10.1. Introduction
10.0.1. Why should I take this module?
Welcome to Basic Router Configuration!
Have you ever run a relay? The first person runs the first leg of the race and hands off the baton to the next runner, who continues forward in the second leg of the race and hands off the baton to the third runner, and on it goes. Routing packets is very similar to a relay. But if the first runner does not know where to find the second runner, or drops the baton in the first leg, then that relay team will most certainly lose the race.
Routing packets is very similar to a relay. As you know, routing tables are created and used by routers to forward packets from their local networks on to other networks. But a router cannot create a routing table or forward any packets until it has been configured. If you plan to become a network administrator you definitely must know how to do this. The good news? It is easy! This module has Syntax Checker activities so that you can practice your configuration commands and see the output. There are also some Packet Tracer activities to get you started. Let’s go!
10.0.2. What will I learn in this module?
Module Title: Basic Router Configuration
Module Objective: Implement initial settings on a router and end devices.
Topic Title | Topic Objective |
---|---|
Configure Initial Router Settings | Configure initial settings on an IOS Cisco router. |
Configure Interfaces | Configure two active interfaces on a Cisco IOS router. |
Configure the Default Gateway | Configure devices to use the default gateway. |
10.1. Configure Initial Router Settings
10.1.1. Basic Router Configuration Steps
The following tasks should be completed when configuring initial settings on a router.
1. Configure the device name.
Router(config)# hostname
2. Secure privileged EXEC mode.
Router(config)# enable secret password
3. Secure user EXEC mode.
Router(config)# line console 0 Router(config-line)# password password Router(config-line)# login
4. Secure remote Telnet / SSH access.
Router(config-line)# line vty 0 4 Router(config-line)# password password Router(config-line)# login Router(config-line)# transport input {ssh | telnet}
5. Secure all passwords in the config file.
Router(config-line)# exit Router(config)# service password-encryption
6. Provide legal notification.
Router(config)# banner motd delimiter message delimiter
7. Save the configuration.
Router(config)# end Router# copy running-config startup-config
10.1.2. Basic Router Configuration Example
In this example, router R1 in the topology diagram will be configured with initial settings.
To configure the device name for R1, use the following commands.
Router> enable Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# hostname R1 R1(config)#
Note: Notice how the router prompt now displays the router hostname.
All router access should be secured. Privileged EXEC mode provides the user with complete access to the device and its configuration. Therefore, it is the most important mode to secure.
The following commands secure privileged EXEC mode and user EXEC mode, enable Telnet and SSH remote access, and encrypt all plaintext (i.e., user EXEC and VTY line) passwords.
R1(config)# enable secret class R1(config)# R1(config)# line console 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# transport input ssh telnet R1(config-line)# exit R1(config)# R1(config)# service password-encryption R1(config)#
The legal notification warns users that the device should only be accessed by permitted users. Legal notification is configured as follows.
R1(config)# banner motd # Enter TEXT message. End with a new line and the # *********************************************** WARNING: Unauthorized access is prohibited! *********************************************** # R1(config)#
If the previous commands were configured and the router accidently lost power, all configured commands would be lost. For this reason, it is important to save the configuration when changes are implemented. The following command saves the configuration to NVRAM.
R1# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] R1#
10.1.3. Syntax Checker – Configure Initial Router Settings
Use this syntax checker to practice configuring the initial settings on a router.
- Configure the device name.
- Secure the privileged EXEC mode.
- Secure and enable remote SSH and Telnet access.
- Secure all plaintext passwords.
- Provide legal notification.
Enter global configuration mode to configure the name of the router as “R1”. Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 Configure 'class' as the secret password. R1(config)#enable secret class Configure 'cisco' as the console line password, require users to login, and return to global configuration mode. R1(config)#line console 0 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#exit For vty line 0 through 4, configure 'cisco' as the password, require users to login, enable SSH and Telnet access, and return to global configuration mode. R1(config)#line vty 0 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#transport input ssh telnet R1(config-line)#exit Encrypt all clear text passwords. R1(config)#service password-encryption Enter the banner 'Authorized Access Only!' and use # as the delimiting character. R1(config)#banner motd #Authorized Access Only!# Exit global configuration mode. R1(config)#exit R1# You have successfully configured the initial settings on router R1.
10.1.4. Packet Tracer – Configure Initial Router Settings
In this activity, you will perform basic router configurations. You will secure access to the CLI and console port using encrypted and plaintext passwords. You will also configure messages for users logging into the router. These banners also warn unauthorized users that access is prohibited. Finally, you will verify and save your running configuration.
10.1.4 Packet Tracer – Configure Initial Router Settings
10.2. Configure Interfaces
10.2.1. Configure Router Interfaces
At this point, your routers have their basic configurations. The next step is to configure their interfaces. This is because routers are not reachable by end devices until the interfaces are configured. There are many different types of interfaces available on Cisco routers. For example, the Cisco ISR 4321 router is equipped with two Gigabit Ethernet interfaces:
- GigabitEthernet 0/0/0 (G0/0/0)
- GigabitEthernet 0/0/1 (G0/0/1)
The task to configure a router interface is very similar to a management SVI on a switch. Specifically, it includes issuing the following commands:
Router(config)# interface type-and-number Router(config-if)# description description-text Router(config-if)# ip address ipv4-address subnet-mask Router(config-if)# ipv6 address ipv6-address/prefix-length Router(config-if)# no shutdown
Note: When a router interface is enabled, information messages should be displayed confirming the enabled link.
Although the description command is not required to enable an interface, it is good practice to use it. It can be helpful in troubleshooting on production networks by providing information about the type of network connected. For example, if the interface connects to an ISP or service carrier, the description command would be helpful to enter the third-party connection and contact information.
Note: The description-text is limited to 240 characters.
Using the no shutdown command activates the interface and is similar to powering on the interface. The interface must also be connected to another device, such as a switch or a router, for the physical layer to be active.
Note: On inter-router connections where there is no Ethernet switch, both interconnecting interfaces must be configured and enabled.
10.2.2. Configure Router Interfaces Example
In this example, the directly connected interfaces of R1 in the topology diagram will be enabled.
To configure the the interfaces on R1, use the following commands.
R1> enable R1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)# interface gigabitEthernet 0/0/0 R1(config-if)# description Link to LAN R1(config-if)# ip address 192.168.10.1 255.255.255.0 R1(config-if)# ipv6 address 2001:db8:acad:10::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# *Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down *Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up *Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up R1(config)# R1(config)# R1(config)# interface gigabitEthernet 0/0/1 R1(config-if)# description Link to R2 R1(config-if)# ip address 209.165.200.225 255.255.255.252 R1(config-if)# ipv6 address 2001:db8:feed:224::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# *Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down *Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up *Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up R1(config)#
Note: Notice the informational messages informing us that G0/0/0 and G0/0/1 are enabled.
10.2.3. Verify Interface Configuration
There are several commands that can be used to verify interface configuration. The most useful of these is the show ip interface brief and show ipv6 interface brief commands, as shown in the example.
R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 192.168.10.1 YES manual up up GigabitEthernet0/0/1 209.165.200.225 YES manual up up Vlan1 unassigned YES unset administratively down down R1# show ipv6 interface brief GigabitEthernet0/0/0 [up/up] FE80::201:C9FF:FE89:4501 2001:DB8:ACAD:10::1 GigabitEthernet0/0/1 [up/up] FE80::201:C9FF:FE89:4502 2001:DB8:FEED:224::1 Vlan1 [administratively down/down] unassigned R1#
10.2.4. Configuration Verification Commands
The table summarizes the more popular show commands used to verify interface configuration.
Commands | Description |
---|---|
show ip interface brief show ipv6 interface brief |
The output displays all interfaces, their IP addresses, and their current status. The configured and connected interfaces should display a Status of “up” and Protocol of “up”. Anything else would indicate a problem with either the configuration or the cabling. |
show ip route show ipv6 route |
Displays the contents of the IP routing tables stored in RAM. |
show interfaces | Displays statistics for all interfaces on the device. However, this command will only display the IPv4 addressing information. |
show ip interfaces | Displays the IPv4 statistics for all interfaces on a router. |
show ipv6 interface | Displays the IPv6 statistics for all interfaces on a router. |
Click each tab to see the command output for each configuration verification command.
10.2.5. Syntax Checker – Configure Interfaces
Use this syntax checker to practice configuring the GigabitEthemet 0/0 interface on a router.
- Describe the link as ‘Link to LAN’.
- Configure the IPv4 address as 192.168.10.1 with the subnet mask 255.255.255.0.
- Configure the IPv6 address as 2001:db8:acad:10::1 with the /64 prefix length.
- Activate the interface.
Enter global configuration mode. R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Configure interface gigabitethernet 0/0/0. R1(config)#interface gigabitethernet 0/0/0 Describe the link as “Link to LAN”. R1(config-if)#description Link to LAN Configure the interface with IPv4 address 192.168.10.1 and subnet mask 255.255.255.0. R1(config-if)#ip address 192.168.10.1 255.255.255.0 Configure the interface with IPv6 address 2001:db8:acad:10::1 and the prefix length /64. R1(config-if)#ipv6 address 2001:db8:acad:10::1/64 Enable the interface and return to global configuration mode. R1(config-if)#no shutdown \*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down \*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up \*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed state to up R1(config-if)#exit R1# You have successfully configured the initial settings on router R1.
10.3. Configure the Default Gateway
10.3.1. Default Gateway on a Host
If your local network has only one router, it will be the gateway router and all hosts and switches on your network must be configured with this information. If your local network has multiple routers, you must select one of them to be the default gateway router. This topic explains how to configure the default gateway on hosts and switches.
For an end device to communicate over the network, it must be configured with the correct IP address information, including the default gateway address. The default gateway is only used when the host wants to send a packet to a device on another network. The default gateway address is generally the router interface address attached to the local network of the host. The IP address of the host device and the router interface address must be in the same network.
For example, assume an IPv4 network topology consisting of a router interconnecting two separate LANs. G0/0/0 is connected to network 192.168.10.0, while G0/0/1 is connected to network 192.168.11.0. Each host device is configured with the appropriate default gateway address.
In this example, if PC1 sends a packet to PC2, then the default gateway is not used. Instead, PC1 addresses the packet with the IPv4 address of PC2 and forwards the packet directly to PC2 through the switch.
What if PC1 sent a packet to PC3? PC1 would address the packet with the IPv4 address of PC3, but would forward the packet to its default gateway, which is the G0/0/0 interface of R1. The router accepts the packet and accesses its routing table to determine that G0/0/1 is the appropriate exit interface based on the destination address. R1 then forwards the packet out of the appropriate interface to reach PC3.
The same process would occur on an IPv6 network, although this is not shown in the topology. Devices would use the IPv6 address of the local router as their default gateway.
10.3.2. Default Gateway on a Switch
A switch that interconnects client computers is typically a Layer 2 device. As such, a Layer 2 switch does not require an IP address to function properly. However, an IP configuration can be configured on a switch to give an administrator remote access to the switch.
To connect to and manage a switch over a local IP network, it must have a switch virtual interface (SVI) configured. The SVI is configured with an IPv4 address and subnet mask on the local LAN. The switch must also have a default gateway address configured to remotely manage the switch from another network.
The default gateway address is typically configured on all devices that will communicate beyond their local network.
To configure an IPv4 default gateway on a switch, use the ip default-gateway ip-address global configuration command. The ip-address that is configured is the IPv4 address of the local router interface connected to the switch.
The figure shows an administrator establishing a remote connection to switch S1 on another network.
In this example, the administrator host would use its default gateway to send the packet to the G0/0/1 interface of R1. R1 would forward the packet to S1 out of its G0/0/0 interface. Because the packet source IPv4 address came from another network, S1 would require a default gateway to forward the packet to the G0/0/0 interface of R1. Therefore, S1 must be configured with a default gateway to be able to reply and establish an SSH connection with the administrative host.
Note: Packets originating from host computers connected to the switch must already have the default gateway address configured on their host computer operating systems.
A workgroup switch can also be configured with an IPv6 address on an SVI. However, the switch does not require the IPv6 address of the default gateway to be configured manually. The switch will automatically receive its default gateway from the ICMPv6 Router Advertisement message from the router.
10.3.3. Syntax Checker – Configure the Default Gateway
Use this syntax checker to practice configuring the default gateway of a Layer 2 switch.
Enter global configuration mode. S1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Configure 192.168.10.1 as the default gateway for S1. S1(config)#ip default-gateway 192.168.10.1 S1(config)# You have successfully set the default gateway on switch S1.
10.3.4. Packet Tracer – Connect a Router to a LAN
In this activity, you will use various show commands to display the current state of the router. You will then use the Addressing Table to configure router Ethernet interfaces. Finally, you will use commands to verify and test your configurations.
10.3.4 Packet Tracer – Connect a Router to a LAN
10.3.5. Packet Tracer – Troubleshoot Default Gateway Issues
For a device to communicate across multiple networks, it must be configured with an IP address, subnet mask, and a default gateway. The default gateway is used when the host wants to send a packet to a device on another network. The default gateway address is generally the router interface address attached to the local network to which the host is connected. In this activity, you will finish documenting the network. You will then verify the network documentation by testing end-to-end connectivity and troubleshooting issues. The troubleshooting method you will use consists of the following steps:
- Verify the network documentation and use tests to isolate problems.
- Determine an appropriate solution for a given problem.
- Implement the solution.
- Test to verify the problem is resolved.
- Document the solution.
10.3.5 Packet Tracer – Troubleshoot Default Gateway Issues
10.4. Module Practice and Quiz
10.4.1. Video – Network Device Differences: Part 1
Click Play in the figure to view Part 1 of a video explaining the different router and switch devices you may experience during your Packet Tracer and Lab practices.
10.4.2. Video – Network Device Differences: Part 2
Click Play in the figure to view Part 2 of a video explaining the different router and switch devices you may experience during your Packet Tracer and Lab practices.
10.4.3. Packet Tracer – Basic Device Configuration
Your network manager is impressed with your performance in your job as a LAN technician. She would like you to now demonstrate your ability to configure a router connecting two LANs. Your tasks include configuring basic settings on a router and a switch using the Cisco IOS. You will then verify your configurations, as well as configurations on existing devices by testing end-to-end connectivity.
10.4.3 Packet Tracer – Basic Device Configuration
10.4.4. Lab – Build a Switch and Router Network
In this lab, you will complete the following objectives:
- Part 1: Set up the topology and initialize devices.
- Part 2: Configure devices and verify connectivity.
- Part 3: Display device information.
You can practice these skills using the Packet Tracer or lab equipment, if available.
Packet Tracer – Physical Mode (PTPM)
10.4.4 Packet Tracer – Build a Switch and Router Network – Physical Mode
Lab Equipment
10.4.4 Lab – Build a Switch and Router Network
10.4.5. What did I learn in this module?
Configure Initial Router Settings
The following tasks should be completed when configuring initial settings on a router.
- Configure the device name.
- Secure privileged EXEC mode.
- Secure user EXEC mode.
- Secure remote Telnet / SSH access.
- Secure all passwords in the config file.
- Provide legal notification.
- Save the configuration.
Configure Interfaces
For routers to be reachable, the router interfaces must be configured. The Cisco ISR 4321 router is equipped with two Gigabit Ethernet interfaces: GigabitEthernet 0/0/0 (G0/0/0) and GigabitEthernet 0/0/1 (G0/0/1). The tasks to configure a router interface are very similar to a management SVI on a switch. Using the no shutdown command activates the interface. The interface must also be connected to another device, such as a switch or a router, for the physical layer to be active. There are several commands that can be used to verify interface configuration including the show ip interface brief and show ipv6 interface brief, the show ip route and show ipv6 route, as well as show interfaces, show ip interface and show ipv6 interface.
Configure the Default Gateway
For an end device to communicate over the network, it must be configured with the correct IP address information, including the default gateway address. The default gateway address is generally the router interface address for the router that is attached to the local network of the host. The IP address of the host device and the router interface address must be in the same network. To connect to and manage a switch over a local IP network, it must have a switch virtual interface (SVI) configured. The SVI is configured with an IPv4 address and subnet mask on the local LAN. The switch must also have a default gateway address configured to remotely manage the switch from another network. To configure an IPv4 default gateway on a switch, use the ip default-gateway ip-address global configuration command. Use the IPv4 address of the local router interface that is connected to the switch.