Basic Router Configuration
Jackline Cherotich
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
� Agenda
1.Router Components – memory types (RAM. ROM,Flash,
NVRAM), configuration register
2.Router Configuration types e.g running-con fig, startup-con
fig
3.Router Access modes – User Exec. Privileged Exec, ROM
Monitor
4.Password configuration for console, auxiliary, and vty lines
5.Configuring login banners
6.Setting up secure management protocols (SSH)
7.Configuring router interfaces- Assigning IP addresses,
enabling or disabling interfaces, Configuring interface
descriptions
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Router Versus Switch
Router and switch look similar and perform some similar functions, but
each has its own distinct function to perform on a network.
.Switch- create a networks
.Router- Connect networks
What is Router?
A router connects two or more local area networks (LANs) and acts as an
intermediary for data exchange between them. To transmit data between two
computers on different LANs, routers use the Internet Protocol (IP), which
includes the IP addresses of both the sending and receiving devices. Routers
are located between these LANs, where the transmitting and receiving
devices are linked
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�What are the components of a
Router?
The components of a router are majorly
categorized into:
1. External Components
2. Internal Components
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�External Components of a router
The external components include
Power switch and Power code- Power code is used to supply
power to the router whereas the power switch is used to power
on and power off the router
Console port- This port os to access the terminal of the device
by attaching the console
Auxillary port- It is also to access the device terminal
LAN ports- this could be Ethernet Ports, Fastethernet ports or
Gigaethernet ports
•
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
� Internal Components of a Router
The internal components include
POST(Power on Self Test ) -When the router powers on it tests itself and
find out how many modules on it and how many interfaces exits on it. It is
basically a self test that the router performs to check its hardware
ROM(Read only Memory)-Its is the memory which is used to load the
bootstrap program and searches for IOS
FLASH-It is the storage where the IOS of the router is stored
NVRAM(Non volatile Random Access Memory)-It is where the
configurations (Start up configurations)are stored permanently.
RAM(Random Access Memory)-It is the Memory that stores the
configurations temporarily (running configurations)
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Types of Memory
Cisco devices usually have four types of memory that are being used for
different purposes. These four types are:
• ROM (Read-only memory) – stores a bootstrap program that is used to
initialize a boot process. This is a read-only type of memory, so it can’t be
altered.
• RAM (Random Access Memory) – the running configuration and routing
tables of the device are stored here. This type of memory loses its content
when a device is restarted.
• Flash memory – used to store IOS software images. Can also be used to
store other files, for example backup configuration files. Retains its content
even after a device is restarted.
• NVRAM (Nonvolatile RAM) – usually used to store a startup configuration
file. This type of memory retains its content even after a device is powered
down or restarted.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Configuration Register
• It is a 16bit configuration registers in NVRAM . It controls how router boots;
• The value can be seen with “show version” command
• For most Cisco routers the value is 0x2102, which tells the router to load the
IOS from flash memory and the startup-config file from NVRAM
• When the value is set to 0x2142, that tells the router to ignore the NVRAM
configuration when rebooting
• Leading “0x” means “hexadecimal”
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Purpose of the configuration register
The configuration register can be used to change router behavior in several ways, such as:
• how the router boots (into ROMmon, NetBoot)
• options while booting (ignore configuration, disable boot messages)
• console speed (baud rate for a terminal emulation session)
• Set and display the configuration register value
• Force the router into the ROM monitor (bootstrap program)
• Select a boot source and default boot filename
• Enable or disable the Break function
• Control broadcast addresses
• Load operating software from ROM
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�How to check the configuration
register
Router# show version
Router#show version | include register
•
Configuration register is 0x2102
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�How to configure configuration
register?
There are two ways to change Config Register on a router. This can be done
both in Rommon mode and in configuration mode.
In Rommon mode, it can be change with “confreg” command. Below, we are
changing Configuration Register as 0x2142.
•
rommon > confreg 0x2142
After this configuration we should reset the router to use this new value,or to
force the router boot through this config register.
The other way is configuring on configuration mode with “config- register”
command.
•
Router# configure terminal
•
Router(config)# config-register 0x2142
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
� Where is the configuration?
•Cisco devices always stores commands in 2 configuration files;
• Startup configuration
• Running configuration
•Running configuration- stored in RAM, determines how the router is currently operating
• Is modified using the configure command
• To see it:
•Router #show running-config
• Startup confguration :Stored in NVRAM, determines how the router will operate after next reload
• Is modified using the copy command
•Router# show startup-config
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Where is the configuration?
• Can also be stored in more permanent places:
• External hosts, using TFTP, FTP, SCP, etc
• In flash memory in the router
• Copy command is used to move it around
• copy run start
• copy run tftp
• copy start tftp
• copy tftp start
• copy flash start
• copy start flash
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Router Configuration/ Access
modes
Router access modes refers to a level where you are able to perform
specific functions. If you are not at the correct level, you cannot perform the
correct function (to configure the router).
User EXEC mode—The user EXEC mode is the mode that you connect to
by default. You will know that you are in the user EXEC mode because the
router displays the host name followed by a right-angle bracket (>) symbol.
Router>
In the user EXEC mode, you can perform limited functions to check the
status of the router but cannot change the router configuration. To exit the
user EXEC mode, use the command logout.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
� Privileged EXEC mode
Privileged EXEC mode—To get from the user EXEC mode to privileged EXEC mode, use the
enable command. If an enable password (or better yet, enable secret password) has been
configured (and it should have), you are again prompted for a password. In this mode, the router
displays its host name followed by the hash (#) symbol.
•
Router> enable
•
Router#
the privileged EXEC mode, you can perform all the functions that were available in the user EXEC
mode but still cannot make any configuration changes.
have access to show and debug commands that are not available in the user EXEC mode. The
privileged EXEC mode is the path to the global configuration mode. To return to the user EXEC
mode, use the command disable.
Router# disable
Router>
Although this mode allows the user to manage device configuration and IOS image files, it does not
allow the user to change the device configuration. A user can change device configuration only
from the configuration mode.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Global Configuration Mode
As the name suggests, this mode includes the
commands that are used to configure the device. From
this mode, a user can not only configure new settings
but can also change, update or delete existing
settings.
To enter this mode, use the 'configure terminal'
command from the privileged-exec mode. To exit from
this mode, you can use the 'end' or the 'exit'
commands. You can also press the CTRL + Z key
combinations.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Navigation between User EXEC ,
Privileged EXEC and Global
configuration mode.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�ROM Monitor mode
ROM monitor mode—The ROM monitor mode is the mode the router boots
to if it cannot find a valid system image. You only need to use this mode if
you need to change the system boot parameters to include resetting the
system password. If the router has a working image installed, you need to
press the Break key during the first 60 seconds of the router boot sequence.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
� Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�How to password protect the
console port
To configure the console password, follow these steps.
Router(config)# line console 0
Router(config-line)# password CISCO
Router(config-line)# login
Login command is used for enforcing the password before
accessing user exec mode. If you don’t enter the login
command then the router will not ask for password before
entering the user exec mode
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�How to password protect the
auxillary ports
To configure the auxilary password, follow these steps.
Router#config t
Router(config)#line aux 0
Router(config-line)#password cisco
Router(config-line)#login
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�How to password protect the line
VTY LINE
• Configuring the VTY password is very similar to doing the Console and Aux
ones. There are several VTY ports . You can use the shortcut 0 4 (a zero, a
space, and 4) to set passwords for all the VTY ports at the same time. To
configure the VTY
Router#config t
Router(config)#line vty 0 15
Router(config-line)#password cisco
Router(config-line)#login
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�How to Password protect priviledge
Mode
•The Enable Password is the old form of the password for "
Privileged Mode". Here the password is stored un-encrypted.
•Router#config t
•Router(config)#enable password cisco
•Router(config-line)# Ctrl-Z
•Enable Secret provides better security since password is kept
encrypted using irreversible encryption algorithm.
•Router#config t
•Router(config)#enable secret cisco
•Router(config-line)# Ctrl-Z
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Configuring a Cisco Banner:
MOTD, Login, & Exec Banners
• Cisco banners are customized messages displayed on a terminal
when a user is trying to connect to our Cisco IOS devices via
Telnet, SSH, Console port, or Auxillary port.
• They are most commonly used to display security warnings and
informational messages.
• There are different types of banner messages, such as
Message of the day (MOTD), Login banners, and Exec banners.
• These can be displayed in the CLI before and/or after the user
logs in to a Cisco IOS device. The three are the most common
types of a banner that can be configured on a Cisco switch and
routers.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Login Banner
Unlike the MOTD Banner, it is designed to commonly
display legal notices, such as security warnings and more
permanent messages to the users.
To create a Login banner on our device, the following
command is used from the router’s global configuration
mode:
Router(config)# banner login ?Warning!Authorized personnel only.?
Router(config)#
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Banner EXEC
Banner is designed to be more of a permanent message
and would not change frequently.
To create an Exec banner on a Cisco router, the following
Exec banner command is used from the router’s global
configuration mode:
Router(config)# banner motd &Please log out immediately if you are not an
authorized administrator &
Router(config)#
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�MOTD Banner
To create a MOTD banner on a Cisco router, the
following banner MOTD command is used from the
router’s global config mode:
Router(config)# banner motd $Attention!We will be having scheduled system
maintenance on this device.$
Router(config)#
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Configuring SSH on a Cisco Device
• SSH (Secure Shell) is a secure method for remote
access as is includes authentication and encryption.
• To do this, it uses a RSA public/private keypair.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Following steps explains how to
configure SSH server in Cisco
Router.
• Step 1 - Configure an IP address for the Cisco router, if you do
not have an IP address configured for the selected interface of
Cisco Router.
• Router#configure terminal
• Router(config)#interface gigabitEthernet 1/0
• Router(config-if)#ip address 192.168.10.1 255.255.255.0
• Router(config-if)#no shutdown
• Router(config-if)#exit
• Router#
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Step 2: Configuring hostname and
Domain name
Step 2 - Configure a hostname and domain name for the Cisco Router as shown below.
Hostname and domain name are required to associate crypto keys with Cisco router.
•Router#configure terminal
•Router(config)#hostname Jackline
Jackline(config)#exit
Jackline#
•
Jackline#configure terminal
Jackline(config)#ip domain-name jackline.or.ke
Jackline(config)#exit
Jackline#
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Step 3: Generate RSA Encryption
pair
Jackline#configure terminal
Jackline(config)#crypto key generate rsa modulus
2048
...[OK]
Jackline(config)#
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Step 4: Select an SSH version
Jacklin#configure terminal
Jackline(config)#ip ssh version 2
Jackline(config)#exit
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Step 5: Create a username,
privilege level and associated
password
Jackline(config)#username Jackline privilege 15
secret Jacklinesecu
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Step 6 - Instruct Cisco Router to use SSH instead of TELNET, a
privilege level for user login via SSH and to use local user
database for authentication.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Step 6 - Instruct Cisco Router to use
SSH instead of TELNET, a privilege
level for user login via SSH and to use
local user database for authentication.
• Jackline#configure terminal
• Jackline(config)#line vty 0 15
• Jackline(config-line)#transport input ssh
• Jackline(config-line)#privilege level 15
• Jackline(config-line)#login local
• Jackline(config-line)#exit
• Jackline(config)#exit
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Configuring Router Interfaces
• Routers are not reachable by end devices until the
interfaces are configured.
• There are many different types of interfaces available
on Cisco routers. For example, Fast Ethernet
interfaces, Gigabit Ethernet interfaces:
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�• Enters global configuration mode.
• Enters the configuration mode for a Gigabit Ethernet
interface on the router.
• Sets the IP address and subnet mask for the specified
GE interface.
• Enables the GE interface, changing its state from
administratively down to administratively up.
• Configure the description. It is good practice to
configure a description on each interface. The benefits
of interface descriptions are quickly realized as they are
helpful in troubleshooting.
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Example on configuration of
interfaces
•Jackline(config)# interface gigabitethernet 0/0/0
Jackline(config-if)# ip address 192.168.10.1 255.255.255.0
•Jackline(config-if)# ipv6 address 2001:db8:acad:1::1/64
•Jackline(config-if)# description Link to LAN 1
•Jackline(config-if)# no shutdown
•Jackline(config-if)# exit
•Jackline(config)# interface gigabitethernet 0/0/1
Jackline(config-if)# ip address 192.168.11.1 255.255.255.0
•Jackline(config-if)# ipv6 address 2001:db8:acad:2::1/64
•Jackline(config-if)# description Link to LAN 2
•Jackline(config-if)# no shutdown
•Jackline(config-if)# exit
•
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Tasks on Basic Router Configuration
0) Configure the host name of each
1) Configure the IP addresses
2) Activate a password
3) Encrypt password enabled;
4) Set a secret password
5) Configure ssh on the router using the above password;
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
�Q&A
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
� THANK YOU
www.kenet.or.ke
Jomo Kenyatta Memorial
Library, University of Nairobi
P. O Box 30244-00100, Nairobi.
0732 150 500 / 0703 044 500
support@kenet.or.ke / jcherotich@kenet.or.ke
Transforming
Transforming learning education
research and workingthrough ICT
environments with ICT
