Basic Administrative Configuration

Chapter 7 focused on the configuration process more than the actual configuration commands that happened to be in the chapter. Before you configure IP, this short section reviews some of the basic commands you typically will configure on any router.

On most routers, you would configure at least the following:

A host name for the router

Reference to a DNS so that commands typed on the router can refer to host names instead of IP addresses

Set a password on the console port

Set a password for those Telnetting to the router

Set the enable secret password to protect access to privileged mode

Create a banner stating an appropriate warning, depending on the security practices at that company

Example 13-1 shows the output of the show running-config command on Albuquerque. The functions described in the list have been configured using the commands that are highlighted in the example.

Example 13-1 Basic Adminsitrative Settings on Albuquerque Router

Example 13-1 Basic Adminsitrative Settings on Albuquerque Router

None of the commands highlighted in Example 13-1 is required for the router to route IP, but the commands are generally useful in real networks. Of note, to make the router ask for a password at the console, you need the login console subcommand; the password console subcommand tells the router what password is required at the console. Similar logic applies to the login and password vty subcommands. And although you do not have to refer to a name server, when you do, you typically refer to at least two because most networks have at least two name servers for redundancy and availability.

When configuring the enable secret command, you type the password just like you want the user to type it when logging in to the router; however, the IOS changes the value that is saved in the configuration. For instance, for Example 13-1, I typed enable secret cisco, and the router changed cisco to a hashed value that cannot be converted back to cisco.

Two other things that you might want to configure habitually on routers are the console timeout and the synchronization of unsolicited messages. In some cases, you want the router to exit the user from the console after a period of inactivity. In other cases, you do not want the console disabled at all because of inactivity. The exec timeout minutes seconds command sets the inactivity timeout. Also, unsolicited informational messages and output from the IOS debug command both show up at the console by default. These same messages can be seen at the aux port or when Telnetting into a router by using the terminal monitor command. The logging synchronous line subcommand tells the router not to interrupt the output of a show command with these unsolicited messages, letting you read the output of the command that you typed before the router displays the other messages. logging synchronous can make your life a lot easier when using a router.

0 0

Post a comment