Basics Of Cisco Routers Introduction Cisco is well known for its routers and switches. I must admit they are very good quality products and once they are up and running, you can pretty much forget about them because they rarely fail. We are going to focus on routers here since that's the reason you clicked on this page ! Cisco has a number of different routers, amongst them are the popular 1600 series, 2500 series and 2600 series. The ranges start from the 600 series and go up to the 12000 series (now we are talking about a lot of money). Below are a few of the routers mentioned : Cisco 700 Series Cisco 800 Series Cisco 1600 Series Cisco 2600 Series Cisco 7200 Series All the above equipment runs special software called the Cisco Internetwork Operating System or IOS. This is the kernel of Cisco routers and most switches. Cisco has created what they call Cisco Fusion, which is supposed to make all Cisco devices run the same operating system. We are going to begin with the basic components which make up a Cisco router (and switches) and I will be explaining what they are used for, so grab that tea or coffee and let's get going ! The basic components of any Cisco router are : 1) Interfaces 2) The Processor (CPU) 3) Internetwork Operating System (IOS) 4) RXBoot Image 5) RAM 6) NVRAM 7) ROM 8) Flash memory 9) Configuration Register Now I just hope you haven't looked at the list and thought "Stuff this, it looks hard and complicated" because I assure you, it's less painful than you might think ! In fact, once you read it a couple of times, you will find all of it easy to remember and understand. Interfaces These allow us to use the router ! The interfaces are the various serial ports or ethernet ports which we use to connect the router to our LAN. There are a number of different interfaces but we are going to hit the basic stuff only. Here are some of the names Cisco has given some of the interfaces: E0 (first Ethernet interface), E1 (second Ethernet interface). S0 (first Serial interface), S1 (second Serial interface), BRI 0 (first B channel for Basic ISDN) and BRI 1 (second B channel for Basic ISDN). In the picture below you can see the back view of a Cisco router, you can clearly see the various interfaces it has:(we are only looking at ISDN routers) You can see that it even has phone sockets ! Yes, that's normal since you have to connect a digital phone to an ISDN line and since this is an ISDN router, it has this option with the router. I should, however, explain that you don't normally get routers with ISDN S/T and ISDN U interfaces together. Any ISDN line requires a Network Terminator (NT) installed at the customer's premises and you connect your equipment after this terminator. An ISDN S/T interface doesn't have the NT device built in, so you need an NT device in order to use the router. On the other hand, an ISDN U interface has the NT device built in to the router. Check the picture below to see how to connect the router using the different ISDN interfaces: ........... Apart from the ISDN interfaces, we also have an Ethernet interface that connects to a device in your LAN, usually a hub or a computer. If connecting to a Hub uplink port, then you set the small switch to "Hub", but if connecting to a PC, you need to set it to "Node". This switch will simply convert the cable from a straight through (hub) to a x-over (Node): .............. The Config or Console port is a Female DB9 connector which you connect, using a special cable, to your computers serial port and it allows you to directly configure the router. The Processor (CPU) All Cisco routers have a main processor that takes care of the main functions of the router. The CPU generates interrupts (IRQ) in order to communicate with the other electronic components in the router. The Cisco routers utilise Motorola RISC processors. Usually the CPU utilisation on a normal router wouldn't exceed 20 %. The IOS The IOS is the main operating system on which the router runs. The IOS is loaded upon the router's bootup. It usually is around 2 to 5MB in size, but can be a lot larger depending on the router series. The IOS is currently on version 12, and Cisco periodically releases minor versions every couple of months e.g 12.1 , 12.3 etc. to fix small bugs and also add extra functionality. The IOS gives the router its various capabilities and can also be updated or downloaded from the router for backup purposes. On the 1600 series and above, you get the IOS on a PCMCIA Flash card. This Flash card then plugs into a slot located at the back of the router and the router loads the IOS "image" (as they call it). Usually this image of the operating system is compressed so the router must decompress the image in its memory in order to use it. The IOS is one of the most critical parts of the router, without it the router is pretty much useless. Just keep in mind that it is not necessary to have a flash card (as described above with the 1600 series router) in order to load the IOS. You can actually configure most Cisco routers to load the image off a network tftp server or from another router which might hold multiple IOS images for different routers, in which case it will have a large capacity Flash card to store these images. The RXBoot Image The RXBoot image (also known as Bootloader) is nothing more than a "cut-down" version of the IOS located in the router's ROM (Read Only Memory). If you had no Flash card to load the IOS from, you can configure the router to load the RXBoot image, which would give you the ability to perform minor maintenance operations and bring various interfaces up or down. The RAM The RAM, or Random Access Memory, is where the router loads the IOS and the configuration file. It works exactly the same way as your computer's memory, where the operating system loads along with all the various programs. The amount of RAM your router needs is subject to the size of the IOS image and configuration file you have. To give you an indication of the amounts of RAM we are talking about, in most cases, smaller routers (up to the 1600 series) are happy with 12 to 16 MB while the bigger routers with larger IOS images would need around 32 to 64 MB of memory. Routing tables are also stored in the system's RAM so if you have large and complex routing tables, you will obviously need more RAM ! When I tried to upgrade the RAM on a Cisco 1600 router, I unscrewed the case and opened it and was amazed to find a 72 pin SIMM slot where you needed to attach the extra RAM. For those who don't know what a 72 pin SIMM is, it's basically the type of RAM the older Pentium socket 7 CPUs took, back in '95. This type of memory was replaced by today's standard 168 pin DIMMs or SDRAM. The NVRAM (Non-Volatile RAM) The NVRAM is a special memory place where the router holds its configuration. When you configure a router and then save the configuration, it is stored in the NVRAM. This memory is not big at all when compared with the system's RAM. On a Cisco 1600 series, it is only 8 KB while on bigger routers, like the 2600 series, it is 32 KB. Normally, when a router starts up, after it loads the IOS image it will look into the NVRAM and load the configuration file in order to configure the router. The NVRAM is not erased when the router is reloaded or even switched off. ROM (Read Only Memory) The ROM is used to start and maintain the router. It contains some code, like the Bootstrap and POST, which helps the router do some basic tests and bootup when it's powered on or reloaded. You cannot alter any of the code in this memory as it has been set from the factory and is Read Only. Flash Memory The Flash memory is that card I spoke about in the IOS section. All it is, is an EEPROM (Electrical Eraseable Programmable Read Only Memory) card. It fits into a special slot normally located at the back of the router and contains nothing more than the IOS image(s). You can write to it or delete its contents from the router's console. Usually it comes in sizes of 4MB for the smaller routers (1600 series) and goes up from there depending on the router model. Configuration Register Keeping things simple, the Configuration Register determines if the router is going to boot the IOS image from its Flash, tftp server or just load the RXBoot image. This register is a 16 Bit register, in other words has 16 zeros or ones. A sample of it in Hex would be the following: 0x2102 and in binary is : 0010 0001 0000 0010. Cisco Router Modes Introduction From my personal experience, I have noticed that the lower end routers (600-1400) use different commands than the mid to upper range routers (1600 and above). The commands we are going to talk about here cover most aspects of the 1600, 1700, 2500, 2600, 3600 series. Most are the same, but there are always a few variations to these commands depending on the interfaces your router has, IOS version, and the type of WAN protocols they support. Because there is such a wide range of interfaces on a router and also alot of different versions of the Cisco IOS, I decided to stick to an example where our router is running IOS version 12 and has one IDSN S/T (without NT terminator) interface and one Ethernet interface. That's a total of 2 interfaces. I understand that this is quite a specific example, but it would take an enourmous amount of time and effort to cover all cases. Now, when you power up a Cisco router, it will first run a POST test to ensure all hardware is ok, and then look into the Flash to load the IOS. Once the IOS is loaded, it will then check the NVRAM for any configuration file. Since this is a new router, it won't find any, so the router will go into "setup mode". Setup Mode The setup mode is a step-by-step process which helps you configure basic aspects of the router. When using this setup mode, you actually have 2 options: 1) Basic Managment Setup, which configures only enough connectivity for managment to the system. 2) Extended Setup, which allows you to configure some global parameters and interfaces. It should be noted that when you are prompted to enter a value at the console prompt, whatever is between the square brackets [ ] is considered to be a default value. In other words, if you hit enter without entering anything, the value in those brackets will be set for the specific question. I'll try to keep this as simple and straightforward as possible. Cisco routers have different configuration modes (depending on the router model), and by this I mean there are different modes in which different aspects of the router can be configured. These are : 1) User Exec Mode ( >) - Click to select 2) Privileged Mode (#) which has as a subset, the Global Configuration mode - Click to select To be able to get into either User Exec or Privileged mode, you will most likely need a password. This password is set during the initial configuration of the router or later on. Once in Privileged Mode, you can then enter Global Configuration Mode (password not needed to enter this mode) to then futher configure interfaces, routing protocols, access lists and more. The picture below shows you a quick view of the modes. Notice the red arrow, it's pointing towards the Global Configuration Mode and Privileged mode meaning that some of the specific configuration modes can be entered from Global Configuration Mode and other from Privileged mode: I have given each mode its own separate page to avoid squezing all the information into one huge page. This makes it easier for you to read. Cisco Basics - User Exec Mode Introduction Let's see what it looks like to be in each one of these modes. Here I have telneted into our lab router and I am in User Exec Mode: The easiest way to keep track of the mode you're in is by looking at the prompt. The ">" means we are in User Exec Mode. From this mode, we are able to get information like the version of IOS, contents of the Flash memory and a few others. Now, let's check out the available commands in this mode. This is done by using the "?" command and hitting enter: Wow, see all those commands available ? And just to think that this is considered a small portion of the total commands available when in Privileged Mode ! Keep in mind that when you're in the console and configuring your router, you can use some short cuts to save you typing full command lines. Some of these are : Tab: By typing the first few letters of a command and then hitting the TAB key, it will automatically complete the rest of the command. Where there is more than one command starting with the same characters, when you hit TAB all those commands will be displayed. In the picture above, if i were to type "lo" and hit TAB, I would get a listing of "lock, login and logout" because all 3 commands start with "lo". ?: The question mark symbol "?" forces the router to print a list of all available commands. A lot of the commands have various parameters or interfaces which you can combine. In this case, by typing the main command e.g "show" and then putting the "?" you will get a list of the subcommands. This picture shows this clearly: Other shortcut keys are : CTRL-A: Positions the cursor at the beginning of the line. CTRL-E: Positions the cursor at the end of the line. CTRL-D: Deletes a character. CTRL-W: Deletes a whole word. CTRL-B: Moves cursor back by one step. CTRL-F: Moves cursor forward by one step. One of the most used commands in this mode is the "Show" command. This will allow you to gather a lot of information about the router. Here I have executed the "Show version" command, which displays various information about the router: The "Show Interface <interface> " command shows us information on a particular interface. This includes the IP address, encapsulation type, speed, status of the physical and logical aspect of the interface and various statistics. When issuing the command, you need to replace the <interface> with the actual interface you want to look at. For example, ethernet 0, which indicates the first ethernet interface : Some other generic commands you can use are the show "running-config" and show "startup-config". These commands show you the configuration of your router. The running-config refers to the running configuration, which is basically the configuration of the router loaded into its memory at that time. Startup-config refers to the configuration file stored in the NVRAM. This, upon bootup of the router, gets loaded into the router's RAM and then becomes the running-config ! So you can see that User Exec Mode is used mostly to view information on the router, rather than configuring anything. Just keep in mind that we are touching the surface here and not getting into any details. This completes the User Exec Mode section. If you like, you can go back and continue to the Privileged Mode section. Cisco Basics - Priveliged Mode Introduction To get into Privileged Mode we enter the "Enable" command from User Exec Mode. If set, the router will prompt you for a password. Once in Privileged Mode, you will notice the prompt changes from ">" to a "#" to indicate that we are now in Privileged Mode. The Privileged Mode (and Global Configuration Mode ) is used mainly to configure the router, enable interfaces, setup security, define dialup interfaces etc. I have put a screen shot of the router to give you an idea of the commands available in Privileged Mode in comparison to the User Exec Mode. Remember that these commands have sub-commands and can get quite complicated: As you can see, there is a wider choice of commands in Privileged Mode. Now, when you want to configure certain services or parts of the router you will need to enter Global Configuration Mode from within Privileged Mode. If you're confused by now with the different modes available try to see it this way : User Exec Mode (distinguished by the ">" prompt) is your first mode, which is used to get statistics from router, see which version IOS you're running, check memory resources and a few more things. Privileged Mode (distingushed by the "#" prompt) is the second mode. Here you can enable or disable interfaces on the router, get more detailed information on the router, for example, view the running configuration of the router, copy the configuration, load a new configuration to the router, backup or delete the configuration, backup or delete the IOS and a lot more. Global Configuration Mode (distingushed by the " (config)# " prompt) is accessable via Privileged Mode. In this mode you're able to configure each interface individually, setup banners and passwords, enable secrets (encrypted passwords), enable and configure routing protocols and a lot more. I dare say that 70% of the time you want to configure or change something on the router, you will need to be in this mode. Getting into Global Configuration The picture below shows you how to enter Global Configuration Mode: As you can see, I have telneted into the router and it prompted me for a password. I entered the password, which is not shown, at this point I am in User Exec Mode and then entered "enable" in order to get into the Privileged Mode. From here to get into Global Configuration Mode you need to enter the "configure selection" command. Now you must be wondering what the various parameters shown in the picture are, under the "configure" command. These allow you to select how you will configure the router: Configure Memory means you enter Global Configuration Mode and are configuring the router in its NVRAM. This command will force the router to load up the startup-config file stored in the NVRAM and then you can proceed with the configuration. When you're happy with the configuration, save it to NVRAM by entering "copy running-config startup-config". Configure Network means you enter Global Configuration Mode and load a startup-config file from a remote router (using tftp) into your local router's memory and configure it. Once you're finished, you need to enter "copy running-config tftp" which will force the router to copy its memory configuration onto a tftp server. The router will prompt you for the IP address of the remote tftp server. Configure Overwrite-network means that you overwrite the NVRAM's configuration with a configuration stored on a tftp server. Issuing this command will force the router to prompt for an IP address of the remote tftp server. Personally, I have never needed to use this command. Configure Terminal means you enter Global Configuration Mode and work with the configuration which is already loaded into the router's memory (Cisco calls this the running- config). This is the most popular command, as in most cases you need to modify or re- configure the router on the spot and then save your changes. You will need to save this configuration otherwise everything you configure will be lost upon power failure or reboot of the router ! Below are the commands you need to enter to save the configuration, depending on your network setup: Copy running-config startup-config: Copies the configuration which is running in the router's RAM in to the NVRAM and gives it a file name of startup-config (default). If one already exists in the NVRAM, it will be overwritten by the new one. Copy running-config tftp: Copies the configuration which is running in the router's RAM in to a tftp server which might be running on your network. You will be asked for the IP address of the tftp server and given the choice to select a filename for the configuration. Some advanced routers can also act as tftp servers. Generic Configuration There are a few standard things with which you always need to configure the router . For example, a hostname. This is also used as a login name for the remote router to which your router needs to authenticate. Before we get stuck into the interface configuration we are going to run through a few of these commands. The following examples assume no passwords have been set as yet and that the router has a default hostname of "router": We connect to the router via the console port using the serial cable and type the following Router> enable (gets us into Privileged Mode) Router# configure terminal (This command gets us into the appropriate Global Configuration Mode as outlined above) Router(config)# hostname swiftpond (This command sets the router's hostname to swiftpond. From this moment onwards, swiftpond will appear before the ">" or "#" depending on which mode we are in) swiftpond(config)# username router2.isp password firewallcx (Here we are telling the router that the remote router which we are connecting to, has a username of "router2.isp" and our password to authenticate to router2.isp is "firewallcx") This is a standard way of authentication with Cisco routers. Your router's hostname is your login name and your password (in our case "firewallcx") is entered at the same time you define the remote router's hostname. Next we create a static route so the router will pass all packets originating from our network to the remote router. This is usually the case when you connect to your isp. swiftpond(config)# ip route 0.0.0.0 0.0.0.0 22.214.171.124 (Here we tell our router to create a default route where any packet -defined by the first 0.0.0.0- no matter what subnetmask -defined by the second 0.0.0.0- is to be sent to ip 126.96.36.199 which would be the router we are connecting to) In the case where you were not configuring the router to connect to the Internet but to join a small WAN which connects a few offices, then you probably want to use a routing protocol: swiftpond(config)# router rip (Enables RIP routing protocol. After this command you enter the routing protocols configuration section -see below- where you can change timing parameters and other) swiftpond(config-router)# At this prompt you can fine tune RIP or just leave it to the default setting which will work fine. The "exit" command takes you one step back: swiftpond(config-router)# exit swiftpond(config)# Alternatively, you can use IGRP as a routing protocol, in which case you would have to enter the following: swiftpond(config)# router igrp 1 (The "1" defines the Autonomous system number) swiftpond(config-router)# Again, the "exit" command will take you back one step: swiftpond(config-router)# exit swiftpond(config)# After that, we need to create a dialer list which our WAN interface BRI (ISDN) will use to make a call to our ISP. swiftpond(config)# dialer-list 1 protocol ip permit (Now we are telling the router to create a dialer list and bind it to group 1. The "protocol ip permit" tells the router to initiate a call for an ip packet) I'll give you a quick example to make sure you understand the reason we put this command: If you launched your web browser, it would send an http request to the server you have set as a homepage e.g www.firewall.cx. This request which your computer is going to send, is encapsulated in an ip packet that will cause your router to initiate a connection, as it is now configured to do so. The dialup interface for Cisco routers is broken into 2 parts: a Dialer-list and a Dialer-group. The Dialer-list defines the rules for placing a call. Later on when you configure the WAN interface, you bind that Dialer-list to the interface by using the Dialer-group command (shown later on). Configuring Interfaces In our example we said we have a router with one Ethernet and one basic ISDN interface (max of 128Kbit). We are going to go through the process of configuring the interfaces. We will start with the Ethernet Interface. In order to configure the interface, we need to be in Global Configuration Mode, so we need to type first "enable" in order to get into Privileged Mode and then "configure terminal" to get into the appropriate Global Configuration Mode (as explained above). Now we need to select the interface we want to configure, in this case the first ethernet interface (E0) so we type "interface e0". This picture shows clearly all the steps: Any commands entered here will affect the first ethernet interface only. So we start with the IP address. It's important to understand that this IP address would be visible to both networks to which the router is connected. If we were connecting to the Internet then everyone would be able to see this IP. Futhermore, the IP address would also be the default gateway for our firewall or machine which would physically connect directly to the router. The following commands will configure the ethernet interface's IP address:: (config-if)# ip address 192.168.0.1 255.255.255.0 or (config-if)# ip address 188.8.131.52 255.255.255.0 secondary Now that we have given e0 its IP address, we need to give the ISDN interface its IP as well, so we need to move to the correct interface by typing the following: (config-if)# exit (this exits from the e0 interface configuration) (config-if)# interface bri0 (this command enters the configuration for the first ISDN interface) (config-if)# ip address 10.0.0.2 255.255.255.224 (this command sets the IP address for BRI 0 which is also known as the WAN IP address) Now when it comes to configuring WAN interfaces, you need more than just an IP address (LAN interfaces such as E0 are a lot easier to configure). You need to set the encapsulation type, the authentication protocol the router will use to authenticate to the remote router, the phone number it will need to dial and a few more: (config-if)# encapsulation ppp (This command sets the packet's encapsulation to ppp which is 100% compatible with all routers no matter what brand) (config-if)# dialer string 0294883452 (This command tells the router which phone number it needs to dial in order to establish a connection with our remote router e.g your ISP) (config-if)# dialer group 1 (This command tells the router to use the dialer list 1 (configured previously) to initiate a connection) (config-if)# idle-timeout 2000000 (This command is optional and allows us to set an idle timeout so if the router is idle for so many seconds, it will disconnect. A value of 2 million seconds means the router will never disconnect) (config-if)# isdn switch-type basic-net3 (This command tells the router the type of ISDN interface we are using. Each country has its own type, so you need to consult your Cisco manual to figure out which type you need to put here) (config-if)# dialer load-threshold 125 outbound (This command is optional and allows us to specify a threshold upon which it will place another call. The value it takes is from 1 to 255. A value of 125 means bring up the second B channel if either the inbound or outbound traffic load is 50%. That pretty much does it for our ISDN (WAN) interface. All you need to do now is to SAVE the configuration ! Well I hope it wasn't too bad for you, since there is a quite a bit of information on this page. I encourage you to read through it again until you understand what is going on, then you will find it a breeze to configure a Cisco router yourself !