cisco press ccna portable command guide 2nd edition 640 802 phần 3 pot

Entering Global Configuration Mode Configuring a Router Name This command works on both routers and switches.. Routerconfig-subif# Subinterface mode Routerconfig-line# Line mode Routerconf

PART III

Configuring a Router

Chapter 6 Configuring a Single Cisco Router

This page intentionally left blank

• Entering global configuration mode

• Configuring a router, specifically

— Names

— Passwords

— Password encryption

— Interface names

— Moving between interfaces

— Configuring a serial interface

— Configuring a Fast Ethernet interface

— Creating a message-of-the-day (MOTD) banner

— Creating a login banner

— Setting the clock time zone

— Assigning a local host name to an IP address

— The no ip domain-lookup command

— The logging synchronous command

— The exec-timeout command

— Saving configurations

— Erasing configurations

• show commands to verify the router configurations

• EXEC commands in configuration mode: the do command

Router Modes

Router# Privileged mode (also known as EXEC-level mode)Router(config)# Global configuration mode

Router(config-if)# Interface mode

54 Configuring Passwords

careful If you type in a command that you know is correct—show running-config,

for example—and you get an error, make sure that you are in the correct mode

Entering Global Configuration Mode

Configuring a Router Name

This command works on both routers and switches

Configuring Passwords

These commands work on both routers and switches

Router(config-subif)# Subinterface mode

Router(config-line)# Line mode

Router(config-router)# Router configuration mode

You cannot make changes in this mode

move to make changes

Router#c c co o on nf n fi f i ig g gu u ur re r e e t t te er e rm r m mi i in n na al a l

Router(config)#

Moves to global configuration mode This prompt indicates that you can start making changes

Router(config)#h h ho o os s st tn t na n a am m me e e C C Ci i is s sc co c o The name can be any word you

choose

Cisco(config)#

Router(config)#e e en n na a ab bl b le l e e p p pa as a s ss s sw w wo or o r rd d d c ci c is i s sc c co o Sets enable password

Router(config)#e e en n na a ab bl b le l e e s s se ec e c cr r re e et t t c c cl l la as a ss s s Sets enable secret password

Password Encryption 55

CAUTION: The enable secret password is encrypted by default The enable

password is not For this reason, recommended practice is that you never use the

enable password command Use only the enable secret password command in a

router or switch configuration

You cannot set both enable secret password and enable password to the same

password Doing so defeats the use of encryption

Password Encryption

Router(config)#l l li i in n ne e e c c co o on n ns so s o ol l le e e 0 0 Enters console line mode

Router(config-line)#p p pa a as ss s sw s w wo o or r rd d d c c co o on ns n so s o ol l le e Sets console line mode password to

console

Router(config-line)#l l lo o og gi g in i n Enables password checking at loginRouter(config)#l l li i in n ne e e v v vt t ty y y 0 0 0 4 4 Enters vty line mode for all five vty

linesRouter(config-line)#p p pa a as ss s sw s w wo o or r rd d d t t te e el ln l ne n e et t Sets vty password to telnet

Router(config-line)#l l lo o og gi g in i n Enables password checking at loginRouter(config)#l l li i in n ne e e a a au u ux x x 0 0 Enters auxiliary line mode

Router(config-line)#p p pa a as ss s sw s w wo o or r rd d d b b ba a ac ck c kd k d do o oo o or r Sets auxiliary line mode password to

Router(config)#e e en n na a ab bl b le l e e p p pa as a s ss s sw w wo or o r rd d d c ci c is i s sc c co o Sets enable password to cisco

Router(config)#l l li i in n ne e e c c co o on n ns so s o ol l le e e 0 0 Moves to console line mode

Router(config-line)#p p pa a as ss s sw s w wo o or r rd d d C C Ci i is sc s co c o Continue setting passwords as above

.Router(config)#n n no o o s se s er e r rv v vi i ic ce c e e p p pa as a s ss s sw w wo or o rd r d d- - Turns off password encryption

56 Interface Names

CAUTION: If you have turned on service password encryption, used it, and then turned it off, any passwords that you have encrypted will stay encrypted New passwords will remain unencrypted

Interface Names

One of the biggest problems that new administrators face is the interface names on the different models of routers With all the different Cisco devices in production networks today, some administrators are becoming confused about the names of their interfaces

The following chart is a sample of some of the different interface names for various routers

This is by no means a complete list Refer to the hardware guide of the specific router that you are working on to see the different combinations, or use the following command

to see which interfaces are installed on your particular router:

2501 On board Ethernet Interface-type number ethernet0 (e0)

On board Serial Interface-type number serial0 (s0) &

s1

2514 On board Ethernet Interface-type number e0 & e1

On board Serial Interface-type number s0 & s1

1721 On board Fast Ethernet Interface-type number fastethernet0

(fa0)

interface card) (serial)

Interface-type number s0 & s1

1760 On Board Fast Ethernet Interface-type 0/port fa0/0

Slot 0 WIC/VIC (voice

interface card)

Interface-type 0/port s0/0 & s0/1

v0/0 & v0/1Slot 1 WIC/VIC Interface-type 1/port s1/0 & s1/1

v1/0 & v1/1

Interface Names 57

Slot 2 VIC Interface-type 2/port v2/0 & v2/1Slot 3 VIC Interface-type 3/port v3/0 & v3/1

2610 On board Ethernet Interface-type 0/port e0/0

Slot 0 WIC (Serial) Interface-type 0/port s0/0 & s0/1

2611 On board Ethernet Interface-type 0/port e0/0 & e0/1

Slot 0 WIC (Serial) Interface-type 0/port s0/0 & s0/1

2620 On board Fast Ethernet Interface-type 0/port fa0/0

Slot 0 WIC (serial) Interface-type 0/port s0/0 & s0/1

2621 On board Fast Ethernet Interface-type 0/port fa0/0 &

fa0/1Slot 0 WIC (serial) Interface-type 0/port s0/0 & s0/1

1841 On board Fast Ethernet Interface-type 0/port fa0/0 &

fa0/1Slot 0 High-speed

WAN interface card (HWIC)/

WIC/VWIC

Interface-type 0/slot/

port

s0/0/0 & s0/0/1

2801 On board Fast Ethernet Interface-type 0/port fa0/0 &

58 Moving Between Interfaces

Moving Between Interfaces

What happens in Column 1 is the same thing occurring in Column 3

Interface-type 0/port fa0/0 &

fa0/1 gi0/0 & gi0/1

& 0/1/1NME slot NM/NME Interface-type 1/port gi1/0 &

gi1/1 s1/0 & s1/1

se e er r ri ia i al a l l 0 0 0/ /0 / 0 0/ / /0 0

Moves to serial interface configurationmodeRouter(config-

if)#e e ex xi x it i t

Returns to global configuration mode

if)#i in i n nt t te e er rf r f fa a ac c ce e e f

Router(config-fa a as s st te t et e t th h he e er rn r n ne e et t t 0

0/ / /0 0

Moves directly

to Fast Ethernet 0/0 configuration mode

Configuring a Fast Ethernet Interface 59

Configuring a Serial Interface

cable plugged into it There must be a clock rate set on every serial link between routers It does not matter which router has the DCE cable plugged into it or which interface the cable is plugged into Serial 0 on one router can be plugged into Serial 1 on another router

Configuring a Fast Ethernet Interface

if)#

Router(config-In Fast Ethernet 0/0 configuration mode nowRouter(config-

if)#

In Fast Ethernet 0/0 configuration mode now

if)#

Router(config-Prompt does not change; be

careful

Router(config)#i i in n nt t te er e rf r f fa a ac c ce e e s s s0 0 0/ /0 / 0 0/ / /0 0 Moves to serial interface 0/0/0

configuration modeRouter(config-if)#d de d es e s sc c cr r ri ip i p pt t ti i io on o n n L L Li in i nk n k k t t to o o I I IS S SP P Optional descriptor of the link is

locally significant Router(config-if)#i ip i p p a ad a dd d d dr r re e es ss s s s 1 19 1 92 9 2 2 .1 1 16 68 6 8 8 1 1 10 0 0 .1 1 1

Router(config)#i i in n nt t te er e rf r f fa a ac c ce e e f f fa a as st s t te e et t th he h er e r rn n ne e et t t 0 0 0/ / /0 0 Moves to Fast Ethernet 0/0

interface configuration modeRouter(config-if)#d de d es e s sc c cr r ri ip i p pt t ti i io on o n n A A Ac cc c co c o ou u un n nt ti t i in n ng g g

L

LA AN A N

Optional descriptor of the link is locally significantRouter(config-if)#i ip i p p a a ad d dd dr d r re e es s ss s s 1 1 19 9 92 2 2 1 1 16 6 68 8 8 .2 2 20 0 0 .1 1 1

60 Setting the Clock Time Zone

Creating a Message-of-the-Day Banner

messages that affect all users Use the no banner motd command to disable the

MOTD banner The MOTD banner displays before the login prompt and the login banner, if one has been created

Creating a Login Banner

prompts Use the no banner login command to disable the login banner The

MOTD banner displays before the login banner

Setting the Clock Time Zone

character must surround the banner message and can be any character so long as it is not a character used within the body of the message

character must surround the banner message and can be any character so long as it is not a character used within the body of the message

Router(config)#c c cl l lo o oc ck c k k t t ti i im me m e ez z zo o on ne n e e E E ES ST S T T – – –5 5 Sets the time zone for

display purposes Based on coordinated universal time (Eastern standard time is

5 hours behind UTC.)

The logging synchronous Command 61

Assigning a Local Host Name to an IP Address

to Telnet to a device, just enter the IP host name itself:

Router#l l lo o on nd n do d o on n n = = = R R Ro o ou ut u te t e er r r# # #t te t e el l ln n ne et e t t l l lo o on nd n d do o on n n = = = R R Ro ou o ut u t te e er r r# #t # t te e el l ln ne n et e t t 1 1 17 72 7 2 2 .1 1 16 6 6 1 1 1 .3 3

The no ip domain-lookup Command

or two as the router tries to translate your command to a domain server of

255.255.255.255? The router is set by default to try to resolve any word that is not

a command to a Domain Name System (DNS) server at address 255.255.255.255

If you are not going to set up DNS, turn off this feature to save you time as you type, especially if you are a poor typist

The logging synchronous Command

Router(config)#i i ip p p h ho h os o s st t t l lo l o on n nd d do on o n n 1 1 17 72 7 2 2 1 1 16 6 6 .1 1 1 .3 3 Assigns a host name to the

IP address After this assignment, you can use the host name rather than an IP address when trying to Telnet or ping to that address

Router(config)#n n no o o i ip i p p d d do o om ma m a ai i in n n- -l - l lo o oo o ok ku k up u p

Router(config)#

Turns off trying to automatically resolve an unrecognized command to a local host name

Router(config)#l l li i in n ne e e c c co o on n ns so s o ol l le e e 0 0 Moves to line console

configuration mode

Router(config-line)#l l lo o og gg g gi g i in n ng g g s s sy y yn n nc ch c hr h r ro o on n no ou o u us s Turns on synchronous

logging Information items sent to the console will not interrupt the command you are typing The command will be moved to a new line

62 Erasing Configurations

middle of what you were typing? Lose your place? Do not know where you are in

synchronous command tells the router that if any informational items get

displayed on the screen, your prompt and command line should be moved to a new line, so as not to confuse you

The informational line does not get inserted into the middle of the command you are trying to type If you were to continue typing, the command would execute properly, even though it looks wrong on the screen

The exec-timeout Command

console never logs out This is considered to be bad security and is dangerous in

the real world The default for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).

Saving Configurations

Erasing Configurations

clear the running configuration

Router(config)#l l li i in n ne e e c c co o on n ns so s o ol l le e e 0 0 Moves to line console

configuration mode

Router(config-line)#e e ex x xe ec e c- c - -t t ti i im me m e eo o ou u ut t t 0 0 0 0 0 Sets the time limit when the

console automatically logs

off Set to 0 0 (minutes

seconds) means the console never logs off

show Commands 63

show Commands

Router#s s sh h ho ow o w w ? ? Lists all show commands available.

Router#s s sh h ho ow o w w i i in n nt te t e er r rf f fa ac a ce c e es s Displays statistics for all interfaces.Router#s s sh h ho ow o w w i i in n nt te t e er r rf f fa ac a ce c e e s s se er e r ri i ia a al l l 0 0 0/ / /0 0 0/ /0 / 0 Displays statistics for a specific

interface (in this case, serial 0/0/0).Router#s s sh h ho ow o w w i i ip p p i i in n nt t te er e rf r f fa a ac c ce e e b b br r ri ie i ef e f Displays a summary of all

interfaces, including status and IP address assigned

Router#s s sh h ho ow o w w c c co o on nt n t tr r ro o ol ll l le l e er r rs s s s s se e er r ri ia i al a l l 0 0 0/ /0 / 0 0/ / /0 0 Displays statistics for interface

hardware Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached

Router#s s sh h ho ow o w w c c cl l lo oc o c ck k Displays time set on device

Router#s s sh h ho ow o w w h h ho o os st s t ts s Displays local host-to-IP address

cache These are the names and addresses of hosts on the network to which you can connect

Router#s s sh h ho ow o w w u u us s se er e r rs s Displays all users connected to

device

Router#s s sh h ho ow o w w h h hi i is st s t to o or r ry y Displays the history of commands

used at this edit level

Router#s s sh h ho ow o w w f f fl l la as a s sh h Displays info about flash memory.Router#s s sh h ho ow o w w v v ve e er rs r s si i io o on n Displays info about loaded software

version

Router#s s sh h ho ow o w w a a ar r rp p Displays the Address Resolution

Protocol (ARP) table

Router#s s sh h ho ow o w w p p pr r ro ot o t to o oc c co ol o ls l s Displays status of configured Layer

64 Configuration Example: Basic Router Configuration

EXEC Commands in Configuration Mode: The do Command

such as show, clear, or debug, while remaining in global configuration mode or in any configuration submode You cannot use the do command to execute the configure terminal command because it is the configure terminal command that

changes the mode to global configuration mode

Configuration Example: Basic Router Configuration

Figure 6-1 illustrates the network topology for the configuration that follows, which shows

a basic router configuration using the commands covered in this chapter

Figure 6-5 Network Topology for Basic Router Configuration

Boston Router

Router(config)#d d do o o s sh s ho h o ow w w r ru r u un n nn n ni in i n ng g g- - -c co c on o n nf f fi i ig g Executes the privileged-level show

running-config command while in

global configuration mode

configuration mode after the command has been executed

Router>e e en n na ab a bl b l le e Enters privileged mode.Router#c c cl l lo oc o ck c k k s s se et e t t 1 1 18 8: 8 :3 : 3 30 0 0: : :0 00 0 0 0 1 1 15 5 5 M M Ma a ay y y 2 2 20 0 00 0 07 7 Sets the local time on the

172.16.10.10

s0/0/1 DCE

172.16.20.2 fa0/0

172.16.10.1

s0/0/0 172.16.20.1

Boston-2811

Buffalo-2811

172.16.30.30 fa0/0

172.16.30.1

Configuration Example: Basic Router Configuration 65

Creates an MOTD banner

Boston(config)#c c cl l lo o oc ck c k k t t ti i im me m e ez z zo o on ne n e e E E ES ST S T T – – –5 5 Sets time zone to eastern

standard time (–5 from UTC).Boston(config)#e e en n na a ab bl b le l e e s s se ec e c cr r re e et t t c c ci i is sc s co c o Enables secret password set to

Boston(config-line)#p p pa a as ss s sw s w wo o or r rd d d c c cl l la as a ss s s Sets the password to class.

Boston(config-line)#l l lo o og gi g in i n Enables password checking at

login

Boston(config-line)#l l li i in ne n e e v v vt t ty y y 0 0 0 4 4 Moves to virtual Telnet lines 0

through 4

Boston(config-line)#p p pa a as ss s sw s w wo o or r rd d d c c cl l la as a ss s s Sets the password to class.

Boston(config-line)#l l lo o og gi g in i n Enables password checking at

66 Configuration Example: Basic Router Configuration

2

25 55 5 5 5 .2 2 25 55 5 5 5 2 2 25 5 55 5 5 0 0

Assigns an IP address and subnet mask to the interface.Boston(config-if)#n no n o o s s sh h hu ut u t td d do o ow wn w n Turns on the interface.Boston(config-if)#i in i nt n t te e er r rf fa f a ac c ce e e s s se e er r ri ia i al a l l 0 0 0/ /0 / 0 0/ / /0 0 Moves directly to interface

serial 0/0/0 configuration mode

2

25 55 5 5 5 .2 2 25 55 5 5 5 2 2 25 5 55 5 5 2 2 25 5 52 2

Assigns an IP address and subnet mask to the interface.Boston(config-if)#c cl c lo l o oc c ck k k r r ra a at t te e e 5 5 56 6 60 00 0 00 0 0 Sets a clock rate for serial

transmission The DCE cable must be plugged into this interface

Boston(config-if)#n no n o o s s sh h hu ut u t td d do o ow wn w n Turns on the interface.Boston(config-if)#e ex e xi x i it t Moves back to global

configuration mode

Boston(config)#i i ip p p h ho h os o s st t t b bu b u uf f ff f fa al a l lo o o 1 17 1 72 7 2 2 .1 1 16 6 6 2 2 20 0 0 .2 2 Sets a local host name

resolution to IP address 172.16.20.2

Boston(config)#e e ex x xi i it t Moves back to privileged

mode

Boston#c c co o op py p y y r r ru u un nn n n ni i in n ng g- g -c - c co o on n nf fi f i ig g g s st s ta t a ar r rt t tu up u p p- - -c c co on o n nf f fi i ig g Saves the running

configuration to NVRAM

This page intentionally left blank

CHAPTER 7

Static Routing

This chapter provides information and commands concerning the following topics:

• Configuring a static route on a router

• The permanent keyword (optional)

• Static routes and administrative distance (optional)

• Configuring a default route on a router

• Verifying static routes

• Configuration example: Static routes

Configuring a Static Route on a Router

When using the ip route command, you can identify where packets should be routed

in two ways:

• The next-hop address

• The exit interface

Both ways are shown in the “Configuration Example: Static Routes” and the

“Configuring a Default Route on a Router” sections

Router(config)#i i ip p p r r ro o ou u ut te t e e 1 1 17 7 72 2 2 1 1 16 6 6 .2 20 2 0 0 .0 0 0

2

25 5 55 5 5 .2 25 2 5 55 5 5 .2 25 2 55 5 5 5 .0 0 0 1 1 17 7 72 2 2 .1 16 1 6 6 .1 1 10 0 0 2 2

172.16.20.0 = destination network

255.255.255.0 = subnet mask.172.16.10.2 = next-hop address.Read this to say, “To get to the destination network of 172.16.20.0, with a subnet mask

of 255.255.255.0, send all packets

255.255.255.0 = subnet mask.Serial 0/0/0 = exit interface.Read this to say, “To get to the destination network of 172.16.20.0, with a subnet mask

of 255.255.255.0, send all packets out interface serial 0/0/0.”