Cisco initial Configuration Guide (CCNA – CCNP Refresh)

1. Setting the hostname

Router(config) hostname LAB1

Securing the console port

Enable telnet

Secure privilege Exec mode

1. Enable password – show run displays password plain text

2. Enable sercret – show run displays encrypted

Login Banner

MOTD (MESSAGE OF THE DAY) Displays at login

Exec banner displays after authentication

*& is
delaminating character

This is how it should look, the MOTD banner is display before the password is supplied, once you login
you get the Exec banner
Configuring Clock

Clock timezone est 05 – sets clock to eastern timezone

Disable automatic domain lookup

Stops this pain in the ass:

Enable logging synchronous (it stops the pain in the ass logging to pop up on the line while your
typing)

Disable auto logout (recommended for lab only)

Default is ten minutes this disables auto log out for the console

Configure an interface
Setting up SSH
Setting up NAT

This is in GNS 3, Router 1 is connected to the “Cloud” which is a Microsoft Loop back adapter on my
desktop. The loopback must be configured in GNS 3 for the cloud. Windows will create an IP for the
loopback when shared with your “real” LAN adapter. The 192.168.137.1 was assigned by windows. I
assigned the .2 in the same subnet to Router 1. I then created a static route 0.0.0.0 0.0.0.0 to go to
192.168.137.1 and verified that I can ping to google dns (8.8.8.8).

R1 S0/0

Connects to R2 S0/0

R1 S0/1

Connects to R3 S0/1

Configure NAT inside/outside interfaces

In this scenario Fa0/0 is “Outside” as it is Internet “cloud” facing

The two other serial interfaces will be inside

We now need to create an Access Control List (ACL) that will include local (private) hosts or network(s).
This ACL will later on be applied to the NAT service command, effectively controlling the hosts that will
be able to access the Internet. You can use standard or extended access lists depending on your
requirements:

The above command instructs the router to allow the 192.168.0.0/24 network to reach any destination.
Note that Cisco router standard and extended ACLs always use wildcards (0.0.0.255).

Enables NAT overload and binds it to the outside interface. FASTETHERNET 0/0 is OUTSIDE!

To verify use

Show ip nat translations

Setting up DHCP
Enable DHCP service

Create a DHCP pool of addresses

Configure the Network Range

This means 192.168.0.1 – 254, after this you must put in exclusions. Exclusions are done in global
config mode, so we’ll do that later. For now:
Default-router(default gateway) domain name, dns, and lease time (9 hours)

IP address exclusions

Excludes ip host address 1 – 99

Show ip dhcp binding

Convert a router into a Frame Relay Switch

1. take a router

2. add a serial card with several interfaces. Lets say a NM-4T in a 3725 or 3640.

assume topology is is R1[s1/0]<-DLCI 102->[s1/0]FR-Swtich[s1/1]<-DLCI 201->[s1/0]R2

3. Configure the router as a FR switch (this is from memory, so use question mark to check my
speeeeling)

config t
hostname FR-Switch
frame-relay switching
int s1/0
encapsulation frame
frame intf-type dce
frame route 102 int s1/1 201
no shut
int s1/1
encap frame
frame intf-type dce
frame route 201 int s1/0 102
no shut
end
R1
conf t
int s1/0
encap frame
ip add 1.1.1.1 255.0.0.0
no shut

R2
conf t
int s1/0
encap frame
ip add 1.1.1.2 255.0.0.0
no shut
end

Wait a few secs (30-60)

Use:
show frame lmi
show frame pvc

then (from R2)

ping 1.1.1.1
!!!!!

Done

Setting up ACL’s
Access control lists

1. Which ACL is going to accomplish my goal: Standard or Extended?

If you must filter out some specific TCP traffic (e.g. going towards port 80), an extended ACL
must be used as

The guidelines specify that standard ACL must be placed as close to the destination as possible.
the standard one cannot filter on TCP (source IP only).

2. Which router and interface should I apply the ACL on?

3. Which direction should I use: in or out?