router - pt 4
Home | Pt 1 | Pt 2 | Pt 3 | Pt 4 | Pt 5 | Pt 6 | Ch1 | Ch2 | Ch3 | Ch4Ch5Demo | 5-r | Test 

[PDF Tutorial][New Emulators Demo][Purchase]

IP unnumbered. An IP unnumbered approach allows a port to borrow an IP address from an unused address on a connected network. For example to assign an address from the network which connects to EO to S1:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# interface s1
(config-if)# ip unnumbered e0

4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config.

Implementing NAT. NAT (Network Address Translation) allows the mapping of internal private addresses to one or more public addresses. For NAT, the internal addresses are defined as inside, and the public interface is outside. This to define the addresses on EO as internal, and S0 as external:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# interface e0
(config-if)# ip nat inside
(config-if)# exit
(config)# interface s0
(config-if)# ip nat outside

4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config.

Defining SNMP. The SNMP-server command is used to enable SNMP monitoring, such as:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

The snmp-server community command is used to initialise SNMP. For example to define the read-only string to public:

(config)# snmp-server community public RO

or for read-write access use RW instead of RO. The community access string (in this case, public) acts as a password for the access to the SNMP information. To setup the SNMP contact:

(config)# snmp-server contact fred smith

and to set the location:

(config)# snmp-server location room c27

To enable SNMP traps so that all the data is monitored:

(config)# snmp-server enable traps

and to send these traps to a remote host (to www.myhost.com):

(config)# snmp-server host www.myhost.com public


4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config.

6

To show SNMP event values:

# show management event

and to determine the status of the SNMP communications:

# show snmp

and to display the SNMP engine and remote engines:

# show snmp engine

and to display the SNMP group:

# show snmp group

SNMP uses an MIB database to store its values. To display its contents:

# show snmp mib

To show the currently pending SNMP requests:

# show snmp pending

To show the SNMP sessions:

# show snmp sessions

 

7

Show the main system configuration with show running-config.

Adding a description to the interface. The description command can be added to the interface, such as:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# interface e0
(config-if)# description Bert's Port


4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config.

Defining SNTP. The SNTP (Simple Network Time Protocol) can be used to allow the router to listen to Time Servers. This achieved with:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then to enable the router to receive broadcasted NTP packets from a time server:

# config t
(config) # sntp broadcast client


4

Go back to the user executive mode with the command exit.

5

For the SNTP (Simple Network Time Protocol):

# show sntp

Showing other statistics.

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

# show tcp

4

For the reload details:

# show reload

5

For the boot details:

# show boot

6

For the aliases:

# show aliases exec

7

For system crashes

# show context

8

or:

# show context summary

9

To show debugging:

# show debugging

10

To show environment details:

# show environment

Defining a MOTD. The Message of the Day (motd) is show when someone logs into the router, and is setup by:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# banner motd # This is my router #

4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config. Also apply a SLIP/PPP banner, with:

(config)# banner slip-ppp # Welcome to the SLIP/PPP login #

IP interface options. There are many IP options which can be applied to an interface:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# interface e0
(config-if)# ip ?


4

You can also view the commands avialable from each mode with the ? key.

5

Then:

> ?
> enable
# ?
# config t
(config)# ?
(config)# interface e0
(config-if)# ?



Configuring DHCP. Routers can run DHCP, which grants IP addresses to hosts.

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# ip dhcp pool pool1
(config-dhcp)# network 192.5.5.0/24
(config-dhcp)# exit



4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config. To get rid of DHCP, use:

(config)# no ip dhcp pool pool1

Static route. A static route can be setup which does not require the transmission of routing tables:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# ip route 192.168.0.0 255.255.255.0 140.10.20.30
(config)# ip default-network 192.168.0.0
(config)# exit


4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config.

Enabling IPX routing. Cisco routers can also be used to route IPX networks (such as those used in Novel Netware).

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# ipx routing
(config)# interface e0
(config-if)# ipx network 5
(config-if)# exit
(config)# exit


4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config. To get rid of IPX routing, use:

(config)# no ipx routing

Enabling AppleTalk routing. Cisco routers can also be used to route AppleTalk networks (such as those used in Apple-based systems).

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# appletalk routing
(config)# interface e0
(config-if)# appletalk zone Sales_Dept
(config-if)# appletalk cable-range 1-1
(config-if)# exit
(config)# exit


4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config. To get rid of AppleTalk routing, use:

(config)# no appletalk routing

Enabling DECnet routing. Cisco routers can also be used to route DECnet networks (such as those which use VAX/DEC-type equipment).

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# decnet routing
(config)# exit


4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config. To get rid of DECnet routing, use:

(config)# no decnet routing

Context-based control. Context-based control is used to implement firewall options, such as limiting the number of open connections. A typical attack is the DoS (Denial of Service) attack, where the external party open up multiple connections. To overcome this the router can be setup to detect a minimum threshold for half-open sessions. This can be achieved with:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then to limit the maximum open sessions to between 900 and 1100:

(config)# ip inspect max-incomplete low 900
(config)# ip inspect max-incomplete high 1100

and for the maximum open sessions for one-minute:


(config)# ip inspect one-minute low 900
(config)# ip inspect one-minute high 1100
(config)# exit

3

Then to limit the maximum open sessions to between 900 and 1100:

(config)# ip inspect max-incomplete low 900
(config)# ip inspect max-incomplete high 1100

and for the maximum open sessions for one-minute:


(config)# ip inspect one-minute low 900
(config)# ip inspect one-minute high 1100
(config)# exit

4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config. To get rid of IP inspect, use:

(config)# no ip inspect one-minute low

6

To limit the DNS-timeout to 10 seconds:

(config)# ip inspect dns-timeout 10

7

To limit the TCP connection timeout value to 30 seconds:

(config)# ip inspect tcp synwait-time 30

Defining a Syslog server. The router can be setup to sent system logging information to a remote server which supports Syslog (which is UDP port 514). For example to send it to 192.168.0.20:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# logging 192.168.0.20

4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config.

IDS (Intrusion Detection System). An IDS can be used to detect intruders into the system. This is normally applied at the perimeter of the network. To setup a SPAM filter which sets a threshold of 30 users receiving the same email message:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# ip audit log
(config)#
ip audit smtp 30

4

Go back to the user executive mode with the command exit

5

Show the main system configuration with show running-config.

BGP routing. BGP is used as an Exterior Routing protocol. It is setup with:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then its neigbour(s) are defined with:


(config)#
router bgp 200
(config-router)# neighbor 10.11.12.13 remote-as 300
(config-router)# neighbor 10.11.12.13 description Link to ISP
(config-router)# neighbor 10.11.12.13 send-community
(config-router)# neighbor 10.11.12.13 version 4
(config-router)# neighbor 10.11.12.13 route-map Community1 out


4

Go back to the user executive mode with the command exit, followed by exit

5

Show the main system configuration with show running-config.

Defining a time zone.

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# clock timezone GMT 0




4

Go back to the user executive mode with the command exit.

5

Show the main system configuration with show running-config.

Alarm interface. The alarm interface gives access to alarm interface. For example for the alarm interface in Slot 5:

1

Go into the privileged mode by typing enable.

2

Configure the device using by typing config t.

3

Then:

(config)# alarm-interface 5
(config-aic)# ip address 192.10.0.10
(config-aic)# reset
Alarm Interface Card in slot 5 restarted
(config)# exit



4

Go back to the user executive mode with the command exit.

5

Show the main system configuration with show running-config.

[Part 5]

If you would like to register the router emulator, or obtain the full version, please complete the following:

Purchase emulator