Scribd
Upload
18 views

2 - Cisco Router and Switch

Uploaded by

ipcrafteret
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views

2 - Cisco Router and Switch

Uploaded by

ipcrafteret
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

CISCO Router and Switch

Booting Up a Router or a Switch


Step 1: POST Test and Starting Bootstrap
When the router/switch is powered on, the first step is to
initialize POST and Bootstrap. First, POST will start and
test the device hardware. If it does not find any errors, it
will load Bootstrap.

Step 2: Locating and Installing IOS


In this step, the Cisco Router/Switch runs Bootstrap and
searches for the location of the IOS, finds it, and installs
it on RAM. By default, the router installs the IOS
software from its own Flash Memory.
Step 3: Finding and Running the Startup Configuration File

After the second step, after the IOS software is installed,


the Router/Switch looks for an initial configuration file on
Bootstrap, NVRAM. If it cannot find such a file, it enters
setup mode to create a new startup file.

If the boot loader finds the initial configuration file, it


copies it directly to RAM.
What is a startup config file?

The Startup-Config file is a config file that stores on RAM


(NVRAM). Even if the Cisco router turned off, the initial
configuration file is not deleted from NVRAM.
# show startup-config
What is a Running-Config File?
When the router/switch is started for the first time, the
startup-config file is loaded because there is no configuration.
However, when you save all the configurations you have made
after configuring the router/switch, these settings are saved in
the running-config file.
When you turn the router/switch off and on, the running-config
file will now be loaded to NVRAM.
# show running-config

Saving Settings/Configurations on the Router/Switch


# copy running-config startup-config
What Information Does the Show Version Command
Show?
1. IOS Version
2. Boot Version
3. IOS File
4. CPU and Model
5. RAM Size
6. Interface Number and Types
7. NVRAM Size
8. Flash Size
9. Configuration Record
Basic Configuration of Router and
Switches
Modes of router/switch
The user execution mode:
router>
Privilege execution mode:
router#
Configuration mode:
router(config)#
Interface mode:
router(config-if)#
ROMMON mode:
Hostname

It is easier to manage and troubleshoot your network when you give the
devices a meaningful name.
Command:
Router> enable
Router# configure terminal
Router(config)# hostname Management
Management(config)#
Clock

Setting the correct date and time is a requirement for some advanced
configuration and it helps when troubleshooting the device.
Command:
Management# clock set 14:30:00 August 15 2023
Banner

Messages displayed to users who connect to the routers


Command:
Management(config)# banner motd $Attention!
We will be having scheduled system maintenance on this device.$
Securing access to the device

IOS provides two basic mechanisms for access restriction – line


passwords and enable password/secret.
The enable password or secret can be configured using the following
command in the global configuration mode:
Management(config)# enable secret Pa$$w0rd
Management(config)# enable password $ecured
There are four things that you should remember about the
enable password and secret:
1. Enable secret is encrypted before being stored in the config while the
enable password is stored as plain text. So anyone viewing the config
will know the enable password.
2. If enable secret and enable password both are configured, the secret will
be used always.
3. Enable secret and password cannot have the same value.
4. When using telnet or ssh to connect to the IOS, you cannot enter the
enable mode if an enable secret or password has not been configured.
Configure Console and VTY Passwords

The Console Port


Management(config)# line con 0

Management(config)# exec-timeout 30 0

Management(config-line)# password letmein

Management(config-line)# login

Management(config-line)# end

Management# show running-config


Configure Console and VTY Passwords

Virtual Terminals (VTYs):


Management(config)# line vty 0 4

Management(config-line)# password letmeinhere

Management(config-line)# exec-timeout 30 0

Management(config-line)# transport input telnet

Management(config-line)# login

Management(config-line)# end
Packet Tracer - Lab
1. Basic switch setup

A new switch just purchased from Cisco contains no default configuration. You need to configure
the switch with setup mode or from scratch using the command line interface (CLI) before
connecting it in your network environment. As a Network Administrator, it is very important to
know the basic Cisco switch configuration commands to improve the performances and the
security of the enterprise network.

Network Diagram

Lab instructions and solution


This lab will test your ability to configure basic settings such as hostname, motd banner, encrypted
passwords, and terminal options on a Cisco Catalyst 2960 switch emulated in Packet Tracer.

1. Use the local laptop connect to the switch console and configure the laptop with the right
parameters for console access to the Cisco 2960 Catalyst switch
2. Configure Switch hostname as LOCAL-SWITCH
Switch(config)#hostname LOCAL-SWITCH
3. Configure the message of the day as "Unauthorized access is forbidden"
Switch(config)#banner motd $Unauthorized access is forbidden$
4. Configure the password for privileged mode access as "cisco". The password must be md5
encrypted
Switch(config)#enable secret cisco
5. Configure password encryption on the switch using the global configuration command
Password encryption is an important setting for securing switch credentials as default behavior
is saving clear-text passwords in the running-config. Although useful to avoid naive hacking,
be advised that tools have been released to crack those passwords. Use the service password-
encryption command with additional security measures

Switch(config)#service password-encryption

6. Configure CONSOLE access with the following settings :


 Login enabled
 Password : ciscoconsole
 History size : 15 commands
 Timeout : 6'45''
 Synchronous logging

Switch(config)#line con 0
Switch(config-line)#password ciscoconsole
Switch(config-line)#logging synchronous
Switch(config-line)#login
Switch(config-line)#history size 15
Switch(config-line)#exec-timeout 6 45

7. Configure TELNET access with the following settings


 Login enabled
 Password : ciscotelnet
 History size : 15 commands
 Timeout : 8'20''
 Synchronous logging

Switch(config)#line vty 0 15
Switch(config-line)#exec-timeout 8 20
Switch(config-line)#password ciscotelnet
Switch(config-line)#logging synchronous
Switch(config-line)#login
Switch(config-line)#history size 15

8. Configure the IP address of the switch as 192.168.1.2/24 and it's default gateway IP
(192.168.1.1).
Switch(config)#interface Vlan1
Switch(config-if)#ip address 192.168.1.2 255.255.255.0
Switch(config-if)#ip default-gateway 192.168.1.1
9. Test telnet connectivity from the Remote Laptop using the telnet client.
2. Interfaces configuration

Network diagram

This lab will test your ability to configure speed, duplex, and vlan settings on the network
interfaces of a Catalyst 2960 switch using Cisco Packet Tracer.

Lab instructions and solution


1. Connect to Switch0 using console interface and configure each Switch0 fastethernet switchport
for operation.

Explicitly configuring the speed with the speed 100 IOS command of a Cisco Catalyst network
interface disable auto-negociation on this interface
2. Settings to be configured on each port are :

 Port type : access port


 Speed : 100 Mbit/s
 Duplex mode : Full Duplex
 Autonegotiation: disabled

Switch(config)#interface range FastEthernet0/1 - 4


Switch(config-if)#switchport mode access
Switch(config-if)#duplex full
Switch(config-if)#speed 100
3. PC "192.168.1.4" seems to be unable to ping other PCs in the network. Check switch
configuration.
TIP : How many broadcast domains are there in this network ?

Switch(config)#interface FastEthernet0/4
Switch(config-if)#switchport access vlan 1

4. Choose the right cable to connect :


Switch0 gigabitethernet 1/1 to Switch1 gigabitethernet 1/1
Switch1 gigabitethernet 1/2 to Switch2 gigabitethernet 1/2
5. Configure those two links as trunk lines without using trunk negotiation between switches

On every interface that has to be configured for trunk operation, configure the following
settings

Switch(config)#interface GigabitEthernet1/X
Switch(config-if)#switchport mode trunk

Verify interface operational mode using the show interface GigabitEthernet1/X switchport
command :

Name: Gig1/2
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Another useful IOS command is show interfaces trunk :

Switch#sh interfaces trunk


Port Mode Encapsulation Status Native vlan
Gig1/2 on 802.1q trunking 1

Port Vlans allowed on trunk


Gig1/2 1-1005

Port Vlans allowed and active in management domain


Gig1/2 1

Port Vlans in spanning tree forwarding state and not pruned


Gig1/2 1

You might also like