type of electronically erasable, programmable ROM (EEPROM)
ROM: Read only memory– Permanent memory which contains the BIOS program and
instructions for POST– Requires replacing pluggable chips on the motherboard for software
upgrades Ports/Interfaces :
– Ports on the router that allows it to connect to a network (either LAN or WAN) or to devices for management purposes
Router Components CPU
– The microprocessor that executes instructions in the operating system
– functions are system initialization, routing functions, and network interface control
Buses– Most routers contain a system bus and a CPU bus– The system bus is used for communication between the CPU and
the interfaces and/or expansion slots. It transfers the packets to and from the interfaces.
– The CPU bus is used by the CPU for accessing components from router storage. It transfers instructions and data to or from specified memory addresses.
Power Supply– The power supply provides the necessary power to operate
the internal components.
Router Interfaces
Router Interfaces are the connections to the outside world. They provide network connections through which packets enter and exit the router– Each interface has its own I/O port– Can connect to LANs or WANs– Every router has at least 2: 1 LAN and 1 WAN
LAN Interfaces: used to connect to a LAN– Ethernet LAN interface– Ex. E0, FA0, E0/0, E1/0/0
WAN Interfaces: a serial interface which allows connections to another network› Provides a connection to ISP service or another router– serial, ISDN, and integrated Channel Service Unit (CSUs)
interfaces– Ex. S0, S1/0, S1/0/1
Management Ports: these allow you to connect to a router to manage and troubleshoot it– Console port – allows you to connect to a computer’s com port with a
rollover cable and a DB-9 or DB-24 adapter • Hyperterminal software is used to establish a console connection
– Aux port – allows you to connect a modem to the router, and use Telnet to access the router (and hyperterminal)
IOS Cisco Internetwork Operating System
(IOS) The operating system used in Cisco
network devices is called the IOS Cisco IOS software is offered to customers
in modules called images. › The entry-level Cisco IOS software image is
called the IP Base image. › The IP Base image supports small to medium-
sized businesses and supports routing between networks.
› Other Cisco IOS software images add services to the IP Base image.
Router Bootup Process1. Power-on self test (POST)
› tests the router hardware› After POST, the bootstrap program is loaded › The Bootstrap program is loaded from ROm
2. Locate and load Cisco IOS › IOS is located from:
flash memory (default) a TFTP server Boot into ROMmon Mode
› IOS is loaded into RAM › The IOS locates the hardware and software components and
lists the results on the console terminal
3. Locate and execute the startup configuration file or enter setup mode
› startup configuration file is copied into RAM› a prompt containing the host name is displayed› Routing processes are started, addresses supplied to
interfaces› If no configuration file is found, the Router enters Setup mode
Bootup Failure
There are times when the router does not successfully boot.
This failure to boot can be caused by1. a corrupt or missing Cisco IOS file2. an incorrect location for the Cisco IOS image
specified by the configuration register3. inadequate memory to load a new IOS image
If a router fails to boot the IOS, it then boots up in ROM monitor (ROMmon) mode› ROMmon software is a simple command set stored
in read only memory (ROM) that can be used to troubleshoot boot errors and recover the router when the IOS is not present.
ROMmon Mode
When the router boots up to ROMmon mode, one of the first steps in troubleshooting is to look in flash memory for a valid image› rommon 1> dir flash:
If an image is located, then you can attempt to boot the image manually› rommon 1> boot flash:<IOS filename>
Example: › rommon 1> boot flash:c2600-is-mz.121-
5
Bootup Troubleshooting
If the router boots properly from ROMmon mode with the boot command, there are 2 possible reasons why the Cisco IOS image did not load from flash initially1. An incorrect configuration register setting ,
which determines the boot sequence for the IOS file
Use the show version command to check this setting
2. A configured boot system command which is instructing the router to look in a different location for the Cisco IOS image
1. Use the show startup-config command to check for boot system commands
View Configuration Register The show version command can be
used to verify the configuration register setting
Methods of Management
There are two ways to connect a PC to a router or switch to perform configuration and monitoring tasks: 1. Out-of-band management for initial
configuration Uses the console port and a Terminal Emulation
program (ex. hyperterminal) to connect a PC to a router or switch for management and configuration
2. In-band management over a network connection
Uses a remote management tool like telnet, and a local area network port to manage and configure a router
Out-of-band Management
Requires: › a direct connection to the console port or
auxiliary port (AUX) of the router or switch› a terminal emulation client (Hyperterminal)
Does not require the local network connections on the device to be active
Used for: › Initial configuration of a network device,
because the device cannot participate in the network until configured
› When the network connectivity is not functioning correctly and the device cannot be reached over the network.
In-Band Management
Requires:› at least one network interface on the device
must be connected to the network and be operational
› Telnet, HTTP or SSH can be used to access the device
› A web browser or a Telnet client program can be used to monitor the network device or make configuration changes
Used for: › monitoring a device› making configuration changes to a device
Establishing a Hyperterminal Session
Connect a rollover cable from the console port on the router to the com port on a PC, using a DB-9 adapter
The Console port is EIA/TIA-232 asynchronous serial console port (RJ-45).
Start Hyperterminal Program from the PC to establish a connection
Router Configuration There are 2 types of interfaces that can be used to configure a
router:
1. Command Line Interface (CLI)› A text-based interface › Enables entering and executing Cisco IOS commands to configure,
monitor, and maintain Cisco devices › Can be used for either in-band or out-of-band management tasks› Offers many time-saving features for creating both simple and
complex configurations
2. Security Device Manager (SDM)› A web-based GUI device management tool› Simplifies the initial router configuration› Uses a step-by-step approach to create a basic router
configuration quickly and easily› Can ONLY be used for in-band management tasks› Does not support all the CLI commands
SDM is available only on later versions of the IOS and recent router models (1841)
Configuration Files
The router configuration files contain the commands used to determine how the device operates on the network.
Startup Configuration File› The permanent, saved configuration file, used to operate
the router› Stored in NVRAM
Running Configuration File› The current version of the configuration file, which is held
in RAM memory› The Running configuration must be saved to NVRAM in
order for changes to be permanent Command to save the configuration:
› Router#copy running-config startup-config› Router#copy run start
Best Practices
When adding a new device to a network, it is critical to ensure that the device functions correctly.
The addition of one poorly configured device can cause an entire network to fail.
Configuring a networking device, such as a router, can be a complex task, no matter which tool is used to enter the configuration
Always follow best practices for installing a new device to ensure that all device settings are properly configured and documented.
5.2: Cisco SDM
Cisco SDM Express and Cisco SDM can be used to configure a router with a GUI browser-based interface› Cisco SDM Express is a tool in SDM that makes
it easy to create a basic router configuration› SDM has more advanced configuration options› After a basic configuration is completed using
SDM Express, many users switch to SDM To use SDM Express:
› Connect an Ethernet cable from the PC’s NIC to the Ethernet port on the router
Cisco SDM Express
SDM Express allows you to do a basic router configuration using these 8 screens:
Overview Basic configuration
› Hostame, Passwords LAN Configuration
› IP Address settings for the LAN interface DHCP
› Allows you to configure the router as a DHCP server Internet (WAN)
› Configuration of the WAN interface for connecting to the ISP or to another router
› Must configure the encapsulation type and the method for obtaining a WAN IP address
Firewall Security settings Summary
SDM WAN Connections A router’s WAN interfaces use a serial
connection to connect networks together› Router to Router connection or Router to ISP
connection› Serial connections are lower speed links, than
Ethernet links WAN Connection Configuration:
› The protocol encapsulation must be the same at both ends of a serial connection.
› Some types require authentication parameters Serial Encapsulation types:
› High-Level Data Link Control (HDLC)› Frame Relay› Point-to-Point Protocol (PPP)
WAN Addressing
WAN Interface Configuration Involves:› Set the Encapsulation Type
High-Level Data Link Control (HDLC) Frame Relay Point-to-Point Protocol (PPP)
› Choose the Address Type – how the serial interface will obtain its WAN IP address1. Static IP address
Supported by Frame Relay, PPP, and HDLC
2. IP unnumbered Sets the serial interface address to match the IP address of one of
the other router interfaces Supported by Relay, PPP, and HDLC
3. IP negotiated The router obtains an IP address automatically through PPP
4. Easy IP The router obtains an IP address automatically through PPP
SDM NAT Configuration
A router can also be configured as a NAT server with SDM› Enables hosts on the internal local network to share
a single registered IP address assigned to the WAN interface
› Not available in the Express version The Basic NAT Wizard configures Dynamic NAT
with PAT, by default NAT configuration Involves
› Step 1. Enable NAT configuration using SDM.› Step 2. Navigate through the Basic NAT Wizard.› Step 3. Select the interface and set IP ranges.› Step 4. Review the configuration.
5.3: Cisco CLI
The Cisco CLI is a text-based interface available on all Cisco devices running an IOS
IT enables entering and executing Cisco IOS commands to configure, monitor, and maintain Cisco devices
Can be used for either in-band or out-of-band management tasks
Offers many time-saving features for creating both simple and complex configurations
5.3: CLI Access
There are 2 main levels of access to the CLI: › User EXEC mode› Privileged EXEC mode
Both modes can be protected with a password, or a username and password combination.
CLI Modes Various modes are available in the router IOS, and each is used for
a different purpose: › User mode
for limited viewing of status
› Privileged exec mode view status, troubleshooting, configuring Type enable to enter this mode
› Global configuration mode Configuring general router parameters Type config t to enter this mode
› Interface configuration mode Configuring LAN and WAN interfaces Type Int [interface name] to enter this mode
› Router configuration mode Configuring routing protocols
Type router [routing protocol] to enter this mode
› Line configuration mode Configuring port parameters, for console and telnet sessions
Type line [line type] to enter this mode
Password: cisco
Router> enable
Router# config t
Router (config)#
router rip line con 0 int s0
Router Config Mode Line config Mode Interface Config Mode
Router(config-router#) Router(config-line#) Router(config-if#)
ctrl Z Exit
Router Modes
User Mode
Privileged Exec Mode
Global Config Mode
User Exec Mode
The router boots into this mode by Default
Indicated by the prompt: › Router>
Used for viewing information about how the device is operating, and limited troubleshooting
Privileged Exec Mode
Used to enter commands that can alter the operation of the device
You can change into privileged EXEC mode by using the enable command› Router> enable
Indicated by the prompt› Router#
To disable the privileged mode and return to user mode, enter the disable command› Router# disable
Global Configuration Mode
Allows you to change the configuration of a router
Can enter simple configuration commands like assigning a name to the router, setting a message of the day, and assigning hostnames to the routers
Enter Configure Terminal or config t to get to global config mode
Router# config tRouter(config)#
Router configuration Mode
Allows you to set up routing protocols on the router
Type router rip or router igrp to get into router config mode
Router(config)# router ripRouter(config-router)#
Line config Mode
Allows you to configure passwords for the console connection, the 5 telnet session lines, and the auxillary line for an outside modem connection
Enter the name of a line to get to this mode: ex.
Line con 0 or line vty 0 4
Router(config)# line con 0Router(config-line)#
Interface config mode
Allows you to set things like IP addresses and subnet masks for interfaces
Enter the name of an interface to get to this mode: ex. int s0
Router(config)# int serial 0Router(config-if)#
Show Commands Show commands display important information about the
configuration and operation of the device Network technicians use the show commands extensively for
viewing configuration files, checking the status of device interfaces and processes, and verifying the device operational status.
Show commands are available whether the device was configured using the CLI or SDM.
The status of nearly every process or function of the router can be displayed using a show command:
› show running-config› show interfaces› show arp› show ip route› show protocols› show version
Show Run Shows the contents of
the running configuration file
Use to check a configuration after it has been completed and to troubleshoot a router
Includes:› Hostname› Passwords› Interface addressing› Routing protocols› DNS host entries› Static Routes› Default Routes
Show Interfaces Shows the status of all
of the Router Interfaces
Can use to troubleshoot Interface connections
Includes:› Status of interface
(up/down)› Packet information
Show IP Route
Shows the contents of the routing table Shows networks (routes) that the router knows
about, including default and static routes Also shows how the routes were learned
Show Version
Shows information about the Router hardware and software
Also shows the setting of the configuration-register (which determines how the router boots)
Basic Router Configuration A Basic Router configuration includes:
1. Assign the device a name: Hostname2. Set the password for accessing privileged mode3. Configure Banner messages4. Set passwords for console and telnet connections
to the router5. Configure Interfaces with IP addressing
information and enable them6. Configure a default route so the router can find
other routers7. Configure DNS host name entries for the DNS table 8. Configure parameters to simply working in the CLI
– password encryption, disable DSN lookup, turn off status messaging
9. Verify the configuration10.Save the configuration
Hostname and Password Configure a device name
› Router (config)# hostname [name]› Router (config)# hostname NewYork
Configure passwords for router access› Router (config) # enable password [password]› Router (config) # enable password cisco› Router (config) # enable secret [password]› Router (config) # enable secret class
Enable password: a password for privileged mode that’s not encrypted
Enable secret: a password for privileged mode that is encrypted
Banners
A banner is text that a user sees when initially logging on to the router.
Configuring an appropriate banner is part of a good security plan.› At a very minimum, a banner should warn against unauthorized
access. There are two types of banners:
› message-of-the-day (MOTD) › Login information
Configure Banners› Router (config) # banner motd #hello#› Router (config) # banner login #welcome#
A delimiting character, #, is used at the beginning and at the end of the message.
If both banners are configured, the login banner appears after the MOTD but before the login credentials.
Console and Telnet ports
There are multiple ways to access a device to perform configuration tasks1. Console connection
A PC attached to the console port on the device
2. Vty connection A telnet connection through the network
Setting a password for console and telnet connection access prevents unauthorized users from accessing user mode from the console port or a telnet session
Console Port Configuration
A console connection is frequently used for initial device configuration.
The console port is named console 0 Console Port Configuration
› Router(config)# line console 0› Router(config)# password [password]› Router(config)# login
Vty Port Configuration
When a device is accessed through the network (with telnet), it is considered a vty connection› 5 telnet sessions are supported at a time, so
there are 5 vty ports: vty 0 through vty 4› You can configure each one separately, or all
5 at once Telnet Port (vty port) Configuration
› Router(config)# line vty 0 4› Router(config)# password [password]› Router(config)# login
Router Interfaces
To direct traffic from one network to another, router interfaces are configured to participate in each of the networks
A router interface connecting to a network must have an IP address and subnet mask that is within the host range for the connected network or subnet
There are different types of interfaces on a router.
Serial and Ethernet interfaces are the most common.
Interface Types
Local network connections use Ethernet interfaces.
WAN connections require a serial interface, which connects to an ISP device› serial interfaces require a clock signal to
control the timing of the communications, called a clock rate.
› In most environments, data communications equipment (DCE) devices, such as a modem or CSU/DSU, provide the clock rate
WAN Interface Connections A serial interface on a router provides a WAN connection to the
ISP. There are different ways the router can connect to the ISP WAN
network DCE Devices
› The ISP equipment that provides the clocking rate for the serial communication over the WAN link a CSU/DSU is used if the WAN is digital. A modem is used if the WAN is analog
› These devices convert the data from the router into a form acceptable for crossing the WAN, and convert data from the WAN into an acceptable format for the router.
DTE Devices› Routers are considered data terminal equipment (DTE) devices,
because they accept the clock rate from the DCE device When 2 routers are directly connected, a back to back serial
cable with a DCE end and a DTE end is used. The serial interface connected to the DCE end of the cable is configured with a clock rate for timing.
Interface Configuration
Step 1: Specify the type of interface and the port number.
Step 2: Set a description of the interface.
Step 3: Configure the IP address and subnet mask.
Step 4: Set the clock rate, if configuring a serial interface as a DCE.
Step 5: Enable the interface.
Ethernet Interface configuration
1. Specify the type of interface and the port number• Router(config)#interface E0
2. Set a description of the interface• Router(config-if)#description NY LAN
3. Configure the IP address and subnet mask• Router(config-if)#ip add 192.168.14.1
255.255.255.04. Enable the interface
• Router(config-if)#no shutdown
Serial Interface configuration1. Specify the type of interface and the port number
• Router(config)#interface S0/12. Set a description of the interface
• Router(config-if)#description NY LAN3. Configure the IP address and subnet mask
• Router(config-if)#ip add 192.168.14.1 255.255.255.0
4. Set the clockrate on the DCE interface• Router(config-if)#clockrate 56000
5. Enable the interface• Router(config-if)#no shutdown
Interface Naming There are many different types of routers, so there are
different ways to indicate interfaces The naming of an interface depends on wether it is:
› A router with Built-in interfaces› A Modular Router with interface cards› A router with multiple controllers for interface cards
Non-Modular Routers use the designation: Port #› Example: Serial0, Ethernet1, FA2 (fast ethernet)
Modular Routers use the format C/S/P or C/P› C=Controller#› S=Slot# › P=Port#
Examples: › Serial 1/0› Serial0/0/0› E1/1› FA0/1/2
Default Route A router forwards packets from one network to another
based on the destination IP address specified in the packet.
It examines the routing table to determine where to forward the packet to reach the destination network.
If the router does not have a route to a specific network in its routing table, a default route can be configured to tell the router how to forward the packet.
The default route is the IP address where packets leaving the LAN are sent when the router does not know where to send a packet.
Usually, the default route points to the next hop router on the path to the Internet.
The IP address of the next hop router must be configured on the router as the default route
Configure a Default Route
Syntax: Router(config)# ip route 0.0.0.0 0.0.0.0 [next-
hop-IP-address]
Example: Router(config)# ip route 0.0.0.0 0.0.0.0 200.10.1.1
The 0.0.0.0 0.0.0.0 indicates that all destination networks will match, so send all packets leaving the LAN to this address
DNS Host Entries
• The router keeps a DNS host name table to allow you to use the hostname of a device, instead of IP addresses, when trying to communicate with other devices.
• You can Ping or telnet to a router’s Hostname, if you have entered it into your router’s DNS host table
Syntax: Router(config)# ip host [hostname] [ip addresses of all interfaces on that host] Configuration of DNS Host entryRouter(config)# ip host LA 192.168.15.2 192.168.16.1
CLI management commands
a) Synchronous Logging › The IOS software often sends unsolicited messages, like
an interface status message, which can interrupt your commands
Disable status commands Router (config) # synchronous logging
b) Disabling Domain Lookup› When a host name is entered in enable mode, the router
assumes that the user is attempting to telnet to a device. › The router tries to resolve unknown commands entered in
enable mode by sending them to the DNS server Disable DNS Lookup
Router (config) # no ip domain-lookup
CLI management commands
c) Password Encryption Unless you use the command service
password-encryption, passwords other than the enable secret, are stored in the running-configuration in clear text.
You can verify passwords with the show running-config command.
Configure password encryption› Router# show running-config › Router# service password-encryption
Router Configuration Summary Enter into Privileged Exec mode
› Router> Enable Enter into Global Configuration Mode
› Router # Configure terminal
1. Configure Hostname› Router(config)#hostname [name]
2. Configure Password for privileged exec mode› Router(config)#enable password [password]OR› Router(config)#enable secret [password]
enable password is not encrypted by default
3. Configure Banners› Router(config)#banner motd › Router (config)#banner login
Router Configuration Summary
4. Configure Passwords for Console and Telnet connections
› Router(config)# line console 0› Router(config)# password [password]› Router(config)# login
› Router(config)# line vty 0 4› Router(config)# password [password]› Router(config)# login
Router Configuration Summary5. Configure Interfaces
• Router(config)#interface S0/1• Router(config-if)#description NY LAN• Router(config-if)#ip add 192.168.14.1
255.255.255.0• Router(config-if)#clockrate 56000• Router(config-if)#no shutdown
6. Configure a Default Route› Router(config)# ip route 0.0.0.0 0.0.0.0
200.10.1.1
7. Configure Host name entries for DNS table5. Router(config)#ip host NY 192.168.1.1
192.168.2.1 192.168.3.2
Router Configuration Summary
8. Configure CLI Administrative Tasksa) Password Encryption
› Router(config)# service password-encryption
b) Turn off unwanted messages
› Router(config)# logging synchronous c) Disable DNS lookup
› Router(config)# no ip domain-lookup Back out of config mode
› Router(config-line)#ctrl z9. Check your configuration
› Router#show run10.Save the configuration
› Router#copy run start
TestingTo verify that your network is up and
running, do each of the following: Show Interfaces: Make sure each interface
shows a message like:“Serial 0 is up, Line Protocol is up” Ping a host on your LAN Ping the Hostname of any routers
connected to you, to test your DNS table If you can NOT Ping a Router with it’s
hostname, then Ping each interface on the router connected to you, to make sure it is receiving packets and narrow down the problem
Telnet to each router connected to you, using it’s hostname
Important Router Commands Enable: to enter privileged exec mode Config t: enter into global config mode Exit: back out 1 CLI mode level at a time Ctrl Z : back all the way out to
privileged exec mode Erase start: erases the startup config Reload: reboots the router Show run: check the running config Show interface: shows interface status
Tftp Backup of configuration
It is a good idea to save a router’s configuration file in another location, such as a network server or tftp server
A tftp server uses Trivial File Transfer Protocol to transfer files between devices over a network connection
The TFTP server and router must be able to communicate through a LAN connection
To Perform a tftp Backup:› Step 1: Enter the copy startup-config tftp command. › Step 2: Enter the IP address of the TFTP server where
the configuration file will be stored.› Step 3: Enter the filename to assign to the configuration
file or accept the default.› Step 4: Confirm each choice by answering yes.
Restore a backup with tftp To restore the backup configuration file, the router must
have at least one interface configured and be able to access the TFTP server over the network. › Step 1: Enter the copy tftp running-config command. › Step 2: Enter the IP address of the tftp server where the
config file is stored› Step 3: Enter the name of the configuration file or accept
the default name. › Step 4: Confirm the configuration filename and the TFTP
server address.› Step 5: Use the copy run start command to copy the
running-configuration to the startup-configuration file to save it
it is also possible to copy the tftp file to the startup configuration file. › this requires a router reboot in order to load the startup
configuration file into the running configuration.
Save a Configuration File as Text Another way to create a backup copy of the configuration is to
capture the output of the show running-config command as a Text file.
To do this from the terminal session you can use the Capture Text function
To capture the configuration from a HyperTerminal screen.› Step 1. Select Transfer > Capture Text› Step 2. Specify a name for the text file to capture the configuration. › Step 3. Select Start to start capturing text. › Step 4. Type the show running-config command to display the configuration
on the screen. › Step 6. Press the spacebar when each "-More -" prompt appears. › Step 7. After the complete configuration has been displayed, Select Transfer
> Capture Text > Select Stop Edit the Text file:
› The configuration file must be edited to remove extra text and add a few› Remove:
Extra messages: "building configuration“ -More- Messages Any extra symbols, ex. ------ or !!!!!!
› Add: the no shutdown command to the end of each interface section.
Restore a Configuration from a saved Text File
The saved text configuration file can also be restored from a HyperTerminal session.
Before the configuration is restored, you must: › Erase the current configuration: erase startup-
config› Reboot the router: reload
Restore a saved Config File› Step 1: Enter router global configuration mode. › Step 2: Select Transfer > Send Text File in
HyperTerminal. › Step 3: Select the name of the file› Step 4: Save the configuration with the copy run
start command
Configure DHCP
The Cisco IOS CLI can be used to configure a router to function as a DHCP server.
Using a router configured with DHCP simplifies the management of IP addresses on a network.
Configure DHCP
Step 1: Create a DHCP address pool. Step 2: Specify the network or subnet. Step 3: Exclude specific IP addresses
› Exclude static addresses that will be used for router interface and servers
Step 4: Specify the domain name. Step 5: Specify the IP address of the DNS
server. Step 6: Set the default gateway. Step 7: Set the lease duration. Step 8: Verify the configuration.
Configure NAT NAT enables hosts with internal private addresses to
communicate on the Internet. The Interface connected to the Internal LAN is
configured as the inside interface. The External Interface, connected to the Internet, is
configured as the outside interface› When devices on the internal network communicate out
through the external interface, the addresses are translated to one or more registered IP addresses.
Static NAT allows a server located on the internal network to be accessible from the Internet. › The server must have a specific registered address that
external users can specify. › Static NAT ensures that addresses assigned to hosts on the
internal network are always translated to the same registered IP address.
Configuring Static NAT
Step 1: Specify the inside interface to use. Step 2: Set the primary IP address of the inside
interface. Step 3: Identify the inside interface using the ip
nat inside command. Step 4: Specify the outside interface to use. Step 5: Set the primary IP address of the
outside interface. Step 6: Identify the outside interface using the ip
nat outside command. Step 7: Define the static address translation. Step 8: Verify the configuration.
Step 8: Verify
There are several router CLI commands to view NAT operations for verification and troubleshooting. › show ip nat translations
shows static and dynamic NAT translations displays the detailed NAT assignments
› show ip nat statistics displays information about the total number of active
translations, NAT configuration parameters, how many addresses are in the pool, and how many have been allocated.
› show run view NAT configurations
› clear ip nat translation * To clear dynamic entries before the timeout has expired
5.4: Installing CPE
One of the main responsibilities of an on-site network is to install and upgrade equipment located at a customer home or business.
Network devices installed at the customer location are called customer premises equipment (CPE):› Routers, Modems, and Switches
The installation or upgrade of a router can be disruptive for a business.
New equipment is typically configured and tested at the ISP site before being installed at the customer site
Planning CPE Installs
Planning the installation or upgrade of CPE is a critical step in ensuring successful operation: › Determine the configuration of the router to
meet customer needs › Determine network software that may be
affected by the new installation or upgrade› Develop a procedure to verify the router
configuration› Complete a configuration checklist
Configuration Checklist The configuration checklist provides a list of
the most commonly configured components. It includes an explanation of each
component and the configuration setting
Installing CPE
Use inventory and configuration checklists and an installation plan to ensure successful installation
Connecting the CPE to the ISP
Complete the job in a professional manner:› Network cables are labeled and fastened
together or run through proper cable management equipment
› Excess lengths of cable are coiled and secured out of the way
› Documentation should be updated › Network diagrams should be updated to show the
location of the equipment and cables installed› Installation Checklist if verified by the Employer
WANs and TSPs
WANs: Wide Area networks that connect LANs in geographically separated locations
TSP : Telecommunications service provider network› large regional networks that can span long
distances› used to interconnect LANs that are
geographically separated› Connections are leased by organizations› ISPs sell various types of WAN connections to
their clients
Types of WAN connections WAN connections vary in:
› type of connector used› Bandwidth› cost
Types of serial WAN connections through ISP:
Point-to-point Circuit-switched Packet-switched
PPP
A predefined communications path from the customer premises through a TSP network
A dedicated circuit with fixed bandwidth available at all time
A Leased Line from the TSP Most expensive type
› prices based on the bandwidth required and the distance between the two connected points
› Ex. T1 or E1 link
Circuit-Switched
Functions similarly to the way a phone call is made over a telephone network
A connection, or circuit, is made only when needed, and then closed when the communication is complete
Examples: › ISDN› Dialup connection
Packet Switched
Many customer networks have connections into the TSP switched network
Each customer has its own virtual circuit› A logical path between the sender and
receiver, not a physical path. Example: Frame Relay
Configuring WAN connections
How a WAN is configured depends on the type of WAN connection required› Leased-lines:
Use a serial connection Use a channel service unit/data service unit
(CSU/DSU) to attach to the ISP network
› 2 Configurations must be made for a Serial WAN connection:1. clock rate
set by the DCE device, which is typically the CSU/DSU. DTE device, typically the router, accepts the clock rate
set by the DCE
2. Serial Encapsulation Type3. Cisco default serial encapsulation is HDLC
5.5: LAN Switches
A LAN switch is a device that directs traffic between network segments› Frames are forwarded between switch
ports based on their destination MAC address
A switch cannot route traffic between two different local network segments
A switch performs Layer 2 functions (Data Link Layer)
Communication Modes
Switch ports support 2 methods of communication:› Half-duplex mode
A host on that port can either send or receive data but not both at the same time
› Full-duplex mode A host on that port can simultaneously send
and receive data, doubling the throughput› Both the port and the connected device must
be set to the same duplex mode If they are not the same, a duplex mismatch
occurs, which can lead to excessive collisions and degraded communication
Autonegotiation
The speed and duplex can be set manually, or the switch port can use autonegotiation› Allows the switch to auto-detect the speed and
duplex of the device that is connected to the port
› Enabled by default on many Cisco switches Both devices must support autonegotiation
› If the switch is in autonegotiation mode and the connected device does not support it, the switch uses the speed of the other device (10, 100, or 1000) and is automatically set to half-duplex mode
New Switch Install Check switch components Connect cables to the switch Power up the switch and observe POST
› POST is completed when the SYST LED rapidly blinks green
› If the switch fails POST, the SYST LED turns amber.
Switch Configuration There are several ways to configure and manage a Cisco LAN
switch:› Cisco Network Assistant› Cisco Device Manager› Cisco IOS CLI› CiscoView Management Software› SNMP Network Management Products
Some of these methods use IP connectivity or a web browser to connect to the switch, which requires an IP address.
Unlike router interfaces, switch ports are not assigned IP addresses.
use an IP-based management product or Telnet session to manage a Cisco switch, it is necessary to configure a management IP address on the switch.
If the switch does not have an IP address, it is necessary to connect directly to the console port and use a terminal emulation program to perform configuration tasks.
Management IP Address
Switch Ports are not assigned IP Addresses To use an IP-based management product
or Telnet with a Cisco switch, you must configure a management IP address.
To assign an address to a switch, the address must be assigned to a virtual local area network (VLAN) interface› A VLAN allows multiple physical ports to be
grouped together logically› By default, there is one VLAN, preconfigured in
the switch, VLAN1, that provides access to management functions.
Switch Configuration1. Configure a hostname2. Configure a privileged mode Password3. Configure Console and Telnet passwords4. Configure Banners5. Enable Password Encryption6. Configure the Default gateway
› Switch(config)# ip default-gateway 192.168.1.1
7. Configure a management IP address on VLAN 1› Switch(config)# interface vlan 1› Switch(config-if)# ip address 192.168.1.2
255.255.255.0
8. Save the Configuration› Switch# Copy run start
Connect the Switch to a Router
To connect the switch to a router, use a straight-through cable
Verify that VLAN1 and the router are on the same network with show run
Test the connection by pinging the default gateway
Connect PCs to the switch with straight-through cables
Port Security
Switch ports can be an unwanted entry point to the network by unauthorized users
To prevent this, switches provide a feature called port security› Limits the number of valid MAC addresses
allowed per port› The port will ONLY forward packets for source
MAC addresses that are defined in the security settings
There are 3 ways to configure port security.1. Static2. Dynamic3. Sticky
Static Port Security
Static Port Security: MAC addresses that are allowed to connect to the port are manually assigned
Static MAC addresses are stored in the address table and added to the running configuration
Configuration:› Switch(config)# interface fa 0/5› Switch(config-if)# switchport mode access› Switch(config-if)# switchport port-security
<MAC address>
Dynamic Port Security
Dynamic Port Security: MAC addresses that are allowed to connect to the port are dynamically learned and stored in the address table› The maximum number of addresses learned can be
controlled› By default, the maximum is 1› MAC Addresses are only temporarily stored in the
table and in RAM – if the switch is restarted, they are dumped
Configuration:› Switch(config)# interface fa 0/5› Switch(config-if)# switchport mode access› Switch(config-if)# switchport port-security
Sticky Port Security
Sticky Port Security: MAC addresses that are allowed on the port are learned dynamically, but then they are saved to the running config file› Once the maximum # of MAC addresses is reached, the
port will shut down› The learned addresses are stored in the table and the
running config file permanently Configuration
› Switch(config)# interface fa 0/5› Switch(config-if)# switchport mode access› Switch(config-if)# switchport port-security› Switch(config-if)# switchport port-security maximum
5 › Switch(config-if)# switchport port-security mac-
address sticky
Security Violations Port security is disabled by default on a Cisco switch Before port security can be activated, the port must be set to
access mode If port security is enabled, a violation will result in the port
being shutdown A security violation occurs when:
1. The max number of secure MAC addresses has been added to the address table, and another device attempts to access the interface.
2. An address learned or configured on one secure interface is seen on another secure interface in the same VLAN
Example: › If dynamic port security is enabled and the maximum number of
MAC addresses per port is one, the first address learned becomes the secure address
› If another workstation attempts to access the port with a different MAC address, a security violation occurs.
› The port will shut down
Verify Port Security
Switch# show port-security interface fa 0/2› Shows maximum allowed number of secure MAC
addresses for that interface› Shows number of secure MAC addresses on the
interface› Shows number of security violations that have
occurred on that port› Shows the violation mode
Switch# show port-security address› displays the secure MAC addresses for all ports › Includes static, dynamic and sticky
Switch# show port-security› displays the port security settings for the switch
Clearing Sticky Port Security
Switch# show running-config › Displays the MAC address associated with a
specific port when using sticky port security 3 Ways to clear learned MAC Addresses
1. Clear sticky addresses Switch(config-if)# clear port-security sticky
interface fa 0/2 access Shutdown the port (Switch(config-if)#shutdown) Re-enable the port (Switch(config-if)# no shutdown)
2. Disable port security and then Re-enable Switch(config-if)# no switchport port-security Switch(config-if)# switchport port-security
› Reboot the switch
Disabled Ports
If there are any ports on a switch that are unused, the best practice is to disable them
Cisco Discovery Protocol Cisco Discovery Protocol (CDP) is an
information-gathering tool used on a switch, ISR, or router to share information with other directly connected Cisco devices. › By default, CDP begins running when the device boots
up.› It then sends periodic messages, known as CDP
advertisements, to any directly connected networks. CDP operates at Layer 2 only and can be used on
many different types of local networks, including Ethernet and serial networks. › It can be used to determine the status of a directly
connected link when no IP address has been configured, or if the IP address is incorrect.
› Viewing CDP information does not require logging in to the remote devices.
CDP Neighbors Two Cisco devices that are directly connected on the
same local network are referred to as being neighbors. The concept of neighbor devices is important to
understand when interpreting the output of CDP commands.
Information gathered by CDP includes:› Device identifiers - Configured host name› Address list - Layer 3 address, if configured› Local Interface – The port on the current router or switch
that the neighbor device is connected to › Port identifier – The port on the neighbor device that is
connected to your device; for example, serial 0/0/0› Capabilities list - Function or functions provided by the
device › Platform - Hardware platform of the device; for example,
Cisco 1841
Enabling/Disabling CDP
Disable CDP on the entire router or switch
Disable CDP on just 1 interface
If CDP is disabled globally, to re-enable it you must:• Enable it globally
• (Router(config)# cdp run)• Enable it on each interface
• (Router(config)# cdp enable)
Viewing CDP Information
Router# show cdp neighbors› Shows a summary for each directly connected device› Includes:
Device name Local interface – the Interface it’s connected to Hardware platform Device capabilities Port ID - the port it is using to connect to your device
Router# show cdp neighbors detail› Shows more in-depth details about each device› Includes:
IP Address of the device’s connected port (if it’s configured)
IOS software version
top related