How to perform some advanced configurations for Cisco Routers and Switches?

   

 Hey guys, Right away we will dive into some advanced configurations of switches and Routers. If you have been following up with my blog, I had post two initial articles defining basic configurations to set up a Router Basic Router configs and a switch basic switch configs. Before coming to this article of Advanced Configurations, I will advise you to quickly run through the above links so you can better understand this.

For a quick reminder, this post is only intended to help users or starters in the world of Cisco networking to learn how to do some configurations by themselves without much need for technical expertise. If you are a test taker preparing for the CCNA, this could be helpful but I will advise you to get in contact with network Gurus and renowned Authors such as Todd lammle at www.lammle.com or Jeremy whom you can research online to get the full scope of the CCNA course and Study guides. But this should probably help if you just want to get things configured quickly, done and dusted. If you are not interested in this Literature, you can quickly scroll down to the COMMAND LINE INTERFACE and figure out how to do what you want to do, and don't forget to leave your comment or subscribe to future posts. 

As a side note to consider, on February 24, 2020, Cisco released a new consolidated CCNA exam. If you have started working towards CCNA Routing and Switching certification, keep going. If you earned CCNA Routing and Switching before February 24, then on February 24th, You will keep your CCNA Routing and Switching and you will receive the new CCNA certification plus a training batch.

Great! right? 

Assuming you already have an idea of the basic configurations for both switches and Routers, and also what switches and Routers do in a network, we will dive straight into the Advanced configurations. I will begin with some Advanced configurations for Routers followed by Switches. NOTE that 95% of configurations are done in the global config mode. It is always important to keep in mind the mode you are in the Cisco IOS before typing a command.

THE COMMAND LINE, the image below used the Teraterm terminal program

 Always note that, Cisco devices using the IOS (Internetwork Operating System) boot and start from the User or Exec mode, A user will need to type two commands accordingly in order to access the global config mode where configurations affecting the entire Switch or Router are made.

ROUTERS:
TO SET UP A STANDARD ACCESS LIST
access-list xx (xx is any number ranging from 1-99) permit or deny host x.x.x.x (x.x.x.x is the IP address you want to permit or deny). note that standard access is applicable based on source addresses. example of a standard access-list command
access-list 10 deny host 192.168.2.12 [enter]
access-list 10 permit any [enter]                                OR

access-list 10 deny 192.168.2.12 0.0.0.0 (0.0.0.0 are wildcard bits) 0 means "look at this" while 255 will mean "ignore this" This command syntax is the same as the example I have shown above.

TO APPLY A STANDARD ACCESS LIST to An INTERFACE
Go to the interface of the router you want to apply the command.
interface ethernet x/x (x/x is the interface number, your interface could be serial, Giga or fast)
IP access-group x (x is the standard access list number you used) in or out depending on you. e.g
IP access-group 10 in [enter]

TO APPLY A STANDARD ACCESS LIST to TELNET PORT
go to the telnet port
Line vty 0 4[enter]
access-class x (x is the access list number) in [enter]

TO VIEW ACCESS LIST
Go to privilege mode and type
show access-list [enter]
NOTE: I always advise people to put a remark on every access list they create so as to always remember what it does

TO REMARK AN ACCESS LIST
access-list x remark (put here a statement what your access list will stand for. x stands for access list number) [enter]

TO SET UP AN EXTENDED ACCESS LIST:
access-list xx (xx is any number ranging from 100-199) (permit or deny) (protocol TCP/UDP) (Source address) (Destination address) [Enter]
access-list 125 permit IP any any
A typical command will look like
access-list 125 deny IP 192.168.10.48 0.0.0.0 192.168.11.56 0.0.0.0.0 [enter]
access-list 125 permit IP  any any [enter]
    OR
access-list 125 deny IP host 192.168.10.48 host 192.168.11.56 [enter]
access-list 125 permit IP  any any [enter]

TO CONFIGURE NAT OVERLOAD: There are three steps to configure this
1) go to the router interfaces and label it inside or outside e.g
int e0/0 [enter]
IP nat inside or outside [enter]
2) identify internal IP addresses to be translated.(do these by using a named access-list) e.g
IP access-list standard xxxx(xxxx is the name you give your access-list)
permit or deny x.x.x.x (x.x.x.x is the IP address pool. define this by using wildcat bits) e.g permit 192.165.0.0 0.0.255.255 [enter]
3) Enable NAT overload
IP Nat inside source list xxxx( xxxx is your named access-list) interface ethernet 0/0(depends on your routers interface) overload [enter]

TO VIEW NAT TRANSLATIONS: privilege mode
Show IP nat translations

TO CONFIGURE STATIC NAT:
go to the router interfaces and label it inside or outside
int e0/0 [enter]
IP nat inside or outside [enter]
IP Nat inside source static x.x.x.x(x.x.x.x is the IP address to be translated) x.x.x.x (x.x.x.x is the new IP address outside from isp)[enter]
a typical command example looks like
ip nat inside source static 192.168.20.48 68.110.142.78 [ENTER]

TO CONFIGURE PPP (POINT TO POINT PROTOCOL)
Go to the routers link interface
int s0/0/0 (for example) [enter]
encapsulation pop [enter]        NOTE: the opposite router's link interface must also be set to ppp

HOW TO CONFIGURE PPP AUTHENTICATION:
1) Create usernames with passwords. Each router's username should be the name of the opposite router. to create a username, go to the Router's global config mode and type
Username xx (xx is the name of the opposite connecting router) password xx (xx is your password) [enter].                 NOTE: Do this on both routers interchanging their names but same password

2) Go to the routers link interface
int s0/0/0 (for example) [enter]
PPP Authentication Chap [enter]

HOW TO CONFIGURE A MULTIPOINT FRAME RELAY
- Assign an ip address to the router interface for example
int s0/0/0 [enter]
ip address x.x.x.x subnetmask (x.x.x.x is your ip address followed by subnet mask) [enter]
encapsulation Frame-relay [enter]         BUT FOR OLD ROUTERS, the command will be
Frame-relay Lmi-type xxx(xxx is the signal type you are going to use to talk to the service provider)
[enter]
frame-relay map ip x.x.x.x (x.x.x.x is the remote ip address you intend to reach) xxx (xxx is your local dlci ranging between 19- 1007) broadcast [enter]

so the format of the command will be
frame-relay map ip (remote address) (dlci number) broadcast [enter]
NB: Perform configuration on all the routers in the frame-relay network

HOW TO CONFIGURE A POINT TO POINT FRAME-RELAY
1) go to the Router's interface you want to use for frame relay connection for example
int s0/0/0 [enter]
encapsulation frame-relay [enter]
exit [enter]
2) create a sub-interface
int s0/0/0.any number(possibly your dlci number for possible recognition) point-to-point [enter]
ip address x.x.x.x subnet mask (x.x.x.x is your ip address number followed by subnetmask) [enter]
frame-relay interface-dlci xxx( xxx is your dlci number) [enter]
3) activate the main interface by typing
No shutdown
Once the main interface is activated, all sub interfaces become activated. Multipoint Frame relay is all about creating subinterfaces for every neighbor you are communicating with. use the same format to create sub interfaces and configurations for all the other neighbor routers

SWITCHES:
CONFIGURING SPANNING-TREE PROTOCOL
HOW TO SET THE ROOT BRIDGE
1) Go to global config mode of the switch you want to configure the root and type
spanning-tree Vlan 1 root primary [enter]
                                   OR
spanning-tree Vlan 1 root priority xxxx (xxxx is bridge priority number ranging from 0-61440) you can choose any number within this range but in increments of 4096

HOW TO CONFIGURE PER VLAN SPANNING TREE PLUS(PVST+) Multiple VLANs
spanning-tree vlan X,X,X,X (X stands for all your different Vlan Numbers separated with a comma) root primary [enter]

HOW TO CONFIGURE RAPID SPANNING TREE
1) Go to global config mode of the switch you want to configure and type
spanning-tree mode rapid-pvst [enter]
NOTE: Do the same configuration on all switches ensure to configure on PC ports so that they take over quickly when they are a fall on a link in the network.

TO CONFIGURE portfast
go to the port interface and type
Spanning-tree portfast

So these wraps up some of the advanced configurations for Cisco routers and switches. If you do face any problems with these, hook me up in the comments or contact me privately and I can help you out. Remember this is aimed at helping you do some level of configuration by yourself for your Soho network. I made an initial post about how to set up a SOHO network You may want to figure out how to do that. Check back from time to time as configurations will be updated to meet the new CCNA curriculum. However, I advise you to not solely rely on this if you are a test taker awaiting certification. rather go full mentorship or training with renown authors and institutions handling this.