Cisco router is a device that transfers data packets between different networks. Different IP network cannot communicate each other without a router. Routers do this job successfully by sending a packet from one IP network to another IP network. This process is called routing.The router needs some configurations before it can be used for routing. Here in this article, we will explain the initial configuration of the router.
I explain packet tracer in one of my previous article and its available for download. here in this article, we will use packet tracer for demonstration. You can also use any other network simulator software such as Boson, GNS. You may use a real Cisco device in place of simulators.
When a new Cisco router boots up for the first time or a time when there is no configuration on the router, it asks the user if they want to run through a list of prompts to configure the router; Most Cisco professional ignore this initial setup wizard because of the lack of a better word. They like to configure the router manually. The initial setup mode screen is shown in Figure 1:
When a Cisco router is initially booted there are nothing configured, the only thing that is needed to configure the router is a console cable. Once a connection is established the basic configuration of the device can be made, all initial configuration will be covered next in this article. The first prompt, if the user says “no” to the setup wizard, the user will see is a user exec mode prompt, as shown below:
Router>
As we learn in the previous article that Cisco IOS supports various command line interface modes, among those followings, are the main command modes.
- User EXEC Mode
- Privileged EXEC Mode
- Global Configuration Mode
- Interface Configuration Mode
- Sub-Interface Configuration Mode
- Setup Mode
- ROM Monitor Mode
To navigate between these modes we need to execute specific commands:
Mode | Prompt | Command to enter | Command to exit | |
User EXEC | Router > | Default mode after booting. Log in with the password, if configured. | Use exit command | |
Privileged EXEC | Router # | Use enable command from user exec mode | Use exit command | |
Global Configuration | Router(config)# | Use configure terminal or config t command from privileged exec mode | Use exit command | |
Interface Configuration | Router(config-if)# | Use interface type number command from global configuration mode | Use exit command to return to global configuration mode | |
Sub-Interface Configuration | Router(config-subif) | Use interface type subinterface number command from global configuration mode or interface configures mode | exit command to return the previous mode. Use end command to return to privileged exec mode. | |
Setup | Parameter [Parameter value]:
| Router will automatically insert in this mode if running configuration is not present | Press CTRL+C to abort. Type yes to save the configuration, or no to exit without saving when asked at the end of setup. | |
ROMMON | ROMMON> | Enter reload command from privileged exec mode. Press CTRL + C key combination or break key during the first 60 seconds of booting process | Use exit command. | |
Change Default Router Name
This changes the router prompt and helps differentiate the device from others. By default, "Router" name is configured on each router. We can configure any name on the router. To do this hostname command will be used in global configuration mode. For example!
Router> Router>enable Router#configure terminal Router(config)#hostname Rawalpindi Rawalpindi(config) |
Configure password on Cisco router
The router is an important device of any network. It supports multiple networks and can connect multiple lines for management. We need to secure each management line.
Secure console port
Console and Telnet are the most commonly used line types on a Cisco router. The console line allows a local user to access the router when physically connected to the console port. By default, console port has not configured with any password so any user with physical access can connect. To block this access, a password can be configured on the console line. To configure a password the user must access the console line configuration mode using the ‘line console 0' command and issue the ‘password password' command, as shown below on Rawalpindi router:
Rawalpindi(config)#line console 0 Rawalpindi(config-line)#password cisco Rawalpindi(config-line)#login Rawalpindi(config-line)#exit Rawalpindi(config)# |
Enable telnet access on Cisco router
Telnet is used to connect remotely when a router has configured at least one interface and also configured the password for telnet. Depending on the model number and IOS software version router may support the various number of VTY connections. VTY is the name for telnet and SSH connection. By default only first five VTYs connections are enabled. But when you try to connect them remotely you will get following message “Password required but none set” This message give warning that password is not set on VTY lines.
On most Cisco routers the VTY lines that are used for Telnet connections are labeled from 0 through 4 total of 5 lines. To gain access to this mode the ‘line vty 0 4' command is used. Following is the procedure to configure telnet access to the router.
Rawalpindi(config)#line vty 0 4 Rawalpindi(config-line)#password cisco Rawalpindi(config-line)#login Rawalpindi(config-line)#exit Rawalpindi(config)# |
Secure the privileged EXEC mode and encrypt all password
The enable secret is the command which secures the user privileged mode. And by the help of service password encryption, we can encrypt all password which is saved in the configuration file. The method to secure privileged EXEC mode is following:
Rawalpindi(config)#enable secret cisco Rawalpindi(config)service password-encryption |
Configure Login banner
We can configure two types of the banner on Cisco routers “MOTD” and “Exec” banner. banner exec command is not available in packet tracer. In packet tracer, we can practice only with banner MOTD command. Both commands work in same way. Only the place of a display is different between both commands. An EXEC banner will display after login and MOTD banner will display before the login. Following is the procedure to configure MOTD banner.
Rawalpindi(config)#banner motd # Enter TEXT message. End with the character '#'. Warning: Unauthorized access is prohibited! # |
Save the configuration
Configuration can be saved from user privileged mode and it can be also saved from global configuration mode using following commands.
Saving in user privileged mode
Rawalpindi#write Building configuration... [OK] Rawalpindi#wr Building configuration... [OK] Rawalpindi# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] |
Apply the same command with “do” followed by the above mention commands in global configuration mode to save the configuration. For example “ do write or do copy running-config startup-config”
No comments:
Post a Comment