Introduction to Cisco Routers configuration and ssh

 

Cisco Router

Configuring a Cisco device can be tricky, but today we are going to see all the commands to do a basic configuration on a Cisco Router and also we are going to learn how to secure the remote management interface.

The previous post showed how to do a basic configuration on a Cisco switch, because Cisco uses the same OS for both devices a basic configuration on a switch will be the same on a router, you will use the same commands as we used on the previous post:

Basic Router Configuration

enable
configure terminal
hostname RT1
banner motd # Authorized access only #
enable secret class
line console 0
password cisco
login
logg sync
exit
service password-encryption

These are almost all the commands we used to do a basic configuration on a switch. Now, there is only one difference, routers do not require vlans, so we do not need to configure one.

New commands to learn to configure a Router

Routers require their interfaces to be configured in order to have connectivity on the network, to do so, we need to execute some new and not that new commands, as we did with the vlan interface of the switch on the last post. We will do the same but this time we are going to replace vlan for an interface name. So here is the example with the commands explanation:

RT1(config)# interface fastEthernet 0/0  –>  This ccommand is used to access to the configuration of the interface fastethernet 0/0 on the router
RT1(config-if)#  –>  This command indicates that you have entered in the interface any command typed here will only work if it is associated with this interface.

RT1(config-if)# ip address 192.168.1.1 255.255.255.0 –> This command assings an ip address of value 192.168.1.1 and its Network Mask 255.255.255.0 to the interface so it can communicate with the rest of the network.
RT1(config-if)# no shutdown –> Changes the state of the interface from down to up, to change from up to down you just need the shutdown command.

Configuring SSH for secure remote management

As we saw on the last post we configured the switch to be accessed remotely through telnet and today we are going to learn to do it with a more secure method. This method is configured the same way for both devices.

RT1(config)# ip domain-name (domain.com) –> this command creates a domain to allow creation and authentication of users locally on the device (domain.com can be any domain you would like)
RT1(config)# crypto key generate rsa –> This command will create an encrypted key for the ssh connection and after this command a prompt will appear to enter the number of bits that you would like the key to be encrypted with. It is recommended 1024.
RT1(config)# username (admin) privilege (1-15) secret (password) –> This command will create a username to login on the device locally. The privilege specifies with a number what is the level of access the user will have .
The last command, secret will apply a level of encryption to the password you type.

 

Now we just need to configure the vty lines 0 15 as we would do if we were going to configure a telnet on a switch, there is only one little change that we would have to do.

RT1 (config)# line vty 0 15 –> this command will go into the vty lines
RT1(config-if)# transport input ssh –> this command will redirect any kind of connection to ssh.
RT1(config-if)# login local –> this command will specify that the user to log in will be the local account created before
RT1(config-if)# exit –> exit from the vty lines 

Get more resources

As a result of the content that we have learned today, we also have a video that will show how to do  all this configurations using the Packet Tracer network simulator. Therefore if you do not have download this tool we strongly recommend you to do it: Download Packet Tracer

In conclusion we have learn how to do basic configurations on both devices, switches and routers.

If you want more information about configuring ssh, get it from the Cisco website:
Get more information on SSH configuration

Leave a Reply

%d bloggers like this: