Clever Geek Handbook

Cisco routers: configuration, models. network hardware

Cisco routers have long and rightfully gained the trust of many users. Faithfully, for many years they have been transmitting traffic to various devices between the most different types of networks. The word "cisco" today has become synonymous with concepts such as quality and reliability. Moreover, the price for a Cisco router is always kept within the acceptable range.

Characteristics of Cisco Routers and Switches

Various Cisco switch and router series are currently widely used . The series includes several models that differ in a number of characteristics. However, all of them can be conditionally divided into the following large groups:

  • Portable routers. They are designed to organize networks of small and medium-sized.

  • Devices with an ISR prefix - such Ethernet switches are characterized by a very flexible architecture. By installing various kinds of applications, you can expand their capabilities almost unlimitedly.

  • Modular devices. The capabilities of such devices can be expanded through the connection of various modules, so you can flexibly control the architecture of the equipment. Recommended for acquisition by small and medium-sized enterprises.

All presented devices operate on the reception and transmission of information packets at the third level of OSI. With their help, you can build networks of various scales and purposes. Cisco VPN tunnel devices support the following: L2TP, DMVPN, IPsec, GRE, and PPTP. Setting up a VPN on a Cisco router allows you to transfer data over an encrypted private channel.

cisco 2960

The Cisco 2960 Series Switches also have a number of models, but their common characteristics are:

  • level L2;
  • number of supported ports - 8, 24 or 48;
  • PoE power , PoE + ;
  • connection security support;
  • port speed can be different, depending on the model of the router - per 100 megabits and 1 gigabit;
  • stacking is also possible in some models, but not in others.

A feature of Cisco routers is that they are often highly specialized. They do not have in their line of universal models that could equally serve both in an apartment to form a home local network, and in an enterprise or office. Each line is responsible for something of its own and sometimes has a very narrow specialization. So when choosing a network equipment from Cisco, this point must be taken into account: even the most expensive and advanced router or router can turn out to be a useless set of cards and wires in one place and an absolutely indispensable device in another.

Cisco Equipment Directions

Equipment setup usually takes place in the following areas:

  1. Set up Wi-Fi scalable networks. It is the scaled networks that subsequently allow you to flexibly respond to all necessary changes and cost less when reorganizing the network.
  2. Work on setting up Internet telephony based on Cisco. By this we can mean the arrangement of a local network both within the same office or enterprise, and more global - combining several local networks into one at once. There are options for combining from 350 users to 30,000 in clustering.
  3. Cisco Configure Firewall and IPS. This network security setting is the most important point in debugging work, which should not be neglected in any case.
  4. Configure network monitoring tools. We recommend that you use specialized software from Cisco. Thanks to this, there will be no problems with the compatibility of software and hardware components, and the administrator will be able to receive objective information at any time regarding the operation of the network and respond in time to possible problems.
  5. Configure Cisco VPN. By this is meant the union of several local networks into one, including those spaced geographically over fairly large distances. You may also need to connect the workstations of individual employees to the shared resources of the enterprise.

cisco vpn

How to connect a router to a computer

Of course, the configuration of network equipment begins with connecting it to a computer. The router connects to the PC using a special console cable. Then the terminal emulator starts. From it and will need to enter all the commands in the future.

Many routers and routers still use the COM port to connect to the computer. However, not all modern machines have such a port. In this case, special adapters on USB-COM will help. Depending on the configuration, they can either be delivered complete with network equipment or not supplied. But it’s better to choose a model that already initially supports a USB connection method.

The port number is 9600/8-N-1. If you want to reboot the router with an empty start configuration, you need to issue the command: enable. This loads EXEC mode. To start from scratch, you need to enter the command: erase startup-config. And reboot the hardware with the command: reload. When asked by the operating system about whether to enter the settings window, you need to answer negatively.

However, all of the above can not be done if there is no need to get an empty config.

router setup

Console Command Syntax Overview on Cisco Routers and Routers

As for the equipment of Cisco, Windows does not offer a window interface familiar to many users. All commands are entered through the console terminal. And you should adhere to the following rules:

  • if you enter a question mark, then Cisco will display a complete list of available commands and operands;
  • it is recommended to reduce the name or the required keyword to the minimum limit;
  • command line editing in the terminal console is permissible, as is done on Linux or Unix systems;
  • if the operator changes his mind to execute one or another command, then he can interrupt its execution by entering the word NO from the keyboard;
  • to go to the access level from 0 (beginner) to 15 (administrator), you need to enter the command: enable access_level_number.

SSH Enable

cisco setup

The installation of the router may begin with the fact that SSH will be assigned to all connections by default. Using SSH, you can transfer any data from a remote computer through encrypted channels. To enable SSH in Cisco, you need to:

  • Enable advanced privilege mode with the enable command.
  • Indicate the exact current time.
  • To start directly configuring the system, you need to issue the command: router # configure terminal.
  • Next, specify the domain name, and this is done using the command: router (config) # ip domain name mydomain.ru.
  • The encryption key is generated by the command: router (config) # crypto key generate rsa.
  • To get a new user, you need a command in the console: router (config) # username username privilege 11 password 7 my_passwd. Here, the Cisco device is supposed to be configured with an 11th-level user, to whom absolutely all commands are not available. But you can create a fully privileged user, for this you need to specify the access level not 11, but the maximum - 15.
  • Using the commands: router (config) # aaa new-model <Enter> route (config) # line vty 0 4 the aaa protocol is launched and the configuration for terminal lines is enabled. In the case given here, from 0 to 4.
  • Using the commands: router (config-line) # transport input ssh <Enter> router (config-line) # logging synchronous is assigned as default SSH.
  • It remains only to exit all modes, and then save the changes. This is done using the following set of commands: router (config-line) #exit <Enter> router (config) # exit <Enter> router # write.

How to configure Cisco ports

To enter the configuration mode of global settings for ports in Cisco, you need to type a command of the following form:

conf t

interface fa0 / 2.

The following Cisco ports can be configured:

  • Access Port. This terminal port is output directly to the client device — modem, router, or directly to the PC, where untagged traffic will arrive. If you type switchport mode access in the console, then the selected port is switched to access mode, and all traffic will start flowing via vlan 1. But if you issue the switchport access vlan 310 command, the data will go to vlan 310.
  • Trunk port. It is recommended to use this port if there is a network device at the other end - Ethernet switches, routers, etc. To use this port, you need to specify in the console: switchport mode trunk - works on the 2950 model. But on 2960 this command is entered in a slightly different way:

switchport mode trunk

switchport trunk encapsulation dot1q.

If you want to use only some vlans, you need to enter in the console: switchport trunk alloved vlan 310, 555 - that is, vlan numbers are separated by commas;

  • Hybrid port. For Cisco ports, the configuration does not provide work with a hybrid port, however, you can assign a port as a hybrid port if you select your own nativ vlan for the trunk port. You can consider this using the syntax of the following commands in the console:

switchport mode trunk (trunk port is created)

switchport trunk alloved vlan 310,555 (ports such as vlan 310 and 555 are involved)

switchport trunk native vlan 310 (all untagged traffic is transferred to vlan 310, and the rest to 555).

cisco ports

The port configuration process was reviewed using the Cisco 2960 model as one of the most common today. However, for devices of other series, the actions will be similar.

How to reset

After the settings are reset, the configuration file is cleared, all the fine-tuning will need to be carried out again, and therefore the reset is often considered as an extreme measure.

It’s easy to carry out. To do this, just connect the router to the console with a cable and enter the command in the management console: Router # erase startup-config. And then: Reload. The router is reset, after rebooting the config will be completely clean.

reset cisco settings

It is worth noting that resetting Cisco is rarely required. However, for one reason or another, this still needs to be done. Also, do not forget to restore the register value after restoring the settings with the command: config-register 0x2102.

How to save the configuration

For any network equipment, including Cisco, configuration is not everything. It is also necessary to be able to save what was configured, that is, to save the changes made.

There are two types of preservation in routers from Cisco:

  • in the device’s RAM;
  • in non-volatile, starting memory.

The first type records all changes made in the course of the change, but when the equipment is restarted, they are lost, and the download will occur with the settings from the start memory. However, Cisco equipment is designed so that it is not possible to directly make changes to the startup config. To save all changes to read-only memory, do the following:

  1. Copy the current settings to the start with the command: #copy running-config startup-config.
  2. Copy the current settings to the FTP server with the command: #copy running-config tftp: // server_name.

Third-Party Cisco Configuration Software

For Cisco equipment, configuration can be much easier and faster if you use specialized programs for these purposes. However, it is rather a matter of taste: seasoned system administrators have firmly grown to their console interface, and there are no forces in nature to tear them away from it.

ethernet switches

For the rest, especially for beginners, you can recommend downloading some applications that can facilitate the task of setting up Cisco equipment:

  1. First of all, this is a standard Windows tool - the Hyper Terminal program. However, in the latest versions of Windows it is not supplied as standard. To install Hyper Terminal, you need to select “Install Windows Components”, then find the item “Standard and Utility Applications” and click on the “Composition” button. Next, you need to find the “Communication” item and click on “Composition” again and check the Hyper Terminal program.
  2. Putty is a freeware application for Windows and Linux, is a pretty good terminal emulator. He is preferred by many system administrators.
  3. The Cisco Device Connections Program is a specialized program for configuring and forming Cisco networks; its characteristics are impressive. Accordingly, it has full 100% compatibility with all Cisco equipment. First of all, the Cisco Device Connections Program is positioned as an application adapted for a novice user who needs to build a small network within a small enterprise or home scale.
  4. A good program - an analogue of Putty - in Linux can be considered the Minicom package.

GUI settings

Of course, assigning commands from the terminal is an activity that not every user will like. And third-party programs need to be downloaded, sometimes not for free. However, it is possible to enable the graphical interface directly in the Internet browser. To do this, you first need to install a special Java module, which can be downloaded from the official Java site. The module is called Jre. In addition, you need an SDM application - it can be installed both on the router itself and on the operating system.

Next, you need to set permissions on the browser to display pop-ups and launch active content.

As soon as the SDM starts, you will need to drive in a pre-selected IP address for port vlan1. It is also recommended that you uncheck the box next to the HTTPS parameter.

After clicking on the start button, a dialog box appears where you need to enter the password-login link. If everything is entered correctly, the working window of the SDM program launched directly in the browser will appear.

Setting up the Linksys lineup

If the user got a router from the Linksys model line, the task of setting up in a graphical environment is much easier. After connecting, it will be enough to type in the address bar of the browser: 192.168.1.1. And after that the settings window will load in graphical mode.

First you need to immediately change the password and login, which by default are issued as: admin - admin. This is done after going to the Administration tab. In the same tab, you can make a backup backup of the settings.

Next, go to Wireless - Basic Wireless Setup, in this tab set the settings to manual (Manual). The secret key is usually the serial number of the device itself.

It remains only to select the type of Internet connection used and drive the settings that the provider gives into the appropriate columns.

Subtleties of password setting

In conclusion, it is worth noting that many system administrators do not respect the security of their passwords with due respect. And it’s completely in vain, because if you confine yourself to the “password” parameter only during password creation, you can successfully merge it using snmp and compromise the security of the entire system. Therefore, it is recommended to use the “secret” parameter for the mode of working with privileges. The fact is that if you apply the “password” parameter, the password will be stored in clear text in the config file, and if you type the “secret” parameter, the password will be encrypted.

In the latter case, the command for setting the password with encryption should look something like this: Router (config) #enable secret <i> PASS </i>, where PASS is the specified password. This sets the password for working in advanced mode with privileges.

Depending on one or another model of Cisco equipment, the hardware and software configurations may vary, however, in general terms, the picture looks exactly as described above.

More articles:


All Articles