Importance of configuration standards
3.2.1 This page explains why it is important to develop standards for configuration files within an organization.
Configuration standards can be used to control of the number of configuration files that must be maintained, how the files are stored, and where the files are stored.
A standard is a set of rules or procedures that are either widely used or officially specified. If an organization does not have standards, the network will be in chaos if a service interruption occurs.
Network management requires a centralized support standard. Configuration, security, performance, and other issues must be addressed for the network to function properly. The creation of standards for network consistency helps reduce network complexity, unplanned downtime, and events that may affect network performance.
The next page will discuss interface descriptions.
Wednesday, May 12, 2010
Configuring an Ethernet interface
Configuring an Ethernet interface
3.1.7 This page will explain how an Ethernet interface can be configured from the console or a virtual terminal line.
Each Ethernet interface must have an IP address and subnet mask to route IP packets.
To configure an Ethernet interface follow these steps:
1. Enter global configuration mode.
2. Enter interface configuration mode.
3. Specify the interface address and subnet mask.
4. Enable the interface.
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be disabled for maintenance or troubleshooting, use the shutdown command to turn off the interface.
This page concludes this lesson. The next lesson will explain how a configuration is finalized. The first page covers the importance of configuration standards.
3.1.7 This page will explain how an Ethernet interface can be configured from the console or a virtual terminal line.
Each Ethernet interface must have an IP address and subnet mask to route IP packets.
To configure an Ethernet interface follow these steps:
1. Enter global configuration mode.
2. Enter interface configuration mode.
3. Specify the interface address and subnet mask.
4. Enable the interface.
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be disabled for maintenance or troubleshooting, use the shutdown command to turn off the interface.
This page concludes this lesson. The next lesson will explain how a configuration is finalized. The first page covers the importance of configuration standards.
Making configuration changes
Making configuration changes
3.1.6 This page will explain how configuration variables can be changed in different modes.
If a configuration requires modification, go to the appropriate mode and enter the proper command. For example, if an interface must be enabled, enter global configuration mode, enter interface mode, and issue the command no shutdown.
To verify changes, use the show running-config command. This command will display the current configuration. If the variables displayed are not correct, the environment can be changed in the following ways:
• Issue the no form of a configuration command.
• Reload the system to return to the original configuration file from NVRAM.
• Copy an archived configuration file from a TFTP server.
• Remove the startup configuration file with the erase startup-config, then restart the router and enter setup mode.
To save the configuration variables to the startup configuration file in NVRAM, enter the following command at the privileged EXEC prompt:
Router#copy running-config startup-config
The next page will teach students how to configure an Ethernet interface
3.1.6 This page will explain how configuration variables can be changed in different modes.
If a configuration requires modification, go to the appropriate mode and enter the proper command. For example, if an interface must be enabled, enter global configuration mode, enter interface mode, and issue the command no shutdown.
To verify changes, use the show running-config command. This command will display the current configuration. If the variables displayed are not correct, the environment can be changed in the following ways:
• Issue the no form of a configuration command.
• Reload the system to return to the original configuration file from NVRAM.
• Copy an archived configuration file from a TFTP server.
• Remove the startup configuration file with the erase startup-config, then restart the router and enter setup mode.
To save the configuration variables to the startup configuration file in NVRAM, enter the following command at the privileged EXEC prompt:
Router#copy running-config startup-config
The next page will teach students how to configure an Ethernet interface
Configuring a serial interface
Configuring a serial interface
3.1.5 This page will explain how a serial interface can be configured from the console or through a virtual terminal line. To configure a serial interface follow these steps:
1. Enter global configuration mode.
2. Enter interface mode.
3. Specify the interface address and subnet mask.
4. Set clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected.
5. Turn on the interface.
Each connected serial interface must have an IP address and subnet mask to route IP packets. Configure the IP address with the following commands:
Router(config)#interface serial 0/0
Router(config-if)#ip address
Serial interfaces require a clock signal to control the timing of the communications. In most environments, a DCE device such as a CSU/DSU will provide the clock. By default, Cisco routers are DTE devices but they can be configured as DCE devices.
On serial links that are directly interconnected, as in a lab environment, one side must be considered a DCE and provide a clocking signal. The clock is enabled and speed is specified with the clock rate command. The available clock rates in bits per second are 1200, 2400, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, or 4000000. Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface.
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting, the shutdown command used to turn off the interface.
In the lab environment, the clockrate setting that will be used is 56000. The commands that are used to set a clock rate and enable a serial interface are as follows:
Router(config)#interface serial 0/0
Router(config-if)#clock rate 56000
Router(config-if)#no shutdown
The next page will teach students how to change configurations.
3.1.5 This page will explain how a serial interface can be configured from the console or through a virtual terminal line. To configure a serial interface follow these steps:
1. Enter global configuration mode.
2. Enter interface mode.
3. Specify the interface address and subnet mask.
4. Set clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected.
5. Turn on the interface.
Each connected serial interface must have an IP address and subnet mask to route IP packets. Configure the IP address with the following commands:
Router(config)#interface serial 0/0
Router(config-if)#ip address
Serial interfaces require a clock signal to control the timing of the communications. In most environments, a DCE device such as a CSU/DSU will provide the clock. By default, Cisco routers are DTE devices but they can be configured as DCE devices.
On serial links that are directly interconnected, as in a lab environment, one side must be considered a DCE and provide a clocking signal. The clock is enabled and speed is specified with the clock rate command. The available clock rates in bits per second are 1200, 2400, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, or 4000000. Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface.
By default, interfaces are turned off, or disabled. To turn on or enable an interface, the command no shutdown is entered. If an interface needs to be administratively disabled for maintenance or troubleshooting, the shutdown command used to turn off the interface.
In the lab environment, the clockrate setting that will be used is 56000. The commands that are used to set a clock rate and enable a serial interface are as follows:
Router(config)#interface serial 0/0
Router(config-if)#clock rate 56000
Router(config-if)#no shutdown
The next page will teach students how to change configurations.
Examining the show commands
Examining the show commands
3.1.4 This page will introduce some show commands. Many of these commands can be used to examine the contents of files in the router and for troubleshooting. In both privileged EXEC and user EXEC modes, the command show ? provides a list of available show commands. The list is considerably longer in privileged EXEC mode than it is in user EXEC mode.
Students should learn the functions of the following commands:
• show interfaces – Displays statistics for all interfaces on a router. To view the statistics for a specific interface, enter the show interfaces command followed by the specific interface slot/port number. This is shown in the following example:
Router#show interfaces serial 0/1
• show controllers serial - Displays information that is specific to the interface hardware. This command must also include the port or slot/port number of the serial interface. For example:
Router#show controllers serial 0/1
• show clock - Shows the time set in the router
• show hosts - Displays a cached list of host names and addresses
• show users - Displays all users who are connected to the router
• show history - Displays a history of commands that have been entered
• show flash - Displays information about flash memory and what IOS files are stored there
• show version - Displays information about the currently loaded software version along with hardware and device information.
• show arp - Displays the ARP table of the router
• show protocols - Displays the global and interface-specific status of any configured Layer 3 protocols
• show startup-config - Displays the saved configuration located in NVRAM
• show running-config - Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.
The Lab Activities on this page will teach students how to view router configurations with the show commands. The next page will explain how a serial interface is configured.
3.1.4 This page will introduce some show commands. Many of these commands can be used to examine the contents of files in the router and for troubleshooting. In both privileged EXEC and user EXEC modes, the command show ? provides a list of available show commands. The list is considerably longer in privileged EXEC mode than it is in user EXEC mode.
Students should learn the functions of the following commands:
• show interfaces – Displays statistics for all interfaces on a router. To view the statistics for a specific interface, enter the show interfaces command followed by the specific interface slot/port number. This is shown in the following example:
Router#show interfaces serial 0/1
• show controllers serial - Displays information that is specific to the interface hardware. This command must also include the port or slot/port number of the serial interface. For example:
Router#show controllers serial 0/1
• show clock - Shows the time set in the router
• show hosts - Displays a cached list of host names and addresses
• show users - Displays all users who are connected to the router
• show history - Displays a history of commands that have been entered
• show flash - Displays information about flash memory and what IOS files are stored there
• show version - Displays information about the currently loaded software version along with hardware and device information.
• show arp - Displays the ARP table of the router
• show protocols - Displays the global and interface-specific status of any configured Layer 3 protocols
• show startup-config - Displays the saved configuration located in NVRAM
• show running-config - Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.
The Lab Activities on this page will teach students how to view router configurations with the show commands. The next page will explain how a serial interface is configured.
Configuring router passwords
Configuring router passwords
3.1.3 This page will explain how router passwords are configured and why they are important.
Passwords restrict access to routers. Passwords should always be configured for virtual terminal (vty) lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.
The following commands are used to set an optional but recommended password on the console line:
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password
A password must be set on one or more of the vty lines for users to gain remote access to a router through Telnet. Most Cisco routers support five vty lines numbered 0 through 4. Other hardware platforms support different numbers of vty connections. The same password is generally used for all vty lines. However, a unique password can be set for one line to provide a fall-back entry to the router if the other four connections are in use. The following commands are used to set a password on vty lines:
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password
The enable password and enable secret commands are used to restrict access to the privileged EXEC mode. The enable password is only used if the enable secret has not been set. The enable secret command should be used because the enable secret command is encrypted. The enable password command is not encrypted. The following commands are used to set the passwords:
Router(config)#enable password
Router(config)#enable secret
Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands. This command is used to encrypt passwords in configuration output:
Router(config)#service password-encryption
The service password-encryption command applies a weak encryption to all unencrypted passwords. The enable secretcommand uses a strong MD5 algorithm for encryption.
The next page will examine show commands.
3.1.3 This page will explain how router passwords are configured and why they are important.
Passwords restrict access to routers. Passwords should always be configured for virtual terminal (vty) lines and the console line. Passwords are also used to control access to privileged EXEC mode so that only authorized users may make changes to the configuration file.
The following commands are used to set an optional but recommended password on the console line:
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password
A password must be set on one or more of the vty lines for users to gain remote access to a router through Telnet. Most Cisco routers support five vty lines numbered 0 through 4. Other hardware platforms support different numbers of vty connections. The same password is generally used for all vty lines. However, a unique password can be set for one line to provide a fall-back entry to the router if the other four connections are in use. The following commands are used to set a password on vty lines:
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password
The enable password and enable secret commands are used to restrict access to the privileged EXEC mode. The enable password is only used if the enable secret has not been set. The enable secret command should be used because the enable secret command is encrypted. The enable password command is not encrypted. The following commands are used to set the passwords:
Router(config)#enable password
Router(config)#enable secret
Sometimes it is undesirable for passwords to be shown in clear text in the output from the show running-config or show startup-config commands. This command is used to encrypt passwords in configuration output:
Router(config)#service password-encryption
The service password-encryption command applies a weak encryption to all unencrypted passwords. The enable secret
The next page will examine show commands.
Subscribe to:
Comments (Atom)
