stevepedwards.com/DebianAdmin linux mint IT admin tips info

Cisco Setup – LAN Connection (VLAN)

Setup overviews and commands are available via Cisco:

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/routconf.html

To give you an idea of the complexity and capability of a given Cisco IOS - which varies massively across equipment - you can list available commands with a question mark and this is just for the main directory - not the sub directories:

cisco877# ?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
auto Exec level Automation
beep Blocks Extensible Exchange Protocol commands
cd Change current directory
clear Reset functions
clock Manage the system clock
cns CNS agents
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
crypto Encryption related commands.
ct-isdn Run an ISDN component test command
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
dot11 IEEE 802.11 commands
dot1x IEEE 802.1X Exec Commands
enable Turn on privileged commands
eou EAPoUDP
erase Erase a filesystem
event Event related commands
exit Exit from the EXEC
format Format a filesystem
fsck Fsck a filesystem
help Description of the interactive help system
isdn Run an ISDN EXEC command on an ISDN interface
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mkdir Create new directory
monitor Monitoring different system events
more Display the contents of a file
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
no Disable debugging functions
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
pwd Display current working directory
radius radius exec commands
release Release a resource
reload Halt and perform a cold restart
rename Rename a file
renew Renew a resource
restart Restart Connection
resume Resume an active network connection
rmdir Remove existing directory
rsh Execute a remote command
send Send a message to other tty lines
set Set system parameter (not config)
setup Run the SETUP command facility
show Show running system information
slip Start Serial-line IP (SLIP)
ssh Open a secure shell client connection
start-chat Start a chat-script on a line
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
tclsh Tool Command Language shell
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
tms Threat Mitigation Service
traceroute Trace route to destination
tunnel Open a tunnel connection
undebug Disable debugging functions (see also 'debug')
upgrade Upgrade commands
verify Verify a file
vlan Configure VLAN parameters
vtp Configure global VTP state
webvpn WebVPN exec command
where List active connections
write Write running configuration to memory, network, or terminal
xconnect Xconnect EXEC commands

The show command will be used a lot and here it shows system info and IOS version, which also determines what capabilities a given device will have depending on it's hardware:

cisco877# sh version
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(11)XJ3)
Synched to technology version 12.4(11)T
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 25-Apr-07 14:27 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

cisco877 uptime is 1 hour, 59 minutes
System returned to ROM by power-on
System image file is "flash:c870-advipservicesk9-mz.124-11.XJ3.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 877W (MPC8272) processor (revision 0x300) with 118784K/12288K bytes of me.
Processor board ID FCZ1143R04L
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 802.11 Radio
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

Wiping the startup conf as a first step:

cisco877# erase ?
/all Erase all files(in NVRAM)
/no-squeeze-reserve-space Do not reserve space for squeeze operation
flash: Filesystem to be erased
nvram: Filesystem to be erased
startup-config Erase contents of configuration memory

cisco877# erase startup-config

Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] y [OK]
Erase of nvram: complete

Now if you show the startup conf:

cisco877# sh startup-config
startup-config is not present

At this point you can still replace the startup conf with the running conf that is still in memory if you ever make this mistake on a running unit:

cisco877# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

To wipe a conf permanently you reboot with

reload

Proceed with reload? [confirm] y

*Nov 10 17:37:56.306: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command

This commences a full IOS restart and basic setup options:

System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.

C870 series (Board ID: 1-148) platform with 131072 Kbytes of main memory

Booting flash:/c870-advipservicesk9-mz.124-11.XJ3.bin
Self decompressing the image : ###############################################################]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(11)XJ3, RELEASE SOFTW)
Synched to technology version 12.4(11)T
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 25-Apr-07 14:27 by prod_rel_team
Image text-base: 0x8002008C, data-base: 0x81E6E5E4
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Installed image archive
Cisco 877W (MPC8272) processor (revision 0x300) with 118784K/12288K bytes of memory.
Processor board ID FCZ1143R04L
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
1 802.11 Radio
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)

You can follow this dialog to setup basic access...

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system

Would you like to enter basic management setup? [yes/no]: yes
Configuring global parameters:

Enter host name [Router]: cisco877

etc...

On the 877 these are not separate switched ports so have a common hub IP address set by a VLAN for all 4 connections. This then enables you to connect via SSH or Telnet to the unit from any networked PC instead of the serial port.

Current interface summary

Any interface listed with OK? value "NO" does not have a valid configuration

Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset initializing down
FastEthernet1 unassigned YES unset initializing down
FastEthernet2 unassigned YES unset initializing down
FastEthernet3 unassigned YES unset initializing down
Dot11Radio0 unassigned NO unset initializing down
ATM0 unassigned NO unset initializing down
Vlan1 unassigned YES unset up down

Enter interface name used to connect to the
management network from the above interface summary: vlan1

Configuring interface Vlan1:
Configure IP on this interface? [no]: yes
IP address for this interface: 192.168.1.100
Subnet mask for this interface [255.255.255.0] :
Class C network is 192.168.1.0, 24 subnet bits; mask is /24

Now you have a basic running conf with an IP address on the the VLAN1 ports shown with:

cisco877>en
Password:
cisco877#show running-config

Building configuration...

Current configuration : 1096 bytes
---------------------------------------------------------------------------------------------
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco877
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$e/g3$ceiyt/4d
enable password xxx
!
no aaa new-model
no ip routing
no ip cef

!
multilink bundle-name authenticated
!
interface ATM0
no ip address
no ip route-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto

!
interface FastEthernet0
shutdown
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.1.100 255.255.255.0
no ip route-cache
!

no ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxx
login
!
scheduler max-task-time 5000
end


The above format is what can be pasted at the command line for amended working configs you find on the web for your device. Now it can be added to in stages to see how it works...

As I configured a vlan let's look at it:

cisco877#sh ip interface vlan 1
Vlan1 is up, line protocol is down
Internet address is 192.168.1.100/24
Broadcast address is 255.255.255.25

Plug in a network cable into FA0 and connect it to my network, then turn on all the ethernet interfaces on the hub:

cisco877# conf t

cisco877(config)#interface fastEthernet ?
<0-3> FastEthernet interface number

cisco877(config-if)#interface fastEthernet 0

cisco877(config-if)# no shutdown
*Nov 10 18:10:06.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
*Nov 10 18:10:06.131: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

Do this for IFs 0-3.

cisco877(config-if)#end

Prove it is up by pinging it from the command line - the "centre" of the 877 - same principle for any router/firewall:

OUTSIDE WAN (Distrusted Zone) Dialler 877 Vlan1 INSIDE LAN (Trusted Zone)

[ADSL/WAN] <----> [877 Firewall zone ] <-----> [LAN ]
[ Inet ] <--> [I/O packets] <----> [packet initiation] <----> [I/O packets][ LAN]

cisco877#ping 192.168.1.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

As I have connected the 877 to my web connected Draytek router I can ping it's "LAN" too from the 877 command line:

cisco877#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!

To show that the 877 replies, I ping it from the PC:

stevee@Dell490 ~ $ ping 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=2 ttl=255 time=0.717 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=255 time=0.712 m

All good so far - the LAN interface is configured for rx/tx.

Note that the WiFi network on this router is separated from the RJ45 connections physically so cannot be set on the same subnet or VLAN1 as the LAN at this point. 

This is good or bad news depending on your network requirements. If you were a wifi coffee shop, your customers could use the WiFi without access to your small business LAN, ensuring separation from net shares etc. No good if you have some wifi only devices that you want on the same network...However, it IS a router! So the different interfaces can be connected by configuring the appropriate routing protocols and/or static routes for all interfaces depending on your needs. It will be covered in later Posts.

Summary Config so far: with commands I added in bold:

cisco877>en
Password:
cisco877#sh run
Building configuration...

Current configuration : 1058 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco877
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$e/g3$ceiyt/4dt/GK9gSm7vbkN.
enable password xxxx
!
no aaa new-model
no ip routing
no ip cef

!
multilink bundle-name authenticated
!
!
interface ATM0
no ip address
no ip route-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1

!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 192.168.1.100 255.255.255.0
no ip route-cache
!
!
!
no ip http server
no ip http secure-server

snmp-server community public RO
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxx
login
!
scheduler max-task-time 5000
end


First - the enable and secret passwords are plain text visible - encrypt them in the conf using:

cisco877#en
cisco877#conf t
cisco877(config)#service password-encryption

cisco877(config)#end

cisco877#sh running-config

enable secret 5 $1$e/g3$ceiy
enable password 7 03145404161F

line vty 0 4
password 7 051B0

That is it for now. I'll look at the Wifi and ADSL/Internet access and account settings soon.

Comments are closed.

Post Navigation