[Techtalk] Cisco routers anyone?
mariab at cats.meow.at
Fri May 9 02:27:19 EST 2003
On Thu, 8 May 2003, Mary Wood wrote:
> Before I can dive into my first Linux swimming pool,
> we must get the router configured. And there's already
> a snag I hope someone has an easy answer for.
> It's a used Cisco 1700 router. I need to assign it a
> new IP address, as it's currently showing the addy for
> its old home. I'm interfacing through a Window$
> machine, using SecureCRT.
> I'm in global config mode, trying the entry:
> router(config)#ip address 12.345.678.9 255.255.255.128
> 12.345... being the new ip we want and 255... being
> the subnet.
ok, pretty good start, but we need a little more info here, and the first
problem is that you're not specifying an interface to give the IP to :)
> It's telling me "%invalid input detected at..." and
> indicates the problem is the space between "address
> 12.345..." I've tried no space, dash, semi-colon,
> though I'm certain that a space is correct.
The tree is down here
> I'm also suspecting I should be in interface mode, but
> can't for the life of me get there. I'm trying:
> router(config)#interface vlan
Close, but no cigar :)
> I get the error "%incomplete command" I pulled up a
> list out of the help file of the various interfaces
> one can use and I get the same "%incomplete command"
> with all of them. Incedentally, I don't know which
> interface I should be in, just that I'd like to get
> into interface mode to try changing the ip address
> from there.
Well, the great thing about IOS is that it has interactive help everywhere
if you type a ? anywhere, it'll tell you what you can do next.
First things first, we need to figure out what interfaces you have there.
This is easy enough, there's a very generic command "show",
and there's a whole bunch of subcommands, you can see them by typing
The one we need is "show interfaces", and typing this will give a whole
big long list of interfaces. Another useful one to remember is "show
configuration", which will show you the saved configuration, and "show
running-configuration", which will show you the currently active
configuration. Any line from the configuration is one that can be typed
in when configuring it, and indeed when the router starts up, you can
think of it loading it's configuration as a built in typist entering the
configuration from memory, line by line. In any case this is very handy
I imagine if you're got a 1700 series router, you'll have one with an
ethernet port that's connected to your network, and a serial port or
similar connected to a leased circuit going somewhere else.
All you need to do is pick the one you want from the list, and then
eg (this is from a similar router in our network)
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 00b0.64af.2c80 (bia 00b0.64af.2c80)
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Serial0/1 is up, line protocol is up
Hardware is PowerQUICC Serial
Enter configuration commands, one per line. End with CNTL/Z.
ayl-backbone-1(config)#interface ethernet 0/0
ayl-backbone-1(config-if)#ip address 12.345.678.9 255.255.255.128
ayl-backbone-1#copy running-config startup-config
"show interface ethernet 0/0" would now (if i'd actually done this) show
that it's IP address is 12.345.678.9/25
Now, there's a few things to bear in mind, that IP address there looks
like it's going to be part of an ethernet network, because it's a /25, so
it can't possibly be on a point to point link. Therefore, you're also
going to have to check, and if neccesary set the IP address of whatever
links you to the outside world.
Something to be aware of is that Ciscos have a neat little ability to run
interfaces without IP addresses, in other words one interface can borrow
the IP address of another interface. This may or may not be required,
depending on your situation, though in general, the way to configure this
is when in configuration mode, select the interface and then type "ip
unnumbered <interface>", selecting an appropriate interface.
In the output from show interfaces, this would appear as a line looking a
little like this:
Interface is unnumbered. Using address of Ethernet0/0 (12.345.678.9)
Please ask further if you're unsure of anything.
Something that I will say is that EVERY interface on the router should
have "no ip directed-broadcast" set on it. This is *IMPORTANT*, it stops
your router from being able to pass on smurf attacks.
Other useful config lines to think over, with brief descriptions:-
(enables stored password encryption)
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
(set the logging timestamps to be something friendly)
(let's it use subnets involving 0, can prevent much confusion :)
no ip source-route
(disables source routing, which could be used for naughtiness)
no ip finger
no ip bootp server
no ip http server
no service tcp-small-servers
no service udp-small-servers
(disable un-needed services)
ntp server <time server> prefer
(set an NTP server to use for time sync)
clock timezone <timezone> <offset from UTC>
clock summer-time zone recurring
(set up the clock sensibly)
logging facility <syslog facility>
logging trap <log level, from 0-7 increasing in verbosity>
logging <remote syslog host>
(setup remote unix syslogging)
On interfaces facing the outside world, or other peoples networks, set "no
cdp enable", you may also wish to experiment with the "snmp-server" global
config command, if only to make sure it's turned off, and it's usually
advisable to set "no ip proxy-arp" on interfaces that are facing inwards
onto an ethernet network, just in case.
Turning on Cisco Express Forwarding, with the "ip cef" command is often
advisable, as it will save a lot on router CPU time.
This isn't an exhaustive list, but it should be useful, and as always,
If you have any questions, let me know :)
> Sigh. Feel like I've absorbed everything else under the sun today
> about Cisco routers *except* how to change the ip address. >_<
One of my friends is studying for the CCIE, Cisco Certified Internet
Engineer exam, this takes 2 or 3 years to do, and there's at least a years
waiting list for the practical lab exam, to be taken in california :)
Take heart :)
> Anyone have any suggestions?
Uhm, see above :)
> Thanks in advance...
Cisco Mercenary for hire, if required, good rates, apply within ;)
More information about the Techtalk