Cisco Networking Academy, Hands-on Course!
Ghifari Nur · Follow
Published in · 6 min read · Feb 19, 2021
--
10.0.1 — Why should I take this module?
Routing packets is very similar to a relay. As you know, routing tables are created and used by routers to forward packets from their local networks on to other networks. But a router cannot create a routing table or forward any packets until it has been configured.
10.0.2 — What will I learn in this module?
Module Title: Basic Router Configuration
Module Objective: Implement initial settings on a router and end devices.
10.1.1 — Basic Router Configuration Steps
The following tasks should be completed when configuring initial settings on a router.
- Configure the device name.
Router(config)# hostname hostname
2. Secure privileged EXEC mode.
Router(config)# enable secret password
3. Secure user EXEC mode.
Router(config)# line console 0
Router(config-line)# password password
Router(config-line)# login
4. Secure remote Telnet / SSH access.
Router(config-line)# line vty 0 4
Router(config-line)# password password
Router(config-line)# login
Router(config-line)# transport input {ssh | telnet}
5. Secure all passwords in the config file.
Router(config-line)# exit
Router(config)# service password-encryption
6. Provide legal notification.
Router(config)# banner motd delimiter message delimiter
7. Save the configuration.
Router(config)# end
Router# copy running-config startup-config
10.1.2 — Basic Router Configuration Example
In this example, router R1 in the topology diagram will be configured with initial settings.
To configure the device name for R1, use the following commands.
Router> enable
Router# configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Router(config)# hostname R1
R1(config)#
The following commands secure privileged EXEC mode and user EXEC mode, enable Telnet and SSH remote access, and encrypt all plaintext (i.e., user EXEC and VTY line) passwords.
R1(config)# enable secret class
R1(config)#
R1(config)# line console 0
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# exit
R1(config)#
R1(config)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)#
R1(config)# service password-encryption
R1(config)#
The legal notification warns users that the device should only be accessed by permitted users. Legal notification is configured as follows.
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
***********************************************
#
R1(config)#
All configured commands would be lost. For this reason, it is important to save the configuration when changes are implemented. The following command saves the configuration to NVRAM.
R1# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
R1#
10.2.1 — Configure Router Interface
For example, the Cisco ISR 4321 router is equipped with two Gigabit Ethernet interfaces:
- GigabitEthernet 0/0/0 (G0/0/0)
- GigabitEthernet 0/0/1 (G0/0/1)
The task to configure a router interface is very similar to a management SVI on a switch. Specifically, it includes issuing the following commands:
Router(config)# interface type-and-number
Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown
description
command is not required to enable an interface, it is good practice to use it. It can be helpful in troubleshooting on production networks by providing information about the type of network connected.
The description-text is limited to 240 characters
no shutdown
command activates the interface and is similar to powering on the interface. The interface must also be connected to another device, such as a switch or a router, for the physical layer to be active.
10.2.2 — Configure Router Interface Example
To configure the the interfaces on R1, use the following commands.
R1> enable
R1# configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)# interface gigabitEthernet 0/0/0
R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up
R1(config)#
R1(config)#
R1(config)# interface gigabitEthernet 0/0/1
R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
R1(config)#
10.2.3 — Verify Interface Configuration
There are several commands that can be used to verify interface configuration. The most useful of these is the show ip interface brief
and show ipv6 interface brief
commands, as shown in the example.
R1# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down
R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#
10.2.4 — Configuration Verification Commands
The table summarizes the more popular show
commands used to verify interface configuration.
show ip interface brief
show ipv6 interface brief
show ip route
show ipv6 route
show interfaces
show ip interface
show ipv6 interface
10.3.1 — Default Gateway on Host
For example, assume an IPv4 network topology consisting of a router interconnecting two separate LANs. G0/0/0 is connected to network 192.168.10.0, while G0/0/1 is connected to network 192.168.11.0. Each host device is configured with the appropriate default gateway address.
What if PC1 sent a packet to PC3? PC1 would address the packet with the IPv4 address of PC3, but would forward the packet to its default gateway, which is the G0/0/0 interface of R1. The router accepts the packet and accesses its routing table to determine that G0/0/1 is the appropriate exit interface based on the destination address. R1 then forwards the packet out of the appropriate interface to reach PC3.
10.3.2 — Default Gateway on Switch
A switch that interconnects client computers is typically a Layer 2 device. As such, a Layer 2 switch does not require an IP address to function properly. However, an IP configuration can be configured on a switch to give an administrator remote access to the switch.
The default gateway address is typically configured on all devices that will communicate beyond their local network.
To configure an IPv4 default gateway on a switch, use the ip default-gateway ip-address
global configuration command. The ip-address that is configured is the IPv4 address of the local router interface connected to the switch.