| | 121 | |
| | 122 | === Initial Configurations === |
| | 123 | |
| | 124 | Before configuring the devices for the network setup. Let's configure some initial settings in the Core Network Devices. |
| | 125 | |
| | 126 | Press the '''Enter''' key to go to the user mode of the FAC1 switch. Prompt will look as follows. |
| | 127 | {{{ |
| | 128 | FAC1# |
| | 129 | }}} |
| | 130 | In this privileged mode, you can check the router configuration by the following command. The configuration you see will be the default configuration |
| | 131 | {{{ |
| | 132 | FAC1#show run |
| | 133 | }}} |
| | 134 | To add configurations you have to go configuration mode. Type '''config terminal'''. Note the prompt change. |
| | 135 | {{{ |
| | 136 | FAC1(config)# |
| | 137 | }}} |
| | 138 | |
| | 139 | |
| | 140 | > '''note:''' If you get following error, |
| | 141 | |
| | 142 | > `%Error opening tftp://255.255.255.255/AccessRt-confg (Timed out)` |
| | 143 | |
| | 144 | > Give the following command in the config mode, `no service config` |
| | 145 | |
| | 146 | |
| | 147 | |
| | 148 | You can now start making configurations. |
| | 149 | |
| | 150 | - The first thing you have to add is the hostname of the device. The hostname is the device's identification. In this Lab device name or the hostname is automatically configured based on the GUI edits we did previously. If you want to change it you may use |
| | 151 | {{{ |
| | 152 | hostname <device name> |
| | 153 | }}} |
| | 154 | |
| | 155 | - Then let's give a enable secret. Which is a password you set when you go to the privileged mode from the user mode? We will use the '''class password''' as the enable secret |
| | 156 | {{{ |
| | 157 | enable secret <class password> |
| | 158 | }}} |
| | 159 | - Add the DNS server |
| | 160 | {{{ |
| | 161 | ip name-server 192.248.1.161 |
| | 162 | }}} |
| | 163 | > In your production envirnment you may use your internal dns resolver if needed. |
| | 164 | - Next you can add a banner to your device. This will display every time you log in to the device |
| | 165 | {{{ |
| | 166 | banner motd @ Unauthorized Access is Prohibited! @ |
| | 167 | }}} |
| | 168 | - Add more security by encrypting passwords in your config file |
| | 169 | {{{ |
| | 170 | service password-encryption |
| | 171 | }}} |
| | 172 | - Then lets's configure the line console which are the console port settings |
| | 173 | * Go to line console config mode |
| | 174 | {{{ |
| | 175 | line console 0 |
| | 176 | }}} |
| | 177 | * Enable login authentication. Make sure not to save or exit the router after this command without executing the next command. |
| | 178 | {{{ |
| | 179 | login |
| | 180 | }}} |
| | 181 | * Set the password |
| | 182 | {{{ |
| | 183 | password <class password> |
| | 184 | }}} |
| | 185 | - Finally let's enable ssh (version 2) in the device. Type '''exit''' to go back to previous mode (config mode) from line console config mode |
| | 186 | * Configure a domain name. Use '''instXY.learn.ac.lk''' for this lab where XY is your group id. |
| | 187 | {{{ |
| | 188 | ip domain name instXY.learn.ac.lk |
| | 189 | }}} |
| | 190 | * Create an ssh user with a password. In here we will use the username admin with the class password |
| | 191 | {{{ |
| | 192 | username admin secret <class password> |
| | 193 | }}} |
| | 194 | * Create a certificate which will use for encryption |
| | 195 | {{{ |
| | 196 | crypto key generate rsa |
| | 197 | }}} |
| | 198 | * Give the size of key as 768 (minimum size needed to activate ssh version 2) |
| | 199 | * Then Configure the line vty |
| | 200 | {{{ |
| | 201 | line vty 0 4 |
| | 202 | login local |
| | 203 | transport input ssh |
| | 204 | }}} |
| | 205 | - Now '''save the configurations'''. you have to Go to privileged mode and give the following command |
| | 206 | {{{ |
| | 207 | #copy running-config startup-config |
| | 208 | }}} |
| | 209 | - Check the configuration by '''show run''' command. |
| | 210 | ''' Apply these settings in FAC2 as well''' |
