CS 356 Lab 2, Edmondson-Yurkanan, Fall 2002

Router Configuration, Routing and

Access Lists

In this lab you will learn: Time: 2 hrs

Cisco 2600 Router Configuration / Part A / 30 min
Static Routing / Part B / 20 min
Dynamic Routing / Part C / 20 min
Access Lists / Part D / 30 min
Explore!

Components used in this lab:

2 computers with Microsoft Windows 2000
1 Cisco Systems Catalyst 2900 Series Ethernet Switch
1 Cisco 2600 Router
3 Ethernet Cables and 1 crossover cable per 2 teams
2 students per team

Required Reading

1.  It’s important you study this handout and do the pre-lab. (especially Part A & D’s Introductions)

  1. Routing protocols (Textbook: RIP [pg 322-325], Security 7.1.2, Firewalls [pg 653-655])

Part A: Cisco Router Configuration Time: 30 min

Introduction

Cisco routers are powered by the Cisco Internetwork Operating System (IOS) that allows the routers to be configured to perform specific tasks. Before you start the configuration of a Cisco Router, you must understand the two EXEC modes available on a router: user EXEC mode and privileged EXEC mode. User mode allows you to perform basic trouble shooting tests, telnet to remote hosts, and list router system information. You know that the router is in user mode if the prompt is the router name followed by the ‘greater than’ sign: RouterName>. Privileged mode, sometimes called “enable mode”, allows for full router configuration and advanced troubleshooting. “RouterName#” is an example of the privileged mode prompt. If you log into a router via a console or telnet connection, you enter user mode. Privileged mode requires that you issue the enable command.

Before you actually configure a Cisco router, you must understand the two main configuration modes: global configuration mode and interface configuration mode. You use global configuration mode to configure router settings that affect overall router operations. This is accomplished by the command configure after you are in the privileged mode. If you wish to configure a particular interface, you must use interface configuration mode. To enter this mode, you need to be in the global configuration mode. You then enter the interface command followed by the name and number of the interface you wish to enter. If the router is in global configuration mode, the prompt will be RouterName (config) # while in interface configuration mode it will be RouterName(config-if)#.

In this lab for each group of 2 students, there will be one designated router, one Ethernet switch, two PCs running Windows, and several Ethernet cables. It is the goal of this lab to accustom you to the basic set up of a router. Most of the tasks require only one person typing; let one person do the typing for one section and let the other do the typing for the next section and alternate.

You will configure the router to obtain the topology in the following diagram.

Figure showing the network topology being used for this lab.

Lab Setup

1.  One PC per group will be connected through the serial port to the router. One end of the light blue Ethernet cable will be plugged into the console port of the router and the other end will be connected to the COM1 port of the PC.

2.  Each group has an Ethernet switch and router along with Ethernet cables (one for connecting the PC to the Ethernet switch, one for connecting the Ethernet switch to the router, and a crossover cable common to both groups for connecting the two routers together)

Task 1 – Use the program HyperTerminal to log on to the router

HyperTerminal is a program that you can use to connect to other computers, routers, etc. using your modem, a null modem cable or Ethernet connection

1.  Verify that the router is turned off.

2.  Launch HyperTerminal at Start, Programs, Accessories, Communication, HyperTerminal. You will now need to configure HyperTerminal so that it communicates with the router out of COM1.

3.  Type router for the Connection Description Name.

4.  In the Connect To window the fourth field is titled "Connect Using:" Scroll down to select COM1, and then click OK.

5.  Confirm and change if necessary the following settings in the COM1 Properties window that pops up.

Bits Per Second: / 9600
Data Bits: / 8
Parity: / None
Stop Bits: / 1
Flow Control: / Xon/Xoff

6.  Click OK. At the bottom left of the window, it should say "Connected" with a running count of the time for which the connection has been active.

7.  Turn on the router. Observe the boot-up procedure displayed in HyperTerminal. This lists information about the hardware, as well as the initial configuration. We will modify this configuration. (Explore!)

8.  Note that there are two Ethernet interfaces on the router. These interfaces should already each be currently assigned an IP address. You can see this by executing the command show interfaces.

You can type the ? command at any time to receive context sensitive help.

Task 2 – Reset router configuration

Because we are unsure of the validity of the current configuration of the router, we need to erase it and configure it by ourselves. To erase the current configuration, we must be in Privileged Mode.

9.  Type enable to enter Privileged Mode.

10.  Type the password given on the chalkboard and press enter when prompted. The prompt should now end with #.

11.  Type erase startup-config to clear the current configuration that resides on the router. (Note: Wait, it takes some time – in fact it may not seem to respond but it is working)

12.  Confirm by pressing enter that you wish to erase nvram file system and wait till it completes (If you did not want to confirm you would use <Esc>)

13.  Type reload and confirm by pressing enter. This reboots the router and allows the changes to take effect. (Note: Wait, this also takes some time)

14.  Type no if asked to save changes.

Task 3 – Configure the router

Once the router has finished booting up, you will be in the System Configuration Dialog.

15.  Type yes to enter initial configuration dialog.

16.  Type no to skip the basic management setup.

17.  Type yes to see the current interface summary.

18.  Type in the name of your group for the host name. (GroupA or GroupB)

19.  Type in the password given on the chalkboard for the enable secret.

20.  Type in the same password for the enable password. It will tell you not to use the same password, but it is okay, just type it in again.

21.  Type in the same password for the virtual terminal password.

22.  Type no to configuring the SNMP Network Management.

23.  Type yes to configure IP.

24.  Type no to IGRP and RIP routing, and bridging and configuring Async lines.

25.  Type yes to configure the FastEthernet 0/0 interface.

26.  Type yes to use the RJ-45 connector.

27.  Type yes to full duplex mode.

28.  Type yes to configure IP on the interface.

29.  Use the following IP addresses for the two interfaces of each router to answer the next prompts.

Interface Names / Router A / Router B /

Subnet Mask

FastEthernet 0/0 / 192.168.0.1 / 192.168.50.1 / 255.255.255.0
FastEthernet 0/1 / 192.168.100.1 / 192.168.100.2 / 255.255.255.0

30.  Similarly configure the FastEthernet 0/1 interface.

31.  Press Enter to save the newly created configuration, option 2 in the menu presented.

32.  Type show interfaces.

33.  Verify that the IP addresses were correctly assigned to the two router interfaces.

34.  Connect the host machines to the Ethernet switch and connect the Ethernet switch to the FastEthernet 0/0 interface of the router using Ethernet cables.

35.  Setup the host machines to have the required IP addresses as below and the correct gateway as below. (do it yourself. Hint: Use ‘network properties’ in Windows)

Group A / IP Address / Subnet Mask / Gateway
Computer1 / 192.168.0.2 / 255.255.255.0 / 192.168.0.1
Computer2 / 192.168.0.3 / 255.255.255.0 / 192.168.0.1
Group B / IP Address / Subnet Mask / Gateway
Computer1 / 192.168.50.2 / 255.255.255.0 / 192.168.50.1
Computer2 / 192.168.50.3 / 255.255.255.0 / 192.168.50.1

36.  From your host, ping the other host on your network. The ping should succeed.

One of the nice things about the Cisco IOS is the ability to query for command syntax. For example if you don’t know what arguments are accepted for the show command, type show ? and a list of possible arguments is displayed. (Explore!)

Part B: Static Routing Time: 20 min

The remaining part of this lab is to connect the two routers of Group A and Group B together so that machines in Group A and machines in Group B can communicate with each other. The remainder of router configuration will be done via the Ethernet interface of each host.

1.  Wait for the other team to finish Part A. Connect the FastEthernet 0/1 interfaces of both the routers using the crossover cable.

2.  Ping the hosts on the other group’s network and verify that the ping did not succeed. You should still be able to ping the other host in your group, verify.

3.  Use the PC that is not running HyperTerminal to telnet to the router interface that is connected to your Ethernet switch. (do it yourself)

4.  Type the password given on the board when prompted.

We will now set up a static routing table in each of the two routers. The idea is for the table to indicate that the other group's network can be reached via the 0/1 interfaces of both routers. To create a static entry in the routing table of the router, you must be in Configuration Mode.

5.  Enter privileged mode (enable) and type config terminal. (do it yourself)

6.  Use the command ip route to set up the static routing table (do it yourself). The parameters that ip route takes are:

  1. Destination network/subnet number (the other groups subnet),
  2. It’s subnet mask, (the other groups subnet mask) and
  3. The IP address of the next hop that can reach the destination network (the other groups FastEthernet 0/1 router address).

7.  Verify that the static routing table has been created and works, by pinging the hosts on the other group’s network. You should be able to ping both the hosts on the other group’s network. (Note: if you are on the computer currently telneted into the router you will need to open a second command window.)

8.  To view the routing table, type show ip route. (Does this command work in the mode that you are in? find that out by typing ‘show ?’. If the command is not available, change the mode (ctrl-z).)

Exercise 1: List the entries in the routing table.

9.  Gain information about the topology of the network: Type tracert from the command prompt of a host within your network. Write down the output you get for the following.

Exercise 2: Tracing routes

  1. Trace route to the other host within your group’s network:
  1. Trace route to the 0/1 interface on your group’s router:
  1. Trace route to a host within the other group’s network:

Part C: Dynamic Routing using RIP Time: 20 min

Task 1 – Set up RIP

1.  Wait for the other team to complete Part B.

2.  Make sure you are in the global configuration mode. (Hint: Prompt will be RouterName(config)#)

3.  Delete all routing table entries using no ip routing followed by ip routing. Notice the change in port status on the switch. Did you lose your telnet connection?

4.  Try pinging the hosts in the other group’s network. You should not be able to reach them.

5.  Type router ? to see what routing update protocols are supported by this IOS.

6.  Use the command router rip to select RIP as the routing update protocol. (do it yourself)

7.  Then, specify each of the networks that you want RIP to be enabled on using the network command. As an example, if a router has interfaces connected to the networks 172.198.20.0 and 192.89.7.0. The following configuration shows how to set up RIP in the router.

router rip

network 172.198.20.0

network 192.89.7.0

8.  Exit the global configuration mode by typing exit.

Task 2 – Observe RIP

9.  See it happen! Use the hyper terminal to view the routing tables being sent and received with: debug ip rip (do it yourself). Record your observations in the table below. (Make sure that the other group has also set up RIP).

10.  Don’t forget to do this command when you are done: undebug all

(Explore! How fast does RIP detect if a link goes down?)

Exercise 3: Record how RIP sets up the routing table. (Step 9 above)

Exercise 4: Record the new routing table. (show ip route)

11.  Ping the hosts in the other group from the command prompt. You must be able to ping all the hosts in the other group.


Part D: Access Lists (Firewall Packet Filtering) Time 30 min

Introduction:

The Access list is one of the most important control mechanisms to control access to both the internal and external network. Access lists consist of permit or deny statements that filter traffic based on the source address/port, destination address/port, and protocol type of the packet. In this lab, you have a chance to setup a Cisco router access list from scratch.