Learning All About Router

Layer 2 Switching

When Cisco discusses switching, they’re talking about layer 2 switching unless they say otherwise. Layer 2 switching is the process of using the hardware address of devices on a LAN to segment a network. Since you’ve got the basic ideas down, I’m now going to focus on the particulars of layer 2 switching and nail down how it works.

Okay, you know that switching breaks up large collision domains into smaller ones, and that a collision domain is a network segment with two or more devices sharing the same bandwidth.

A hub network is a typical example of this type of technology. But since each port on a switch is actually its own collision domain, you can make a much better Ethernet LAN network just by replacing your hubs with switches!

Switches truly have changed the way networks are designed and implemented. If a pure switched design is properly implemented, it absolutely will result in a clean, cost-effective, and resilient internetwork. In this chapter, we’ll survey and compare network design before and after switching technologies were introduced.

Routing protocols (Next Lesson, “IP Routing”) have processes for stopping network loops from occurring at the Network layer. However, if you have redundant physical links between your switches, routing protocols won’t do a thing to stop loops from occurring at the Data Link layer. That’s exactly the reason Spanning Tree Protocol

was developed—to put a stop to loops in a layer 2 switched internetwork. The essentials of this vital protocol, as well as how it works within a switched network, are also important subjects this chapter will cover thoroughly.

When frames traverse a switched network, the LAN switch type determines how a frame is forwarded to an exit port on a switch. There are three different types of LAN switch methods, and each one handles frames differently as they are forwarded through a switch. This chapter will discuss the three methods used by Cisco switches. I’ll wrap this chapter up by showing you how to provide basic configuration to the 1900 and 2950 Cisco Catalyst switches. And in the next chapter, “Virtual LANs (VLANs),” you’ll learn how to configure the switches with VLANs.

Before Layer 2 Switching

Let’s go back in time a bit and take a look at the condition of networks before switches and how switches have helped segment the corporate LAN. Before LAN switching, the typical network design looked like the network in Figure 2.1.

Figure 2.1 Before switching

The design in Figure 2.1 was called a collapsed backbone because all hosts would need to go to the corporate backbone to reach any network services—both LAN and mainframe. Going back even further, before networks like the one shown in Figure 2.1 had physical segmentation devices such as routers and hubs, there was the mainframe network. This network included the mainframe (IBM, Honeywell, Sperry, DEC, etc.), controllers, and dumb terminals that connected into the controller. Any remote sites were connected to the mainframe with bridges.

And then the PC began its rise to stardom, and the mainframe was connected to the Ethernet or to a Token Ring LAN where the servers were installed. These servers were usually O/S2 or LAN Manager because this was “pre-NT.” Each floor of a building ran either coax or twisted-pair wiring to the corporate backbone, and was then connected to a router. PCs ran an emulating software program that allowed them to connect to the mainframe services, giving those PCs the ability to access services from the mainframe and LAN simultaneously. Eventually the PC became robust enough to allow application developers to port applications more effectively than they could ever before—an advance that markedly reduced networking prices and enabled businesses to grow at a much faster rate.

When Novell became more popular in the late 1980s and early 1990s, O/S2 and LAN Manager servers were by and large replaced with NetWare servers. This made the Ethernet network even more popular, because that’s what Novell 3. x servers used to communicate with client/server software.

So that’s the story about how the network in Figure 2.1 came into being. There was only one problem—the corporate backbone grew and grew, and as it grew, network services became slower. A big reason for this was that, at the same time this huge burst in growth was taking place, LAN services needed even faster service, and the network was becoming totally saturated. Everyone was dumping the Macs and dumb terminals used for the mainframe service in favor of those slick new PCs so they could more easily connect to the corporate backbone and network services.

All this was taking place before the Internet’s momentous popularity (Al Gore was still inventing it?), so everyone in the company needed to access the corporate network’s services. Why? Because without the Internet, all network services were internal—exclusive to the company network. This created a screaming need to segment that one humongous and plodding corporate network, connected with sluggish old routers. At first, Cisco just created faster routers (no doubt about that), but more segmentation was needed, especially on the Ethernet LANs. The invention of FastEthernet was a very good and helpful thing too, but it didn’t address that network segmentation need at all.

But devices called bridges did, and they were first used in the network to break up collision domains. Bridges were sorely limited by the amount of ports and other network services they could provide, and that’s when layer 2 switches came to the rescue. These switches saved the day by breaking up collision domains on each and every port—like a bridge, and switches could provide hundreds of ports! This early, switched LAN looked like the network pictured in Figure 2.2:

Figure 2.2 The first switched LAN

Each hub was placed into a switch port, an innovation that vastly improved the network. Now, instead of each building being crammed into the same collision domain, each hub became its own separate collision domain. But there was a catch—switch ports were still very new, hence unbelievably expensive. Because of that, simply adding a switch into each floor of the building just wasn’t going to happen—at least, not yet. Thanks to whomever you choose to thank for these things, the price has dropped dramatically, so now having every one of your users plugged into a switch port is both good and feasible.

So there it is—if you’re going to create a network design and implement it, including switching services is a must. A typical contemporary network design would look something like Figure 2.3, a complete switched network design and implementation. “But I still see a router in there,” you say! Yes, it’s not a mirage—there is

a router in there. But its job has changed. Instead of performing physical segmentation, it now creates and handles logical segmentation. Those logical segments are called VLANs, and I promise I’ll explain them thoroughly— both in the duration of this chapter and in next chapter, where they’ll be given a starring role.

Figure 2.3 The typical switched network design

Switching Services

Unlike bridges that use software to create and manage a filter table, switches use application specific integrated circuits (ASICs) to build and maintain their filter tables. But it’s still okay to think of a layer 2 switch as a multiport bridge because their basic reason for being is the same: to break up collision domains.

Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Network layer header information. Instead, they look at the frame’s hardware addresses before deciding to either forward the frame or drop it.

Switches create private dedicated collision domains and provide independent bandwidth on each port, unlike a hub. Figure 2.4 shows five hosts connected to a switch—all running 10Mbps half-duplex to the server:

Unlike a hub, each host has 10Mbps dedicated communication to the server. Layer 2 switching provides the following:

• Hardware-based bridging (ASIC)
• Wire speed
• Low latency
• Low cost

What makes layer 2 switching so efficient is that no modification to the data packet takes place. The device only reads the frame encapsulating the packet, which makes the switching process considerably faster and less error-prone than routing processes are.

Figure 2.4 Switches create private domains

And if you use layer 2 switching for both workgroup connectivity and network segmentation (breaking up collision domains), you can create a flatter network design with more network segments than you can with traditional routed networks.

Plus, layer 2 switching increases bandwidth for each user because, again, each connection (interface) into the switch is its own collision domain. This feature makes it possible for you to connect multiple devices to each interface.

In the following sections, I will dive deeper into the layer 2 switching technology.

Limitations of Layer 2 Switching

Since we commonly stick layer 2 switching into the same category as bridged networks, we also tend to think it has the same hang-ups and issues that bridged networks do. Keep in mind that bridges are good and helpful things if we design the network correctly, keeping their features as well as their limitations in mind. And to design well with bridges, the two most important considerations are:

• We absolutely must break up the collision domains correctly.
• The right way to create a functional bridged network is to make sure that its users spend 80 percent of their time on the local segment.

Bridged networks break up collision domains, but remember, that network is still one large broadcast domain. Neither layer 2 switches nor bridges break up broadcast domains by default—something that not only limits your network’s size and growth potential, but can also reduce its overall performance. Broadcasts and multicasts, along with the slow convergence time of spanning trees, can give you some major grief as your network grows. These are the big reasons why layer 2 switches and bridges cannot completely replace routers (layer 3 devices) in the internetwork.

Bridging vs. LAN Switching

It’s true—layer 2 switches really are pretty much just bridges that give us a lot more ports, but there are some important differences you should always keep in mind:

• Bridges are software based, while switches are hardware based because they use ASIC chips to help make filtering decisions.
• A switch can be viewed as a multiport bridge.
• Bridges can only have one spanning-tree instance per bridge, while switches can have many. (I’m going to tell you all about spanning trees in a bit.)
• Switches have a higher number of ports than most bridges.
• Both bridges and switches forward layer 2 broadcasts.
• Bridges and switches learn MAC addresses by examining the source address of each frame received.
• Both bridges and switches make forwarding decisions based on layer 2 addresses.

Three Switch Functions at Layer 2

There are three distinct functions of layer 2 switching (you need to remember these!): address learning , forward/filter decisions , and loop avoidance .

Address learning

Layer 2 switches and bridges remember the source hardware address of each frame received on an interface, and they enter this information into a MAC database called a forward/filter table.

Forward/filter decisions

When a frame is received on an interface, the switch looks at the destination hardware address and finds the exit interface in the MAC database. The frame is only forwarded out the specified destination port.

Loop avoidance

If multiple connections between switches are created for redundancy purposes, network loops can occur. Spanning Tree Protocol (STP) is used to stop network loops while still permitting redundancy.

I’m going to talk about address learning, forward/filtering decisions, and loop avoidance in detail in the next sections.

Address Learning

When a switch is first powered on, the MAC forward/filter table is empty, as shown in Figure 2.5: When a device transmits and an interface receives a frame, the switch places the frame’s source address in the MAC forward/filter table, allowing it to remember which interface the sending device is located on. The switch then has no choice but to flood the network with this frame out of every port except the source port because it has no idea where the destination device is actually located.

FIGURE 2.5 Empty forward/filter table on a switch

FIGURE 2.6 How switches learn hosts’ locations

If a device answers this flooded frame and sends a frame back, then the switch will take the source address from that frame and place that MAC address in its database as well, associating this address with the interface that received the frame. Since the switch now has both of the relevant

MAC addresses in its filtering table, the two devices can now make a point-to-point connection. The switch doesn’t need to flood the frame as it did the first time, because now the frames can and will be forwarded only between the two devices. This is exactly the thing that makes layer 2 switches better than hubs. In a hub network, all frames are forwarded out all ports every time—no matter what! Figure 2.6 shows the processes involved in building a MAC database:

In this figure, you can see four hosts attached to a switch. When the switch is powered on, it has nothing in its MAC address forward/filter table, just as in Figure 2.5. But when the hosts start communicating, the switch places the source hardware address of each frame in the table along with the port that the frame’s address corresponds to.

Let me give you an example of how a forward/filter table is populated:

1. Host A sends a frame to Host B. Host A’s MAC address is 0000.8c01.000A; Host B’s MAC address is 0000.8c01.000B.

2. The switch receives the frame on the E0/0 interface and places the source address in the MAC address table.

3. Since the destination address is not in the MAC database, the frame is forwarded out all interfaces—except the source port.

4. Host B receives the frame and responds to Host A. The switch receives this frame on interface E0/1 and places the source hardware address in the MAC database.

5. Host A and Host B can now make a point-to-point connection and only the two devices will receive the frames. Hosts C and D will not see the frames, nor are their MAC addresses found in the database because they haven’t yet sent a frame to the switch.

If Host A and Host B don’t communicate to the switch again within a certain amount of time, the switch will flush their entries from the database to keep it as current as possible.

Forward/Filter Decisions

When a frame arrives at a switch interface, the destination hardware address is compared to the forward/filter MAC database. If the destination hardware address is known and listed in the database, the frame is only sent out the correct exit interface. The switch doesn’t transmit the frame out any interface except for the destination interface. This preserves bandwidth on the other network segments and is called frame filtering .

But if the destination hardware address is not listed in the MAC database, then the frame is flooded out all active interfaces except the interface the frame was received on. If a device answers the flooded frame, the MAC database is updated with the device’s location (interface).

If a host or server sends a broadcast on the LAN, the switch will flood the frame out all active ports except the source port by default. Remember, the switch only creates smaller collision domains, but it’s still one large broadcast domain by default.

Loop Avoidance

Redundant links between switches are a good idea because they help prevent complete network failures in the event one link stops working.

Sounds great, but even though redundant links can be extremely helpful, they often cause more problems than they solve. This is because frames can be flooded down all redundant links simultaneously, creating network loops as well as other evils. Here’s a list of some of the ugliest problems:

• If no loop avoidance schemes are put in place, the switches will flood broadcasts endlessly throughout the internetwork. This is sometimes referred to as a broadcast storm . (But most of the time it’s referred to in ways we’re not permitted to repeat in print!) Figure 2.7 illustrates how a broadcast can be propagated throughout the network. Observe how a frame is continually being flooded through the internetwork’s physical network media:

FIGURE 2.7 Broadcast storm

• A device can receive multiple copies of the same frame, since that frame can arrive from different segments at the same time. Figure 2.8 demonstrate how a whole bunch of frames can arrive from multiple segments simultaneously. The server in the figure sends a unicast frame to Router C. Since it’s a unicast frame, Switch A forwards the frame, and Switch provides the same service—it forwards the broadcast. This is bad because it means that Router C receives that unicast frame twice, causing additional overhead on the network.

• You may have thought of this one: The MAC address filter table will be totally confused about the device’s location because the switch can receive the frame from more than one link. And what’s more, the bewildered switch could get so caught up in constantly updating the MAC filter table with source hardware address locations that it will fail to forward frame! This is called thrashing the MAC table.

• One of the nastiest things that can happen is multiple loops generating throughout a network. This means that loops can occur within other loops, and if a broadcast storm were to also occur, the network wouldn’t be able to perform frame switching—period!

All of these problems spell disaster (or at least close to it) and are decidedly evil situations that must be avoided, or at least fixed somehow. That’s where the Spanning Tree Protocol comes into the game. It was developed to solve each and every one of the problems I just told you about.

FIGURE 2.8 Multiple frame copies

Encrypting Your Passwords (Continued)

Because only the enable secret password is encrypted by default, you’ll need to manually configure the user-mode and enable passwords for encryption. Notice that you can see all the passwords except the enable secret when performing a show running-config on a router:

Router#sh running-config

[output cut]

!

enable secret 5 $1$rFbM$8.aXocHg6yHrM/zzeNkAT.

enable password Brain1

!

[output cut]

line con 0

password Brain1

login

line aux 0

password Brain

login

line vty 0 4

password Brain2

login

!

end

Router#

To manually encrypt your passwords, use the service password-encryption command. Here’s an example of how to do it:

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#service password-encryption

Router(config)#^Z

Router#sh run

Building configuration...

[output cut]

!

enable secret 5 $1$rFbM$8.aXocHg6yHrM/zzeNkAT.

enable password 7 0835434A0D

!

[output cut]

!

line con 0

password 7 111D160113

login

line aux 0

password 7 071B2E484A

login

line vty 0 4

password 7 0835434A0D

login

line vty 5 197

password 7 09463724B

login

!

end

Router#config t

Router(config)#no service password-encryption

Router(config)#^Z

There you have it! The passwords will now be encrypted. You just encrypt the passwords, perform a show run , and then turn off the command. You can see that the enable password and the line passwords are all encrypted.

Banners

A good reason for having a banner is to add a security notice to users dialing or telnetting into your internetwork. You can set a banner on a Cisco router so that when either a user logs into the router or an administrator telnets into the router, the banner will give them the information you want them to have. There are four different banners available that you need to be aware of:

Router(config)#banner ?

LINE c banner-text c, where 'c' is a delimiting

character

exec Set EXEC process creation banner

incoming Set incoming terminal line banner

login Set login banner

motd Set Message of the Day banner

Message of the day (MOTD) is the most extensively used banner. It gives a message to every person dialing into or connecting to the router via Telnet or auxiliary port, or through a console port as seen here:

Router(config)#banner motd ?

LINE c banner-text c, where 'c' is a delimiting character

Router(config)#banner motd #

Enter TEXT message. End with the character '#'.

$ Acme.com network, then you must disconnect immediately.

#

Router(config)#^Z

Router#

00:25:12 : %SYS-5-CONFIG_I: Configured from console by

console

Router#exit

Router con0 is now available

Press RETURN to get started.

If you are not authorized to be in Acme.com network, then you must disconnect immediately.

Router>

The preceding MOTD banner essentially tells anyone connecting to the router that if they’re not on the guest list, get lost! The part to understand is the delimiting character— the thing that’s used to tell the router when the message is done. You can use any character you want for it, but you can’t use the delimiting character in the message itself. Also, once the message is complete, press Enter, then the delimiting character, then Enter again. It’ll still work if you don’t do that, but if you have more than one banner, they’ll be combined as one message and put on a single line.

These are the other banners:

Exec banner You can configure a line-activation (exec) banner to be displayed when an EXEC process (such as a line-activation or incoming connection to a VTY line) is created. By simply starting a user exec session through a console port, you will activate the exec banner.

Incoming banner You can configure a banner to be displayed on terminals connected to reverse Telnet lines. This banner is useful for providing instructions to users who use reverse Telnet.

Login banner You can configure a login banner to be displayed on all connected terminals. This banner is displayed after the MOTD banner, but before the login prompts. The login banner can’t be disabled on a per-line basis, so to globally disable it, you’ve got to delete it with the no banner login command.

Router Interfaces Interface configuration is one of the most important router configurations, because without interfaces, a router is a totally useless thing. Plus, interface configurations must be exact to enable communication with other devices. Some of the configurations used to configure an interface are Network layer addresses, media type, bandwidth, and other administrator commands.

Different routers use different methods to choose the interfaces used on them. For instance, the following command shows a Cisco 2522 router with 10 serial interfaces, labeled 0 through 9:

Router(config)#int serial ?

<0-9> Serial interface number

Now it’s time to choose the interface you want to configure. Once you do that, you will be in interface configuration for that specific interface. The command to choose serial port 5, for example, would be:

Router(config)#int serial 5

Router(config)-if)#

The 2522 router has one Ethernet 10BaseT port, and typing interface ethernet 0 can configure that interface, as seen here:

Router(config)#int ethernet ?

<0-0> Ethernet interface number

Router(config)#int ethernet 0

Router(config-if)#

The 2500 router, as previously demonstrated, is a fixed configuration router, which means that when you buy that model, you’re stuck with that physical configuration. To configure an interface, you always use the interface type number sequence, but the 2600, 3600, 4000, and 7000 series routers use a physical slot in the router, with a port number on the module plugged into that slot. So on a 2600 router, the configuration would be interface type slot/port , as seen here:

Router(config)#int fastethernet ?

<0-1> FastEthernet interface number

Router(config)#int fastethernet 0

% Incomplete command.

Router(config)#int fastethernet 0?

/

Router(config)#int fastethernet 0/?

<0-1> FastEthernet interface number

And make note of the fact that you can’t just type int fastethernet 0 . You must type the full command: type slot/port , or int fastethernet 0/0 , or int fa 0/0 . To set the type of connector used, use the media-type command (this is usually auto-detected):

Router(config)#int fa 0/0

Router(config-if)#media-type ?

100BaseX Use RJ45 for -TX; SC FO for -FX

MII Use MII connector

In the following sections, I will continue with the router interface discussion, including how to bring up the interface and set an IP address on a router interface.

Bringing Up an Interface

You can turn an interface off with the interface command shutdown , and turn it on with the no shutdown command. If an interface is shut down, it’ll display administratively down when using the show interfaces (sh int for short) command:

Router#sh int ethernet0

Ethernet0 is administratively down, line protocol is down

[output cut]

Another way to check an interface’s status is via the show running-config command. All interfaces are shut down by default. You can bring up the interface with the no shutdown command ( no shut for short):

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int ethernet0

Router(config-if)#no shutdown

Router(config-if)#^Z

00:57:08 : %LINK-3-UPDOWN: Interface Ethernet0, changed

state to up

00:57:09 : %LINEPROTO-5-UPDOWN: Line protocol on Interface

Ethernet0, changed state to up

Router#sh int ethernet0

Ethernet0 is up, line protocol is up

[output cut]

Configuring an IP Address on an Interface

Even though you don’t have to use IP on your routers, it’s most often what people use. To configure IP addresses on an interface, use the ip address command from interface configuration mode:

Router(config)#int e0

Router(config-if)#ip address 172.16.10.2 255.255.255.0

Router(config-if)#no shut

Don’t forget to turn on an interface with the no shutdown command. Remember to look at the command show interface e0 to see if it’s administratively shut down or not. Show running-config will also give you this information. If you want to add a second subnet address to an interface, you have to use the secondary parameter. If you type another IP address and press Enter, it will replace the existing IP address and mask. This is definitely a most excellent feature of the Cisco IOS. So, let’s try it. To add a secondary IP address, just use the secondary parameter:

Router(config-if)#ip address 172.16.20.2 255.255.255.0

secondary

Router(config-if)#^Z

You can verify that both addresses are configured on the interface with the show runningconfig command ( sh run for short):

Router#sh run

Building configuration...

Current configuration:

[output cut]

!

interface Ethernet0

ip address 172.16.20.2 255.255.255.0 secondary

ip address 172.16.10.2 255.255.255.0

!

I really wouldn’t recommend having multiple IP addresses on an interface because it’s inefficient, but I showed you anyway just in case you someday find yourself dealing with an MIS manager who’s in love with really bad network design and makes you administer it! And who knows? Maybe someone will ask you about it some day and you’ll get to seem really smart because you know!

Serial Interface Commands

Before you jump in and configure a serial interface, there are a couple of things you need to know. First, the interface will usually be attached to a CSU/DSU type of device that provides clocking for the line to the router. But if you have a back-to-back configuration (for example, one that’s used in a lab environment), one end—the data communication equipment (DCE) end of the cable—must provide clocking. By default, Cisco routers are all data terminal equipment (DTE) devices, so you must tell an interface to provide clocking if you need it to act like a DCE device.

You configure a DCE serial interface with the clock rate command:

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int s0

Router(config-if)#clock rate ?

Speed (bits per second)

1200

2400

4800

9600

19200

38400

56000

64000

72000

125000

148000

250000

500000

800000

1000000

1300000

2000000

4000000

<300-4000000> Choose clockrate from list above

Router(config-if)#clock rate 64000

%Error: This command applies only to DCE interfaces

Router(config-if)#int s1

Router(config-if)#clock rate 64000

It doesn’t hurt anything to try to put a clock rate on an interface. Notice that the clock rate command is in bits per second. You can see if a router’s serial interface has a DCE cable connected with the show controllers int command.

Router>sh controllers s 0

HD unit 0, idb = 0x297DE8, driver structure at 0x29F3A0

buffer size 1524 HD unit 0, V.35 DCE cable

The next command you need to get acquainted with is the bandwidth command. Every Cisco router ships with a default serial link bandwidth of T-1 (1.544Mbps). But this has nothing to do with how data is transferred over a link. The bandwidth of a serial link is used by routing protocols such as IGRP, EIGRP, and OSPF to calculate the best cost (path) to a remote network. So if you’re using RIP routing, then the bandwidth setting of a serial link is irrelevant, since RIP uses only hop count to determine that. (Routing protocols and metrics are discussed in Next Chapter) .Here is an example of using the bandwidth command:

Router(config-if)#bandwidth ?

<1-10000000> Bandwidth in kilobits

Router(config-if)#bandwidth 64

Did you notice that, unlike the clock rate command, the bandwidth command is configured in kilobits?

Hostnames

You can set the identity of the router with the hostname command. This is only locally significant, which means it has no bearing on how the router performs name lookups or how the router works on the internetwork. Here is an example:

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#hostname Brain

Brain(config)#hostname Brainmatics

Brainmatics(config)#

Even though it’s pretty tempting to configure the hostname after your own name, it’s a better idea to name the router something pertinent to the location.

Descriptions

Setting descriptions on an interface is helpful to the administrator and, like the hostname, only locally significant. The description command is a helpful command because you can, for instance, use it to keep track of circuit numbers. Here is an example:

Brainmatics (config)#int e0

Brainmatics (config-if)#description Sales Lan

Brainmatics (config-if)#int s0

Brainmatics (config-if)#desc Wan to Miami circuit:6fdda4321

You can view the description of an interface either with the show running-config command or the show interface command:

Brainmatics #sh run

[cut]

interface Ethernet0

description Sales Lan

ip address 172.16.10.30 255.255.255.0

no ip directed-broadcast

!

interface Serial0

description Wan to Miami circuit:6fdda4321

no ip address

no ip directed-broadcast

no ip mroute-cache

Brainmatics #sh int e0

Ethernet0 is up, line protocol is up

Hardware is Lance, address is 0010.7be8.25db (bia

0010.7be8.25db)

Description: Sales Lan

[output cut]

Brainmatics #sh int s0

Serial0 is up, line protocol is up

Hardware is HD64570

Description: Wan to Miami circuit:6fdda4321

[output cut]

Brainmatics #

Description: The Helpful Command Bob, a Senior Network Administrator at Acme Corporation in San Francisco, has over 50 WAN links to various branches throughout the U.S. and Canada. Whenever an interface goes down, Bob spends a lot of time trying to figure out the circuit number as well as the phone number of the responsible provider of the WAN link. The interface description command would be very helpful to Bob because not only can he use this command on his LAN links so he knows where every router interface is connected to, but he would benefit the most by adding circuit numbers to each and every WAN interface, as well as the phone number of the responsible provider. By spending the few hours it would take to add this information to each and every router interface, Bob can save a lot of precious time when his WAN links go down (and they will!), and time is of the essence.

Viewing and Saving Configurations

If you run through setup mode, you’ll be asked if you want to use the configuration you just created. If you say Yes, then it will copy the configuration running in DRAM, (known as the running-config), into NVRAM, and name the file startup-config . You can manually save the file from DRAM to NVRAM by using the copy runningconfig startup-config command (you can use the shortcut copy run start also:

Brainmatics #copy run start

Destination filename [startup-config]?[Enter]

Warning: Attempting to overwrite an NVRAM configuration

previously written by a different version of the system

image.

Overwrite the previous NVRAM configuration?[confirm][Enter]

Building configuration...

Notice that the message we received tells us we’re trying to write over the older startupconfig. The IOS had just been upgraded to version 12.2, and the last time the file was saved, 11.3 was running. Sometimes, when you see a question with an answer in [ ] , it means that if you just press Enter, you’re choosing the default answer.

Also, when the command asked for the destination filename, the default answer was startupconfig. The “feature” aspect of this command output is that you can’t even type anything else in or you’ll get an error, as seen here:

Brainmatics #copy run start

Destination filename [startup-config]?brain

%Error opening nvram:Brain (No such file or directory)

Brainmatics #

You can view the files by typing show running-config or show startup-config from privileged mode. The sh run command, which is a shortcut for show running-config , tells us that we are viewing the current configuration:

Brainmatics #sh run

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Brainmatics

ip subnet-zero

frame-relay switching

!

[output cut]

The sh start command —one of the shortcuts for the show startup-config command— shows us the configuration that will be used the next time the router is reloaded. It also tells us how much NVRAM is being used to store the startup-config file. Here is an example:

Brainmatics #sh start

Using 4850 out of 32762 bytes

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Brainmatics

!

!

ip subnet-zero

frame-relay switching

!

[output cut]

You can delete the startup-config file by using the erase startup-config command, after which you’ll receive an error if you ever try to view the startup-config file:

Brainmatics #erase startup-config

Erasing the nvram filesystem will remove all files!

Continue? [confirm] [Enter]

[OK]

Erase of nvram: complete

Brainmatics #sh start

%% Non-volatile configuration memory is not present

Brainmatics #reload

If you reload or power down and up the router after using the erase startup-config command, you’ll be offered setup mode because there’s no configuration saved in NVRAM. You can press Ctrl+C to exit setup mode at any time (the reload command can only be used from privileged mode).

At this point, you shouldn’t use setup mode to configure your router. Setup mode was designed to help people who do not know how to use the Cash Line Interface (CLI), and this no longer applies to you!

Verifying Your Configuration

Obviously, show running-config would be the best way to verify your configuration, and show startup-config would be the best way to verify the configuration that’ll be used the next time the router is reloaded—right?

Well, once you take a look at the running-config, if all appears well, you can verify your configuration with utilities such as Ping and Telnet. Ping is Packet Internet Groper, a program that uses ICMP echo requests and replies. (ICMP is discussed in Chapter 2, “Internet Protocols.”) Ping sends a packet to a remote host, and if that host responds, you know that the host is alive. But you don’t know if it’s alive and also well —just because you can ping an NT server does not mean you can log in! Even so, Ping is an awesome starting point for troubleshooting an internetwork. Did you know that you can ping with different protocols? You can, and you can test this by typing ping ? at either the router user-mode or privileged mode prompt:

Router#ping ?

WORD Ping destination address or hostname

appletalk Appletalk echo

decnet DECnet echo

ip IP echo

ipx Novell/IPX echo

srb srb echo

If you want to find a neighbor’s Network layer address, either you need to go to the router or switch itself, or you can type show cdp entry * protocol to get the Network layer addresses you need for pinging. (Cisco Discovery Protocol [CDP] is covered in Chapter 9.) Traceroute uses ICMP with IP Time To Live (TTL) timeouts to track the path a packet takes through an internetwork, in contrast to Ping, which just finds the host and responds. And Traceroute can also be used with multiple protocols.

Router#traceroute ?

WORD Trace route to destination address or hostname

appletalk AppleTalk Trace

clns ISO CLNS Trace

ip IP Trace

oldvines Vines Trace (Cisco)

vines Vines Trace (Banyan)

Telnet is the best tool since it uses IP at the Network layer and TCP at the Transport layer to create a session with a remote host. If you can telnet into a device, your IP connectivity just has to be good. You can only telnet to devices that use IP addresses, and you can use Windows hosts or router prompts to telnet to a remote device:

Router#telnet ?

WORD IP address or hostname of a remote system

From the router prompt, you just type a hostname or IP address and it will assume you want to telnet—you don’t need to type the actual command, telnet . In the following sections, I am going to show you how to verify the interface statistics.

Verifying with the show interface Command

Another way to verify your configuration is by typing show interface commands, the first of which is show interface ? . That will reveal all the available interfaces to configure. The following output is from my 2600 routers:

Router#sh int ?

Async Async interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Null Null interface

Serial Serial

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

accounting Show interface accounting

crb Show interface routing/bridging info

dampening Show interface dampening info

description Show interface description

irb Show interface routing/bridging info

mac-accounting Show interface MAC accounting info

mpls-exp Show interface MPLS experimental accounting info

precedence Show interface precedence accounting info

rate-limit Show interface rate-limit info

summary Show interface summary

switching Show interface switching

| Output modifiers

The only “real” physical interfaces are FastEthernet, Serial, and async; the rest are all logical interfaces. In addition, the newer IOS shows the “possible” show commands that can be used to verify your router interfaces—a very new feature from Cisco. The next command is show interface fastethernet 0/0 . It reveals to us the hardware address, logical address, and encapsulation method, as well as statistics on collisions, as seen here:

Router#sh int fastethernet 0/0

FastEthernet0/0 is up, line protocol is up

Hardware is AmdFE, address is 00b0.6483.2320 (bia 00b0.6483.2320)

Description: connection to LAN 40

Internet address is 192.168.1.33/27

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04: 00:00

Last input never, output 00:00:04, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

84639 packets output, 8551135 bytes, 0 underruns

0 output errors, 0 collisions, 16 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

The most important statistic of the show interface command is the output of the line and

data-link protocol status.

If the output reveals that FastEthernet 0/0 is up and the line protocol is up, then the interface

is up and running:

Router#sh int fa0/0

FastEthernet0/0 is up, line protocol is up

The first parameter refers to the Physical layer, and it’s up when it receives carrier detect. The

second parameter refers to the Data Link layer, and it looks for keepalives from the connecting

end. (Keepalives are used between devices to make sure connectivity has not dropped.)

Here is an example:

Router#sh int s0/0

Serial0/0 is up, line protocol is down

If you see the line is up but the protocol is down, as shown above, you are experiencing a

clocking (keepalive) or framing problem. Check the keepalives on both ends to make sure that

they match, the clock rate is set, if needed, and the encapsulation type is the same on both ends.

The output above would be considered a Data Link layer problem.

Router#sh int s0/0

Serial0/0 is down, line protocol is down

If you discover that both the line interface and the protocol are down, it’s a cable or interface problem. The output above would be considered a Physical layer problem. If one end is administratively shut down (as shown next), the remote end would present as down and down:

Router#sh int s0/0

Serial0/0 is administratively down, line protocol is down

To enable the interface, use the command no shutdown from interface configuration mode. The next show interface serial 0/0 command demonstrates the serial line and the maximum transmission unit (MTU)—1500 bytes by default. It also shows the default bandwidth (BW) on all Cisco serial links: 1.544Kbps. This is used to determine the bandwidth of the line for routing protocols such as IGRP, EIGRP, and OSPF. Another important configuration to notice is the keepalive, which is 10 seconds by default. Each router sends a keepalive message to its neighbor every 10 seconds, and if both routers aren’t configured for the same keepalive time, it won’t work. You can clear the counters on the interface by typing the command clear counters :

Router#sh int s0/0

Serial0/0 is up, line protocol is up

Hardware is HD64570

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation HDLC, loopback not set, keepalive set

(10 sec)

Last input never, output never, output hang never

Last clearing of "show interface" counters never

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored,

0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 16 interface resets

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions

DCD=down DSR=down DTR=down RTS=down CTS=down

Router#clear counters ?

Async Async interface

BVI Bridge-Group Virtual Interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Group-Async Async Group interface

Line Terminal line

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Null Null interface

Serial Serial

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

Router#clear counters s0/0

Clear "show interface" counters on this interface

[confirm][Enter]

Router#

00:17:35 : %CLEAR-5-COUNTERS: Clear counter on interface

Serial0 by console

Router#

Verifying with the show ip interface Command

The show ip interface command will provide you with information regarding the layer 3 configurations of a router’s interfaces:

Router#sh ip interface

FastEthernet0/0 is up, line protocol is up

Internet address is 1.1.1.1/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Security level is default

Split horizon is enabled

[output cut]

The status of the interface, the IP address and mask, information on whether an access list is set on the interface, and basic IP information are included in this output.

Using the show ip interface brief Command

The show ip interface brief command is probably one of the most helpful commands that you can ever use on a Cisco router. This command provides a quick overview of the router’s interfaces including the logical address and status:

Router#sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.33 YES manual up up

FastEthernet0/1 10.3.1.88 YES manual up up

Serial0/0 10.1.1.1 YES manual up up

Serial0/1 unassigned YES NVRAM administratively down down

Using the show controllers Command

The show controllers command displays information about the physical interface itself. It’ll also give you the type of serial cable plugged into a serial port. Usually, this will only be a DTE cable that plugs into a type of data service unit (DSU).

Router#sh controllers serial 0/0

HD unit 0, idb = 0x1229E4, driver structure at 0x127E70

buffer size 1524 HD unit 0, V.35 DTE cable

cpb = 0xE2, eda = 0x4140, cda = 0x4000

Router#sh controllers serial 0/1

HD unit 1, idb = 0x12C174, driver structure at 0x131600

buffer size 1524 HD unit 1, V.35 DCE cable

cpb = 0xE3, eda = 0x2940, cda = 0x2800

Notice that serial 0/0 has a DTE cable, whereas the serial 0/1 connection has a DCE cable. Serial 0/1 would have to provide clocking with the clock rate command. Serial 0/0 would get its clocking from the DSU.

This was a fun chapter! I really showed you a lot about the Cisco IOS and I really hope you gained a lot of insight into the Cisco router world. This chapter started off by explaining the Cisco Internetwork Operating System (IOS) and how you can use the IOS to run and configure Cisco routers. You learned how to bring a router up and what setup mode does. Oh, and by the way, since you can now basically configure Cisco routers, you should never use setup mode, right? After I discussed how to connect to a router with a console and LAN connection, I covered the Cisco help features, and how to use the CLI to find commands and command parameters. In addition, I discussed some basic show commands to help you verify your configurations. Setting router passwords is one of the most important configurations you can perform on your routers. I showed you the five passwords to set. In addition, I used the hostname, interface description, and banners to help you administer your router. Well, that concludes your introduction to the Cisco Internetwork Operating System (IOS)! And, as usual, it’s super-important for you to have the basics that we went over in this chapter before you move on to the following chapters.

FBI_CIA#sh run

Building configuration...

Current configuration : 2661 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FBI_CIA

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$7wh.$Swhg9iMImukpcSw.7sOK51

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

voice-card 2

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

class-map match-any GOLD

match access-group name ms-sql-traffic

class-map match-any VoipData

match access-group name VoipData

class-map match-any VoipControl

match access-group name VoipControl

!

!

policy-map PACKAGE2fordial

class GOLD

bandwidth percent 40

random-detect

set precedence 2

class class-default

fair-queue

random-detect

set precedence 0

policy-map PACKAGE2

class VoipData

set precedence 5

priority percent 25

class VoipControl

bandwidth percent 5

random-detect

set precedence 3

class GOLD

bandwidth percent 40

random-detect

set precedence 2

class class-default

fair-queue

random-detect

set precedence 0

policy-map Reset-VPN-Package2

class VoipData

set precedence 5

class VoipControl

set precedence 3

class GOLD

set precedence 2

!

!

!

!

interface Loopback0

description IP Loopback untuk Voice

ip address 192.XXX.XXX.31 255.255.255.255

!

interface FastEthernet0/0

ip address 192.168.215.1 255.255.255.128

speed auto

!

interface Serial1/0

ip address 172.xxx.xxx.126 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 172.17.150.125

!

no ip http server

no ip http secure-server

!

!

control-plane

!

!

!

voice-port 2/0

!

voice-port 2/1

!

!

!

!

!

!

dial-peer voice 75100 pots

destination-pattern 75100

port 2/0

!

dial-peer voice 75101 pots

destination-pattern 75101

port 2/1

!

dial-peer voice 293 voip

description Koneksi Voice Ke Padang

destination-pattern 293

session target ipv4:192.XXX.253.27

dtmf-relay cisco-rtp

ip qos dscp cs5 media

ip qos dscp cs3 signaling

no vad

!

dial-peer voice 765 voip

description Koneksi Voice ke Solok

destination-pattern 765

session target ipv4:192.XXX.253.30

dtmf-relay cisco-rtp

ip qos dscp cs5 media

ip qos dscp cs3 signaling

no vad

!

dial-peer voice 623 voip

description Koneksi Voice ke Bukittingi

destination-pattern 623

session target ipv4:192.XXX.253.22

dtmf-relay cisco-rtp

ip qos dscp cs5 media

ip qos dscp cs3 signaling

no vad

!

dial-peer voice 361 voip

description Koneksi voice ke Painan

destination-pattern 361

session target ipv4:192.XXX.XXX.18

dtmf-relay cisco-rtp

ip qos dscp cs5 media

ip qos dscp cs3 signaling

no vad

!

!

line con 0

password cilubak

login

line aux 0

line vty 0 4

password cilubak

login

!

end

FBI_CIA#

This section provides an example of the password recovery procedure. This example was created with a Cisco 2600 Series Router.
Even if you do not use a Cisco 2600 Series Router, this output provides an example of what you should experience on your product.

Router>enable
Password:
Password:
Password:
% Bad secrets

Router>show version
Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0×80008088, data-base: 0×80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0×802D0B60
System image file is “flash:c2600-is-mz.120-7.T”

cisco 2611 (MPC860) processor (revision 0×202) with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0×2102

Router>

!— The router was just powercycled, and during bootup a
!— break sequence was sent to the router.
!

*** System received an abort due to Break Key ***

signal= 0×3, code= 0×500, context= 0×813ac158
PC = 0×802d0b60, Vector = 0×500, SP = 0×80006030
rommon 1 > confreg 0×2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by cisco Systems, Inc.
TAC:Home:SW:IOS:Specials for info
C2600 platform with 32768 Kbytes of main memory
program load complete, entry point: 0×80008000, size: 0×6fdb4c

Self decompressing the image : ###############################
##############################################################
##############################################################
##############################################################
############################### [OK]
Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0×80008088, data-base: 0×80C524F8

cisco 2611 (MPC860) processor (revision 0×202) with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)
— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down
00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0,
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Router>
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to up
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,
changed state to down
00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,
changed state to down
00:00:50: %SYS-5-RESTART: System restarted –
Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
00:00:50: %LINK-5-CHANGED: Interface BRI0/0,
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0,
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/0,
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1,
changed state to administratively down
00:00:52: %LINK-5-CHANGED: Interface Serial0/1,
changed state to administratively down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to down
00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,
changed state to down
Router>
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
1324 bytes copied in 2.35 secs (662 bytes/sec)
Router#
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,
changed state to down
00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,
changed state to down
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable secret <>
Router(config)#^Z
00:01:54: %SYS-5-CONFIG_I: Configured from console by console
Router#show ip interface brief

Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.200.40.37 YES TFTP administratively down down
Serial0/0 unassigned YES TFTP administratively down down
BRI0/0 193.251.121.157 YES unset administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Ethernet0/1 unassigned YES TFTP administratively down down
Serial0/1 unassigned YES TFTP administratively down down
Loopback0 193.251.121.157 YES TFTP up up
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Ethernet0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,
changed state to up
Router(config-if)#interface BRI0/0
Router(config-if)#no shutdown
Router(config-if)#
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down
00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up
00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0,
TEI 68 changed to up
Router(config-if)#^Z
Router#
00:02:35: %SYS-5-CONFIG_I: Configured from console by console
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
Router#show version
Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0×80008088, data-base: 0×80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0×802D0B60
System image file is “flash:c2600-is-mz.120-7.T”

cisco 2611 (MPC860) processor (revision 0×202)
with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0×2142

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0×2102
Router(config)#^Z
00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version
Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 07-Dec-99 02:21 by phanguye
Image text-base: 0×80008088, data-base: 0×80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes
System returned to ROM by abort at PC 0×802D0B60
System image file is “flash:c2600-is-mz.120-7.T”

cisco 2611 (MPC860) processor (revision 0×202)
with 26624K/6144K bytes of memory.
Processor board ID JAB031202NK (3878188963)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)
2 Serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash partition 1 (Read/Write)
8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0×2142 (will be 0×2102 at next reload)

Router#

Definisi RouterRouter adalah sebuah device yang berfungsi untuk meneruskan paket-paket dari sebuah network ke network yang lainnya (baik LAN ke LAN atau LAN ke WAN) sehingga host-host yang ada pada sebuah network bisa berkomunikasi dengan host-host yang ada pada network yang lain. Router menghubungkan network-network tersebut pada network layer dari model OSI, sehingga secara teknis Router adalah Layer 3 Gateway. 1 Router bisa berupa sebuah device yang dirancang khusus untuk berfungsi sebagai router (dedicated router), atau bisa juga berupa sebuah PC yang difungsikan sebagai router.

Dalam tulisan ini, saya hanya akan menulis tentang Cisco Router, yaitu sebuah dedicated router yang dibuat oleh Vendor bernama Cisco (http://www.cisco.com). Oleh karena itu, setiap kata Router dalam tulisan berikutnya akan diartikan sebagai Cisco Router.

Network Interface

Network Interface adalah sebuah Interface yang berfungsi untuk menyambungkan sebuah host ke network. Network Interface adalah perangkat keras yang bekerja pada layer 1 dari Model OSI. Network Interface dibutuhkan oleh Router untuk menghubungkan Router dengan sebuah LAN atau WAN. Karena Router bertugas menyambungkan network-network, sebuah router harus mempunyai minimal 2 network interface. Dengan konfigurasi minimal ini, router tersebut bisa menghubungkan 2 network, karena masing-masing network membutuhkan satu network interface yang terhubung ke Router.

Mengkonfigurasi Router

Router tidak mempunyai layar monitor untuk berinteraksi dengan network administrator, oleh karena itu, kita membutuhkan sebuah PC untuk men-setup sebuah router.

PC tersebut harus disambungkan ke router tersebut dengan salah satu dari cara berikut:

• melalui console port

• melalui Network

Men-konfigurasi Router melalui Port Console

Console port adalah sebuah port pada router yang disediakan untuk menghubungkan router tersebut pada “dunia luar”. Sebuah kabel Roll Over dibutuhkan untuk menghubungkan serial interface pada PC dan Console port pada router tersebut. Setelah Router terhubung dengan PC, Router dapat dikonfigurasi dengan menjalankan applikasi HyperTerminal dari PC. 2

Men-konfigurasi Router melalui Network

Dengan cara ini, Router dapat dikonfigurasi dengan PC yang terhubung dengan Router melalui network. Cara ini hanya bisa digunakan untuk melihat konfigurasi dan memodifikasi konfigurasi pada router. Mengapa ? Karena sebuah router hanya akan terhubung ke network jika Network Interface-nya sudah terkonfigurasi dengan benar. Di sisi lain, cara ini juga mempunyai kelebihan. Dengan cara ini, network administrator lebih leluasa menempatkan PC-nya untuk memodifikasi konfigurasi router. Network administrator bisa menempatkan PC-nya di mana saja, asalkan PC tersebut bisa terhubung ke Router melalui jaringan. Dengan cara ini, Network administrator membutuhkan applikasi telnet untuk mengkonfigurasi Router tersebut. Berikut adalah langkah-langkah menggunakan telnet pada PC dengan Sistem OperasiWindows:

• Jalankan command prompt (atau MS DOS prompt pada Windows 9x)

• Ketik perintah berikut pada command prompt:

C:\> telnet IP-address-Router

Contoh:

C:\> telnet 172.16.148.1

Inisialisasi Konfigurasi Router

Konfigurasi Router disimpan pada sebuah memory spesial pada router yang disebut nonvolatile random-access memory (NVRAM). Jika tidak ada konfigurasi yang tersimpan pada NVRAM, maka system operasi pada Router akan menjalankan sebuah routine yang akan memberikan pertanyaan-pertanyaan yang jawabannya akan digunakan untuk mengkonfigurasi router tersebut. Routine ini dalam kosakata Windows dikenal dengan nama Wizard. Namun pada Router Cisco, routine ini disebut dengan nama system configuration dialog atau setup dialog.

Setup Dialog ini hanya dirancang untuk membuat konfigurasi minimal, karena tujuan utama dari mode setup ini hanyalah untuk membuat konfigurasi secara cepat dan mudah. Untuk konfigurasi yang komplex, network administrator harus melakukannya secara manual. Setup Dialog bisa juga dipanggil walaupun NVRAM sudah berisi konfigurasi.

Administrator cukup mengetik command setup pada CLI (Command Line Interface) dan Setup Dialog akan dieksekusi.Berikut adalah contoh pemanggilan Setup Dialog dari CLI.

Tingkat akses perintah

Untuk tujuan keamaan, perintah-perintah yang bisa dijalankan dari CLI dibagi menjadi 2 tingkat akses, yaitu:

• User Mode

• Privileged Mode

User Mode ditujukan untuk melihat status router. Perintah-perintah yang diizinkan pada mode ini tidak bisa mengubah konfigurasi router, sehingga mode ini lebih aman ketika seorang network administrator hanya ingin melihat status router dan tidak ingin mengubah konfigurasi.

Privileged Mode mempunyai tingkat akses yang lebih tinggi. Dengan mode ini, network administrator bisa mengubah configurasi router. Oleh karena itu, mode ini sebaiknya digunakan dengan hati-hati sekali untuk menghindari perubahan yang tidak diinginkan pada router tersebut.

Saat log on ke router pertama kali, anda akan masuk pada user mode, dengan prompt berupa tanda (>). Untuk berpindah dari user mode ke priviledge mode, anda harus mengeksekusi perintah enable pada prompt. Prompt akan berubah menjadi tanda (#) ketika anda berada pada Privilged mode. Untuk kembali ke user mode dari priviledge mode, anda harus mengeksekusi perintah disable pada command prompt.

Contoh :

router con0 is now available Press RETURN to get started router > router > enable router # disable router > router > logout

Mengubah Konfigurasi Router

Seperti telah disinggung sebelumnya, Setup Dialog tidak dirancang untuk memodifikasi Konfigurasi Router ataupun membuat Konfigurasi Router yang komplex. Oleh karena itu, untuk keperluan ini, harus dilakukan secara manual dengan memasuki Mode Konfigurasi. Pengubahan konfigurasi ini bisa dilakukan langsung melalui console atau secara remote melalui jaringan seperti telah diulas pada sebelumnya. Setelah PC terhubung ke router, maka network administrator harus memasuki Privileged Mode dulu seperti yg telah disinggung sebelumnya Akhirnya, konfigurasi dapat diubah dengan perintah configure terminal untuk memasuki global configuration mode yang kemudian diikuti dengan baris-baris konfigurasi. Setelah baris-baris configurasi dituliskan, perintah exit akan diperlukan untuk keluar dari global configuration mode.

Contoh : mengubah konfigurasi router

router con0 is now available Press RETURN to get started router > router > enable router # configure terminal router (config) # interface ethernet 0 router (config-if) # description IT Department LAN router (config-if) # exit router (config) # exit router #

Mengamankan Router dengan Password

Untuk menyulitkan orang yang tidak berhak mengubah dan mengacau konfigurasi router, maka router tersebut perlu dilindungi dengan kata sandi (password).

Password untuk console

Jika password diaktifkan pada console, maka user tidak bisa begitu saja mendapatkan akses ke router melalui console tanpa menuliskan password console terlebih dahulu. Untuk melakukan hal ini, diperlukan perintah line console 0 diikuti dengan perintah login dan password dalam konfigurasi router.

Contoh : membuat password untuk console

Router(config) # line console 0 Router(config-line) # login Router(config-line) # password coba Router(config-line) # exit Router(config) # exit Router(config) #

Router yang dikonfigurasi seperti contoh akan meminta password ketika user mencoba mendapatkan akses melalui console. Dan passwordnya adalah coba.

Password untuk Virtual Terminal

Virtual Terminal ini akan digunakan ketika user ingin mendapatkan akses melalui jaringan dengan applikasi telnet. Password Virtual Terminal ini harus dikonfigurasi sebelum user bisa mendapatkan akses melalui jaringan. Tanpa password, koneksi melalui jaringan akan ditolak oleh router dan router akan memberikan pesan berikut:

Password required, but none set

Contoh : memperlihatkan bagaimana caranya mengkonfigurasi password pada Virtual Terminal.

Router(config) # line vty 0 4 Router(config-line) # password cobain Router(config-line) # exit Router(config) # exit Router(config) #

Pada contoh, router akan meminta password ketika diakses lewat jaringan. Dan password untuk virtual terminal tersebut adalah cobain. Angka 0 pada baris line vty 0 4 menunjukkan nomer awal virtual terminal, dan angka 4 menunjukkan nomer terakhir dari virtual terminal. Oleh karena itu, perintah tersebut memperlihatkan bahwa router tersebut mengizinkan 5 koneksi melalui virtual terminal pada waktu yang bersamaan.

Password untuk mode priviledge

Setelah user menuliskan password dengan benar untuk mendapatkan akses ke router baik melalui jaringan ataupun console, maka user akan memasuki user mode.

Jika password untuk mode priviledge dikonfigurasi, maka user juga harus menuliskan password lagi untuk masuk ke mode itu.

Perintah yang digunakan untuk memberi password pada mode ini adalah enable password, atau enable secret.

Perbedaan antara kedua perintah tersebut adalah bahwa perintah enable secret membuat password-nya terenkrip sedangkan enable password tidak. Kedua perintah tersebut juga bisa dituliskan kedua-duanya dalam mode konfigurasi global, dan keduanya juga bisa mempunyai password yang berbeda. Namun jika keduanya diletakkan pada konfigurasi, maka password pada enable secret yang akan digunakan untuk memasuki privileged mode.

Contoh : mengkonfigurasi enable password

Router(config) # enable password rahasia

Contoh : mengkonfigurasi enable secret

Router(config) # enable secret rahasiabanget

Dalam konfigurasi router, sebuah perintah bisa dihapus dengan menambahkan perintah no pada mode konfigurasi. Dengan demikian, untuk menghapus password pada contoh dapat dilakukan dengan perintah seperti yang tampak pada contoh berikut

Contoh : menghapus password enable secret

Router(config) # no enable secret rahasiabanget

Mengkonfigurasi Interface

Seperti telah dipaparkan pada sebelumnya, tugas router adalah meneruskan paketpaket dari sebuah network ke network yang lainnya. Sebuhungan dengan tugas tersebut, network interface harus dikonfigurasi sesuai dengan karakteristik-nya.

Perintah interface pada mode konfigurasi global disediakan untuk mengkonfigurasi interface-interface pada router. Ada berbagai tipe interface yang dikonfigurasi dengan perintah ini antara lain: Ethernet, Token Ring, FDDI, serial, HSSI, loopback, dialer, null, anync, ATM, BRI, dan tunnel.

Dalam tulisan ini, hanya Ethernet dan Serial saja yang akan dibahas lebih lanjut.

Mengkonfigurasi Ethernet Interface

Seperti telah dijelaskan di atas, perintah interface harus dijalankan pada mode konfigurasi global. Untuk memasuki mode konfigurasi global, gunakan perintah configure terminal, seperti yang telah dijelaskan sebelumnya.

Format perintah interface untuk memasuki mode konfigurasi interface untuk Ethernet pada router yang hanya mempunyai satu slot adalah:

interface ethernet nomer-port

Beberapa jenis router memiliki banyak slot, seperti misalnya Cisco 2600,3600 dan 4000. Untuk router-router dengan banyak slot, format perintahnya adalah:

interface ethernet nomer-slot/nomer-port

Setelah memasuki mode konfigurasi interface dengan perintah di atas, barulah Ethernet

tersebut dapat dikonfigurasi sesuai dengan kebutuhan.

Konfigurasi paling dasar yang dibutuhkan agar Ethernet dapat meneruskan paket-paket adalah IP address dan subnet mask. 3

Format konfigurasinya adalah:

ip address IP-address subnet-mask

Contoh : konfigurasi interface Ethernet

Router# configure terminal Router(config)# interface ethernet 1/0 Router(config-if)# description LAN pada Department IT Router(config-if)# ip address 172.16.148.1 255.255.255.128 Router(config-if)# exit Router(config)# exit Router#

Mengkonfigurasi Serial Interface

Serial interface adalah interface yang seringkali digunakan untuk koneksi ke WAN (Wide Area Network). Koneksi serial membutuhkan clocking untuk sinkronisasi. Dan oleh karena itu, hubungan serial ini harus mempunyai 2 sisi, yaitu DCE (data circuitterminating equipment_ dan DTE (data terminal equipment). DCE menyediakan clocking dan DTE akan mengikuti clock yang diberikan oleh DCE. Kabel DCE mempunyai koneksi female (perempuan), sedangkan kabel DTE mempunyai koneksi male (jantan).

Pada prakteknya, DCE biasanya disediakan oleh service provider yang biasanya adalah merupakan koneksi ke CSU/DSU. Router sendiri biasanya hanyalah berperan sebagai DTE sehingga router tersebut tidak perlu menyediakan clocking.

Walaupun demikian, cisco router juga bisa berperan sebagai DCE yang menyediakan clocking. Fungsi ini biasanya dipakai untuk uji coba router dimana kita bisa menghubungkan 2 buah router back to back sehingga salah satu router harus berfungsi sebagai DCE agar koneksi bisa terjadi.

Contoh: contoh konfigurasi interface serial sebagai DTE

Router # configure terminal Router(config)# interface serial 0 Router(config-if)# description WAN ke Natuna Router(config-if)# ip address 172.16.158.1 255.255.255.252 Router(config-if)# bandwith 64 Router(config-if)# exit Router(config)# exit Router#

Contoh : konfigurasi interface serial sebagai DCE

Router # configure terminal Router(config)# interface serial 0 Router(config-if)# description Lab Cisco sebagai DCE Router(config-if)# ip address 172.16.158.1 255.255.255.252 Router(config-if)# bandwith 64 Router(config-if)# clock rate 64000 Router(config-if)# exit Router(config)# exit Router#

Men-disable sebuah interface

Kadangkala kita perlu mematikan/mendisable sebuah interface untuk keperluan troubleshooting ataupun administratif.

Untuk keperluan tersebut, dapat digunakan perintah shutdown pada interface yang bersangkutan. Dan untuk menghidupkannya kembali, dapat digunakan perintah noshutdown.

Contoh : mematikan interface

Router(config)# interface serial 0 Router(config-if)# shutdown Router(config-if)# exit Router(config)# Contoh 6.3-2: menghidupkan interface Router(config)# interface serial 0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)#

Routing

Akhirnya, setelah interface terkonfigurasi, router memerlukan sebuah proses agar router tahu bagaimana dan kemana sebuah paket harus diteruskan. Proses ini disebut proses routing.

Routing dapat dikelompokkan menjadi 2 kelompok, yaitu:

1. Static Routing – Router meneruskan paket dari sebuah network ke network yang lainnya berdasarkan rute (catatan: seperti rute pada bis kota) yang ditentukan oleh administrator. Rute pada static routing tidak berubah, kecuali jika diubah secara manual oleh administrator.

2. Dynamic Routing – Router mempelajari sendiri Rute yang terbaik yang akan ditempuhnya untuk meneruskan paket dari sebuah network ke network lainnya. Administrator tidak menentukan rute yang harus ditempuh oleh paket-paket tersebut. Administrator hanya menentukan bagaimana cara router mempelajari paket, dan kemudian router mempelajarinya sendiri. Rute pada dynamic routing berubah, sesuai dengan pelajaran yang didapatkan oleh router.

Dynamic Routing tidak dibahas dalam tulisan ini karena walaupun konfigurasi-nya cukup mudah, namun bagaimana cara routing tersebut bekerja saya anggap sebagai topik lanjutan sehingga tidak saya bahas pada tulisan ini. Static Routing dapat dilakukan dengan memasukkan baris ip route pada mode konfigurasi global. Adapun format penulisan baris tersebut adalah:

ip route network [mask] {alamat | interface }

dimana:

• network adalah network tujuan

• mask adalah subnet mask

• alamat adalah IP address ke mana network akan dilewatkan

• interface adalah nama interface yang digunakan untuk melewatkan paket yang ditujukan

Gambar routing

Gambar di atas memperlihatkan sebuah LAN yang terhubung ke WAN melalui 2 buah router, yaitu router A dan router B. Agar LAN tersebut bisa dihubungi dari WAN, maka router A perlu diberikan static routing dengan baris perintah seperti berikut:

RouterA(config)# ip route 172.16.10.0 255.255.255.0 172.16.158.1

Dan agar router B bisa meneruskan paket-paket yang ditujukan ke WAN, maka router B perlu dikonfigurasi dengan static routing berikut:

RouterB(config)# ip route 0.0.0.0 0.0.0.0 172.16.158.2

Menyimpan dan mengambil Konfigurasi

Berbagai konfigurasi yang telah kita tuliskan dengan perintah configure terminal hanya akan disimpan pada RAM yang merupakan memory volatile. Jika konfigurasi ini tidak disimpan di NVRAM, maka konfigurasi tersebut akan hilang ketika router dimatikan atau direstart.

Secara default, Router akan mengambil konfigurasi dari NVRAM saat start up, meletakkannya di RAM, dan kemudian menggunakan konfigurasi yang ada pada RAM untuk beroperasi. Untuk menyimpan konfigurasi yang ada di RAM ke NVRAM, diperlukan baris perintah berikut pada privileged mode:

Router# copy running-config startup-config

Sebaliknya, untuk mengambil konfigurasi yang ada di NVRAM dan meletakkannya pada RAM, dapat digunakan perintah berikut pada privileged mode:

Router# copy startup-config running-config

Dan untuk melihat konfigurasi yang sedang beroperasi (pada RAM), dapat digunakan perintah show running-config pada privileged mode.

Contoh: melihat running-config

Router# show running-config Building configuration… Current configuration : 4479 bytes ! ! Last configuration change at 12:23:26 UTC Fri Oct 10 2003 ! version 12.2 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname jakarta-lina ! …. Dan selanjutnya …..

Beberapa Tips

Bekal pengetahuan dasar pada bab-bab di atas sebenarnya telah cukup berguna untuk segera memulai percobaan-percobaan dan mempelajari router lebih lanjut. Namun untuk melengkapi dan memudahkan proses belajar, ada baiknya anda juga mengetahui beberapa tips agar mudah mengetahui perintah-perintah apa saja yang bisa dijalankan dan format penggunaannya.

Mengetahui perintah apa saja yang bisa dijalankan

Pada mode apa saja, anda bisa mengetikkan tanda (?) pada prompt. Dengan mengetikkan tanda tersebut, router akan memberitahukan apa saja yang bisa anda tuliskan pada prompt tersebut.

Contoh: melihat perintah-perintah apa saja yang berlaku pada prompt

Router> ? Exec commands: <1-99> Session number to resume access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface clear Reset functions connect Open a terminal connection disable Turn off privileged commands disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system lat Open a lat connection lock Lock the terminal login Log in as a particular user logout Exit from the EXEC mrinfo Request neighbor and version information from a multicast router mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection pad Open a X.29 PAD connection ping Send echo messages ppp Start IETF Point-to-Point Protocol (PPP) resume Resume an active network connection rlogin Open an rlogin connection show Show running system information slip Start Serial-line IP (SLIP) systat Display information about terminal lines tclquit Quit Tool Comand Language shell tclsh Tool Comand Language a shell telnet Open a telnet connection terminal Set terminal line parameters traceroute Trace route to destination tunnel Open a tunnel connection udptn Open an udptn connection where List active connections x28 Become an X.28 PAD x3 Set X.3 parameters on PAD router> contoh 9.1-2: melihat perintah apa saja yang dimulai dengan huruf “t” router> t? tclquit tclsh telnet terminal traceroute tunnel router> t contoh 9.1-3: melihat lanjutan dari sebuah perintah router>telnet ? WORD IP address or hostname of a remote system router>telnet

Perintah yang tidak lengkap dan Auto Completion

Sebuah perintah pada router tidak harus dituliskan secara lengkap jika perintah tersebut tidak ambiguous. Dengan fasilitas ini, administrator bisa menghemat waktu karena tidak harus mengetikkan semua perintah secara lengkap.

Contoh: perintah yang tidak lengkap

Router # sh ru Building configuration… Current configuration : 4479 bytes ! ! Last configuration change at 12:23:26 UTC Fri Oct 10 2003 ! ……… dan selanjutnya ………

Tampak pada contoh berikut bahwa router menjalankan perintah show running-config, padahal administrator hanya menuliskan sh ru pada prompt.

Kadangkala kita tidak yakin dengan sebuah command sehingga kita tidak berani menuliskannya dengan tidak lengkap seperti di atas. Dengan kondisi seperti ini, administrator juga bisa menghemat waktu pengetikan dengan menekan tombol dan router akan melakukan auto completion.

Contoh: auto completion

Router > tel

Router > telnet

Contoh memperlihatkan bahwa administrator cukup mengetikkan tel + dan router melengkapinya sendiri menjadi telnet setelah penekanan tombol .

Contoh Configurasi Sederhana

Akhirnya, tulisan ini akan saya tutup dengan memberikan contoh sebuah konfigurasi router sederhana secara utuh. Dan saya ucapkan selamat belajar.

Contoh : konfigurasi sederhana secara utuh

trident16-rig#sh run Building configuration… Current configuration: ! ! No configuration change since last restart ! version 12.1 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname trident16-rig ! enable secret 5 $1$PlKA$Ev/ev3/gQJHnytqacioZt. ! ip subnet-zero no ip domain-lookup ip name-server 192.23.168.5 ip name-server 192.23.164.5 ! interface Ethernet0 description Local Segment for Trident 16 Rig ip address 172.16.135.1 255.255.255.192 ! interface Serial0 description VSAT link to jakarta-lina-sat bandwidth 128 ip address 172.16.158.174 255.255.255.252 ! interface Serial1 no ip address shutdown ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.158.173 no ip http server ! line con 0 transport input none line aux 0 line vty 0 4 password 7 023616521D071B240C600C0D12180000 login ! end trident16-rig#

Referensi

Steve McQuerry, Interconnecting Cisco Network Devices, published by Cisco Press