CONFIGURING A CISCO ROUTER, PART 1

THE JOB OF THE ROUTER

In the Internet world, the router's job is to take IP packets and move 
them from one interface to another.  This is the core functionality 
of the router, though it may also do other things as well along the way 
(mostly relating to updating the "forwarding" or "routing" tables that 
dictate where the packets go to).

INTERFACES

Each router has multiple "interfaces".  The most common interfaces
you'll deal with are Ethernet and Serial interfaces, though before
long you'll want to know how to configure the Console, Aux, and
you may want to send routes to the Null0 or Loopback "virtual" 
interfaces.  High-end routers (which we'll cover eventually have
HSSI (for T3s); ATM; Fast Ethernet; and other, more exotic, interfaces.
Each interface usually has an IP address.

INTERFACE NAMES

On fixed-configuration Ciscos such as the 2500 series, each interface
is numbered simply <Interfacetype><Interfacenumber> - for example,
Ethernet0, Ethernet1 (if you have a 2514, which has two ethernet ports),
Serial0, and Serial1.  Every Cisco has a Console and most have Aux
ports.  

On larger Ciscos (except for the AGS, which is an older "large" Cisco),
to specify an interface you need to know the "slot" number of the
Interface card - for example, Ethernet0/0 and Ethernet0/1 are the
1st and 2nd Ethernet interfaces on the Ethernet interface board in
Slot 0.  Serial4/0, Serial4/1, Serial4/2, Serial4/3, Serial4/4, 
Serial4/5, Serial4/6, and Serial4/7 are the 8 Serial interfaces on
the Serial board in slot 4.  Routers such as the 7206, 7000, 7010,
7505, 7507, and 7509 use this nomenclature.

When referring to interfaces, you can abbreviate as much as is possible
without causing ambiguity - for example, e0, s0, and s1 instead of
Ethernet0, Serial0, and Serial1.  

ROUTING FUNDAMENTALS

When a packet comes in, the router looks at the destination IP
address and finds the *most specific* route that "covers" the
destination IP address - and then sends the packet out the 
interface specified by that route.

CONNECTED ROUTES

The most fundamental routes on the router are those associated with
the interfaces themselves.  If e0 (aka Ethernet0) has an IP address
of 10.20.20.1 and the netmask is 255.255.255.0 (the size of a "Class C" -
also called "a /24"), the route "10.20.20.0/24" gets installed as
a *connected* route, pointed out 10.20.20.1 (e0).  Any packets destined
to 10.20.20.2-10.20.20.254 will be sent out e0 (if there are no *more
specific* routes inside of 10.20.20.0/24).

STATIC ROUTES

The next most fundamental type of route is that static route.  These
are routes that you insert with the "ip route" command.  The "default
route" is generally inserted as a static route, for example:

ip route 0.0.0.0 0.0.0.0 Serial1

Most smaller networks will be entirely "static routed" - the only
routes on the routers will be connected or static routes.

DYNAMIC ROUTES: IGP

Dynamic Routing protocols cause one router to advertise routes to
another router.  The routes being advertised always start out as
static or connected routes *somewhere*, though.  Eventually, we'll
talk about OSPF, RIPv2, and IS-IS, which are Interior Gateway Protocols
(IGPs).  You need to use an IGP if:

o You want to have a network that goes around in a redundant ring,
  and want it to "fail over" automagically, or
o You want to have dialup users dial into multiple terminal servers
  (the terminal servers have to dynamically tell the routers who's
  dialed in at any time, or the routers won't be able to "find" them).

DYNAMIC ROUTES: BGP

We talked about BGP earlier this year {insert references}.  BGP is
a protocol used to dynamically advertise your routes to *other* networks,
and to take dynamic route advertisements from them.

ROUTING: ORDER OF PREFERENCE

While you can always add weights to "tune" the order of preference, it is:

(1) Connected routes, then
(2) Static routes, then
(3) Interior dynamic routes, then
(4) BGP routes

And now we're ready for:

CONFIGURING A CISCO

There are two basic modes you can be in on a Cisco:  Console/vty (virtual
terminal) command-line and "config mode".  Usually it's clear which commands
belong where, but do keep in mind which mode you're in.  The prompt will
usually tell you where you are.

EXPLORING

The most important thing when learning is to explore.  Just type the
"?" command at any prompt to see the possibilities.  For example, 
<pre>
cisco# ?
</pre>
at the top level.  Then, "sho ?", then "sho ip ?", etc...  
This is how most people find out new things - it's a bit easier than 
reading all of the documentation up-front.  You can do the same thing with 
"set" commands in configuration mode, but it's better to not set things 
routing-related that you're not familiar with.

INTERRUPTING COMMANDS

To interrupt hanging or long command, use Control-6 or Shift-Control-6.
You can change this if you want to but it's probably better not to, so
your Cisco buddies can help you.  (If you really want to find out, it's
under the "vty" interface config section.)

OTHER COMMAND-LINE NOTES

Some Cisco commands ("write", "reload", ...) may ask you to confirm something.
Generally, hitting return at a [confirm] prompt means "yes".

Below, we use abbreviated versions of some commands.  For example,
"sho ver" is really "show version".  Most people don't type out the whole
commands - you can abbreviate as long as abbreviating doesn't create
ambiguity.  The Cisco will say "% Ambiguous command: ..." if
you've chopped a command too short.

NON-CONFIGURATION MODE COMMANDS

?

ALWAYS feel free to use the ? command to see what possibilities are
open to you.

enable

Like "su" in Unix - gives you God-level privileges.  Without it you're
pretty much limited to "show" commands - and you can't do "sho run" or
"sho conf" either.  And "conf term" or "conf net" is definitely right out.

ping <dest-ip>

Tries 5 pings to the remote address.  If you're enabled, just hit
ping <return> to see interesting options...

trace <dest-ip>

sho ver

Shows you the hardware and software versions being run; a summary of 
interfaces; and why the router was last started (or crashed).

sho proc

If your CPU (processor) utilization is over 70-80% you're in trouble;
start looking for ways to streamline your configuration and possibly
cut down on filtering or move some of the CPU load or traffic to another
router.

sho mem

This one is *very* important if you're running on a 4x00 with less
than 32mb or a 70x0, 720x, or 75xx with less than 64mb of ram - or
on any 2501 or older/smaller box.  The "Free" column is the critical one.

sho run

Shows you the "running configuration": what state the router is actually in.

sho conf

Shows you the configuration in eeprom or flash: what state the router will
be in when you <b>reload</b> it.

sho int interface-name

Show you all sorts of information about an interface.  The IP address
(if any); any description; input and output packets and bytes; errors
on the interface; interface resets; and many other goodies we'll go into
in the future.

reload 

Restarts the router; it'll ask you to confirm - and whether to save any
changes you might have made to the configuration.

write

Writes any changes you might have made (copies the running configuration
to the startup configuration).

write net

Writes the running configuration to a remote tftp server.

sho ip route

Without any parameters, this will show you all routes in the
IP routing table.

sho ip route x.y.z.q

Shows routing information on one or more of the most specific routes that 
contain that IP address - however, if you enter an IP address for which no 
route but the default route (0.0.0.0) exists, the default route will not be 
shown.

sho ip route x.y.z.q netmask longer-prefixes

Shows a list of routes that are within the IP range specified by <b>x.y.z.q</b>
as a starting point and <b>netmask</b> as a length.  The longer-prefixes
keyword tells it to find all routes that fall in that range - of all
specificities (prefix length = specificity).

sho ip bgp 

Without any parameters, this will show you all routes heard
via BGP.

sho ip bgp x.y.z.q

Shows routing information on one or more of the most specific BGP routes that 
contain that IP address - if you enter an IP address for which no route
but the default route (0.0.0.0) exists, the default route will not be 
shown.

sho ip bgp x.y.z.q netmask longer-prefixes

Shows a list of BGP routes that are within the IP range specified by x.y.z.q
as a starting point and netmask as a length.  The longer-prefixes
keyword tells it to find all BGP routes that fall in that range - of all
specificities (prefix length = specificity).

sho ip bgp reg regexp

This shows you all BGP routes matching the regular expression regexp.
For example, <b>sho ip bgp reg _1_</b> shows you all BBN routes.

sho ip bgp ?

You may want to explore the other "sho ip bgp" commands.  Typing
sho ip bgp ? will get you a list of them.  You can't do any harm
with a "sho" command...

sho ip bgp summ

Shows you how many BGP routes you have, and the status of all open
BGP sessions.

conf term
 enter configuration commands
 end
While in configuration mode, enter all of your configuration commands.
When done, enter "end" and return - or hit "^Z".

conf net

Loads a sequence of commands (not necessarily a whole configuration file)
from a remote tftp server.

CONFIGURATION-MODE COMMANDS

no

The "no" command is used *before* any other configuration-mode command -
it's the way that you tell a Cisco to unset a setting.  For example,
"no ip route x.y.z.q netmask destination".  "no router bgp ASN"
would be fairly disastrous, though - it would take out the "router bgp"
clause and all of the neighbor and other statements underneath it.  To
delete a neighbor and re-enter it, use "router bgp ASN"
and then "no neighbor x.y.z.q".


ip route x.y.z.q "netmask" "destination" ["metric"]

The "metric" tag is optional (which is why it's shown in brackets).
The "netmask" used to be optional, but no longer is - and even on
routers where it is optional it never hurts to be specific!  The
"ip route" command installs a route to the IP space starting at
x.y.z.q and spanning the length specified by "netmask", pointed towards
"destination" as a next-hop.  "destination" can be an interface name
or IP address.


interface "interface-name"

Many configuration commands are applied to interfaces; to see some of them,
type "int s0" (or whatever an interface is on your router) and do a "?".
Then do an "ip ?"; then continue poking around without actually doing
anything...

Configuration-mode commands are either global or interface-specific.
If you enter an interface-specific commands at the global configuration
level the router won't take it (there's no "default" interface to apply
commands to).  If you enter a global configuration command when in
interface configuration mode the router will just pop out of interface
configuration and into global configuration.


router bgp "ASN"

This starts the "BGP clause" in your router; things like "network",
"neighbor", "aggregate-address", and other BGP-related commands are
entered after you put the router into BGP configuration mode.  Just
as with interface configuration mode, if you enter a global-level
command (such as "ip route ...") it'll pop you out of BGP configuration
mode.


end

This command ends configuration mode and returns you to the command
prompt.  Changes are not saved unless you use the "write" command.

There are many other configuration commands, some of which are shown
in the BGP articles.  We'll be going into more of them in the near 
future when we talk more about configuring Ciscos.

---------------------------------------------------
clear arp-cache
clear counters
clear counters FastEthernet 0 0
clear ip accounting
clear ip bgp 192.41.177.152
clear ip cache
copy running-config slot0:config-0807

copy tftp flash
delete slot0:c7200-p-mz.111-11.CA1.bin
squeeze slot0:

show accounting
show memory
---------------------------------------------------

access-list 110 deny ip any any log
access-list 110 permit ip any host 198.69.186.1 log
access-list 110 permit ip any host 198.69.186.2 log
access-list 110 permit ip any host 207.8.186.1 log
access-list 110 permit ip any host 207.8.186.2 log
access-list 110 permit udp any any eq domain

boot system flash slot0:c700-js-mz.112-7a.P.bin
boot system rom

enable password 0 hikarl

interface Serial 4 6
 description
 ip access-group 110 in
 ip accounting
 ip accounting output-packets
 ip address 10.10.10.66 255.255.255.255
 ip address 207.106.0.1 255.255.255.255 secondary
 shutdown

ip as-path access-list 91 permit ^4000_

ip community-list 25 permit 1200

ip route 137.239.0.0 255.255.0.0 Hssi 1 0
ip route 137.239.0.0 255.255.0.0 Hssi 1 0 252

ip route-cache cbus
ip route-cache optimum
ip route-cache same-interface
ip route-cache sse

ip router isis

ip source-route

ip subnet-zero
ip classless

line vty 0 4
  password xxxxx

load-interval 30

service password-encryption

tftp-server flash slot1:igs-p-l.111-8.bin alias igs-p-l.111-8.bin