Administrative Configurations of Router

There are three configurations a network administrator should apply to a newly provisioned switch or router. Although application of these configurations may seem like common sense, 90% of devices I see are missing at least one of these settings, and about 75% are missing two or more. Use this checklist as an action item to verify your existing devices have these settings, at minimum, and integrate these in to any templates or provisioning documents you use. You’ll appreciate the results of the consistency this adds to your network management and monitoring.

I’m going to guide you through configuring specific commands that are particularly helpful when administering your network and Cisco Certification. You can configure the following administrative functions on a router and switch:

  1. Hostnames
  2. Banners
  3. Passwords

Remember, none of these will make your routers or switches work better or faster, but trust me, your life will be a whole lot better if you just take the time to set these configurations on each of your network devices. This is because doing so makes troubleshooting and maintaining your network a great deal easier—seriously! In this next section, I’ll be demonstrating commands on a Cisco switch, but understand that these commands are used in the exact same way on a Cisco router.

Hostnames

We use the hostname command to set the identity of the router. This is only locally significant, meaning it doesn’t affect how the router performs name lookups or how the device actually works on the internetwork. But the hostname is still important because it’s often used for authentication in many wide area networks (WANs). , Networking Certification in Delhi has been became one of the hot topic people who are in need of job should really give it a try.

Here’s an example:

I know it’s pretty tempting to configure the hostname after your own name, but it’s usually a much better idea to name the router something that relates to its physical location. A name that maps to where the device lives will make finding it a whole lot easier, which among other things, confirms that you’re actually configuring the correct device. Even though it seems like I’m completely ditching my own advice by naming mine CodecNetwork, I’m not, because this particular device really does live in “CodecNetwork’s” office  known for its CCNA Training in Delhi. Its name perfectly maps to where it is, so it won’t be confused with those in the other networks I work with!

Banners

A very good reason for having a banner is to give any and all who dare attempt to telnet or sneak into your internetwork a little security notice. And they’re very cool because you can create and customize them so that they’ll greet anyone who shows up on the router with exactly the information you want them to have!

Here are the three types of banners you need to be sure you’re familiar with:

  1. Exec process creation banner
  2. Login banner
  3. Message of the day banner

And you can see them all illustrated in the following code:

Message of the day (MOTD) banners are the most widely used banners (just like CCNA certification in Delhi is banner) because they give a message to anyone connecting to the router via Telnet or an auxiliary port or even through a console port as seen here

This MOTD banner essentially tells anyone connecting to the router to get lost if they’re not on the guest list. The part to focus upon here is the delimiting character, which is what informs the router the message is done. Clearly, you can use any character you want for it except for the delimiting character in the message itself. Once the message is complete, press Enter, then the delimiting character, and then press Enter again. Everything will still work if you don’t follow this routine unless you have more than one banner.

Let’s take a minute to go into more detail about the other two types of banners I mentioned:

Exec banner

You can configure a line-activation (exec) banner to be displayed when EXEC processes such as a line activation or an incoming connection to a VTY line have been created. Simply initiating a user exec session through a console port will activate the exec banner.

Login banner

You can configure a login banner for display on all connected terminals. It will show up after the MOTD banner but before the login prompts. This login banner can’t be disabled on a per-line basis, so to globally disable it you’ve got to delete it with the no banner login command.

Note – Remember that the login banner is displayed before the login prompts and after the MOTD banner.

Setting Passwords

There are five passwords you’ll need to secure your Cisco routers: console, auxiliary, telnet (VTY), enable password, and enable secret. The enable secret and enable password are the ones used to set the password for securing privileged mode. Once the enable commands are set, users will be prompted for a password. The other three are used to configure a password when user mode is accessed through the console port, through the auxiliary port, or via Telnet. Let’s take a look at each of these now

The following list describes the enable password parameters:

password This sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.

secret The newer, encrypted password that overrides the enable password if it has been set.

If you try to set the enable secret and enable passwords the same, the router will give you a polite warning to change the second password. Make a note to yourself that if there aren’t any old legacy routers involved, you don’t even bother to use the enable password!

And these two lines are especially important for the Cisco CCNA Training:

console Sets a console user-mode password.

vty Sets a Telnet password on the router. If this password isn’t set, then by default, Telnet can’t be used. To configure user-mode passwords, choose the line you want and configure it using the login command to make the switch prompt for authentication.

Let’s focus in on the configuration

You can still type line console 0 and that will be accepted, but the help screens just don’t work from that prompt. Type exit to go back one level, and you’ll find that your help screens now work. This is a “feature.” Really. Because there’s only one console port, I can only choose line console 0. You can set all your line passwords to the same password, but doing this isn’t exactly a brilliant security move! And it’s also important to remember to apply the login command or the console port won’t prompt for authentication. The way Cisco has this process set up means you can’t set the login command before a password is set on a line because if you set it but don’t then set a password, that line won’t be usable. You’ll actually get prompted for a password that doesn’t exist, so Cisco’s method isn’t just a hassle; it makes sense and is a feature after all! Networking Training in Delhi has helped enlighten people with basic understanding how internet works.

Telnet Password

To set the user-mode password for Telnet access into the router or switch, use the line vty command. IOS switches typically have 16 lines, but routers running the Enterprise edition have considerably more. The best way to find out how many lines you have is to use that handy question mark like this:

After your IOS devices are configured with an IP address, you can use the Telnet program to configure and check your routers instead of having to use a console cable. You can use the Telnet program by typing telnet from any command prompt

Setting Up Secure Shell (SSH)

I strongly recommend using Secure Shell (SSH) instead of Telnet because it creates a more secure session. The Telnet application uses an unencrypted data stream, but SSH uses encryption keys to send data so your username and password aren’t sent in the clear, vulnerable to anyone lurking around! Here are the steps for setting up SSH:

Encrypting Your Passwords

Because only the enable secret password is encrypted by default, you’ll need to manually configure the user-mode and enable passwords for encryption

About

Codec Networks provides IT Trainings from EC Council CEH ECSA, LPT, CHFI, Network Security, Penetration Testing, ISACA, ISC2, PECB ISO 27001LA LI, Cisco Networking CCNA CCNP, Linux Administration RHCE, Prog Languages JAVA, Advanced Java, android development. We also offer B2B Industry Solutions and Services in IT | Information|Cyber Security in Delhi NCR India.

View all posts by

Leave a Reply

Your email address will not be published. Required fields are marked *