How to Set and redistribute a Static Default Route on a Cisco Router

How to Set a Static Default Route on a Cisco Router

A Static Default Route is used to provide a path to an external network, commonly an ISP or external network.

The syntax for a static default  route is quite simple:

ip route 0.0.0.0 0.0.0.0 (destination IP address)

e.g. to point to a default route of 8.8.8.8 then you you would use ip route 0.0.0.0 0.0.0.0 8.8.8.8 

Sometimes you may need to redistribute this to other routers in your infrastructure. To do so, you use the  redistribute static  command on the router. These routes will appear with a R* symbol when observed with  a show ip route command.

This article can also be found on our sister site Dizzyit.com at http://dizzyit.com/2013/03/31/set-static-default-route-cisco-router/

Set Interface Speed, Duplex and Description on a Cisco Switch / Router

Set Interface Speed, Duplex and Description on a Cisco Switch / Router

By Default, Cisco Switch Ports are set to auto negotiate. This means that the Cisco Switch / Router will agree on a speed determined by the line conditions with the end device. This works great for workstations and other end user devices as it gives freedom and flexibility without the admin needing to hard set speeds at both ends.

However, for key ports such as those to servers, other switches or routers, its often best to hard code in the speed and duplex, as well as provide a description to provide an explanation of what the port is used for.

In this example we will set the speed, duplex and a description on interface fast ethernet 0/3 .

The first step is to enter the configuration prompt for that switchport:

enable

config t

interface fa 0/3

From here, you can edit the configuration of the port.

To set the description, you use the description  command -  e.g description domain controller. Next, to set the Speed you use the speed command - e.g. speed 1000 . Finally, you set the duplex  with the duplex  command - e.g. Duplex Full .

This Article can also be found on our sister site DizzyIT.com at : http://dizzyit.com/2013/03/29/set-interface-speed-duplex-description-cisco-switch-router/

How to Erase the Config and VLAN Database on a Cisco Switch or Router

How to Erase the Config and VLAN Database on a Cisco Switch or Router

Erasing the config on a Cisco Switch or router becomes necessary at times for either disposal or re-purposing into a new location or lab environment.

NOTE: I highly recommend that before you delete any configuration from a switch or router you take a backup for the config and the vlan.dat . The one time you will need this is the one time you dont have it, and its good practice for archival purposes. 

Firstly, you need to erase the startup configuration. to do this two commands are used - either write erase or the newer erase startup-config. 

On a Catalyst Switch, you may need to to erase the VLAN database. To do this, type you type the command delete flash:vlan.dat 

From here you need to reload the router / switch. When running the reboot you will be prompted that system configuration has been modified, Save? [yes/no] Here, you should choose no . or you will write the running config back to the startup config and have to repeat the process!

This article can also be found at our sister site DizzyIT.com at: http://dizzyit.com/2013/03/29/erase-config-vlan-database-cisco-switch-router/

How to Set The IP Address on a Cisco Router Interface

How to Set The IP Address on a Cisco Router Interface

This article will discuss how to choose which interface needs to be configured on a Cisco Router, as well as how to go about configuring that interface

Setting the IP address on a Cisco Router interface is necessary for the router to be able to communicate with other networks, as well as its own network.

Prior to setting the IP address, the administrator needs to be aware of the address that will be allocated to the router. In many cases this will be dictated by a subnet mask that is already in use, or may be pre defined by either the network manager or service provider.

Secondly, the administrator needs to be aware of which interface needs to be configured. Most Routers only have a couple of interfaces and this is easy to determine, however some larger enterprise routers, such as those found in an ISP may have many interfaces. Configuring the wrong interface with the wrong IP address is a sure fire way to bring down your network and cause an outage.

Interfaces on modern modular routers are divided into slots, and these in turn are separated into interfaces. These are numbered on the back of a router to be physically inspected, and can also be listed from the command line with a show ip interface brief command

We can see that Interface FastEthernet 0/1 already has an IP address and that interface FastEthernet 0/0 is currently un-configured

Likewise, you would expect to have access to an up to date network diagram which should show you the ports and their connection partners. A show cdp neighbors command can also be used to determine who the routers existing neighbors are:

We can see from the above that we already have a connection to router R3 going out interface Fast Ethernet 0/1 . This confirms the information learned above with the show ip interface brief. 

It can also be a good idea to ping the IP address to be configured to ensure that its not in use.

Thus, It can now be determined with some certainty that interface FA0/0 is the interface to be configured

Once you have determined your interface to be configured, the actual configuration process is very easy. the syntax is as follows:

1. enable to enter into privileged mode. (enter any passwords required)
2. config terminal to enter into global configuration mode
3. interface (interface) to enter the configuration mode for the desired interface
4. no shutdown to bring the interface online
5. ip address (ip address) (Subnet Mask)  to assign the desired IP to the interface.

For a serial interface, especially in a lab environment you will need to set the clock rate for the port. this is done using the clock rate (clock rate)  command on the interface.

And that's all there is to it! for an inside facing interface, this is all that is required to bring the interface online and you should now have connection to the network. this can be tested with a ping command.

For an outside (external) interface, assuming that all is set up on the other end OK then connectivity will also have been established

Please note that this article can also be located at our sister site www.dizzyit.com at:

http://dizzyit.com/2013/03/24/set-ip-address-cisco-router-interface/

Thank you for reading and please check back in again soon for more articles.

Set Basic Security and Passwords for Cisco Switches and Routers

Set Basic Security and Passwords for Cisco Switches and Routers

This article will cover setting passwords on a router / Switch at a CCNA level. TACACS and RADIUS will be covered in a future article.

The Enable password:

the Enable password protects privileged mode of the Router / Switch. This is where configuration changes can be made. This password can be cnfigured as an encrypted password or as plain text.

To configure in plain text use:
enable password  

To configure in encrypted mode use:
enable secret

The Enable Password is un-encrypted and can be seen in the running config in plain text as shown.

The Enable Secret looks like this in the running Config:

The enable secret password is encrypted with an MD5 hash and is very secure. In production, this is the password to use. There is no reason to have a plain text enable password in your config, as this will be over ruled by any enable secret that is in place. In a running config it looks like this:

You can encrypt plain text passwords with the service password-encryption command, however this is not as secure as the Enable Secret. The Service password-encryption command is a simple Vigenere cipher and is intended for line of sight protection. several websites are available that will break one of these passwords with no effort at all.

Console Password.

The Console Password protects the console port located (in most cases) at the rear of the router / switch. the syntax to set this password is:

line console 0
login
password

this password is stored in plain text in the running config and can be protected with the service password-encryption command

Telnet Password

 The Telnet password protects the router from remote access across a network.
Before setting this password i like to see how many telnet lines i have to play with. To do so, I use the line vty 0 ? command to verify how many lines are available.





Normally, passwords are set on the 1st 4 lines however you can do more if you wish. by not setting the password on the other lines you are not presenting a security vulnerability, you are just not presenting some of the available lines for telnet access

to set the telnet password the syntax is:
line vty 0 4
login
password

This command is stored in plain text in the running config and can be protected with the service password-encryption command:





There are two further security notes with this command.  Firstly, its not advisable under any circumstances to use the no login command here. this will allow access into the telnet ports without challenge. Secondly  telnet passes information in plain text which is an obvious security concern. For the uninitiated, this mean that the data can be intercepted by tools such as wireshark and easily exploited. instead SSH should be used as a transport protocol here. This will be covered on a further article.

The Auxiliary Password 

The Auxiliary port is only present on Routers, not switches. It is used traditionally as a port for remote access via a modem. it is more often used these days as a backup to the console port.

To protect the Aux port:

line aux 0
login
password

As above, this password can be encrypted with the service password-encryption command.:







This concludes the article on setting basic Cisco router and switch security. the information here was presented at a CCNA level. Further articles will go deeper into security hardening a Cisco device.

Thanks for reading!