Router - dejanu/linux GitHub Wiki

Router Hardware Configuration:

  • RAM (Random Access Memory)
    Volatile Memory named SDRAM (Synchronous Dynamic RAM) used for running configuration file
    Routing table used to determine the best path for forwarding packets
    ARP cache used to map IP to MAC addresses
    Packet buffer

  • ROM (Read Only Memory)
    Non Volatile with firmware and used for crucial operation instructions aka basic diagnostic sw
    Boot-up information aka bootstrap
    Power on self test for HW components
    Limited IOS as backup

  • NVRAM (Non-Volatile Random Access Memory)
    Non Volatile memory used as permanent storage for startup-config file

  • Flash
    Non Volatile memory used as permanent storage for IOS files and log file, and backup configs

When a router or switch is rebooted the IOS is copied from flash into RAM .
IOS image + startup config journey: Flash -> RAM -> Changes made to running-config -> save to startup config in NVRAM

Perform POST and load bootstrap program ----> locate and load Cisco IOS software ---> locate and load startup configuration file

LAN and WAN interfaces

  1. Console
    Out of Band access (aka via a dedicated channel) , maintenance purpose = requires a direct physical connection to the device to be configured

  2. SSH (Secure Shell)
    Remote secure CLI connection trough virtual interface
    Unlike console, the SSH requires active networking services on the device
    Requires an in-band network connection which means that an administrator must access the router through one of the WAN or LAN interfaces

In-band = configuration which requires the establishment of a network connection to the device (TELNET and SSH)

  1. Telnet
    Remote insecure CLI connection trough virtual interface
    Requires an inband network connection which means that an administrator must access the router through one of the WAN or LAN interfaces

!!The Cisco IOS does not allow two active interfaces on the same router to belong to the same network.
!!#show version display info about CISCO IOS

Configure router:

  1. Configure device name:
    (config) # hostname name

  2. Secure CONSOLE LINE:
    (config) # line console 0
    (config-line) #password cisco
    (config-line) #login

  3. Secure TELNET / SSH access:
    (config) # line vty 0 15
    (config-line) # password class
    (config-line) # login

  4. Secure Privileged Exec:
    (config) # enable secret passname //hash MD5 same hash for different pwd lenghts
    (config) # enable password passname //uses plain text and needs separate encrypting

  5. Secure all password encryption of all passwords that are unencrypted in the config file:
    service password-encryption

  6. Configure SVI management:
    interface vlan 1
    ip address ip-address subnet-mask
    no shutdown
    no ip address

  7. Save configuration:
    copy running-config startup-config

Configure router interface:

*interface type-and-number
*description description-text
*ip address ip subnet
*no shutdown *Verify: # show ip interface brief

HQ(config)#interface fasteternet 0/1
HQ(config-if)#ip address 172.16.1.1 255.255.255.0
HQ(config-if)#description Legatura cu LAN2
HQ(config-if)#no shutdown
HQ(config-if)#exit

DHCP

(config)# ip dhcp excluded-address IP_MIN IP_MAX   20.1  20.49  
(config)# ip dhcp pool s10  
(dhcp-config)#network 192.168.10.20 255.255.255.255.0  #range
(dhcp-config)#default-router 192.168.10.50  
(dhcp-config)#lease  D H M

Securing router:

Router(config)# service password-encryption  
Router(config)# security password min-length 8 //specify min length for passwords  
Router(config)#login block-for 120 attempts 3 within 60  //block login for 2 min if 3 failed login in 1 min 
Router(config)#line vty 0 4 //go to config-line  
Router(config-line)#exec-timeout 10  //if user idle then disconnect , it works for console,VTY adn aux ports  
Router(config-line)#end