Basic Network Configuration for Noobs

 

Small network configuration project I did in school. Since a lot of folks are clueless when it comes to using Cisco, I thought I would share. Enjoy.

 

 

Showing/Changing Host Names

This is a two step process for changing the host name from the default name to a personal/business name. If the user, starting from the privileged user mode, issues the configuration terminal command it takes the user in to the global configuration mode as shown below. Then the user will issue the hostname command with the new hostname following the command to change the router’s name.

Router1# config term << (By issuing the EXEC command config term the moves the user into global configuration mode)

Router1(config)#hostname NY1

NY1(config)# )#exit <<(to exit configuration global configuration)

Router2#config term<< (By issuing the EXEC command config term the moves the user into global configuration mode)

Router2(config)#hostname NY2

NY2(config)# )#exit <<(to exit configuration global configuration)

Router3#config term<< (By issuing the EXEC command config term the moves the user into global configuration mode)

Router3(config)#hostname ISP

ISP (config)# )#exit <<(to exit configuration global configuration)

Showing/setting IP Addresses

In order to add an IP address to an interface it involves a four step process when starting from privileged user as shown below-

NY1/NY2/ISP#config term << (By issuing the EXEC command config term the moves the user into global configuration mode)

NY1/NY2/ISP(config)#interface fa0/0,s0/0 <<(Once the user is in global configuration mode the next step is the moving into interface configuration mode which is done by using the interface command including the interface that the user is adding the IP Address to)

NY1/NY2/ISP(config-if)#ip add 0.0.0.0 0.0.0.0 <<(Now that the user is in interface configuration mode the next step is to use the IP address command include IP address and subnet mask which is the last step if your cables are not connected otherwise by )

NY1/NY2/ISP(config-if)#no shutdown <<(Now the IP address is added the next step is to put the interface in a up state by issuing the no shutdown command if the cables are connected)

Preventing router from searching for Domain Name System (DNS) Server

The no ip domain-lookup global configuration command is used to have the router no longer attempt to find DNS when a command isn’t recognized or there is a typo as shown below-

NY1/NY2/ISP#config term <<( config term puts the user in global configurations)

NY1/NY2/ISP(config)#no ip domain-lookup <<(stop router from looking for DNS)

NY1/NY2/ISP(config)#exit <<(to exit configuration global configuration)

Show IP interfaces

When the IP Addresses are all entered and the user wants to see the interfaces, IP Addresses added, and see a brief output use, the show IP interface brief command Shown below-

NY1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.33 YES manual up up

FastEthernet0/1 unassigned YES manual administratively down down

Serial0/0 192.168.1.65 YES manual up up

Serial0/1 unassigned YES manual administratively down down

NY2#show ip inter brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.97 YES manual up up

FastEthernet0/1 unassigned YES manual administratively down down

Serial0/0 192.168.1.66 YES manual up up

Serial0/1 209.165.201.2 YES manual up up

ISP#show ip inter brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 209.165.22.129 YES manual up down

FastEthernet0/1 unassigned YES manual administratively down down

Serial0/0 unassigned YES manual administratively down down

Serial0/1 209.165.201.1 YES manual up up

Setting the Clock Rate: How to set the clock rate

The Serial Link Function is the function that defines the rate at which electrical signals are encoded onto the link. When using a back-to-back serial link between two routers in a lab, one router must use a DCE cable. That router must also supply clocking, as configured with the clock rate interface subcommand. The term clock rate can also refer to the clockrate as set by the clock rate command. As show in figure below-

NY1#config term

NY1(config)#interface Serial0/0

NY1(config-if)#clock rate 64000

NY2#config term

NY2(config)#interface Serial0/1

NY2(config-if)#clock rate 64000

ISP#config term

ISP(config)#interface Serial0/0

ISP(config-if)#clock rate 64000

Setting up Route RIP

Routing information protocol (RIP) is an old IP Routing protocol that uses distance vector logic and hop count as the metric, with relatively slow convergence. Example below shows how RIP can be setup in 4 steps starting from privilege user mode-

1. NY1# config term <<(config term takes the user into global configuration mode)

2. NY1(config)#router rip <<(Router Rip sets up the routing protocol)

3. NY1(config-Router)#network 192.168.0.0 <<(network 192.168.0.0 defines the network that the user wants to route to/from)

4. NY1(config-router)#passive-interface fa0/0 <<(the passive-interface command entered to stop sending updates)

Setting up Default Routes

A default route is used for packets destined for IP addresses that the router doesn’t know. Instead of dropping the packet, the router will send any unknown addressed packets to this route, which will then head to a router that hopefully knows the route. To do this, the user needs to be in global configuration mode, as shown below-

NY2> enable This will bring the user to privileged mode

NY2#configure terminal This will bring the user to global configuration

NY2(config)#ip route 0.0.0.0 0.0.0.0 serial0/1 By issuing this command the router will forward unknown packets out of the serial0/1 interface

Setting up Static Routes

Static routes are used when the WAN has few IP addresses to handle, or the administrator would like to set a hard route that the router will take even if RIP is enabled. This is similar to the default route, however, instead of “0”s the user will place in the IP address of the desired location, the subnet, and then the next hop address.

NY2(config)#ip route 209.165.22.96 255.255.255.224 209.165.201.1 This will create a static route to the IP address 209.165.22.96/27 via 209.165.201.1

Setting Up ACL’s

Access Control Lists, or ACL’s, are used primarily for security purposes. Through these commands an administrator can allow or deny access through a certain port using certain protocols. The trick to remember is that after setting up an ACL, you MUST apply it to an interface. The process is shown below.

NY2>enable to bring the user to privileged mode

NY2#configure terminal to go to global configuration

NY2(config)#access-list 101 permit icmp any any echo-reply this will allow an icmp reply from any address to any address.

NY2(config)#access-list 101 deny icmp 201.165.22.128 0.0.0.31 any this will deny any icmp originating from IP address 201.165.22.128 destined for any address. Note that the second set of numbers (0.0.0.31) is called a wildcard mask. It is literally the subnet mask for the source IP address, but taken in reverse. So 255.255.255.224 becomes 0.0.0.31

Appendix A: NY1 Running-configuration

Current configuration : 971 bytes

version 12.2

hostname NY1

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

no ip domain-lookup

ip host ISP 209.165.202.129

ip host NY2 192.168.1.66

interface FastEthernet0/0

ip address 192.168.1.33 255.255.255.224

duplex auto

speed auto

interface Serial0/0

ip address 192.168.1.65 255.255.255.224

clock rate 64000

router rip

version 2

passive-interface FastEthernet0/0

network 192.168.0.0

network 192.168.1.0

ip classless

ip route 192.168.1.64 255.255.255.224 Serial0/0

ip route 209.165.201.0 255.255.255.252 192.168.1.66

line con 0

exec-timeout 5 0

password cisco

logging synchronous

login

line vty 0 4

exec-timeout 5 0

password cisco

login

end

Appendix B: NY2 Running-configuration

Current configuration : 1422 bytes

version 12.2

hostname NY2

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

no ip domain-lookup

ip host ISP 209.165.201.1

ip host NY1 192.168.1.65

interface FastEthernet0/0

ip address 192.168.1.97 255.255.255.224

duplex auto

speed auto

interface Serial0/0

ip address 192.168.1.66 255.255.255.224

interface Serial0/1

description connection to the internet

ip address 209.165.201.2 255.255.255.252

ip access-group 101 in

router rip

version 2

passive-interface FastEthernet0/0

network 192.168.0.0

network 192.168.1.0

default-information originate

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/1

ip route 209.165.201.0 255.255.255.252 Serial0/1

ip route 209.165.22.96 255.255.255.224 209.165.201.1

access-list 101 permit icmp any any echo-reply

access-list 101 deny icmp 201.165.22.128 0.0.0.31 any

access-list 101 permit tcp any any established

access-list 101 deny tcp 201.165.22.128 0.0.0.31 any

banner motd ^C

AUTHORIZED ACCESS ONLY^C

line con 0

exec-timeout 5 0

password cisco

logging synchronous

login

line vty 0 4

exec-timeout 5 0

password cisco

login

end

Appendix C: ISP Running-configuration

Current configuration : 1334 bytes

version 12.2

hostname ISP

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

no ip domain-lookup

ip host NY1 192.168.1.65

ip host NY2 209.165.201.2

interface FastEthernet0/0

ip address 209.165.22.129 255.255.255.224

duplex auto

speed auto

interface Serial0/1

ip address 209.165.201.1 255.255.255.252

ip access-group 100 in

clock rate 64000

ip classless

ip route 192.168.1.0 255.255.255.0 Serial0/1

ip route 192.168.1.0 255.255.255.0 209.165.201.2

ip route 209.165.201.0 255.255.255.252 Serial0/1

ip route 209.165.201.0 255.255.255.252 209.165.201.0

ip route 192.168.1.64 255.255.255.224 209.165.201.2

access-list 100 permit tcp 192.168.1.32 0.0.0.31 209.165.22.128 0.0.0.3 eq www

access-list 100 deny tcp 192.168.1.96 0.0.0.31 209.165.22.128 0.0.0.3 eq www

access-list 100 deny tcp 192.168.1.96 0.0.0.31 209.165.22.128 0.0.0.3 eq telnet

access-list 100 permit ip any any

line con 0

exec-timeout 5 0

password cisco

logging synchronous

login

line vty 0 4

exec-timeout 5 0

password cisco

login

end

Appendix D: Showing Working Configuration Through Screenshots

Part 1: NY1 having HTTP Access

Part 2: NY1 LAN Pinging ISP LAN

Part 3: NY1 LAN pinging NY2 LAN

Part 4: NY1 Telnet Success to ISP router

Part 5: NY2 LAN denied HTTP Access

Part 6: NY2 LAN Ping ISP LAN

Part 7: NY2 LAN Telnet Denial ISP

Part 8: ISP Denied originating ICMP Requests

Glossary

ACL (Access Control List) – A series of access-list commands in a Cisco router that collectively defines criteria by which a router can choose which packets to discard and which to allow through the router.

Clock rate – An interface configuration command that tells the router the speed at which to provide clocking on a serial interface when a DCE cable has been connected to the router.

CLI (Command-Line Interface) – The text-based interface on a Cisco router or switch.

Global Configuration Mode – To configure any feature of the router, you must enter configuration mode. This is the first sub-mode of the parent mode. In the parent mode, you issue the command config.

Hop Count – A measure of distance across an IP-based network. It is a count of the number of routers an IP packet has to pass through in order to reach its destination.

Privileged User Mode – An area of the Cisco router CLI in which the user can enter some EXEC commands that could harm the router or change how it operates.

RIP (Routing Information Protocol) – is an old IP Routing protocol that uses distance vector logic and hop count as the metric, with relatively slow convergence.

-

Serial Link – Also known as lease line, a WAN service in which a company leases a transmission medium between two points.

Vector Logic – is a matrix–vector representation of the logical calculus inspired in neural network models.

Wildcard Mask – A 32-bit number, written in dotted decimal, used by Cisco ACLs. This mask tells IOS which bits of a source or destination IP address must match for that ACL criterion to match. Wildcard mask bits of value 0 mean that the corresponding bit positions in the addresses must be compared and must match.