Tuesday, July 7, 2015

Cisco Router 'User Exec' Mode



Introduction

Let's see what it looks like to be in User-Exec mode on a Cisco router. Below, we have telneted into our lab router and are in User Exec Mode:
cisco-mode-ue-1
The easiest way to keep track of the mode you're in is by looking at the prompt. The ">" means we are in User Exec Mode. From this mode, we are able to get information like the version of IOS, contents of the Flash memory and a few others.
Now, let's check out the available commands in this mode. This is done by using the "?" command and hitting enter:
cisco-mode-ue-2

Wow, see all those commands available? And just to think that this is considered a small portion of the total commands available when in Privileged Mode! Keep in mind that when you're in the console and configuring your router, you can use some short cuts to save you typing full command lines. Some of these are :
Tab: By typing the first few letters of a command and then hitting the TAB key, it will automatically complete the rest of the command. Where there is more than one command starting with the same characters, when you hit TAB all those commands will be displayed. In the picture above, if i were to type "lo" and hit TAB, we would get a listing of "lock, login and logout" because all 3 commands start with "lo".
?: The question mark symbol "?" forces the router to print a list of all available commands. A lot of the commands have various parameters or interfaces which you can combine. In this case, by typing the main command e.g "show" and then putting the "?" you will get a list of the subcommands. This picture shows this clearly:
cisco-mode-ue-3
Below are a number of shortcut keys used to make the configuration experience as simple as possible. While these shortcuts might not seem very useful, but they are! When it comes to typing long commands for a complex configuration, these shortcuts can save you a lot of time:
CTRL-A: Positions the cursor at the beginning of the line.
CTRL-E: Positions the cursor at the end of the line.
CTRL-D: Deletes a character.
CTRL-W: Deletes a whole word.
CTRL-B: Moves cursor back by one step.
CTRL-F: Moves cursor forward by one step.
One of the most used commands in this mode is the "Show" command. This will allow you to gather a lot of information about the router. Here I have executed the "Show version" command, which displays various information about the router:
cisco-mode-ue-4

The "Show Interface <interface> " command shows us information on a particular interface. This includes the IP address, encapsulation type, speed, status of the physical and logical aspect of the interface and various statistics. When issuing the command, you need to replace the <interface> with the actual interface you want to look at. For example, ethernet 0, which indicates the first ethernet interface :
cisco-mode-ue-5
Some other generic commands you can use are the show "running-config" and show "startup-config". These commands show you the configuration of your router.
The running-config refers to the running configuration, which is basically the configuration of the router loaded into its memory at that time.
Startup-config refers to the configuration file stored in the NVRAM. This, upon bootup of the router, gets loaded into the router's RAM and then becomes the running-config!
So you can see that User Exec Mode is used mostly to view information on the router, rather than configuring anything. Just keep in mind that we are touching the surface here and not getting into any details.
This completes the User Exec Mode section. If you like, you can go back and continue to the Privileged Mode section.

Posted by at No comments:

How To Configure DNS Server On A Cisco Router



The DNS protocol is used to resolve FQDN (Fully Qualified Domain Names) to IP addresses around the world. This allows us to successfully find and connect to Internet websites and services no matter where they are. Its usefulness, however, doesn't stop there: local company and private networks also rely on DNS to operate efficiently and correctly.
In many cases, where a local DNS server is not available, we are forced to either use our ISP's DNS servers or some public DNS server, however, this can sometimes prove troublesome. Today, small low-end routers have the ability to integrate DNS functionality, making life easier, but so do Cisco routers - they simply have to be setup and you're done.
This article will show you how to configure your Cisco router to provide DNS services to your network, and make all clients use it as a DNS server. Our easy to follow step-by-step process ensures you'll understand the process and have it running within minutes.

Example Scenario

Consider the following network diagram. This is our example network, we'd like to enable the DNS Service so our workstations can properly resolve Internet domains but also local network names.
tk-cisco-routers-dns-1

First step is to enable the DNS service and domain lookup on the router:
R1# configure terminal
R1(config)# ip dns server
R1(config)# ip domain-lookup
Next, we need to configure the router with a public name-server, this will force the router to perform recursive DNS lookups, in other words, for every request it receives from our workstations the router will try to find the answer by asking as many DNS servers it needs, and finally return with an answer:
R1(config)# ip name-server 4.2.2.5
R1(config)# ip name-server 4.2.2.6
The Cisco IOS will allow you to enter up to 6 different name servers (essentially DNS servers). Usually you would use your ISP's DNS server to ensure you have quick responses, then place a few free public DNS servers such as the ones above. This will ensure that you'll get a DNS response from either your ISP or public DNS servers.
Next step is to configure your DNS server with the host names of your local network, this way when Alan's PC trys to ping or connect to Wayne, the router will successfully resolve its netbios name to the appropriate IP address:
R1(config)# ip host alan 192.168.1.10
R1(config)# ip host john 192.168.1.11
R1(config)# ip host wayne 192.168.1.12
If you now try to ping 'wayne' directly from your router's CLI prompt, you should receive an answer:
R1# ping wayne

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
At this point, you can configure your workstations to use your router's IP address as the primary DNS server:
tk-cisco-routers-dns-2

Article Summary

We've covered how a Cisco router can be used as a basic DNS server to enable network clients to perform DNS queries for the local network and Internet.
Future articles in DNS will cover more advanced configurations, including full domain resource records, DNS load balancing and more.
Posted by at No comments:

Installing Security Device Manager (SDM) on a Cisco Router



For years now, Cisco has been developing its Security Device Manager (SDM) software. This web-based software is designed to help the less experienced users and administrators to work and configure various services and functions of a Cisco router.
There are two different editions of SDM, the full SDM package and the SDM Express package.
The full SDM package contains a number of modules and options for your router's configuration, while the Express package is essentially a cut-down version containing the core modules. You should note that you'll need Java Runtime 1.5 installed on your workstation in order for SDM to function. To obtain the necessary Java Runtime click here.
The full SDM can be found on the CD that came with your router but is also downloadable via Cisco's website. The SDM Express package usually comes preinstalled on your router's flash memory.
If you would like to download the latest available Cisco SDM, you can conveniently find it in our Cisco Tools & Application Download Section or alternatively go to Cisco's website, log in to your CCO account and download from there. If you don't have a CCO account, you can register one for free and proceed to the following location http://www.cisco.com/cgi-bin/tablebuild.pl/sdm as shown below:
tk-cisco-routers-ins-sdm-1

Once you log in, you'll be presented with the download table from where you can select the latest version:
tk-cisco-routers-ins-sdm-2
Once you select and download the appropriate zip file (SDM-V25.zip in our example) you'll be able to unzip it and start your installation, however, to ensure your installation succeds, you must telnet into your router or use the console port to log in via CLI, create a username & password, and enable HTTP authentication:
R1# configure terminal
R1(config)# username firewall.cx privilege 15 password ciscorocks
R1(config)# ip http authentication local
R1(config)# exit
R1# copy running-config startup-config
Destination filename [startup-config]? (hit enter)
Building configuration...
[OK]
R1#
Now start your installation. During the installation you'll be prompted to select if you'd like to install Cisco SDM on your computer, router or both. Select your router:
tk-cisco-routers-ins-sdm-3

In the next screen, you'll be asked for your router's details (IP Address, username, password) in order to have the SDM software installed on it:
tk-cisco-routers-ins-sdm-4

Once you provide all necessary information, you'll get the progress bar indicating the connection towards your router:
tk-cisco-routers-ins-sdm-5

Next is the section where you can select a 'Typical' installation or 'Custom'. Select 'Typical' as it will automatically choose the appropriate settings and packages for your router:
tk-cisco-routers-ins-sdm-6

As you can see, SDM v2.5 requires approximately 8.9MB of flash space. Hit 'Next' and your installation begins:
tk-cisco-routers-ins-sdm-7

This process will take a couple of minutes as all files are transferred to your router's Flash and final configuration changes are made. Once complete, you'll be given the option to start SDM. If you choose to do so, you'll be redirected to your web browser and asked for the appropriate credentials.
You'll have to make sure you've disabled any pop-up blockers otherwise you won't be able to see the necessary windows that will try to 'pop-up'. After a minute or so you should see the first screen of SDM collecting information on your router:
tk-cisco-routers-ins-sdm-8
Once this step is over, you'll get your first real-time overview of your router. From here you can configure or monitor any aspect of your Cisco router. The SDM software is constantly being updated with new features, bringing it closer to the flexibility and power of the IOS command line - however, it does still have a long way to go :)
The following screenshot is from the 'Monitor' tab, which can provide a wealth of information regarding the router's status and is extremely useful even for the most experienced:
tk-cisco-routers-ins-sdm-9

Article Summary

We've covered Cisco's popular SDM software and gave the download location and the steps required to successfully install it on your local router. While the SDM software is unable to completely replace the Cisco CLI, you'll surely find it useful. If you happen to run into problems installing the SDM software, you can turn to our site's forums where our community and dedicated Cisco engineers will gladly help you out!

Posted by at No comments:
Subscribe to: Posts (Atom)