We can start off our campaign by configuring a small LAN network. We will configure a cisco switch that is connected to end user device and eventually forward traffic to a router with connects our LAN with outside network/ Internet.
In our scenario, the configuration will be done on the switch, here we are going to divide the whole process into six stages:
1) Beginning: start up new switch/ wipe out existing configs.
2) Security: passwords & banner.
3) Cosmetics: name & work environment.
4) Management: IP address & gateway.
5) Interfaces: speed, duplex & description.
6) Verify & backup: CDP, TFTP, show interfaces.
BEGINNING
Very few of us will be born with the silver spoon to have a brand new switch to start off the proceedings, for other not so lucky comrades like me, before we can start any configuration we need to make sure that previous configuration do not effect what we are about to do.
At boot up of a brand new switch, it always prompts with a question to initiate configuration wizard that most of us rightly say "no" to.
In case of old device it can be a bit tricky, like it happened with me after waiting eagerly for 4 days when my 2500 router arrived, it had console password on it and of course I had no clue what it was. Yes it can be any funny situation like this. If you are the chosen one, please refer to my separate blog on cracking the password on the cisco device.
But if you are able to reach the privilege mode, follow the below steps to wipe out any previous configuration:
Switch#write erase
OR
Switch#erase startup-config (cisco recommended)
OR
Switch#delete startup-config
Any of the above commands
Now have to reload the configuration on the switch (I mean the new config)
Switch#reload
And here comes one of the most deceptive question of the cisco world,"System configuration has been modified. Save?[yes/no]"
Instinctively most of us will choose YES but if we select YES it would save the running config (old configuration) to NVRAM as startup-config, as we reboot router we find it in the same state where we started.
So say NO when prompted with the above question and that's it you have successfully cleared of the old configuration. At reboot you will find the good old question of entering the setup wizard. And hopefully you would remember to enter NO.
SECURITY
At the moment our switch is wide open for anyone. It straight away takes user to user mode prompt and the privilege mode without any authorisation.
(config)#enable password xxxx
OR
(config)#enable secret xxxx
The "enable secret" command is used by IOS over the "enable password" command, the former saves password in encrypted format and later in a clear text.
If both are set, "enable secret" is used.
Telnet configuration
(config)# line vty 0 4
(config-line)# login
(config-line)# password xxxx
Console Password Setup
(config)# line vty 0 4
(config-line)# login
(config-line)# password xxxx
COSMETICS
Well you must have gussed that not much could be done at a console prompt and I wont surprise you either.
Only thing I could imagine at this stqge is to give our device a NAME.. Yes you can give it any name you could imagine (well dont start looking for that "name book" yet..atleast not until Cisco releases an offical one)
Well its recommened to give your device a relatively sensible name/ abbreviate that corresponds to the position or role of that device.
Some argue the fact that it can be a security vulnerability by giving the sense of internal structure or role of device.
Coming straight on to our only command to give a cosmetic touch to our Cisco device..is HOSTNAME followed by the chosen name and it's used at the global config mode as below:
Device(config)# hostname XXXX
XXXX(config)#
Also I would like to make a point of the way the some time the commands you are typing get dissected by the logging messages like "interface is up... Line protocol is up.. etc"
Although the command will still work if you are good enough to correctly complete it but the console can be configured to copy whatever we have typed back at the prompt by following command:
(config)#line con 0
(config-line)# logging synchronous
Similarly, to reflect the same behaviour via telnet sessions follow as below:
(config)#line vty 0 4
(config-line)# logging synchronous
And at last not recommended but can be useful in lab environment, is to turnoff the auto log off feature. This will stop the Cisco IOS to log you of the console session after a given time, it save you to retype the passwords and going back to the sub-interface modes after long intervals of study:
(config)#line con 0
(config-line)# no exec-timeout OR exec-timeout 0 0 ( both commands have same effect of turning off the auto logging feature)
So well it's not just one command in our cosmetic makeover but three is not bad either..
Of course don't forget to save the running config, to make it permanent by typing in the following:
Kuldeep Saxena
Network Administrator
St. Patricks International College
London UK
In our scenario, the configuration will be done on the switch, here we are going to divide the whole process into six stages:
1) Beginning: start up new switch/ wipe out existing configs.
2) Security: passwords & banner.
3) Cosmetics: name & work environment.
4) Management: IP address & gateway.
5) Interfaces: speed, duplex & description.
6) Verify & backup: CDP, TFTP, show interfaces.
BEGINNING
Very few of us will be born with the silver spoon to have a brand new switch to start off the proceedings, for other not so lucky comrades like me, before we can start any configuration we need to make sure that previous configuration do not effect what we are about to do.
At boot up of a brand new switch, it always prompts with a question to initiate configuration wizard that most of us rightly say "no" to.
In case of old device it can be a bit tricky, like it happened with me after waiting eagerly for 4 days when my 2500 router arrived, it had console password on it and of course I had no clue what it was. Yes it can be any funny situation like this. If you are the chosen one, please refer to my separate blog on cracking the password on the cisco device.
But if you are able to reach the privilege mode, follow the below steps to wipe out any previous configuration:
Switch#write erase
OR
Switch#erase startup-config (cisco recommended)
OR
Switch#delete startup-config
Any of the above commands
Now have to reload the configuration on the switch (I mean the new config)
Switch#reload
And here comes one of the most deceptive question of the cisco world,"System configuration has been modified. Save?[yes/no]"
Instinctively most of us will choose YES but if we select YES it would save the running config (old configuration) to NVRAM as startup-config, as we reboot router we find it in the same state where we started.
So say NO when prompted with the above question and that's it you have successfully cleared of the old configuration. At reboot you will find the good old question of entering the setup wizard. And hopefully you would remember to enter NO.
SECURITY
At the moment our switch is wide open for anyone. It straight away takes user to user mode prompt and the privilege mode without any authorisation.
(config)#enable password xxxx
OR
(config)#enable secret xxxx
The "enable secret" command is used by IOS over the "enable password" command, the former saves password in encrypted format and later in a clear text.
If both are set, "enable secret" is used.
Telnet configuration
(config)# line vty 0 4
(config-line)# login
(config-line)# password xxxx
Console Password Setup
(config)# line vty 0 4
(config-line)# login
(config-line)# password xxxx
COSMETICS
Well you must have gussed that not much could be done at a console prompt and I wont surprise you either.
Only thing I could imagine at this stqge is to give our device a NAME.. Yes you can give it any name you could imagine (well dont start looking for that "name book" yet..atleast not until Cisco releases an offical one)
Well its recommened to give your device a relatively sensible name/ abbreviate that corresponds to the position or role of that device.
Some argue the fact that it can be a security vulnerability by giving the sense of internal structure or role of device.
Coming straight on to our only command to give a cosmetic touch to our Cisco device..is HOSTNAME followed by the chosen name and it's used at the global config mode as below:
Device(config)# hostname XXXX
XXXX(config)#
Also I would like to make a point of the way the some time the commands you are typing get dissected by the logging messages like "interface is up... Line protocol is up.. etc"
Although the command will still work if you are good enough to correctly complete it but the console can be configured to copy whatever we have typed back at the prompt by following command:
(config)#line con 0
(config-line)# logging synchronous
Similarly, to reflect the same behaviour via telnet sessions follow as below:
(config)#line vty 0 4
(config-line)# logging synchronous
And at last not recommended but can be useful in lab environment, is to turnoff the auto log off feature. This will stop the Cisco IOS to log you of the console session after a given time, it save you to retype the passwords and going back to the sub-interface modes after long intervals of study:
(config)#line con 0
(config-line)# no exec-timeout OR exec-timeout 0 0 ( both commands have same effect of turning off the auto logging feature)
So well it's not just one command in our cosmetic makeover but three is not bad either..
Of course don't forget to save the running config, to make it permanent by typing in the following:
device# copy running-config startup-config
Without making it longer, it looks like I should better cut it short here and will cover the remaining three topics in second part.
Kuldeep Saxena
Network Administrator
St. Patricks International College
London UK
Location:Winter Ave,Stratford,United Kingdom
Comments
Post a Comment