Basic configuration

- Router > enable

- Router (config) # banner motd $your message$
- Router (config) # line console 0

- Router (config-line) # Password cisco1

- Router (config-line) # login

- Router (config) # line aux 0
- Router (config-line) # Password cisco2
- Router (config-line) # login
- Router (config) # enable password cisco3
- Router (config) # service password-encryption
- Router (config) # enable secret cisco4

- Telnet
- Router > enable
- Router # config t
- Router (config) # line vty 0 4
- Router (config-line) # password cisco5
- Router (config-line) # login
- Router (config-line) # exit
- Router (conf t) username cisco privilege 15 secret cisco6
- R1(config)#aaa new-model
- R1(config)#aaa authentication login default local
- R1(config)#aaa authorization exec default local
- Router # wr

SSH
- The name of the RSA keypair will be the hostname and domain name of the router.
Let’s configure a hostname:
 - Router(config)#hostname R1
- And a domain name:
- R1(config)#ip domain-name NETWORKLESSONS.LOCAL
- Now we can generate the RSA keypair:
- R1(config)#crypto key generate rsa
- How many bits in the modulus [512]: 2048
- % Generating 2048 bit RSA keys, keys will be non-exportable...

- [OK] (elapsed time was 3 seconds

- R1(config)#line vty 0 4
- R1(config-line)#transport input ssh
- R1(config-line)#login local

Now from CMD in your pc

SSH -l username ip address

Example : ssh -l admin 192.168.12.1

Backup
- R1#copy run tftp
- Address or name of remote host []? 115.115.115.6
- Destination filename [roouerb-confg]? zzzzzz

Restore
- R1#copy tftp running-config
- Address or name of remote host []? 115.115.115.6
- Destination filename [roouerb-confg]? Zzzzzz
- R1#copy tftp flash:
Password Recovery Step-by-Step Procedure:
To recover your password:
1 Turn off or shut down the router
2 Press Break or Control+C or Shift+Control+6 keys. on the terminal keyboard within 60
seconds of the power-up to put the router into ROMMON.

Change Configuration Register from the ROMMON mode

rommon 1 > confreg 0x2142

rommon 2 > reset

Copy Start up Config to Running Config

- Router#copy startup-config running-config

 Set the New Passwords

- R1(config)#enable password ****

- R1(config)#enable secret ****
- R1(config)#line con 0
- R1(config-line)#password ****
- R1(config-line)#login
- R1(config-line)#exit
- R1(config)#line aux 0
- R1(config-line)#password ****
- R1(config-line)#login
- R1(config-line)#exit
- R1(config)#line vty 0 4
- R1(config-line)#password ****
- R1(config-line)#login
- R1(config-line)#exit

Change the Config Register to default

R1(config)#config-register 0x2102

R1(config)#exit

R1#copy run start

Destination filename [startup-config]?

Building configuration... [OK]

R1#reload

Proceed with reload? [confirm] Press Enter

Disable Password Recovery

Increasing Access Security

Logging Failed Attempts
Generate Login Syslog Messages
Example: show login failures

Configuring and Assigning Privilege Levels

1- Entering root view to create custom views :
R1#enable view

Password:

R1#sh parser view

Current view is 'root'

2- Creating custom parser views – abc:

R2(config)#parser view abc

R2(config-view)#secret 123

R2(config-view)#commands exec include ping

 R2(config-view)#commands exec include all show

R2(config-view)#commands exec include telnet

3- Creating custom parser views – xyz :

R2(config)#parser view xyz

R2(config-view)#secret 234

R2(config-view)#commands exec enclude ping

R2(config-view)#commands exec enclude telnet

R2(config-view)#commands exec enclude all show

R2(config-view)#commands exec enclude configure terminal

R2(config-view)#commands configure include all interfaces

R2(config-view)#commands configure include all router

R2(config-view)#commands interface include shutdown

R2(config-view)#commands interface include no shutdown

4- Binding parser view with local database and writing all configurations
:

R2(config)#username sam view abc password 123

R2(config)#username ram view xyz password 234

R2(config)#do write
 5- To see parser views and the commands associated with them :

R2#show running-config | sec parser

6- Creating superview

R1(config)#parser view SUPER superview

R1(config-view)#secret super

R1(config-view)#view abc

R1(config-view)#view xyz

7- You can enable view using the below command :

R2#enable view abc

8- To check how many commands the current view has type “?”:

R2#enable view abc

Configuring the Network Time Protocol (NTP)

Sample NTP Configuration on R1

Sample NTP Configuration on R2

Discovery Protocols CDP and LLDP

R2#show cdp neighbors.

R2#show lldp neighbors.

DHCP Configuration
R1(config)#ip dhcp pool 1

R1(config)#ip dhcp pool 1

R1(config)#network 10.10.10.0 255.255.255.0

R1(config)#default-router 10.10.10.1

R1(config)#dns-server 90.90.90.60

R1(config)#ip dhcp excluded-address 10.10.10.2 10.10.10.19

access-list configuration
standard access list
Router(config)#access-list 1 deny 10.0.0.152
Router(config)#access-list 1 permit any

Router(config)#interface fastEthernet 0/0

Router(config-if)#ip access-group 1 in

Router(config)#no access-list 1

subnet
Router(config)#access-list 1 deny 192.168.19.0 0.0.0.255
Router(config)#access-list 1 permit any

Router(config)#interface fastEthernet 0/0

Router(config-if)#ip access-group 1 in

Extended(host only)
Router(config)# access-list 100 deny tcp host 10.0.0.152 host 170.17.17.5 eq
80

Router(config)#access-list 100 deny icmp host 10.0.0.152 host 170.17.17.5

Router(config)# access-list 100 permit ip any any

Router(config)#int fastEthernet 0/0

Router(config-if)#ip access-group 100 in

subnet
Router(config)#access-list 110 deny tcp 10.0.0.0 0.0.0.255 host 170.17.17.5

Router(config)#access-list 110 permit ip any any

Router(config)#interface fastEthernet 0/0

Router(config-if)#ip access-group 110 in

Router(config)#access-list 110 deny icmp host 10.0.0.152 any

to delete access-list
Router(config)#no access-list 1

Router(config)#interface fastEthernet 0/0

Router(config-if)#no ip access-group 1 in