10 Basic Router Configuration
Which statement regarding the service password-encryption command is true? - It encrypts only line mode passwords. - As soon as the service password-encryption command is entered, all currently set passwords formerly displayed in plain text are encrypted. - It is configured in privileged EXEC mode. - To see the passwords encrypted by the service password-encryption command in plain text, issue the no service password-encryption command.
- As soon as the service password-encryption command is entered, all currently set passwords formerly displayed in plain text are encrypted. Topic 10.1.0 - The command service password-encryption is used to encrypt all the clear text passwords in the running-configuration file.
What is the purpose of the banner motd command? - It provides a way to make announcements to those who log in to a router. - It is a way that routers communicate the status of their links with one another. - It provides an easy way of communicating with any user attached to a router's LANs. - It configures a message that will identify printed documents to LAN users.
- It provides a way to make announcements to those who log in to a router. Topic 10.1.0 - The banner motd command is used to display a message when a user attempts to log into the router.
Basic Router Configuration Steps
1) Configure the device name. 2) Secure privileged EXEC mode. 3) Secure user EXEC mode. 4) Secure remote Telnet / SSH access. 5) Secure all passwords in the config file. 6) Provide legal notification. 7) Save the configuration.
Privileged EXEC mode
Privileged EXEC mode provides the user with complete access to the device and its configuration. Therefore, it is the most important mode to secure.
The following command saves the configuration to NVRAM.
R1# copy running-config startup-config Destination filename [startup-config] Building configuration... [OK] R1#
The legal notification warns users that the device should only be accessed by permitted users. Legal notification is configured as follows.
R1(config)# banner motd # Enter TEXT message. End with a new line and the # *********************************************** WARNING: Unauthorized access is prohibited! *********************************************** # R1(config)#
The following commands secure privileged EXEC mode and user EXEC mode, enable Telnet and SSH remote access, and encrypt all plaintext (i.e., user EXEC and VTY line) passwords.
R1(config)# enable secret class R1(config)# R1(config)# line console 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# transport input ssh telnet R1(config-line)# exit R1(config)# R1(config)# service password-encryption R1(config)#
show ip interface brief and show ipv6 interface brief
There are several commands that can be used to verify interface configuration. The most useful of these is the show ip interface brief and show ipv6 interface brief commands. The output displays all interfaces, their IP addresses, and their current status. The configured and connected interfaces should display a Status of "up" and Protocol of "up". Anything else would indicate a problem with either the configuration or the cabling.
ip default-gateway ip-address
To configure an IPv4 default gateway on a switch, use the ip default-gateway ip-address global configuration command. The ip-address that is configured is the IPv4 address of the local router interface connected to the switch.
Switch virtual interface (SVI)
To connect to and manage a switch over a local IP network, it must have a switch virtual interface (SVI) configured. The SVI is configured with an IPv4 address and subnet mask on the local LAN. The switch must also have a default gateway address configured to remotely manage the switch from another network.
no shutdown
Using the no shutdown command activates the interface and is similar to powering on the interface. The interface must also be connected to another device, such as a switch or a router, for the physical layer to be active. Note: On inter-router connections where there is no Ethernet switch, both interconnecting interfaces must be configured and enabled.
Default gateway
For an end device to communicate over the network, it must be configured with the correct IP address information, including the default gateway address. The default gateway is only used when the host wants to send a packet to a device on another network. The default gateway address is generally the router interface address attached to the local network of the host. The IP address of the host device and the router interface address must be in the same network.
An administrator is configuring a new router to permit out-of-band management access. Which set of commands will allow the required login using a password of cisco? - Router(config)# line vty 0 4 Router(config-line)# password cisco Router(config-line)# login - Router(config)# line console 0 Router(config-line)# password cisco Router(config-line)# login - Router(config)# line vty 0 4 Router(config-line)# password manage Router(config-line)# exit Router(config)# enable password cisco - Router(config)# line console 0 Router(config-line)# password cisco Router(config-line)# exit Router(config)# service password-encryption
- Router(config)# line console 0 Router(config-line)# password cisco Router(config-line)# login Topic 10.1.0 - The VTY lines are the Virtual Terminal lines of the router, used solely to control inbound Telnet connections while console 0 is the physical console port on the switch/router you plug into. The line vty command is used to remote configure access into the switch/router via telnet or ssh.
Which command is used to encrypt all passwords in a router configuration file? - Router_A (config) # enable secret <password> - Router_A (config) # encrypt password - Router_A (config) # enable password <password> - Router_A (config) # service password-encryption
- Router_A (config) # service password-encryption Topic 10.1.0 - The command service password-encryption is used to encrypt and secure plain-text passwords configured on a router.
A router boots and enters setup mode. What is the reason for this? - The IOS image is corrupt. - The POST process has detected hardware failure. - The configuration file is missing from NVRAM. - Cisco IOS is missing from flash memory.
- The configuration file is missing from NVRAM. Topic 10.1.0 - If a router cannot locate the startup-config file in NVRAM it will enter setup mode to allow the configuration to be entered from the console device.
A technician is configuring a router to allow for all forms of management access. As part of each different type of access, the technician is trying to type the command login. Which configuration mode should be entered to do this task? - user executive mode - global configuration mode - privileged EXEC mode - any line configuration mode
- any line configuration mode Topic 10.1.0 - The command login is used to allow access to a router or switch through aux lines, console lines, and Telnet lines.
Company policy requires using the most secure method to safeguard access to the privileged exec and configuration mode on the routers. The privileged exec password is trustknow1. Which of the following router commands achieves the goal of providing the highest level of security? - enable secret trustknow1 - service password-encryption - enable password trustknow1 - secret password trustknow1
- enable secret trustknow1 Topic 10.1.0 - The command service password-encryption is used to encrypt and secure plain-text passwords configured on a router
Which CLI mode allows users to access all device commands, such as those used for configuration, management, and troubleshooting? - privileged EXEC mode - global configuration mode - interface configuration mode - user EXEC mode
- global configuration mode Topic 10.1.0 - The command Router#configure terminal allows a user to enter the privileged mode from where the configuration,management and troubleshooting commands can be accessed.
What will be the response from the router after the command, "router(config)# hostname portsmouth" is entered? - portsmouth# - ? command not recognized router(config)# - portsmouth(config)# - router(config-host)# - hostname = portsmouth portsmouth# - invalid input detected
- portsmouth(config)# router(config)# Topic 10.1.0 - The command hostname portsmouth is used to change the current router name to portsmouth.
Which command can be used on a Cisco router to display all interfaces, the IPv4 address assigned, and the current status? - show ip route - show ip interface brief - show interface fa0/1 - ping
- show ip interface brief Topic 10.2.0 - The show ip interface brief command can be used on a Cisco router to display all interfaces, the IPv4 address assigned, and the current status.
Which characteristic describes the default gateway of a host computer? - the physical address of the router interface on the same network as the host computer - the logical address assigned to the switch interface connected to the router - the physical address of the switch interface connected to the host computer - the logical address of the router interface on the same network as the host computer
- the logical address of the router interface on the same network as the host computer Topic 10.3.0 - The default gateway is the IP address of an interface on the router on the same network as the sending host.
What is stored in the NVRAM of a Cisco router? - the running configuration - the bootup instructions - the startup configuration - the Cisco IOS
- the startup configuration Topic 10.1.0 - The Cisco IOS is stored in flash. The running configuration file is stored in RAM. The bootup instructions are stored in ROM. The startup configuration file is stored in NVRAM.
What is the purpose of the startup configuration file on a Cisco router? - to contain the commands that are used to initially configure a router on startup - to provide a limited backup version of the IOS, in case the router cannot load the full featured IOS - to facilitate the basic operation of the hardware components of a device - to contain the configuration commands that the router IOS is currently using
- to contain the commands that are used to initially configure a router on startup Topic 10.1.0 - The startup configuration file is stored in NVRAM and contains the commands needed to initially configure a router. It also creates the running configuration file that is stored in in RAM.
description
Although the description command is not required to enable an interface, it is good practice to use it. It can be helpful in troubleshooting on production networks by providing information about the type of network connected. For example, if the interface connects to an ISP or service carrier, the description command would be helpful to enter the third-party connection and contact information. Note: The description-text is limited to 240 characters.
show interfaces
Displays statistics for all interfaces on the device. However, this command will only display the IPv4 addressing information.
show ip interface
Displays the IPv4 statistics for all interfaces on a router.
show ipv6 interface
Displays the IPv6 statistics for all interfaces on a router.
show ip route show ipv6 route
Displays the contents of the IP routing tables stored in RAM.
The task to configure a router interface is very similar to a management SVI on a switch. Specifically, it includes issuing the following commands:
Router(config)# interface type-and-number Router(config-if)# description description-text Router(config-if)# ip address ipv4-address subnet-mask Router(config-if)# ipv6 address ipv6-address/prefix-length Router(config-if)# no shutdown
To configure the device name for R1, use the following commands.
Router> enable Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# hostname R1 R1(config)#
