Small network configuration project I did in school. Since a lot of folks are clueless when it comes to using Cisco, I thought I would share. Enjoy.
Showing/Changing Host Names
This is a two step process for changing the host name from the default name to a personal/business name. If the user, starting from the privileged user mode, issues the configuration terminal command it takes the user in to the global configuration mode as shown below. Then the user will issue the hostname command with the new hostname following the command to change the router’s name.
Router1# config term << (By issuing the EXEC command config term the moves the user into global configuration mode)
Router1(config)#hostname NY1
NY1(config)# )#exit <<(to exit configuration global configuration)
Router2#config term<< (By issuing the EXEC command config term the moves the user into global configuration mode)
Router2(config)#hostname NY2
NY2(config)# )#exit <<(to exit configuration global configuration)
Router3#config term<< (By issuing the EXEC command config term the moves the user into global configuration mode)
Router3(config)#hostname ISP
ISP (config)# )#exit <<(to exit configuration global configuration)
Showing/setting IP Addresses
![clip_image002[1]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfR9DB47qTAgLQO0LViQrM5I8JCjvsTjDMI4oe7OFrHbgx_Gd0xY6cawBN9qW8KzAxf58172rwNGjkQ1YVybwMDHzhnzmMKlGI-0jdDaA-Z3HDpxBiqhoNULVUEIS4fd4r_xepp6BUUrQK/s1600-h/clip_image002%5B1%5D%5B2%5D.jpg "clip_image002[1]")
In order to add an IP address to an interface it involves a four step process when starting from privileged user as shown below-
NY1/NY2/ISP#config term << (By issuing the EXEC command config term the moves the user into global configuration mode)
NY1/NY2/ISP(config)#interface fa0/0,s0/0 <<(Once the user is in global configuration mode the next step is the moving into interface configuration mode which is done by using the interface command including the interface that the user is adding the IP Address to)
NY1/NY2/ISP(config-if)#ip add 0.0.0.0 0.0.0.0 <<(Now that the user is in interface configuration mode the next step is to use the IP address command include IP address and subnet mask which is the last step if your cables are not connected otherwise by )
NY1/NY2/ISP(config-if)#no shutdown <<(Now the IP address is added the next step is to put the interface in a up state by issuing the no shutdown command if the cables are connected)
Preventing router from searching for Domain Name System (DNS) Server
![clip_image002[2]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHdNzzAEJFFHSv_ayKPQIBsb6miF5YLUFe8bIFRgRDRrjWkSd0jvgeEUzzEAUUJXQItzDKfUFYtXssc6YrugfrXRLcGvkpYhXQ4TiQFoQp3EIDBXThKgEpNDf-Vry-zbZw_4yQRz1bOS5m/s1600-h/clip_image002%5B2%5D%5B2%5D.jpg "clip_image002[2]")
The no ip domain-lookup global configuration command is used to have the router no longer attempt to find DNS when a command isn’t recognized or there is a typo as shown below-
NY1/NY2/ISP#config term <<( config term puts the user in global configurations)
NY1/NY2/ISP(config)#no ip domain-lookup <<(stop router from looking for DNS)
NY1/NY2/ISP(config)#exit <<(to exit configuration global configuration)
Show IP interfaces
When the IP Addresses are all entered and the user wants to see the interfaces, IP Addresses added, and see a brief output use, the show IP interface brief command Shown below-
NY1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.33 YES manual up up
FastEthernet0/1 unassigned YES manual administratively down down
Serial0/0 192.168.1.65 YES manual up up
Serial0/1 unassigned YES manual administratively down down
NY2#show ip inter brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.97 YES manual up up
FastEthernet0/1 unassigned YES manual administratively down down
Serial0/0 192.168.1.66 YES manual up up
Serial0/1 209.165.201.2 YES manual up up
ISP#show ip inter brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 209.165.22.129 YES manual up down
FastEthernet0/1 unassigned YES manual administratively down down
Serial0/0 unassigned YES manual administratively down down
Serial0/1 209.165.201.1 YES manual up up
Setting the Clock Rate: How to set the clock rate
The Serial Link Function is the function that defines the rate at which electrical signals are encoded onto the link. When using a back-to-back serial link between two routers in a lab, one router must use a DCE cable. That router must also supply clocking, as configured with the clock rate interface subcommand. The term clock rate can also refer to the clockrate as set by the clock rate command. As show in figure below-
NY1#config term
NY1(config)#interface Serial0/0
NY1(config-if)#clock rate 64000
NY2#config term
NY2(config)#interface Serial0/1
NY2(config-if)#clock rate 64000
ISP#config term
ISP(config)#interface Serial0/0
ISP(config-if)#clock rate 64000
Setting up Route RIP
Routing information protocol (RIP) is an old IP Routing protocol that uses distance vector logic and hop count as the metric, with relatively slow convergence. Example below shows how RIP can be setup in 4 steps starting from privilege user mode-
1. NY1# config term <<(config term takes the user into global configuration mode)
2. NY1(config)#router rip <<(Router Rip sets up the routing protocol)
3. NY1(config-Router)#network 192.168.0.0 <<(network 192.168.0.0 defines the network that the user wants to route to/from)
4. NY1(config-router)#passive-interface fa0/0 <<(the passive-interface command entered to stop sending updates)
Setting up Default Routes
A default route is used for packets destined for IP addresses that the router doesn’t know. Instead of dropping the packet, the router will send any unknown addressed packets to this route, which will then head to a router that hopefully knows the route. To do this, the user needs to be in global configuration mode, as shown below-
NY2> enable This will bring the user to privileged mode
NY2#configure terminal This will bring the user to global configuration
NY2(config)#ip route 0.0.0.0 0.0.0.0 serial0/1 By issuing this command the router will forward unknown packets out of the serial0/1 interface
Setting up Static Routes
Static routes are used when the WAN has few IP addresses to handle, or the administrator would like to set a hard route that the router will take even if RIP is enabled. This is similar to the default route, however, instead of “0”s the user will place in the IP address of the desired location, the subnet, and then the next hop address.
NY2(config)#ip route 209.165.22.96 255.255.255.224 209.165.201.1 This will create a static route to the IP address 209.165.22.96/27 via 209.165.201.1
Setting Up ACL’s
Access Control Lists, or ACL’s, are used primarily for security purposes. Through these commands an administrator can allow or deny access through a certain port using certain protocols. The trick to remember is that after setting up an ACL, you MUST apply it to an interface. The process is shown below.
NY2>enable to bring the user to privileged mode
NY2#configure terminal to go to global configuration
NY2(config)#access-list 101 permit icmp any any echo-reply this will allow an icmp reply from any address to any address.
NY2(config)#access-list 101 deny icmp 201.165.22.128 0.0.0.31 any this will deny any icmp originating from IP address 201.165.22.128 destined for any address. Note that the second set of numbers (0.0.0.31) is called a wildcard mask. It is literally the subnet mask for the source IP address, but taken in reverse. So 255.255.255.224 becomes 0.0.0.31
Appendix A: NY1 Running-configuration
Current configuration : 971 bytes
version 12.2
hostname NY1
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
no ip domain-lookup
ip host ISP 209.165.202.129
ip host NY2 192.168.1.66
interface FastEthernet0/0
ip address 192.168.1.33 255.255.255.224
duplex auto
speed auto
interface Serial0/0
ip address 192.168.1.65 255.255.255.224
clock rate 64000
router rip
version 2
passive-interface FastEthernet0/0
network 192.168.0.0
network 192.168.1.0
ip classless
ip route 192.168.1.64 255.255.255.224 Serial0/0
ip route 209.165.201.0 255.255.255.252 192.168.1.66
line con 0
exec-timeout 5 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 5 0
password cisco
login
end
Appendix B: NY2 Running-configuration
Current configuration : 1422 bytes
version 12.2
hostname NY2
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
no ip domain-lookup
ip host ISP 209.165.201.1
ip host NY1 192.168.1.65
interface FastEthernet0/0
ip address 192.168.1.97 255.255.255.224
duplex auto
speed auto
interface Serial0/0
ip address 192.168.1.66 255.255.255.224
interface Serial0/1
description connection to the internet
ip address 209.165.201.2 255.255.255.252
ip access-group 101 in
router rip
version 2
passive-interface FastEthernet0/0
network 192.168.0.0
network 192.168.1.0
default-information originate
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1
ip route 209.165.201.0 255.255.255.252 Serial0/1
ip route 209.165.22.96 255.255.255.224 209.165.201.1
access-list 101 permit icmp any any echo-reply
access-list 101 deny icmp 201.165.22.128 0.0.0.31 any
access-list 101 permit tcp any any established
access-list 101 deny tcp 201.165.22.128 0.0.0.31 any
banner motd ^C
AUTHORIZED ACCESS ONLY^C
line con 0
exec-timeout 5 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 5 0
password cisco
login
end
Appendix C: ISP Running-configuration
Current configuration : 1334 bytes
version 12.2
hostname ISP
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
no ip domain-lookup
ip host NY1 192.168.1.65
ip host NY2 209.165.201.2
interface FastEthernet0/0
ip address 209.165.22.129 255.255.255.224
duplex auto
speed auto
interface Serial0/1
ip address 209.165.201.1 255.255.255.252
ip access-group 100 in
clock rate 64000
ip classless
ip route 192.168.1.0 255.255.255.0 Serial0/1
ip route 192.168.1.0 255.255.255.0 209.165.201.2
ip route 209.165.201.0 255.255.255.252 Serial0/1
ip route 209.165.201.0 255.255.255.252 209.165.201.0
ip route 192.168.1.64 255.255.255.224 209.165.201.2
access-list 100 permit tcp 192.168.1.32 0.0.0.31 209.165.22.128 0.0.0.3 eq www
access-list 100 deny tcp 192.168.1.96 0.0.0.31 209.165.22.128 0.0.0.3 eq www
access-list 100 deny tcp 192.168.1.96 0.0.0.31 209.165.22.128 0.0.0.3 eq telnet
access-list 100 permit ip any any
line con 0
exec-timeout 5 0
password cisco
logging synchronous
login
line vty 0 4
exec-timeout 5 0
password cisco
login
end
Appendix D: Showing Working Configuration Through Screenshots
Part 1: NY1 having HTTP Access
Part 2: NY1 LAN Pinging ISP LAN
Part 3: NY1 LAN pinging NY2 LAN
Part 4: NY1 Telnet Success to ISP router
Part 5: NY2 LAN denied HTTP Access
Part 6: NY2 LAN Ping ISP LAN
Part 7: NY2 LAN Telnet Denial ISP
Part 8: ISP Denied originating ICMP Requests
Glossary
ACL (Access Control List) – A series of access-list commands in a Cisco router that collectively defines criteria by which a router can choose which packets to discard and which to allow through the router.
Clock rate – An interface configuration command that tells the router the speed at which to provide clocking on a serial interface when a DCE cable has been connected to the router.
CLI (Command-Line Interface) – The text-based interface on a Cisco router or switch.
Global Configuration Mode – To configure any feature of the router, you must enter configuration mode. This is the first sub-mode of the parent mode. In the parent mode, you issue the command config.
Hop Count – A measure of distance across an IP-based network. It is a count of the number of routers an IP packet has to pass through in order to reach its destination.
Privileged User Mode – An area of the Cisco router CLI in which the user can enter some EXEC commands that could harm the router or change how it operates.
RIP (Routing Information Protocol) – is an old IP Routing protocol that uses distance vector logic and hop count as the metric, with relatively slow convergence.
-
Serial Link – Also known as lease line, a WAN service in which a company leases a transmission medium between two points.
Vector Logic – is a matrix–vector representation of the logical calculus inspired in neural network models.
Wildcard Mask – A 32-bit number, written in dotted decimal, used by Cisco ACLs. This mask tells IOS which bits of a source or destination IP address must match for that ACL criterion to match. Wildcard mask bits of value 0 mean that the corresponding bit positions in the addresses must be compared and must match.
