James' Portfolio
Cover Image

Cisco Router Configuration

Posted on 7 mins

Cisco Networking

Pre-Information:

The code below in the configuration for a Cisco 1921 with a class C Network where the router has been given the IP address 172.16.0.1. This has got a DHCP range of 100 IP address range address. There are 0 VLAN’s currently configured but the plan is to have a VLAN for the servers so that only allowed devices are able to speak with the server. We are also using a Cisco switch that is running POE for our AP device.

Current Config:

Current configuration : 1583 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 56jyXs.RSLFQFX5Ebzwqm0eXTwHAtDmINcDLgnOqA16
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
!
!
ip dhcp excluded-address 172.16.0.1 172.16.0.99
ip dhcp excluded-address 172.16.0.200 172.16.0.254
!
ip dhcp pool pool1
 network 172.16.0.0 255.255.0.0
 default-router 172.16.0.1
 dns-server 172.16.0.4 8.8.8.8
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1809C3MT
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 172.16.0.1 255.255.0.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool Internet 192.168.9.20 192.168.9.20 netmask 255.255.255.0
ip nat inside source list 100 pool Internet overload
ip route 0.0.0.0 0.0.0.0 192.168.9.1
!
access-list 100 deny   ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password telnet
 login
 transport input telnet
!
scheduler allocate 20000 1000
!
end

Commands:

Mode Control Commands

Command Description
Enable Moves a user from user exec mode into Privileged EXEC mode. Privileged exec mode is indicated by the # symbol in the command prompt.
configure terminal Logs the user into Global Configuration mode
interface fastethernet/number Enters interface configuration mode for the specified fast ethernet interface

Basic Configuration Commands List

Command Description
reload Reboots the Cisco switch or router
hostname name Sets a host name to the current Cisco network device
copy from-location to-location Copies files from one file location to another
copy running-config startup-config Replaces the startup config with the active config when the Cisco network device initializes
copy startup-config running-config Merges the startup config with the currently active config in RAM
write erase / erase startup-config Deletes the startup config
ip address ip-address mask Assigns the specified IP address and subnet mask
shutdown / no shutdown Shuts the interface down (shutdown) or brings it up (no shutdown)
ip default-gateway ip_address Sets the default gateway on the Cisco device
show running-config Displays the current configuration of the device
show startup-config Displays the saved configuration stored in the device’s NVRAM, which will be loaded when the device starts up
description string Assigns the specified description to an interface
show running-config interface interface slot/number Displays the running configuration for the specified interface
show ip interface [type number] Displays the status of a network interface as well as a detailed listing of its IP configurations and related characteristics.
ip name-server serverip-1 serverip-2 Sets the IP address of or more DNS servers that the device can use to resolve hostnames to IP addresses.

Troubleshooting Cisco Commands List

Command Description
ping {hostname system-address} [source source-address]
speed {10 100
duplex {auto full
cdp run / no cdp run Enables or disables Cisco Discovery Protocol (CDP) for the device
show mac address-table Displays the MAC address table
show cdp Shows whether CDP is enabled globally
show cdp neighbors[detail] Lists summary (or detailed) information about each neighbor connected to the device
show interfaces Displays detailed information about interface status, settings and counters
show interface status Displays the interface line status
show interfaces switchport Displays many configuration settings and current operational status, including VLAN trunking details
show interfaces trunk Lists information about the currently operational trunks and the VLANs supported by those trunks
show vlan / show vlan brief Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks
show vtp status Lists the current VLAN Trunk Protocol (VTP) status, including the current mode

Routing and VLAN Commands

Command Description
show ip route Displays the current state of the IP routing of all known routes that are either statically configured or learned dynamically through a routing protocol
ip route network-number network-mask {ip-address interface}
router rip Enables a Routing Information Protocol (RIP) routing process, which places you in router configuration mode
network ip-address Associates a network with a RIP routing process
version 2 Configures the software to receive and send only RIP version 2 packets
no auto-summary Disables automatic summarization
default-information originate Generates a default route into RIP
passive-interface interface Sets the specified interface to passive RIP mode, which means RIP routing updates are accepted by, but not sent out of, the interface
show ip rip database Displays the contents of the RIP routing database
ip nat [inside outside]
ip nat inside source {list{access-list-number access-list-name}} interface type number[overload]
ip nat inside source static local-ip global-ip Establishes a static translation between an inside local address and an inside global address
vlan Creates a VLAN and enters VLAN configuration mode for further definitions
switchport access vlan Sets the VLAN that the interface belongs to
switchport trunk encapsulation dot1q Specifies 802.1Q encapsulation on the trunk link
switchport access Configures a specific Ethernet port on a switch to operate in access mode to accommodate an end device such as a computer, server or printer. The port must then be assigned to a single VLAN.
vlan vlan-id [name vlan-name] Configures a specific VLAN name (1 to 32 characters)
switchport mode { access trunk }
switchport trunk {encapsulation { dot1q }} Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port.
encapsulation dot1q vlan-id Defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance
show spanning-tree Provides detailed information about the Spanning Tree protocol for all VLANs

DHCP Commands

Command Description
ip address dhcp Acquires an IP address on an interface via DHCP
ip dhcp pool name Used to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode
domain-name domain Specifies the domain name for a DHCP client
network network-number [mask] Configures the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server
ip dhcp excluded-address ip-address [last-ip-address] Specifies IP addresses that a DHCP server should not assign to DHCP clients
ip helper-address address Enables forwarding of UDP broadcasts, including BOOTP, received on an interface
default-router address[address2 … address8] Specifies the default routers for a DHCP client

Security Commands

Command Description
Password pass-value Lists the password that is required if the login command (with no other parameters) is configured
username name password pass-value Defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used.
enable password pass-value Defines the password required when using the enable command
enable secret pass-value Sets the password required for any user to enter enable mode
service password-encryption Directs the Cisco IOS software to encrypt the passwords, CHAP secrets and similar data saved in its configuration file
ip domain-name name Configures a DNS domain name
crypto key generate rsa Creates and stores (in a hidden location in flash memory) the keys that are required by SSH
transport input {telnet ssh}