Easy & Pinpoint Cisco Routers and Switch Configurations! The Ultimate Resource

Hello! If you are one of those who browse the web to find a pinpointed and easy Cisco Configurations and no "extra" stuff, you are at the right place. Whether you are a student, a professional or a learner of Cisco Technologies, looking for a specific topic configurations, this blog is for you, to give the easiest but complete-in-its-own Cisco Routers Switch and other devices configurations. I hope you will find the stuff here, you need. Good Luck

Oct 12, 2009

Easy enabling Secure Shell (SSH) on Cisco Routers & Switches

Easy enabling Secure Shell (SSH) on Cisco Routers & Switches

As most of you know that Telnet has no security mechanisms. Telnet sends passwords in clear-text and these passwords can be easily seen using a packet sniffer like Wireshark, formerly called Ethereal (goto the post Easy capturing Telnet Password using Wireshark Packet Sniffer to view complete procedure). Instead of Telnet, you can use Secure Shell, which creates a more secure session than telnet, which uses an unencrypted data stream. You can understand SSH as an “security-enabled” version of Telnet. Secure Shell (SSH) uses encrypted keys to send data so that your username and password are not sent in the clear text.

Here are the steps to setting up SSH:

1. Set your hostname:

Router(config)#hostname R_1

2. Set the domain name (both the hostname and domain name are required for the encryption keys to be generated):

R_1(config)#ip domain-name example.com

3. Generate the encryption keys for securing the session:

R_1(config)#crypto key generate rsa general-keys

Then it will ask for number of bits to use for asynchronous encryption (using public-private keys). You can use 1024 bit keys for most router platforms. Generating 2048 bit keys will be CPU intensive. Generating keys may take few seconds to 15 minutes generate keys, depending upon your platform.

4. Set the max idle timer for a SSH session to 60 socends:

R_1(config)#ip ssh time-out 60

5. Set the max failed attempts for an SSH connection to 2:

R_1(config)#ip ssh authentication-retries 2

6. Then, goto vty lines config mode using following command, the last vty line number changes router-to-router. Use question mark to view last line-number:

R_1(config)#line vty 0 ?

R_1(config)#line vty 0 4

7. Last, configure SSH and then Telnet as access protocols:

R_1(config-line)#transport input ssh telnet

If you do not use the keyword telnet at the end of the command string, then only SSH will work on the router.

Easy capturing Telnet Password using Wireshark Packet Sniffer

Easy capturing Telnet Password using Wireshark Packet Sniffer

Wireshark is a freeware, open-source packet-sniffer and can be downloaded from www.wireshark.org/download.html (size:17 MB). Steps to capture telnet passwords using this software are mentioned below:

1. First connect to the LAN segment where passwords are sent using a Hub etc or any other medium where you are able to get telnet packets (as Hub repeats all packets on all ports, except receiving port).

2. Then open Wireshark and on top-left pane, click your interface connecting to that LAN segment (like your Fastethernet interface) and live capture will start.

3. In the Wireshark window, you will see many columns like source, destination, protocol and info etc. In ‘Protocol’ column, you will see written ‘TELNET’. Right-click on that and click ‘Follow TCP Stream’, This step will show you an output like this

...............

User Access Verification

Password: .............P..............ANSI..cisco1

Router>eenn

Password: cisco2

Router#sshhooww iipp iinntt bbrr

Interface IP-Address OK? Status Protocol

FastEthernet0/0 10.0.0.1 YES up up

FastEthernet0/1 unassigned YES up up

Router#

As you can see, it is not only showing the login and enable secret password, but also the complete session whatever the administrator is doing. In above example, cisco1 is the login password and cisco2 is enable secret password. Also, remember that this output will show some text doubled like “show ip int br” command, but it can still be easily understood.

So, afraid of using Telnet in your network. Instead of Telnet, use SSH. Refer to post Easy enabling Secure Shell (SSH) on Cisco Routers and Switches for start using SSH on your device).

Oct 4, 2009

Easy Functions of Layer-2 Switching

Functions of Layer-2 Switching

There are three distinct functions performed at OSI layer-2 (the Data-Link layer) namely Learning, Forwarding & Filtering and Loop Avoidence. These functions are explained in following sections;

1) Learning
When switch starts, the MAC address table has no entry. When a node transmits data on its wire the MAC address of the node is learned by Switch Port connected to that node. In this way all the MAC addresses are learned by respective ports and these entries remain in the cache for a specific time. If during this specific time no new frame arrives from a node MAC address entry for that node is dropped from cache.

2) Forwarding & Filtering

When a MAC address for a port is learnt, packets addressed to that MAC address are forwarded only to the port associated with it, using one of the Switching Methods (i.e Store & Forward, Cut Through & Fragment Free).

3) Loop Avoidance

Switches and Bridges use Spanning Tree Protocol (STP), specified by IEEE 802.1d, or one of its variants to prevent loops. Loops can be caused by multiple connections between switches, established for redundancy.

Easy Switching Techniques used by Cisco Switches

Switching Methods of Cisco Switches

Switching methods are the techniques used by switches to forward frames after their reception, with respect to how much of the frame has been received and error checking. There are mainly three techniques used in Cisco Switches, which are;

1) Store & Forward: In this method complete frame is received by the switch. CRC, source address and destination address are checked. This method has following features:-

• Highest latency (delay in forwarding of frame) but may vary depending upon the length of frame.

• Highest error checking.

• Lowest frame forwarding speed.

Catalyst 500 switch uses this method.

2) Cut Through: In this method forwarding starts as soon as destination address of the frame is received in header. Also known as WIRE SPEED. This method has following features:-

• Lowest latency.

• Lowest error checking.

• Highest frame forwarding speed.

3) Fragment Free (Modified Cut Through): In this method forwarding starts as soon as first 64 bytes of the frame are received as fragmentation occurs usually in first 64 bytes. This method has following features:-

• Latency approx 60 Sec.

• Sufficient error checking.

• Moderate frame forwarding speed.

Switch and Bridge Diferences and Working

Switch and Bridge

Switches and Bridges are pretty similar, both operate at the Data Link layer (just above Physical) and both can filter data so that only the appropriate segment or host receives a transmission. Both filter packets based on the physical address (AKA MAC - Media Access Control - address) of the sender/receiver although newer switches sometimes include the capabilities of a router and can forward data based on IP address (operating at the Network Layer) and are referred to as IP Switches or Multi Layer Switches.

Often the desired results could be achieved using either a switch or a bridge but *in general* bridges are used to extend the distance capabilities of the network because bridge can connect only two networks/ LANs/ hosts, means bridge has only two ports. While switch can connect more than two networks/ LANs/ Hosts because switch has more than two ports., and switches are used to primarily for their filtering capabilities to create multiple, smaller virtual LAN's out of one large LAN for easier management/administration (V-Lan's). Further details about both of them are given below;

The Switch

A switch is a layer 2 network device that forwards frames using MAC addresses in the header of frames. It improves network performance by segmenting the network and creating separate collision domains on each port so reducing competition for bandwidth.

In a switch, frame forwarding is handled by specialized hardware called "Application Specific Integrated Circuit" (ASIC). A switch dynamically builds and maintains a Content-Addressable Memory (CAM) table, holding all of the necessary MAC information for each port.

The Bridge

Bridge is a layer 2 device used to connect different network types or networks of the same type. Packets having destination address on the same network segment are dropped. Bridges use "Store and Forward" method to inspect the whole packet. As a common thought, bridge introduces 20 to 30 % latency. Generally, a bridge has only two ports and divides a collision domain into two parts.

Oct 1, 2009

Configuration of MOTD Banner on Cisco Router

Setting Up MOTD Banners on Cisco Router

A banner is more than just a little cool—one very good reason for having a banner is to give any and all who dare attempt to telnet or dial into your internetwork a little security notice.

And you can create a banner to give anyone who shows up on the router exactly the information you want them to have. Although there are many banner types like exec process creation banner,incoming terminal line banner, login banner, message of the day (MOTD) banner is the most extensively used banner.

Router(config)#banner ?
LINE                c banner-text c, where ‘c’ is a delimiting character
exec                Set EXEC process creation banner
incoming        Set incoming terminal line banner
login                Set login banner
motd               Set Message of the Day banner

Message of the day banner offers an all round performance by giving a message to every person dialing into or connecting to the router via Telnet or auxiliary port, or even through a console port. The part to understand is the delimiting character—its used to tell the router when the message is completed. You can use any character you want for it, but you can’t use the delimiting character in the message itself, that’swhy use . As seen here:

Router(config)#banner motd ?
LINE c banner-text c, where ‘c’ is a delimiting character
Router(config)#banner motd #
[Enter text message here. End with the character ‘#’.]
#
Router(config)#

For example, you can set a banner on one line as shown:

Router(config)#banner motd # Unauthorized access prohibited! It may lead to legal action. If you are not an authorized user, disconnect now. #

Easy Configuration of the System Clock on Cisco Routers & Switches

Setting the System Clock on Cisco Routers & Switches

Router’s clock is a useful tool when making advanced configurations and different routers’ clock must be exactly synchronized. The system clock runs from the moment the system starts up and keeps track of the current date and time. The system clock can be set from a number of sources, and in turn can be used to distribute to other systems. To manually set the system clock, use one of the formats of the clock set EXEC command (Remember, its not a golbal config command, although it affects the whole router).

Router# clock set hh:mm:ss day month yyyy
Router# clock set hh:mm:ss month day yyyy

In the following example, the system clock is manually set to 1:32 p.m. on May 12, 2001:

Router#clock set 09:40:00 19 Jan 2009

To view the status of current clock of Router, use following command;

Router# show clock

09:40:31.247 UTC Mon Jan 19 2009

Easy Enable Password Configuration on Cisco Routers & Switches

Easy Enable Password Configuration on Cisco Routers

The “enable password” and “enable secret passwords set password that’s used to enter privileged mode. You can use this to restrict people from changing your router or switch’s configurations, if they have connected to your device. You can set the enable passwords from global configuration mode like this:

Router(config)#enable ?
password Assign the privileged level password
secret Assign the privileged level secret

The following points describe the enable password parameters:
Password Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.
Secret Is the newer, encrypted password that overrides the enable password if it’s set. Use this method in your real-world configs, instead of “enable password” method.
Here’s an example of setting the enable passwords:

Router(config)#enable secret your-password
Router(config)#enable password your secret password

If you try to set the enable secret and enable passwords the same, the router will give you a nice, polite warning to change the second password. If you don’t have older legacy routers, don’t even bother to use the enable password.

Easy Hostname Configuration on Cisco Router

Easy configuring of Hostnames on Cisco Router

You can easily set the “name” of the router with the “hostname” command used in global configuration mode. This is only locally significant, which means that it has no bearing on how the router performs name lookups or how the router works on the internetwork and its identification in the internetwork (by the way, identification is commonly done using IP address).

Router>enable

[to enter privileged exec mode]

Router#configure terminal

[to enter global configuration mode]

Router(config)#hostname [hostname of router]

[final command to configure the hostname]

A recommended practice is to name the router something related to the location to ensure that you are configuring the correct router and also to easily identify the router when you are connected to multiple routers simultaneously, for some troubleshooting or configuring something.

BASIC COMMANDS OF CISCO IOS

BASIC IOS COMMANDS

1. Router’s initial prompt (user-exsec mode).

Router>

2. Enter Privilege Mode.

Router>enable

Router#

3. Show the active configuration in memory using following command. The currently active configuration script running on the router is referred to as the running-configuration on the cisco routers command-line interface. privileged mode is required to execute this command.

Router#show running-config

4. Flash memory is a special kind of memory on the router that contains the operating system image file(s). Unlike regular router memory, Flash memory continues to maintain the file image even after power is lost. To view the contents of flash, use command;

Router#show flash

5. The routers Command Line Interface (CLI) maintains history of last 10 commands (by default) you have entered in memory. To view the past commands still in router memory, issue;

Router#show history

6. What two commands will let you retrieve the previous command you typed?

Press the up arrow

< ctrl > P

7. What two commands will let you use the next command in the history buffer?

Press the down arrow

< ctrl > N

Also refer to help post for further terminal editing features.

8. To view the status of the current layer 3 routed protocols running on your router;

Router#show protocols

9. The command to obtain critical information, such as: router platform type, operating system revision, operating system last boot time and file location, amount of memory, number of interfaces, and configuration register is;

Router#show version

10. Issue following command to view the router’s clock;

Router#show clock

11. What command will display a cached list of hosts and all of their interfaces IP

Addresses?

Router#show hosts

12. To view a list of all users who are connected to the router;

Router#show users

13. Use following command to view detailed information about each interface.

Router#show interfaces

14. What command will show the global and interface-specific status of any layer 3 protocols?

Router#show protocols

FIRST INTERATION WITH CISCO IOS

FIRST INTERATION WITH CISCO IOS (Internetwork Operating System)

As it’s the first time you are connected to Cisco router, we are going to start with very basic stuff. (The prompts discussed in this post are shown when you are connected to router’s CLI and have rejected to enter Setup mode. If you are want to know about Cisco Router's Boot Sequence, refer to Cisco router’s startup sequence, post). Let’s go for it then;

When you connect to a new router via console cable, and the interface and other status messages have been displayed, press the "Enter" key to get started.

You are now connected to your Router at the user mode prompt (Router> prompt). This prompt is broken down into two parts, the hostname-part and the mode-part. "Router" is the Router's hostname and ">" means you are in user mode.

1. Press RETURN to get started

Router>

2. Next type the command enable to get to the privileged mode prompt.

Router>enable

Router#

3. To get back to the user mode, simply type disable. From the user mode, type disable to go back into user-exec mode. You can also type logout or exit to leave the router.

Router# disable

Router>

Router>exit

Router con0 is now available

Press RETURN to get started

4. You are now again in user-exec mode. Type the command that is used to view all the available commands at this prompt.

Router>?

3. Type the command used to enter Privilege mode.

Router>enable

Router#

4. View the available commands in Privilege mode.

Router#?

5. Type the command that will allow you to see all of the show commands.

Router#show ?

6. Type the command that will allow you to see the active or running configuration.

Router#show running-config

7. At the more prompt, hit the key that will show you the next page of information.

8. Type one of the commands that will log you out of the router.

Router#exit

Router#disable

Ways to Connect to a Cisco Router : Console, Auxialiary and Virtual Terminal Lines

Connecting to a Cisco Router

Most OSI layer-1 devices (like Hubs an Repeaters) and rare layer-2 devices come with fixed and unchangeable configuration. But advanced networking devices (obviously, like Cisco Routers and Switches) let you fine tune each and every parameter of our device and make very advanced configs. You can connect to a Cisco router to configure it, verify its configuration, and check statistics.

There are mainly three ways to connect to a Cisco Router which are using the console port, using auxilliary port and using virtual terminal lines. All these ways are discussed below.

1. Most often, the first place you would connect to is the console port. The console port is usually an RJ-45 (8-pin modular) connection located often at the back of the router—by default, there’s may or may not be a password set. The new ISR routers use cisco as the username and cisco as the password by default.

2. You can also connect to a Cisco router through an auxiliary port. An auxiliary port allows you to configure modem commands so that a modem can be connected to the router. This is a cool feature—it lets you dial up a remote router and attach to the auxiliary port if the router is down and you need to configure it using console like features. The auxiliary port can also be used same like console port (to directly connect RJ-45).

3. The third way to connect to a Cisco router is through programs like Telnet and Secure Shell etc. (In-band means configuring the router through the network, the opposite of “out-of-band.”)Telnet is a terminal emulation program that acts as though it’s a dumb terminal. You can use Telnet to connect to any active interface on a router, such as an Ethernet or serial port.

How to use Keyboard Hot Keys of Cisco IOS? The Terminal Editing

Keyboard Hot Keys

Cisco provides an easy to use and faster experience to its devices. Here is another cool feature for your support. This feature is about using IOS keyboard hot keys. This feature is useful is such situation like you have typed a wrong and lengthy IOS command but came to know this before entering, so instead of holding the Backspace key pressed until whole command is erased, you can simply press Ctrl-U to erase the whole line at once. Some of them are rarely used, while some are used very often used while configuring your Cisco device. The following table lists more of such keyboard hot keys.

Ctrl+A Moves your cursor to the beginning of the line

Ctrl+E Moves your cursor to the end of the line

Esc+B Moves back one word

Ctrl+B Moves back one character

Ctrl+F Moves forward one character

Esc+F Moves forward one word

Ctrl+D Deletes a single character

Backspace Deletes a single character

Ctrl+R Redisplays a line

Ctrl+U Erases a line

Ctrl+W Erases a word

Ctrl+Z Ends Configuration mode and returns to EXEC

Tab Finishes typing a command for you

How to use Easy Help Features on Cisco Routers and Switches?

Cisco routers and switches provide you an easy way to help you while configuring your router by showing you all possible commands supported at that specific mode. So you do not have to remenber all the lengthy commands as this feature takes you to a simple chose-the-right-answer position. All these ways ara similarly applicable irrespective of router’s mode. There are three great places of using Cisco IOS’s help features, which are listed below:

1) To list all commands available for a particular command mode, enter a question mark (?) at that prompt. Like

Router #?

access-enable Create a temporary Access-List entry

access-profile Apply user-profile to interface

calendar Manage the hardware calendar

…… (a long list of supported commandss)

2) To obtain a list of commands that begin with a particular character string, enter the abbreviated command entry immediately followed by a question mark (?). This form of help is called word help, because it lists only the keywords or arguments that begin with the abbreviation you entered. e.g.

Router# co?
configure connect copy

3) To list a command's associated keywords or arguments, enter a question mark (?) in place of a keyword or argument on the command line. This form of help is called command syntax help, because it lists the keywords or arguments that apply based on the command, keywords, and arguments you have already entered. e.g.

Router# cofigure ?

memory Configure from NV memory

network Configure from a TFTP network host

overwrite-network Overwrite NV memory from TFTP host

terminal Configure from the terminal

Another great feature: If you enter an incorrect command, the caret symbol (^) and help response indicate the error. Notice that the caret symbol character is displayed at the point in the command string where the IOS detected that you entered an incorrect command, keyword, or argument.
This error location facility together with the interactive help system allows you to find and correct syntax errors easily.

Easy Cisco Router Boot Sequence

The Cisco Router Boot Sequence

When a router boots up, it performs a series of steps, called the Boot Sequence, to test the hardware and load the necessary software and files. The boot sequence consists of the following steps:

1. The router performs a POST. The POST tests the hardware to verify that all components of the device are operational and present. For example, the POST checks for the different interfaces on the router. The POST is stored in and run from ROM (read-only memory).

2. The bootstrap looks for and loads the Cisco IOS software. The Bootstrap is a program in ROM that is used to execute programs. The bootstrap program is responsible for finding where each IOS program is located and then loading the file. By default, the IOS software is loaded from flash memory in all Cisco routers. It can also be loaded from other locations like a TFTP server or router’s ROM (the “mini IOS”).

3. The IOS software looks for a valid configuration file stored in NVRAM. This file is called startup-config and is only there if an administrator copies the running-config file into NVRAM, a brand new router will not have such file.

4. If a startup-config file is in NVRAM, the router will load and run this file. The router is now operational. If a startup-config file is not in NVRAM, the router will start the setup-mode configuration upon bootup.