Today's lesson is an introduction to Cisco routers. Before proceeding with the study of the material, I want to congratulate everyone who watches my course, because almost a million people have watched the video lesson "Day 1" today. I thank all the users who contributed to the CCNA video course.
Today we will study three topics: the router as a physical device, a small introduction to Cisco routers, and the initial configuration of the router. This slide shows what a typical Cisco Model 1921 router looks like.
Unlike a switch, which has many ports, a typical router has only 2 ports for connection, in this case, these are Gigabit Ethernet ports GE0 / 0 and GE / 1 and a USB connector. The router also has slots for expansion modules and 2 console ports, including 1 USB port. A distinctive feature of Cisco routers is the presence of a switch - Cisco switches do not have switches. Typically, the front of the router looks like the one shown at the bottom left of the slide. On the rear panel of the router are sockets for connecting cables. In this case, the cable from the GE0/0 or GE/1 slot is connected to the switch.
The NME-X 23-ES-1GP expansion module is shown at the bottom right, which can be inserted into the router by removing the blank panels. Using these modules, you can expand the capabilities of a regular Cisco router according to your needs. As you know, Cisco products, due to their complexity and wide functionality, are quite expensive, so the user has the opportunity not to overpay for a device with more features than he needs. Having bought a simple router for 2 ports, you can buy the necessary expansion modules as the network develops. In general, Cisco devices are capable of performing many functions. Cisco didn't invent routers, but it was routers that made Cisco the company we know today. Cisco began to mass-produce routers of the highest quality, which gave this product a leading position in the network device market.
Cisco refers to itself as a software company, meaning a software company. Hardware similar to Cisco hardware can be manufactured by any manufacturer, for example, China, by purchasing the appropriate stuffing. But it's the Cisco IOS software that makes the company's devices what they really are. The company is truly proud of this operating system, which runs on all Cisco devices - both switches and routers.
Cisco's most important invention is also CEF Enhanced, or Cisco Express Forwarding. It provides very fast packet transmission, almost at the maximum speed that the technical capabilities of the network allow. This was made possible thanks to the Cisco ASIC - Application Specific Iintegrated Circuit, which makes the switch transmit packets almost at network speed.
As I said, the router is more of a software device, so routing decisions are made by the Cisco IOS operating system.
You know that there are expensive graphics cards for computer games. So, if you do not have such a card, all the cumbersome calculations, 3D animation and complex graphics processing are performed by your operating system, loading the computer processor. If you have a powerful video card installed with its own GPU processor and its own memory, the performance in games increases many times over, since a separate hardware is engaged in the graphic part.
The switch works in a similar way, because all packet switching decisions are made by a separate hardware, without loading the router, in which the software should have made these decisions. Cisco uses a half-software, half-hardware CEF technology that forces the router to make faster routing decisions. This feature is unique to Cisco routers.
We have already looked at how to perform the initial configuration of the switch parameters, and since the router is configured in a similar way, I will tell you about it very quickly. I will open the Cisco Packet Tracer program and select the 1921 router, then open an IOS console window where you can see how the operating system of this router is booting.
You can see that we have version 15.1 loaded, this is the latest version of IOS, the amount of memory is 512 MB, the CISCO 2911 platform, then the rest of the operating system parameters are located, the IOS image test, and of course, there is a license agreement and other things like that.
I will make a separate video dedicated exclusively to Cisco IOS, or just talk about the various services of this operating system. Let me just say that by the version number you can determine what features and functions a given OS has. Starting from 15.1, all IOS versions are universal, that is, depending on the license that the user purchases, he can use various system functions. For example, if you need to provide enhanced network security, you buy a security service license, if you need voice service features, you buy a voice service license, etc.
Prior to version 15.1, routers had OS with different versions - Basic, Security, Enterprise, Voice Enable, and so on. Let's say my friend's router had an Enterprise IOS version, and I had a Basic IOS version, and there was nothing stopping me from taking a friend's version and installing it on my router, because Cisco did not use the concept of OS licenses.
Starting with version 15.1, the company began to use the concept of license options, and until you have purchased the appropriate key, you cannot use any additional service of the operating system. A little later, when we look at the Cisco licensing policy, I will tell you about the different IOS versions. For now, you can ignore it and go straight to the download log.
At the end of the log, you see a description of the "hardware" on which the system was launched: processor brand, 3 gigabit interfaces, 64-bit DRAM, 256 KB of non-volatile memory. This amount of memory seems too small, but for a router that makes routing decisions, this is quite enough. This memory should not be compared with the memory of your computer, as they are completely different things.
The Cisco IOS boot log ends with the question: “Do you want to continue with the configuration dialog? Not really". If you answer "Yes", the system will guide you through a series of questions that will guide you through the initial configuration of the device.
You should not do this while studying the CCNA course, so always answer "No" to this question. Of course, you can choose the answer "Yes" and scroll through the configuration settings, but since you do not know how to perform it, it is better to choose the answer "No".
By selecting "No" and pressing RETURN, we will go to the prompts of the command line, in which you can type various commands. As in the case with the switch, at the beginning we will type the Router> enable command to switch to the privileged settings mode. Then I type config t (configure terminal) and I'm in global configuration mode.
Let's quickly run through the commands. I want to change the hostname, so I use the hostname R1 command, then the negate commands, so I first ask to show me the router interfaces with the do show ip interface brief command. We see that the Gigabit Ethernet 0/0 port is administratively down, so I use the int gigabitEthernet 0/0 and no shutdown commands. After that, the port state changes to up. If you look again at the state of the router's interfaces, you can see that now this port has the "on" status. The protocol state remains in the down position because nothing is connected to our router, and when there is no traffic, it is in a disconnected state. But as soon as traffic arrives at the router port, the protocol will change its status to up.
Next, you need to set a password on the console. To do this, I type the commands line con 0, password console, and do show run to make sure the console password has been set. Password verification will only be done after I enter the login command. Now the console port of the router is password protected.
I have already told you about password encryption. Imagine that someone got access to the current configuration of this device. Since the set password is clearly visible in it, this person can easily steal it in order to enter the router settings at any time and hack into the system.
One way to enable password encryption is to use the service password-encryption command. Since this command is used by default with the no negation command and is no service password-encryption, password encryption is not performed. Let's go into global configuration mode, type the service password-encryption command and press Enter. This command means that the system takes the text password I set and encrypts it.
Now, if you look at the current configuration using the do show run command and go to the password line, you can see that the password of the seventh type has become a random sequence of numbers. Now, if one of your colleagues can look over your shoulder and see this password, it will be very difficult for him to remember this sequence. Thus, we have created the first line of defense for an access security system.
But even if he manages to copy this password, go into the settings and try to paste it into the password line, the system will not give access to the settings, because this set of numbers is not the password itself, but its encrypted value. The correct password is the word console, and when I enter it, I will get access to the console port. Thus, even if someone copies these numbers, they will still not be able to access the device.
However, in fact, we are mistaken, because all the attacker needs is to go to a site that makes it easy to decrypt Cisco passwords of the seventh type. It is enough to enter the site page, enter the copied numbers, and you will receive a decrypted password, in our case this is the word console. Now the hacker just needs to copy this word, return to the IOS settings and paste it into the password prompt.
In this case, the simple Enable Password function does not provide the desired security. The best way to provide security is to use the enable secret cisco command. If you then look at the current configuration, you can see that the password value is now a set of various characters. In this case, the fifth type of Cisco passwords is used.
It is impossible to decrypt this type of password online, so now your device console is completely safe.
Next, you need to set a password for Telnet. To do this, I type the line vty 0 4 command, which will allow 5 people to use this router, and enter the password telnet command. Now, if someone wants to connect to the router using the Telnet protocol, he will need to enter this password - the word telnet.
Next, for the switch, we configured the Management IP address, because the switch belongs to the 2nd OSI level. However, the router is a layer 3 device, which means that each port on the router has its own IP address.
In the switch, we went to the VLAN1 settings or to the settings of any other network in which it was necessary to register an IP address. We created virtual interfaces and assigned them IP addresses. But in the case of a router, these addresses need to be assigned to physical ports, so I enter the config t and int g0 / 0 commands. Next, I use the command to assign an IP address in the same way as I did with the VLAN, that is, I enter the command ip address 10.1.1.1 255.255.255.0 and then I type no shutdown.
If you now look at the status of the ports using the do show int brief command, you can see that the address 10.1.1.1 is assigned to the Gigabit Ethernet 0/0 interface. This is how we configured the IP address.
Next, we move on to customizing the Logon Banner. Just like for the switch, I use the banner motd & command and then I can enter any text I want, for example, Welcome to NetworKing Router, underline the text with asterisks, and close it with an ampersand &.
Further, if you want to disable the port, then use the Shutdown command. The copy running-config startup-config command is used to save the settings. The running configuration can be viewed using the show running conf command, and the boot configuration can be viewed using the show startup conf command. Since we used a new device out of the box and booted with default parameters, when asked to show the boot configuration, the system responds that it does not yet exist.
After entering the copy running-config startup-config command, the system asks you to confirm that the file being overwritten is the startup-config system boot options file. After overwriting the startup configuration file, I view it with the show startup conf command and see that it now completely repeats the device's current state parameter file. Now, if I turn off the router and turn it on again, it will boot using the saved settings.
Verifying the status of the router is best done using the show int brief command, you can also use the show int command, which will show the status of all ports. If you want to take a look at the status of a particular port, you can use the show interface g0/0 command, after which the system will show the full statistics for that interface.
As I said, the most important part of a router is the routing table. You can view it using the show ip route command.
At the moment, the table is empty because no devices are connected to our router. In the next video tutorial, we will look at how a routing table is created using various protocols, how it is filled when new devices are connected using static routing or dynamic protocols. In the world of routers, the show ip route command is the most popular because all routing problems usually start with the routing table.
This concludes our video tutorial, as I talked about everything that was planned for today. Many users ask what is my interest when I record and post these video tutorials. I do this in my spare time for free. Of course, you can send me money if you want. Many sites use my video lessons and ask for money for it, but I don’t want to do this to my listeners and I promise that my lessons will never be paid.
Thank you for staying with us. Do you like our articles? Want to see more interesting content? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of entry-level servers, which was invented by us for you: (available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).
Dell R730xd 2 times cheaper? Only here in the Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - from $99! Read about
Source: habr.com