Basic configuration of Cisco routers and switches
illustrate
The basic configuration of routers is similar to that of switches. Most of this article uses routers as examples
- The operation is in user mode when the console prompt
Router>is - When the console prompt
Router#is, it means that this operation is in EXEC privileged mode - When the console prompt is
Router(config)#orRouter(config-*)promptly states that the operation is in global configuration mode or its submodes
console mode
When the user enters the console, the default is user mode
To enter the EXEC privileged mode, you need to enter the following command
enable
Assuming you are in user mode , to enter global configuration mode, you should first enter privileged mode
enable
configure terminal
If you want to exit the current mode, enter the following command
exit
The following command examples do not repeat the above operations. Please enter the above command to enter the corresponding mode according to the console prompt, and execute the following command.
(Note: The commands below, that is, what you want to enter, are only the things behind the prompt, such as Router(config)#hostname R1in Cisco's CLI, you only need to enter hostname R1)
device name
Change the device name, such as changing Router to R1
Router(config)#hostname R1
set tagline
Set the banner to HelloWorld
Router(config)#banner motd 'HelloWorld'
Configure IPv4 address
Configure for router ports
Suppose the address we want to g0/0configure for the router port is 192.168.1.1, its subnet mask is 255.255.255.0, and the description for the port configuration is
At this time, the command to configure the ip address, note that the cisco device needs no shutdown
Router(config)#interface g0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
To set the description information for this port, you can add a sentence after it
Router(config-if)#description LAN connection to S1
Indicates that this is for connecting to a device named S1
Configure for switch vlan1
Assume that the switch we want to configure is named S1, which is connected to the router Router, and the ip to be assigned to the VLAN that comes with the switch 192.168.1.2is its subnet mask.255.255.255.0
S1(config)#interface vlan 1
S1(config-if)#ip address 192.168.1.2 255.255.255.0
S1(config-if)#no shutdown
Configure an IPv6 global unicast address
Configure for the router
As above, we still g0/0configure the port, its address is 2001:db8:1::1and the suffix is/64
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ipv6 address 2001:db8:1::1/64
Note that if the port has not been enabled before, that is, it has been entered no shutdown, this command must be executed here.
You can also configure the link-local address here. If the address is FE80::1, the default suffix is/10
Router(config-if)#ipv6 address FE80::1 link-local
remove the ip address of the port
noJust add it before the command to configure the ip address
Such as ipv6 address
Router(config-if)#no ipv6 address 2001:db8:1::1/64
ipv6For ipv4, change the above command to ip, followed by the corresponding ipv4 address and subnet mask
Configure for the switch
The 2960 switch I use on the cisco packet tracer emulator does not seem to support this command, but some people on the Internet say that it can be configured, so I will omit it here for the time being. If you know the method, you can chat with me privately or leave a comment below.
Switch configuration ipv4 default gateway
Since the port ipv4 address of the S1 switch connected to the router Router is 192.168.1.1, the default gateway to be configured on the switch is this address
S1(config)#ip default-gateway 192.168.1.1
Note here that we did not write the subnet mask because it has already been set when configuring the ip of vlan1 before, and the switch will automatically obtain the subnet mask according to the previous configuration.
Encryption, limit password minimum length and login times
You can limit the minimum length of the password and the number of logins, and encrypt the plaintext password to further improve security
Encrypted plaintext password
R1(config)#service password-encryption
Limit the minimum length to 1
security passwords min-length 1
Users who fail to log in three times within three minutes will be restricted for four minutes
R1(config)#login block-for 180 attempts 3 with 240
configure line
Here, router R1 is taken as an example, and the configured passwords are all aaa.
The VTY line connection method only allows SSH (the other is telnet, which is transmitted in plain text and is not secure), and the timeout period is set to 10 minutes.
Configure the console line
R1(config)#line console 0
R1(config-line)#password aaa
R1(config-line)#login
Note: loginIt will take effect later, other lines are the same
Configure vty line
In the case of a total of 16 vty lines
The example here is to configure all vty lines
R1(config)#line vty 0 15
R1(config-line)#transport input telnet
R1(config-line)#exec-timeout 10
R1(config-line)#password aaa
R1(config-line)#login
Disable Domain Lookup
Enter the wrong command in the terminal , if asdyou will enter the domain name search, the following situation will appear
Router>asd
Translating "asd"...domain server (255.255.255.255) % Name lookup aborted
You need to press ctrl+shift+6cancel to continue typing commands, but this is tedious (if you enter the wrong command too many times).
So you can enter the following command to disable this function
R1(config)#no ip domain-lookup
Configure domain name
R1(config)#ip domain-name CCNA.com
save configuration
R1#copy running-config startup-config
This command saves the running configuration file to the startup configuration file
If this operation is not performed, the device will return to the state before the configuration after power off, and the configuration made by the user will be lost.
View the MAC address table of the switch
S1#show mac-address-table
view routing table
View ipv4
R1#show ip route
View ipv6
R1#show ipv6 route