It is recommended that you read my Cisco Switching Basics before you read this article, it is definatly not required though because I am going to cover a couple of the same items as I did in that article excluding the help menu.
Well without further ado lets get connected to our router and for this article we will be using a 2600 series router. Most of the items I will be going over are pretty standard on all Cisco routers and switches. Lets go ahead and take the console cable and plug the RJ45 end into the back of our router where is says console port (normally in a little blue box). As a little side note if you are one of the millions of people who have a nice newer laptop then you might not have a COM port on the back only USB connectors. Luckily you can find a USB to Serial adapters almost anywhere these days. Best Buy, eBay, or CP Technologie USB TO SERIAL ADAPTER ( CP-US-03 )
All routers come by default with no configuration file on them so by default they will give you the option of going through a prompted setup. This is a great feature if you are in a hurry and want to configure just enough that the router will work, but by doing this you don’t know the commands being used or exactlly what you are doing. So for purposes of this article we will be doing every line on configuration ourself instead of using the prompted setup.
Now that you have the console cable connected from the router to the computer we can setup a connection and begin working with this router. To configure this router I will just be using Hyper Terminal which comes with all versions of Windows (except Vista for some reason). So now we will just launch HyperTerminal on our computer and start a new session. Create a name for this session, select which COM port you are plugged into and you can normally leave the default COM settings and it will work just fine, but if you want the settings they are 9600,8,N,1. Now click Ok and press enter a couple of times to initiate the connection.
Router Con0 is now available Press RETURN to get started! Router>
Congradulations we are not connected to the router in a mode called User Exec mode. For security reasons we can’t do a whole lot from this mode, only view a couple of things. We want to get into the Priviliged Exec mode where we can actually make some changes to the Router. To enter Priviliged Exec mode we have to type the command ENABLE.
Router>enable Router#
As you can see the prompt changed from Router> to Router# which shows you that you are now in Privilege Exec mode. That seemed pretty easy to get into a mode where you can make any change you want on the router, well we will be adding passwords to these areas shortly. First thing we need to do now is to get into Global Configuration mode, as the name suggests changes made in this mode are for the entire router like the hostname.
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z Router(config)#hostname RouterMike RouterMike(config)#
The hostname command when done in global configuration mode will change the actual name of the router as you can see I did above. Changes on a router take effect immediatly after you type them and press enter so you need to be careful when making changes to critical equipment.
Once you have entered global configuration mode and executed a command as we have done here we have created a configuration file on the router. This particular configuration file is called the Running-Config and it is what the router uses when it is running and is stored in RAM memory. Routers have another configuration file which is called Startup-Config which as you might has guessed is the configuration used when the router starts up and is stored in NVRAM. RAM memory loses anything stored in it when power to the memory is lost where NVRAM does not lose it memory when power is lost. When a router boots up it takes the Startup-Config and copies it to the Running-Config which will remain there until the device loses power. When we make a change it is made to the Running-Config, so we have to save the Running-Config to the Startup-Config in order for our changes to stay if the device lost power for some reason. There are a couple of ways to do this and the first is simply Write Memory or wr mem for short and this will copy the Running-Config to the Startup-Config or you can use copy Running-Config Startup-Config or copy run start for short and this will also copy the Running-Config to the Startup-Config.
RouterMike#Write Memory Building configuration... [OK] RouterMike#Copy Running-Config Startup-Config Destination filename [startup-config]? Building configuration... [OK] RouterMike#copy run start Destination filename [startup-config]? Building configuration... [OK] RouterMike#wr mem Building configuration... [OK] RouterMike#
I illustrated above 3 different ways you can save the configuration but in reality you only have to do one of these.
Now I don’t like the fact that there are no security features configured on this router so lets add a couple. First lets add security to the priviledge EXEC mode or the enable mode. There are two different passwords that you can configure for this mode and those are the enable password and the enable secret. You can set either one or both, but the enable secret password always overrides the enable password and for more security measures the enable secret password is encrypted where the enable password is not. So good security practice tells you to always set the enable secret password because it will keep people out of the priviledge EXEC mode and if someone was able to get your configuration they would not be able to see your password. So lets go ahead and add an enable password and enable secret password so we can see the difference in how they are shown in the configuration.
RouterMike#conf t Enter configuration commands, one per line. End with CNTL/Z RouterMike(config)#enable password mike RouterMike(config)#enable secret MikeNet RouterMike(config)#exit RouterMike#wr mem Building configuration... [OK] RouterMike#
As you can see above that we configured both the enable password and the enable secret onto the router. But the enable secret always takes presedence of the enable password so when we are prompted for an enable password it will be MikeNet. Now we can look at the running configuration and see how these two passwords are stored differently in the router config.
RouterMike>enable Password: RouterMike#sho run Building configuration... Current configuration : 625 bytes ...(i am cutting out unnessecary configs for space) hostname RouterMike ! enable secret 5 $1$u76B$IOFVJ7VxfVXYVpGDrFTcI0 enable password mike ...(more config cut out) ! end RouterMike#
This time it asked me for a password when I attempted to access the priviledge EXEC mode or the enable mode. Notice the enable password is in plain text, if you backed up this config to a TFTP server or anywhere else and someone was able to view it they would now know your enable password. But since we configured the enable secret it is encrypted so even if someone did get a hold of the configuration they still wouldn’t be able to obtain your enable password. So far everything is going great, we have named the router saved changes we have made so that if the router get rebooted we don’t lose all of our work. But so far we can only access the router through the console cable, for security reasons this is not a bad option to have because it would mean that someone would have to have physical access to your router to make configuration changes to it. But from a management point of view your router could be on a completly different floor, different building, or even miles away from you and we don’t want to have to drive or walk all the way to the router so we will turn on the VTY (telnet) ports and add security to them as well as the AUX (dial in) port.
We have worked with global configuration mode, RouterMike(config)#, that is where the changes we make affect the entire router. Well now we just want to change a specific item on the router, in this example we want to setup telnet sessions to be allowed on the router. So we are going to go into what is called line configuration mode to do the setup.
RouterMike#conf t Enter configuration commands, one per line. End with CNTL/Z RouterMike(config)#line vty 0 4 RouterMike(config-line)#password mike RouterMike(config-line)#login RouterMike(config-line)#exit Routermike(config)#exit RouterMike#wr mem Building configuration... [OK] RouterMike#
Lets go through this configuration line by line to make sure we cover everything. First I obviously want to get into configuration mode so I use the conf t command. This router can allow up to 5 telnet sessions at a single time so we want to configure all of them at the same time the same way so we enter line configuration mode using line vty 0 4. The 0 4 in the command specifies that we want to modify all of the possible telnet sessions allowed. The next command is pretty self explanitory in that we simply create a password to be used when loging in through a telnet sessions. The last command “login” simply tells the router to ask for the password when someone attempts to login to the router via a telnet session. That is all we have to do to configure a telnet session on this router. Of course we have to configure an IP on the router before we can actaully telnet to it but we will cover that next.
This particular model router has 2 Fast Ethernet ports on the back of it which you can use to attach other routers, switches, or computers. To keep things simple we will just connect a computer to FastEthernet0/0 directly on the router so that we will be able to test the telnet capability. Now that we have a computer attached to the router we will have to create a network by assigning an IP address to the computer and an IP address to the FastEthernet0/0 port. For this exercise we will be using the network 192.168.12.0 and a subnet mask of 255.255.255.0. We will give the router FastEthernet0/0 an ip address of 192.168.12.1 and then we can assign the computer connected to it any ip address within that network, for this exercise I will give the computer the address of 192.168.12.50. So lets configure the router:
RouterMike#conf t Enter configuration commands, one per line. End with CNTL/Z RouterMike(config)#int f0/0 RouterMike(config-if)#ip address 192.168.12.1 255.255.255.0 RouterMike(config-if)#no shutdown 13:51:30 %LINK-3-UPDOWN: Interface Fastethernet0/0, changed state to up 13:51:30 %LINKPROTO-5-UPDOWN: Line protocol on Interface Fastethernet0/0, changed RouterMike(config-if)#exit RouterMike(config)#exit RouterMike#wr mem Building configuration... [OK] RouterMike#
Simply using the IP command once I am in interface configuration mode I can assign an IP address to the interface and create a network. I assigned interface Fastethernet0/0 an ip address of 192.168.12.1 with a subnet mask of 255.255.255.0 and then I followed that be the no shutdown command. By default ports on a router are shut down for security reasons, so even if you configured everything properly you still cannot pass traffic accross the port if it is still in shutdown mode. Now I will configure my computer with an ip address of 192.168.12.50 and a subnet mask of 255.255.255.0 which I assume you know how to do. Once that is done we can test connectivity between the router and the computer. We will now be looking at the command prompt from the computer. First lets attempt to ping the router and make sure that we have data moving between the router and the computer.
Microsoft Windows 2000 [Version 5.00.2195] (c) Copyright 1985-1999 Microsoft Corp. C:\>ping 192.168.12.1 Pinging 192.168.12.1 with 32 bytes of data: Reply from 192.168.12.1 ;bytes=32 time=22.ms TTL=254 Reply from 192.168.12.1 ;bytes=32 time=22.ms TTL=254 Reply from 192.168.12.1 ;bytes=32 time=22.ms TTL=254 Reply from 192.168.12.1 ;bytes=32 time=22.ms TTL=254 Ping Statistics for 192.168.12.1: Packets Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 22ms, Maximum = 23ms, Average = 22ms C:\>
OK Sweet, so we have data moving between the two devices, this is definatly a good thing. Now lets see if all of our hard work and configuration paid off by being able to telnet to the router.
Microsoft Windows 2000 [Version 5.00.2195] (c) Copyright 1985-1999 Microsoft Corp. C:\>telnet 192.168.12.1 Connecting To 192.168.12.1 ... User Access Verification Password: RouterMike>en Password: RouterMike#
All of our hard work and configuration did pay off and we can now access the router via telnet from a computer without having to be physically at the router. The first password that we were prompted for was the VTY 0 4 password we entered in, remember that one we used mike as the password. The second password we were prompted for was the enable password which we configured earlier in this article.
Congradulations! You have just gone through how to setup a router for basic communication and remote administration. This is where I think I will stop with this article but this is only the beginning of router configurations. Please check out my other articles on Cisco router and switch configurations.
If this topic really interests you please check out the following links for Cisco simulators and information.
Cisco Website
CCNA Simulator
TechExams.Net
SemSim.com
CertExams.com
RouterSim.com
Thanks for reading.
Mike walton