Step by Step Network Configurations: 2008

Tuesday, April 1, 2008

Configuring Syslog

Router(config)#logging on	Enables logging to all supported destinations
Router(config)#logging 10.10.10.1	Logging messages will be sent to a syslog server host at address 10.10.10.1
Router(config)#logging admin	Logging messages will be sent to a syslog server host named admin
Router(config)#logging trap x	Sets the syslog server logging level to value x, where x is a number between 0 and 7 or a word defining the level. The table that follows provides more details
Router(config)#service timestamps log datetime	Syslog messages will now have a timestamp included

There are eight levels of severity in logging messages, as follows:

	Emergencies	System is unusable
1	Alerts	Immediate action needed
2	Critical	Critical conditions
3	Errors	Error conditions
4	Warnings	Warning conditions
5	Notifications	Normal but significant conditions
6	Informational	Informational messages (default level)
7	Debugging	Debugging messages

Setting a level means you will get that level and everything below it. Level 6 means you will receive level 6 and 7 messages. Level 4 means you will get levels 4 through 7.

Configuring SNMP

Router(config)#snmp-server community polduh ro	Sets a read-only (ro) community string called academy
Router(config)#snmp-server community polduh rw	Sets a read-write (rw) community string called academy
Router(config)#snmp-server location room1	Defines an SNMP string that describes the physical location of the SNMP server
Router(config)#snmp-server contact polduh 123 1456	Defines an SNMP string that describes the sysContact information

Monday, March 24, 2008

Show Commands

Router#show ?	Lists all show commands available
Router#show interfaces	Displays statistics for all interfaces
Router#show interface serial 0	Displays statistics for a specific interface, in this case Serial 0
Router#show ip interface brief	Displays a summary of all interfaces, including status and IP address assigned
Router#show controllers serial 0	Displays statistics for interface hardware. Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached
Router#show clock	Displays time set on device
Router#show hosts	Displays local host-to-IP address cache. These are the names and addresses of hosts on the network to which you can connect
Router#show users	Displays all users connected to device
Router#show history	Displays history of commands used at this edit level
Router#show flash	Displays info about Flash memory
Router#show version	Displays info about loaded software version
Router#show arp	Displays the ARP table
Router#show protocols	Displays status of configured Layer 3 protocols
Router#show startup-config	Displays configuration saved in NVRAM
Router#show running-config	Displays configuration currently running in RAM

Tuesday, March 18, 2008

Configuring SSH on Cisco Router

This configuration is based on router with 3600 Software (C3640-JK9O3S-M), Version 12.2(6a) but it may applies to Cisco IOS 12.1(3)T and later.

Configure hostname to your router.
Router(config)# hostname hostname

Configure domain name
Router(config)#ip domain-name domainname

To automatically enables SSH, generate RSA key pair.
Router(config)# crypto key generate rsa

Type the size of key modulus in the range of 360 to 2048.
Typing 512 may takes few minutes.
How many bits in the modulus [512]: 768
% Generating 768 bit RSA keys ...[OK]
Router(config)#
*Mar 16 01:20:15.440: %SSH-5-ENABLED: SSH 1.5 has been enabled

You can change ssh setting if you wish.
Time-out should not exceed 120s which is the default. 
Authentication retries should not exceed 5,default is 3.

Router(config)# ip ssh {[timeout seconds] |[authentication-retries integer]}

Verifying SSH
Router# show ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 5
Router# show ssh
%No SSH server connections running.

Monday, March 17, 2008

Troubleshooting VLANs

Displays the complete VLAN database
Switch#show vlan

Displays a summary of the VLAN database
Switch#show vlan brief

Displays a summary of each interface, including speed and duplex settings
Switch#show interfaces

Displays information about VLAN packets a router has received but is not capable of supporting
Switch#debug sw-vlan packets

Deleting VLAN Configuration

1900 Series Switch
1900Switch#delete vtp
or
1900Switch(config)#int fa 0/2
1900Switch(config-if)#no vlan static 2
1900Switch(config-if)#exit
1900Switch(config)#no vlan 2 name Sales
1900Switch(config)#

2900/2950 Series Switch
2900Switch#delete flash:vlan.dat
Delete filename [ ]? vlan.dat
Delete flash:vlan.dat? [confirm]
2900Switch#
or
2900Switch#config t
2900Switch(config)#int fa 0/3
2900Switch(config-if)#no switchport access vlan 3
2900Switch(config-if)#exit
2900Switch(config)#exit
2900Switch#vlan database
2900(vlan)#no vlan 3
2900(vlan)#exit

Tuesday, March 4, 2008

Setting Web-Based Interface for Configuration

For 1900 and 2900/2950 Series Switches

Turns on HTTP service
Switch(config)#ip http server

Set Port for http
Switch(config)#ip http port 80

Monday, March 3, 2008

VLAN Configurations for 2900/2950 Series Switch

2900 Series Switch

Enters VLAN database mode
2900#vlan database

Creates VLAN 2 and names it Sales
2900(vlan)#vlan 2 name Sales

Creates VLAN 3 and names it HR
2900(vlan)#vlan 3 name HR

2900(vlan)#exit

2950 Series Switch

2950Switch#config t

Creates VLAN 10 and enters VLAN config mode for further definitions
2950Switch(config)#vlan 10

Assigns a name to a VLAN
2950(config-vlan)#name Sales
2950(config-vlan)#exit

Creates VLAN 20 and enters VLAN config mode for further definitions
2950Switch(config)#vlan 20

Assigns a name to a VLAN
2950(config-vlan)#name HR
2950(config-vlan)#exit

Assigning ports to VLAN 2900/2950
2900Switch#config t
2900Switch(config)#int fa0/2
2900Switch(config-if)#switchport mode access
2900Switch(config-if)#switchport access vlan 2
2900Switch(config-if)#int fa0/3
2900Switch(config-if)#switchport mode access
2900Switch(config-if)#switchport access vlan 3
2900Switch(config-if)#exit

VLAN Configurations for 1900 Series Switch

Creating Static VLAN

1900#config t
Make VLAN 2 and name it Sales
1900(config)#vlan 2 name Sales

Make VLAN 2 and name it HR
1900(config)#vlan 3 name HR

Assigning Ports to VLAN
1900#config t
1900(config)#int Fa0/2
1900(config-if)#vlan static 2
1900(config-if)#int fa0/3
1900(config-if)#vlan static 3
1900(config-if)#exit

Tuesday, February 26, 2008

Showing the Routing Table

Shows the entire routing table

Router#show ip route

Shows table about a specific protocol (Ex:RIP,IGRP,OSPF etc)

Router#show ip route

Shows info about route w.x.y.z

Router#show ip route w.x.y.z

Shows table of connected routes

Router#show ip route connected

Shows table of static routes

Router#show ip route static

Shows summary of all routes

Router#show ip route summary

Thursday, February 21, 2008

The Ping Command

Checks for layer 3 connectivity with machine .

Router#ping ipaddress

or more Options
Router#ping

Possible ping output

!- Successful receipt of a reply

. -Time out

U-Destination unreachable

Q-destination too busy

M- Could not fragment

?-Unknown packet type

&-Packet lifetime exceeded

Example

Ping through IP address
Router#ping 192.168.0.1

Ping through IP host name
Router#ping remote

Extended Ping mode

Router#ping 192.168.0.1

Protocol [ip]:

Target IP address: 192.168.0.1

Repeat count [5]:100

Datagram size [100]:

Timeout in Seconds [2]:

Extended commands [n]: yes

Source address or interface: 10.0.10.1

Type of Service [0]

Set DF bit in IP header [no]

Validate reply data? [no]

Data Pattern [0xABCD]

Loose, Strict, Record, Timestamp,
Verbose[none]:

Sweep range of sizes [no]:

Type escape sequence to abort Sending 100, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100) round- trip min/avg/max = 1/1/4 ms

Wednesday, February 20, 2008

Configuring NAT: Many Private to 1 Public Address Translation

Configure static route on the remote router stating where public addresses should be routed.
Router(config)#ip route 203.189.xx.0 255.255.255.255.248 s0/0

Define a pool of usable public IP addresses on your router that will perform NAT (optional).
local(config)#ip nat pool NAT 203.189.xx.2 203.189.xx.2 netmask 255.255.255.248
NAT-Name of of pool(Any name will do)
203.189.xx.2-Start of pool
203.189.xx.2-End of pool
255.255.255.248-Subnet Mask

Configure an ACL that will identify which private IP addresses to be translated
local(config)#access-list 99 permit 10.10.10.0 0.0.0.255

Option 1: Link the ACL to the outside public interface.
local(config)#ip nat inside source list 1 interface serial 0/0 overload

Option 2: Link the ACL to the pool of addresses. if you using the created pool
local(config)#ip nat inside source list 99 pool NAT overload

Define which interfaces are inside (Private Addresses)
local(config)#int fa 0/0
local(config-if)#ip nat inside

Define the outside interface (Public Address)
local(config)#int s 0/0
local(config-if)#ip nat outside

Tuesday, February 19, 2008

Dynamic NAT:1 is to 1 Public to Private translation

Configure static route on the remote router stating where public addresses should be routed.
Remote>ena
Remote#
Remote(config)#ip route 203.189.XX.1 255.255.255.255.128 s1/0

Define a pool of usable public IP addresses on your router that will perform NAT.

local(config)#ip nat pool NAT 203.189.XX.2 203.18.XX.125 netmask 255.255.255.128

Name of pool is NAT (Any name will do)
Start of pool is 203.189.XX.2
End of pool is 203.189.XX.125
Subnet mask is 255.255.255.128

Create an ACL that will identify which private IP addresses will be translated.
local(config)#access-list 99 permit 192.168.0.10 0.0.0.255

Link the (ACL) to the pool of addresses.
local(config)#ip nat inside source list 99 pool NAT

ACL 99:Source of Of the Private Addresses
NAT:Named of pool of avialable public address

Define which interfaces are inside (Private Network)

local(config)#int fa 1/0
local(config-if)#ip nat inside

Define the outside interface (Public Network)

local(config)#int s 1/0
local(config-if)#ip nat outside

Copying IOS to TFTP

For 2950 Switch

Switch#copy flash tftp
Source filename [ ]? c2950-c3h2s-mz.120-5.2.WC.1.bin

Address of TFTP server

Destination IP address or hostname [ ] 192.168.0.1

Destination filename [c2950-c3h2s-mz.120-5.2.WC.1.bin]?

Each bang symbol (!) = 1 datagram sent
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

1885921 bytes copied in 30.602 secs

Switch#

For 2900 Switch

Switch#copy flash:c2900XL-hs-mz-112.8.9-SA6.bin tftp

Source filename [c2900XL-hs-mz-112.8.9-SA6.bin]?

Destination IP address or hostname [ ] 192.168.0.1

Destination filename [c2900XL-hs-mz-112.8.9-SA6.bin]?

Each bang symbol (!) = 1 datagram sent

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

2119104 bytes copied in 20.03 secs

Switch#

Monday, February 18, 2008

Backing Up and Restoring/Upgrading IOS

Backing UP IOS to TFTP
Router#copy flash tftp

Name of IOS image

Source filename [ ]? c2900-js-l_122-2.bin

IP address of TFTP server

 Address or name of remote host [ ]? 192.168.0.1

Destination filename is the same as the source filename
 Destination filename [c2900-js-l_122-2.bin]?

 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 8500019 bytes copied in 301.23 seconds
Router#
Restoring/Upgrading IOS from TFTP

Denver#copy tftp flash

Address or name of remote host [ ]? 192.168.0.1
Source filename [ ]? c2900-js-l_122-2.bin
Destination filename [c200-js-l_122-2.bin]?

Accessing tftp://192.168.0.1 /c2900-js-l_122-2.bin

If Flash memory is full, must erase it first

Erase flash: before copying? [confirm]

Erasing the flash file system will remove all files
Continue? [confirm]

Each e represents data being erased

Erasing device eeeeeeeeeeeeeeeeee...erased

Loading c2900-js-l_122-2.bin from 192.168.0.1

Each bang symbol (!) = 1 datagram of data

(via) FastEthernet 1/0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Verifying Check sum .................. OK

[OK Bytes]8500019
8500019 bytes copied in 300.1 secs
Router#

Thursday, February 14, 2008

Backing Up and Restoring Configuration

Backing Up Configuration

Save running-config to NVRAM
Router>ena
Router#copy run start

Copy running-config to remote TFTP server

Router#copy run tftp

IP address of TFTP server
Address or name of remote host[ ]?192.168.0.1 IP address of TFTP server

Name to use for file saved on TFTP server
Destination Filename [Backup-confg]?

Each bang symbol (!) = 1 datagram of data

!!!!!!!!!!!!!!!!!

512 bytes copied in 6.1 secs

File has been transferred successfully

Router#

Restoring Configuration

Copy configuration file from TFTP server to DRAM

Router#copy tftp run

IP address of TFTP server

Address or name of remote host[ ]?192.168.0.1

Enter the name of the file you want to retrieve

Source filename [ ]?Backup-config
Destination filename [running-config]?

Accessing tftp://192.168.119.20/Denver-confg...
Loading Backup-config from 192.168.0.1
(via Fast Ethernet 1/0):

!!!!!!!!!!!!!!!!
[OK-512 bytes]
512 bytes copied in 6.3 secs

File has been transferred successfully

Denver#

Note:

You can also use the above sequence for a "copy tftp start" command sequence.

Router Boot System Commands

On this configuration, the Router will Look for the IOS on this sequence,Flash,TFTP,ROM.

Loads IOS with image-name from Flash

Router(config)#boot system flash image-name

Loads IOS with image-name from a TFTP server

Router(config)#boot system tftp image-name 192.168.1.1

Loads IOS from ROM

Router(config)#boot system rom

Router(config)#exit

Saves running-configuration to NVRAM.

Router#copy run start

Wednesday, February 13, 2008

Basic Router Configuration

This Configuration mainly focused on IOS 3600 software version 12.2 but it may applies to other version.

Router>enable
Router#config t

Changing Hostname
Router(config)#hostname RouterA

Setting System Clock
RouterA# clock set 12:30:00 10 Dec 2000

Setting the Banner
RouterA(config)# banner motd #Welcome#

Setting Privileged Access Password
RouterA(config)#enable password mypassword
or

With username
RouterA(config)#username user1 password mypassword

RouterA(config)#enable secret mypassword2

Console Password
RouterA(config)# line console 0
RouterA(config-line)# password mypassword

VTY Lines Password
Router(config)# line vty 0 4
Router(config-line)# password mypassword
Router(config-line)# login local (If you use username ing ptivileged access password)
or
(Optional) with Telnet Access List

RouterA(config)# access-list 99 permit 192.168.1.0 0.0.0.255
RouterA(config)# line vty 0 4
RouterA(config-line)# password mypassword
RouterA(config-line)# access-class 99 in
Router(config-line)# login local (If you use username in ptivileged access password)

Setting the Description for an Interface

RouterA(config)# interface serial 0
RouterA(config-if)# description To Mynetwork

Assigning IP Address for an Interface
RouterA(config)# interface serial 0
RouterA(config-if)# ip address 192.168.0.1 255.255.255.0
RouterA(config-if)no shut

Tuesday, February 12, 2008

DHCP Configuration for Cisco router

router>ena
router#config t
router(config)#ip dhcp pool name
router(config)#network 192.168.10.0 255.255.255.240
router(config)#dns-server 10.189.10.1
router(config)#default-router 192.168.10.1
router(config)#lease infinite
router(config)#ip dhcp excluded-address 192.168.10.1
router(config)#service dhcp