Chapter Two

1
 Network Devices
• Network devices are components used to connect computers or
other electronic devices together so that they can share files or
resources like printers or fax machines.

• Router

• A router is a special type of computer. It has the same basic

components as a standard desktop PC.

• However, routers are designed to perform some very specific

functions.
2
 Cont.
• Routers/Switches need the IOS to run configuration files. These
configuration files contain the instructions and parameters that control the
flow of traffic in and out of the routers/switches

• Functions of routers

Router connects multiple networks:

 When a router receives an IP packet on one interface, it determines

which interface to use to forward the packet onto its destination.

 These interfaces are used to connect a combination of both Local Area

Networks (LANs) and Wide Area Networks (WANs).
3
• Routers determine the best path:

The router uses its routing table to determine the best path to forward
and send packets toward their destination the packet.

Router Components

Hardware Components

 Router memory components

 ROM (Read-Only Memory)
 CPU: CPU executes operating system instructions  Flash
 NVRAM (Non-Volatile RAM)
 Interface and Lines  RAM (Random-Access
Memory)
Software Components : IOS
4
Router memory detail

5
 Router memory…
ROM: maintain instructions of POST diagnosis

• Stores bootstrap program and basic operating system software

• Mini IOS

RAM: also called dynamic RAM(DRAM)

• Contains the running copy of configuration file

• Stores routing tables

• Holds ARP cache

• Performs packet buffering (shared RAM)

• Provides temporary memory for the configuration file of the router

while the router is powered on

6
Non-Volatile RAM: Stores startup configuration

• Retains content when router is powered down or restarted

• Configuration Register – 16 bit register which decides the boot sequence

FLASH Memory: Holds the operating system image (IOS)

• Allows software to be updated without removing and replacing chips on the

processor

• Retains content when router is powered down or restarted

• Can store multiple versions of IOS software

• Is a type of electronically erasable, programmable ROM (EEPROM)

7
 Interfaces & Lines
• Cisco devices contain two distinctly different types of ports; interfaces and lines.

• Interfaces connect routers and switches to each other or

• traffic is actually routed or switched across interfaces.

• Ex. Serial Ethernet, Fast Ethernet, Token Ring, ATM, ISDN, Loopback interfaces etc.

• It can identified both interface name and number

Ethernet0/FastEthernet0/2(module/interface for the version of 3600 routers).

• Lines identify ports that allow us to connect into, and then configure, Cisco devices.

• Example Console ports, Auxiliary ports and VTY (telnet) ports and identified like
Console 0
8
9
 Categories of router interfaces
Categories of interfaces Interfaces Function of interface
LAN interfaces Ethernet , Fast Used to connect router
Ethernet Ports, to LAN
Gigabit network

WAN Interfaces Serial Ports Used to connect routers

into external network
that internetwork LAN

Management Interfaces Console and auxiliary Used for configuration

ports purpose

10
 Using Lines to Configure the IOS
• The console port is generally a RJ-45 connector, and requires a rollover
cable to connect.

• The opposite side of the rollover cable connects to a PC’s serial port
using a serial terminal adapter.

• From the PC, software such as HyperTerminal is required to make a

connection from the local serial port to the router console port

• The auxiliary port functions the same with console except it support modem
commands providing dial-in access to Cisco devices.
11
• Telnet, and now SSH, are the most common methods of
remote access to routers and switches.

• There are two requirements before a router/switch will

accept a VTY connection:

An IP address must be configured on an interface

At least one VTY port must be configured with a password

12
 Internetwork Operating System (IOS)
 Cisco IOS manages the hardware and software resources of the router,

 IOS is a multitasking operating system that is integrated with routing,

switching, internetworking, and telecommunications functions.

• CLI is a method of configuring Cisco routers

• Upon bootup, the startup-config file in NVRAM is copied into RAM

and stored as the running-config file.

• IOS executes the configuration commands in the running-config.

13
 Router Boot-up-Process
• There are four major phases to the boot up process

1. Performing the POST: After the POST has been completed, the
router executes the bootstrap program.

2. Loading the Bootstrap Program: After the POST, the bootstrap

program is copied from ROM into RAM.

 The main task of the bootstrap program is to locate the Cisco IOS
and load it into RAM.

14
3. Locating and Loading Cisco IOS:

 The IOS is typically stored in flash memory, but can also be

stored in other places such as a TFTP (Trivial File Transfer
Protocol) server.

 If a full IOS image cannot be located, a scaled-down version of

the IOS is copied from ROM into RAM.

 A TFTP server is usually used as a backup server for IOS but it can
also be used as a central point for storing and loading the IOS.

15
4. Locating and Loading the Configuration File: After the IOS is
loaded, the bootstrap program searches for the startup
configuration file, known as startup-config, in NVRAM.

 Parameters including: interface addresses, routing information,

passwords…

 If the startup configuration file, startup-config, is located in

NVRAM, it is copied into RAM as the running configuration file,
running-config.

16
 Basics configuration of router and switch
• Most of the router manufacturers provide SDM (Security
Device Manager) software along with the router to enable
users configure the router graphically.

• SDM Express uses eight configuration steps to assist in

creating a basic router configuration.

• Basic Configuration, LAN IP Address, DHCP, Internet

(WAN), Firewall, Security Settings and Summary
17
 Cisco IOS Modes of Operation
• The Cisco IOS software provides two levels of access to
commands: user and privileged.

• The unprivileged user mode is called user EXEC mode.

The privileged mode is called privileged EXEC mode
and requires a password.

18
Most commonly used mode

19
User EXEC Mode:
When you are connected to the router, you are started in user EXEC mode. The user
EXEC commands are a subset of the privileged EXEC commands.
Privileged EXEC Mode:
Privileged commands include the following:
• Configure – Changes the software configuration.
• Debug – Display process and hardware event messages.
• Setup – Enter configuration information at the prompts.
Enter the command disable to exit from the privileged EXEC mode and return to
user EXEC mode.
20
 Configuration Mode
• To enter configuration mode, enter the command configure terminal
and exit by pressing Ctrl-Z.
Basic Router/Switch Configuration- use the hole configuration for
the following topology

21
 1. Getting Help
In any command mode, you can get a list of available commands by entering a

question mark (?).

Router>?

To obtain a list of commands that begin with a particular character sequence, type
in

Router#co?

Configure connect copy

abbreviate commands and keywords by entering just enough characters

to make the command unique from other commands. show command to sh 22

 2. Disabling DNS lookup
• DNS lookup can sometime take your time looking for the name translations even
if
• you didn’t configure any host name but we can disable the DNS lookup
from your cisco device.
• Example:
• Router>enable
• Router# configure terminal
• Router(config)#no ip domain-lookup
• Router(config)#exit
23
3. Rename the Router
• To specify or modify the host name for the router, global configuration
command HOSTNAME is used.

• Hostname is case sensitive. The host name is used in prompts and default
configuration filenames. For instance the first router R1 can be renamed as
DTUR1 as follow.

• Router (config) # hostname DTUR1

• DTUR1(config) #

• The factory-assigned default host name is router

24
4. Setting the System Clock
• The system clock runs from the moment the system starts up and keeps
track of the current date and time based on Coordinated Universal Time
(UTC), also known as Greenwich Mean Time (GMT).

• To display the system clock, use the show clock EXEC command.

Example

• Clock set hh:mm:ss day month yyyy

• clock set hh:mm:ss month day yyyy

25
5. Setting the Banner

 To specify a message-of-the-day (MOTD) banner, use the banner

motd global configuration command.

 The no form of this command deletes the MOTD banner.

 When someone connects to the router, the MOTD banner appears

before the login prompt.

 DTUR1(config)# banner motd # message #

26
 6. Setting Passwords

a. Console Password

• Console password is needed when logging into router at user EXEC

mode from console.

• DTUR1 (config)# line console 0

• DTUR1 (config-line)# password console Password

• DTUR1 (config-line)#login

27
 Next b. Vty lines password
• Virtual terminal lines (vty) are used to allow remote access to the
router (by telneting through its interfaces). The router has five
virtual terminal lines by default.

• DTUR1 (config)# line vty 0 4

• DTUR1 (config-line)# password vtyPassword

• DTUR1 (config-line)#login

28
 Privileged Access Password
• To set a local password to control access to various privilege levels, use the
enable password global configuration command.
• Use the no form of this command to remove the password requirement.
• Must contain from 1 to 25 uppercase and lowercase alphanumeric
characters.
• Must not have a number as the first character.
• Can have leading spaces, but they are ignored. However, intermediate and
trailing spaces are recognized
• DTUR1 (config)# enable password WeakPrivilegePassword
29
Setting Secret (Encrypted) Password
• To set an encrypted local password to control access to various
privilege levels, use

• the enable secret global configuration command. Use the no form

of this command to remove the password requirement.

• DTUR1 (config)# enable secret StrongPrivilegePassword

30
 7. Bring up an interface
• show ip interface brief at the user privilege mode on cisco routers

• To bring up the status of an interface

• we use the no shutdown command to open the router interface.

Example:
DTUR1>enable
DTUR1#configure terminal
DTUR1 (config)#interface serial2/0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit
DTUR1 (config)#interface fastethernet0/0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit
31
 Clock rate on serial interfaces
• Serial interface with DCE ends of a router need to be configured with
the clock rate
DCE- Data Communication Equipment
Example:
DTUR1>enable
DTUR1#configure terminal
DTUR1 (config)#interface serial2/0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#clock rate 4800
DTUR1 (config-if)#exit
The clock rate can be set from some specific values.
32
 Setting the Description for an Interface
• To add a description to an interface configuration, use the description interface
configuration command.
• Use the no form of this command to remove the description.
Router(config)# interface serial 2/0
DTUR1 (config-if)# description T1 line to DTUR1- 128 Kb/s
The description "T1 line to DTUR1- 128 Kb/s" appears in the output of the following
EXEC commands: show startup-config, show interfaces, and show running-config
DTUR1# show startup-config
DTUR1# show interfaces
DTUR1# show running-config
33
 10. IP addressing
• Every interface need to be configured with an IP address on
the router to communicate over the network.
DTUR1>enable
DTUR1#configer terminal
DTUR1 (config)#interface fastethernet0/0
DTUR1 (config-if)#ip address 10.10.10.1 255.255.255.0
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit
DTUR1 (config)#interface serial2/0
DTUR1 (config-if)#ip add 192.168.20.1 255.255.255.252
DTUR1 (config-if)#no shutdown
DTUR1 (config-if)#exit
34
 11. DHCP (Dynamic Host Configuration Protocol)
 DHCP DISCOVER, DHCP OFFER, DHCP REQUEST and DHCP

ACKNOWLEDGEMENT.

 abbreviated as DORA

 After receiving DHCP ACKNOWLEDGEMENT, the IP address is leased to

the DHCP Client.

 with the “ip helper-address …” command, the router will accept that
broadcast message and cover it into a unicast packet and forward it to the
DHCP Server.
35
 When a DHCP address conflict occurs
• During the IP assignment process, the DHCP Server uses ping to
test the availability of an IP before issuing it to the client.

• If no one replies then the DHCP Server believes that IP has not been
allocated and it can safely assign that IP to a client.

• If someone answers the ping, the DHCP Server records a

conflict.

36
 Configure a DHCP Server on Cisco router
Router(config)#ip dhcp pool CLIENTS
Router(dhcp-config)#network 10.1.1.0 /24 (/24subnet mask)
Router(dhcp-config)#default-router 10.1.1.1
Router(dhcp-config)#dns-server 10.1.1.2
Router(dhcp-config)#domain-name DTU.com
Router(dhcp-config)#lease 0 12-The syntax is “lease{days[hours] [minutes] |
infinite}”in this case the lease is 12 hours. The default is a one-day lease
Router(dhcp-config)#exit
Router(config)# ip dhcp excluded-address 10.1.1.3 10.1.1.10
37
 12. Handling configuration Files

• Any time you make changes to the router configuration.

• There are two types of configuration files: the running (current
operating) configuration and the startup configuration.
• Use the following privileged mode commands to work with configuration
files.
configure terminal – modify the running configuration manually from the
terminal.
show running-config – display the running configuration.
show startup-config – display the startup configuration.
38
Cont..
• copy running-config startup-config – copy the running configuration to the
startup configuration.

• copy startup-config running-config – copy the startup configuration to the

running configuration.

• erase startup-config – erase the startup-configuration in NVRAM.

• copy tftp running-config– load a configuration file stored on a Trivial File

Transfer

• Protocol (TFTP) server into the running configuration.

• copy running-config tftp– store the running configuration on a TFTP server.

39
 Viewing, saving and erasing configurations
Viewing

DTUR1>enable

DTUR1#show running-config

Saving

DTUR1>enable

DTUR1#copy running-config starup-config Or

DTUR1#write/Wr

Erasing startup configurations

DTUR1>enable

DTUR1#erase startup-config
40
no and do commands
• Use the command without the keyword no to reenable a disabled
feature or to enable a feature that is disabled by default

Example

DTUR1(config)#int fa0/0

DTUR1(config-if)#no ip address

Disabling Logging synchronous messages

DTUR1(config)#line console 0

DTUR1(config-line)#logging synchronous
41
 15. Remote Device Management (telnet & SSH)
• SSH i.e. Secure Shell and Telnet are the network protocols that serves the same
purpose that is to provide remote access to the system in order to establish some
sort of communication between the systems.

 SSH encrypts the data/packets being transferred between the systems so it cannot
be Decoded by the Hackers.

 In Public network mostly SSH is used for remote connection

 SSH uses authentication which ensures that the source of the data is still the same
system and not another

 SSH uses public and private keys, to identify hosts and users (authentication).

 By default SSH runs on port 22.

42
Telnet
The data transferred between the systems is in Plain text (ASCII form)
and not in encrypted format which is the major security concern.

Telnet is mostly used in Private network as it's highly insecure to use

in Public network.

Telnet does not use Authentication which is again a security issue.

Telnet runs on port 23.

43
Configuring Telnet
• A virtual terminal line is "virtual port" on the router.

Step 1. Enter line configuration mode.

Step 2. Enable login on the vty lines.

Step 3. Set a password for Telnet access.

Step 4. Set the exec-timeout interval.

44
Cont..
Router#configure terminal
Router(config)#banner motd #Welcome to DTU Router#
Router(config)#enable password dtu123
Router(config)#interface fastethernet0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#line vty 0 4
Router(config-line)#password dtuvty123
Router(config-line)#login
Router(config-line)#logging synchronous
Router(config-line)#exec-timeout 30
Router(config-line)#motd-banner
45
Testing Telnet Connectivity
PC>telnet 192.168.0.1
Trying 192.168.0.1 …Open Welcome to DTU Router
User Access Verification
Password:
Router>enable
Password:
Router#
If you need to disconnect the logged in remote connection type “logout”
and press enter. 46
Configuring SSH
Open the router Router console line and create domain and user name.
Router(config)#ip domain-name dtu.com
Router(config)#username dtu Password dtussh123
Router(config)#
If you don’t, just follow and generate the encryption keys for securing the
ssh session.
Router(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
47
Cont..
 Now enable SSH version 2, set time out duration and login attempt
time on the router.

Remember this message if you going to use ssh version 2 “Please

create RSA keys (of at least 768 bits size) to enable SSH v2.”

Router(config)#ip ssh version 2

Router(config)#ip ssh time-out 50

Router(config)#ip ssh authentication-retries 4

48
Cont..
Enable vty lines and configure access protocols.

Router(config)#line vty 0

Router(config-line)#transport input ssh

Router(config-line)#password dtu123

Router(config-line)#login

Router(config-line)#motd-banner

Router(config-line)#exit

Router(config)#
49
Testing SSH Connectivity

PC>ssh -l dtu 192.168.0.1

Open

Password:

Router>enable

Password:

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

Connection established successfully and the connection is secured with Secure Shell.

50
 Troubleshooting: TCP/IP Utilities
• Ping: To test if your network connection is complete between two
computers, you can use the Packet Internet Groper, better known as ping

• Tracert: informs us of the route and number of hops the packet of

data took to arrive at its destination.

• Ipconfig/all: This command is useful on systems running DHCP,

allowing users to determine which TCP/IP configuration values have
been configured by DHCP.

• Nslookup: It can be a useful troubleshooting tool if the DNS server is not

working correctly.
51
• Netstat: The netstat command can be used to display the
currently active TCP connections on a computer

• Route: The route command can be used to display and modify

the routing table of a computer.

• Syslog: is an excellent tool for system monitoring and is

almost always included in your distribution

52
Places to store and display syslog messages

Place to store syslog messages Command to use

Internal buffer (inside a switch or logging buffered [size]

router)
Syslog server Logging

Flash memory logging file flash:filename

Nonconsole terminal (VTY terminal monitor

connection…)
Console line logging console

53
 Cont.
• seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text
• Seq no: a sequence number only if the service sequence-numbers global
configuration command is configured
• Timestamp: Date and time of the message or event. This information appears only
if the service timestamps global configuration command is configured.
• FACILITY: This tells the protocol, module, or process that generated the message.
• Some examples are SYS for the operating system, IF for an interface…
• SEVERITY: A number from 0 to 7 designating the importance of the action
reported.
• MNEMONIC: A code that identifies the action reported.
54
Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions
exist
6 informational Informational messages
7 debugging Debugging messages 55
Syslog message example

56
57