CONFIGURING A CISCO ROUTER, PART 1 THE JOB OF THE ROUTER In the Internet world, the router's job is to take IP packets and move them from one interface to another. This is the core functionality of the router, though it may also do other things as well along the way (mostly relating to updating the "forwarding" or "routing" tables that dictate where the packets go to). INTERFACES Each router has multiple "interfaces". The most common interfaces you'll deal with are Ethernet and Serial interfaces, though before long you'll want to know how to configure the Console, Aux, and you may want to send routes to the Null0 or Loopback "virtual" interfaces. High-end routers (which we'll cover eventually have HSSI (for T3s); ATM; Fast Ethernet; and other, more exotic, interfaces. Each interface usually has an IP address. INTERFACE NAMES On fixed-configuration Ciscos such as the 2500 series, each interface is numbered simply- for example, Ethernet0, Ethernet1 (if you have a 2514, which has two ethernet ports), Serial0, and Serial1. Every Cisco has a Console and most have Aux ports. On larger Ciscos (except for the AGS, which is an older "large" Cisco), to specify an interface you need to know the "slot" number of the Interface card - for example, Ethernet0/0 and Ethernet0/1 are the 1st and 2nd Ethernet interfaces on the Ethernet interface board in Slot 0. Serial4/0, Serial4/1, Serial4/2, Serial4/3, Serial4/4, Serial4/5, Serial4/6, and Serial4/7 are the 8 Serial interfaces on the Serial board in slot 4. Routers such as the 7206, 7000, 7010, 7505, 7507, and 7509 use this nomenclature. When referring to interfaces, you can abbreviate as much as is possible without causing ambiguity - for example, e0, s0, and s1 instead of Ethernet0, Serial0, and Serial1. ROUTING FUNDAMENTALS When a packet comes in, the router looks at the destination IP address and finds the *most specific* route that "covers" the destination IP address - and then sends the packet out the interface specified by that route. CONNECTED ROUTES The most fundamental routes on the router are those associated with the interfaces themselves. If e0 (aka Ethernet0) has an IP address of 10.20.20.1 and the netmask is 255.255.255.0 (the size of a "Class C" - also called "a /24"), the route "10.20.20.0/24" gets installed as a *connected* route, pointed out 10.20.20.1 (e0). Any packets destined to 10.20.20.2-10.20.20.254 will be sent out e0 (if there are no *more specific* routes inside of 10.20.20.0/24). STATIC ROUTES The next most fundamental type of route is that static route. These are routes that you insert with the "ip route" command. The "default route" is generally inserted as a static route, for example: ip route 0.0.0.0 0.0.0.0 Serial1 Most smaller networks will be entirely "static routed" - the only routes on the routers will be connected or static routes. DYNAMIC ROUTES: IGP Dynamic Routing protocols cause one router to advertise routes to another router. The routes being advertised always start out as static or connected routes *somewhere*, though. Eventually, we'll talk about OSPF, RIPv2, and IS-IS, which are Interior Gateway Protocols (IGPs). You need to use an IGP if: o You want to have a network that goes around in a redundant ring, and want it to "fail over" automagically, or o You want to have dialup users dial into multiple terminal servers (the terminal servers have to dynamically tell the routers who's dialed in at any time, or the routers won't be able to "find" them). DYNAMIC ROUTES: BGP We talked about BGP earlier this year {insert references}. BGP is a protocol used to dynamically advertise your routes to *other* networks, and to take dynamic route advertisements from them. ROUTING: ORDER OF PREFERENCE While you can always add weights to "tune" the order of preference, it is: (1) Connected routes, then (2) Static routes, then (3) Interior dynamic routes, then (4) BGP routes And now we're ready for: CONFIGURING A CISCO There are two basic modes you can be in on a Cisco: Console/vty (virtual terminal) command-line and "config mode". Usually it's clear which commands belong where, but do keep in mind which mode you're in. The prompt will usually tell you where you are. EXPLORING The most important thing when learning is to explore. Just type the "?" command at any prompt to see the possibilities. For example, cisco# ? at the top level. Then, "sho ?", then "sho ip ?", etc... This is how most people find out new things - it's a bit easier than reading all of the documentation up-front. You can do the same thing with "set" commands in configuration mode, but it's better to not set things routing-related that you're not familiar with. INTERRUPTING COMMANDS To interrupt hanging or long command, use Control-6 or Shift-Control-6. You can change this if you want to but it's probably better not to, so your Cisco buddies can help you. (If you really want to find out, it's under the "vty" interface config section.) OTHER COMMAND-LINE NOTES Some Cisco commands ("write", "reload", ...) may ask you to confirm something. Generally, hitting return at a [confirm] prompt means "yes". Below, we use abbreviated versions of some commands. For example, "sho ver" is really "show version". Most people don't type out the whole commands - you can abbreviate as long as abbreviating doesn't create ambiguity. The Cisco will say "% Ambiguous command: ..." if you've chopped a command too short. NON-CONFIGURATION MODE COMMANDS ? ALWAYS feel free to use the ? command to see what possibilities are open to you. enable Like "su" in Unix - gives you God-level privileges. Without it you're pretty much limited to "show" commands - and you can't do "sho run" or "sho conf" either. And "conf term" or "conf net" is definitely right out. ping Tries 5 pings to the remote address. If you're enabled, just hit ping to see interesting options... trace sho ver Shows you the hardware and software versions being run; a summary of interfaces; and why the router was last started (or crashed). sho proc If your CPU (processor) utilization is over 70-80% you're in trouble; start looking for ways to streamline your configuration and possibly cut down on filtering or move some of the CPU load or traffic to another router. sho mem This one is *very* important if you're running on a 4x00 with less than 32mb or a 70x0, 720x, or 75xx with less than 64mb of ram - or on any 2501 or older/smaller box. The "Free" column is the critical one. sho run Shows you the "running configuration": what state the router is actually in. sho conf Shows you the configuration in eeprom or flash: what state the router will be in when you reload it. sho int interface-name Show you all sorts of information about an interface. The IP address (if any); any description; input and output packets and bytes; errors on the interface; interface resets; and many other goodies we'll go into in the future. reload Restarts the router; it'll ask you to confirm - and whether to save any changes you might have made to the configuration. write Writes any changes you might have made (copies the running configuration to the startup configuration). write net Writes the running configuration to a remote tftp server. sho ip route Without any parameters, this will show you all routes in the IP routing table. sho ip route x.y.z.q Shows routing information on one or more of the most specific routes that contain that IP address - however, if you enter an IP address for which no route but the default route (0.0.0.0) exists, the default route will not be shown. sho ip route x.y.z.q netmask longer-prefixes Shows a list of routes that are within the IP range specified by x.y.z.q as a starting point and netmask as a length. The longer-prefixes keyword tells it to find all routes that fall in that range - of all specificities (prefix length = specificity). sho ip bgp Without any parameters, this will show you all routes heard via BGP. sho ip bgp x.y.z.q Shows routing information on one or more of the most specific BGP routes that contain that IP address - if you enter an IP address for which no route but the default route (0.0.0.0) exists, the default route will not be shown. sho ip bgp x.y.z.q netmask longer-prefixes Shows a list of BGP routes that are within the IP range specified by x.y.z.q as a starting point and netmask as a length. The longer-prefixes keyword tells it to find all BGP routes that fall in that range - of all specificities (prefix length = specificity). sho ip bgp reg regexp This shows you all BGP routes matching the regular expression regexp. For example, sho ip bgp reg _1_ shows you all BBN routes. sho ip bgp ? You may want to explore the other "sho ip bgp" commands. Typing sho ip bgp ? will get you a list of them. You can't do any harm with a "sho" command... sho ip bgp summ Shows you how many BGP routes you have, and the status of all open BGP sessions. conf term enter configuration commands end While in configuration mode, enter all of your configuration commands. When done, enter "end" and return - or hit "^Z". conf net Loads a sequence of commands (not necessarily a whole configuration file) from a remote tftp server. CONFIGURATION-MODE COMMANDS no The "no" command is used *before* any other configuration-mode command - it's the way that you tell a Cisco to unset a setting. For example, "no ip route x.y.z.q netmask destination". "no router bgp ASN" would be fairly disastrous, though - it would take out the "router bgp" clause and all of the neighbor and other statements underneath it. To delete a neighbor and re-enter it, use "router bgp ASN" and then "no neighbor x.y.z.q". ip route x.y.z.q "netmask" "destination" ["metric"] The "metric" tag is optional (which is why it's shown in brackets). The "netmask" used to be optional, but no longer is - and even on routers where it is optional it never hurts to be specific! The "ip route" command installs a route to the IP space starting at x.y.z.q and spanning the length specified by "netmask", pointed towards "destination" as a next-hop. "destination" can be an interface name or IP address. interface "interface-name" Many configuration commands are applied to interfaces; to see some of them, type "int s0" (or whatever an interface is on your router) and do a "?". Then do an "ip ?"; then continue poking around without actually doing anything... Configuration-mode commands are either global or interface-specific. If you enter an interface-specific commands at the global configuration level the router won't take it (there's no "default" interface to apply commands to). If you enter a global configuration command when in interface configuration mode the router will just pop out of interface configuration and into global configuration. router bgp "ASN" This starts the "BGP clause" in your router; things like "network", "neighbor", "aggregate-address", and other BGP-related commands are entered after you put the router into BGP configuration mode. Just as with interface configuration mode, if you enter a global-level command (such as "ip route ...") it'll pop you out of BGP configuration mode. end This command ends configuration mode and returns you to the command prompt. Changes are not saved unless you use the "write" command. There are many other configuration commands, some of which are shown in the BGP articles. We'll be going into more of them in the near future when we talk more about configuring Ciscos. --------------------------------------------------- clear arp-cache clear counters clear counters FastEthernet 0 0 clear ip accounting clear ip bgp 192.41.177.152 clear ip cache copy running-config slot0:config-0807 copy tftp flash delete slot0:c7200-p-mz.111-11.CA1.bin squeeze slot0: show accounting show memory --------------------------------------------------- access-list 110 deny ip any any log access-list 110 permit ip any host 198.69.186.1 log access-list 110 permit ip any host 198.69.186.2 log access-list 110 permit ip any host 207.8.186.1 log access-list 110 permit ip any host 207.8.186.2 log access-list 110 permit udp any any eq domain boot system flash slot0:c700-js-mz.112-7a.P.bin boot system rom enable password 0 hikarl interface Serial 4 6 description ip access-group 110 in ip accounting ip accounting output-packets ip address 10.10.10.66 255.255.255.255 ip address 207.106.0.1 255.255.255.255 secondary shutdown ip as-path access-list 91 permit ^4000_ ip community-list 25 permit 1200 ip route 137.239.0.0 255.255.0.0 Hssi 1 0 ip route 137.239.0.0 255.255.0.0 Hssi 1 0 252 ip route-cache cbus ip route-cache optimum ip route-cache same-interface ip route-cache sse ip router isis ip source-route ip subnet-zero ip classless line vty 0 4 password xxxxx load-interval 30 service password-encryption tftp-server flash slot1:igs-p-l.111-8.bin alias igs-p-l.111-8.bin