• No results found

Configuring R1 – Basic router configurations

In document Cisco CCENT Lab Guide v1.0 (Page 25-35)

Material required: 1 router, 1 PC, console (rollover) cable, crossover Ethernet cable

Enabling connectivity

Objectives

This lab will guide you in configuring a router from a factory default state. The steps in this lab are very similar to the basic switch configuration, with minor (but important) differences.

Preparation

 Connect the console (rollover) cable from the PC to the Console port of the router.

 Connect the crossover Ethernet cable from the PC to the FastEthernet 0/0 port of the router.

Tasks

 Restore the router to factory defaults

 Set the host name

 Set the console password

 Set the privileged mode password

 Configure the FastEthernet 0/0 interface.

o Set the IP address and subnet mask o Configure to 100mbps/Full Duplex o Enable the interface

 Enable Telnet connectivity

 Verify the running configuration

 View the interface list summary

 Test the Telnet connection

 View currently connected users and which lines are used.

 Save the configuration

Attempt to perform all the tasks listed above before going through the walkthrough.

www.subnet192.com 26

Ci sco C CENT L a b Gu ide

Walkthrough

Connect via the console cable using a terminal emulator (Putty, Tera-term, Hyper-Terminal …) Enter privileged mode

Router>enable

Enter configuration mode

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Set the host name

Router(config)#hostname R1

Set the console password

R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#exit

Set the privileged mode password

R1(config)#enable password ciscoexec

Configure the FastEthernet 0/0 interface

R1(config)#interface fastethernet 0/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0 R1(config-if)#no shutdown

R1(config-if)#speed 100 R1(config-if)#duplex full R1(config-if)#exit

Enable Telnet connectivity

R1(config)#line vty 0 4

R1(config-line)#password remote R1(config-line)#login

R1(config-line)#transport input telnet R1(config-line)#exit

R1(config)#exit

L a b Gu ide

Verify the running configuration

The following output has been edited for space considerations.

R1#show running-config Building configuration...

Current configuration : 834 bytes

!

version 12.4

service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption

ip address 192.168.1.1 255.255.255.0 speed 100

no ip http secure-server

!

transport input telnet

! end

View the interface list summary

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.1 YES manual up up Serial0/0 unassigned YES unset administratively down down Serial0/1 unassigned YES unset administratively down down

Test the Telnet connection

www.subnet192.com 28

Ci sco C CENT L a b Gu ide

View currently connected users and which lines are used.

R1#show users

Line User Host(s) Idle Location 0 con 0 idle 00:03:35

* 66 vty 0 idle 00:00:00 192.168.1.100 Interface User Mode Idle Peer Address R1#show line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

* 0 CTY - - - - - 0 1 0/0 - 65 AUX 9600/9600 - - - - - 0 0 0/0 -

* 66 VTY - - - - - 1 0 0/0 - 67 VTY - - - - - 0 0 0/0 - 68 VTY - - - - - 0 0 0/0 - 69 VTY - - - - - 0 0 0/0 - 70 VTY - - - - - 0 0 0/0 - Line(s) not in async mode -or- with no hardware support:

1-64

Save the configuration

R1#copy running-config startup-config Destination filename [startup-config]?

Building configuration...

[OK]

L a b Gu ide

Enhancing security

Objectives

Your router has been configured in the previous lab, but could use a bit more security. Complete the following tasks to enhance the security of your router.

Tasks

 Set the secured privileged mode password to “ciscosecret”

 Set notification banners

o Message of the Day: “AUTHORIZED PERSONEL ONLY”

o Login: “ACCESS RESTRICTED”

 Encrypt all clear text passwords

 Enable SSH connectivity with local authentication. Disable Telnet.

o Create an account named “admin” with a password of “cisco”

o Use domain name “subnet192.com”

 Verify the cryptographic key

 Save the configuration

 Verify your configuration

Attempt to perform all the tasks listed above before going through the walkthrough.

www.subnet192.com 30

Ci sco C CENT L a b Gu ide

Walkthrough

Connect via the console cable using a terminal emulator (Putty, Tera-term, Hyper-Terminal …) Enter privileged mode

R1>enable

Enter configuration mode

R1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Set the secured privileged mode password

R1(config)#enable secret ciscosecret

Set notification banners (Login and Message of the Day)

R1(config)#banner login ! ACCESS RESTRICTED ! R1(config)#banner motd ! AUTHORIZED PERSONEL ONLY !

Encrypt all clear text passwords

R1(config)#service password-encryption

Enable SSH connectivity with local authentication. Disable Telnet.

R1(config)#ip domain-name subnet192.com R1(config)#username admin password cisco R1(config)#crypto key generate rsa

The name for the keys will be: R1.subnet192.com

Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys

Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]:

Generating RSA keys ...

[OK]

R1(config)#line vty 0 4 R1(config-line)#login local

R1(config-line)#transport input ssh R1(config-line)#exit

R1(config)#exit

L a b Gu ide

Verify cryptographic key

R1#Show crypto key mypubkey rsa

% Key pair was generated at: 21:31:48 EST Mar 6 1993 Key name: R1.subnet192.com

Usage: General Purpose Key Key Data:

305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00F242D9 39F85F01 A50E9A4F 37055405 2DB4D613 6C5259CF ACF5AB5B E28DFAB2 D1020301 0001

% Key pair was generated at: 08:32:29 EST Mar 7 1993 Key name: R1.subnet192.com.server

Usage: Encryption Key Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B1509F 1EDFEA0A 39F7C421 3D1F86EF 752E5937 EACADEBC F959D757 218F4068 AB020301 0001

Save the configuration

R1#copy running-config startup-config Destination filename [startup-config]?

Building configuration...

[OK]

www.subnet192.com 32

Ci sco C CENT L a b Gu ide

Verify the configuration

The following output has been edited for space considerations.

R1#show running-config Building configuration...

Current configuration : 1010 bytes

!

version 12.4

service timestamps debug datetime msec service timestamps log datetime msec service password-encryption

enable password 7 045802150C2E49560C1A

!

ip domain name subnet192.com ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3

!

username admin password 7 0822455D0A16

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0 speed 100

no ip http secure-server

!

banner login ^C ACCESS RESTRICTED ^C banner motd ^C AUTHORIZED PERSONEL ONLY ^C

!

line con 0

password 7 121A0C041104 line aux 0

line vty 0 4

password 7 1317121F041801 login local

transport input ssh

! End

L a b Gu ide

Flash and nvram management

Objectives

Managing and safeguarding the IOS image and configurations.

Preparation

 Install TFTPD32 on your PC (if not done in Lab 1)

 Create a folder on your PC with a new IOS image to upload to the router.

Tasks

 Backup the configuration to TFTP.

 View the contents of flash memory.

 Backup the current IOS image to TFTP.

 From the IOS, send a new IOS image to a switch using TFTP.

 From ROMMON, send a new IOS image to a switch using TFTP.

Attempt to perform all the tasks listed above before going through the walkthrough.

www.subnet192.com 34

Ci sco C CENT L a b Gu ide

Walkthrough

Enter privileged mode

R1>enable

Backup the configuration to TFTP

R1#copy startup-config tftp

Address or name of remote host []? 192.168.1.100 Destination filename [r1-confg]?

View the contents of the flash memory

R1#dir flash:

Directory of flash:/

1 -rw- 28542192 <no date> c2600-advipservicesk9-mz.124-23.bin 49807356 bytes total (21265100 bytes free)

Backup the current IOS to TFTP

R1#copy flash tftp

Source filename []? c2600-advipservicesk9-mz.124-23.bin Address or name of remote host []? 192.168.1.100

Destination filename [c2600-advipservicesk9-mz.124-23.bin]?

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

3721946 bytes copied in 27.988 secs (132984 bytes/sec)

From the IOS, send a new IOS image to a switch using TFTP

R1#copy tftp flash

Address or name of remote host []? 192.168.1.100

Source filename []?c2600-advipservicesk9-mz.124-23.bin Destination filename [c2600-advipservicesk9-mz.124-23.bin]?

#########################################################################################

#########################################################[ok]

R1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

R1(config)#boot system flash c2600-advipservicesk9-mz.124-23.bin R1(config)#exit

From ROMMON, send a new IOS image to a switch using TFTP

To get into ROMMON, press CTRL-BREAK during the boot sequence (power up) of the switch.

ROMMON>IP_ADDRESS=192.168.1.1

L a b Gu ide

In document Cisco CCENT Lab Guide v1.0 (Page 25-35)
Download now "Cisco CCENT Lab Guide ..."

Outline

Related documents