The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to perform the initial configuration on Cisco 4000 Series Integrated Services Routers (ISRs). It contains the following sections:
You can perform initial configuration on Cisco 4000 Series ISRs by using either the setup command facility or the Cisco IOS command-line interface (CLI).
The setup command facility prompts you to enter the information about your router and network. The facility steps guides you through the initial configuration, which includes LAN and WAN interfaces. For more general information about the setup command facility, see the following document:
Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4, Part 2: Cisco IOS User Interfaces: Using AutoInstall and Setup:
http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-3s/products-installation-and-configuration-guides-list.html.
This section explains how to configure a hostname for the router, set passwords, and configure an interface to communicate with the management network.
Note The messages that are displayed will vary based on your router model, the installed interface modules, and the software image. The following example and the user entries (in bold) are shown only as examples.
Note If you make a mistake while using the setup command facility, you can exit and run the setup command facility again. Press Ctrl-C, and enter the setup command in privileged EXEC mode (Router#)
To configure the initial router settings by using the setup command facility, follow these steps:
Step 1 From the Cisco IOS-XE CLI, enter the setup command in privileged EXEC mode:
You are now in the Setup Configuration Utility.
Depending on your router model, the installed interface modules, and the software image, the prompts in the setup command facility vary. The following steps and the user entries (in bold) are shown only as examples.
Note This setup command facility is also entered automatically if there is no configuration on the router when it is booted into Cisco IOS-XE.
Note If you make a mistake while using the setup command facility, you can exit and run the setup command facility again. Press Ctrl-C, and enter the setup command at the privileged EXEC mode prompt (Router#). For more information on using the setup command facility, see The Setup Command chapter in Cisco IOS Configuration Fundamentals Command Reference, Release 12.2T, at the following URL: http://www.cisco.com/en/US/docs/ios/12_2t/fun/command/reference/122tfr.html
Step 2 To proceed using the setup command facility, enter yes.
Step 3 To enter the basic management setup, enter yes.
Step 4 Enter a hostname for the router (this example uses ‘myrouter’):
Step 5 Enter an enable secret password. This password is encrypted (for more security) and cannot be seen when viewing the configuration.
Step 6 Enter an enable password that is different from the enable secret password. This password is not encrypted (and is less secure) and can be seen when viewing the configuration.
Step 7 Enter the virtual terminal password, which prevents unauthenticated access to the router through ports other than the console port:
Step 8 Respond to the following prompts as appropriate for your network:
A summary of the available interfaces is displayed.
Note The interface summary includes interface numbering, which is dependent on the router model and the installed modules and interface cards.
Step 9 Respond to the following prompts as appropriate for your network:
The following configuration command script was created:
Step 10 Respond to the following prompts. Select [2] to save the initial configuration:
When using the Cisco Setup, and after you have provided all the information requested by the facility, the final configuration appears. To complete your router configuration, follow these steps:
Step 1 Choose to save the configuration when the facility prompts you to save the configuration.
Step 2 When the messages stop appearing on your screen, press Return to get the Router> prompt.
Step 3 Choose to modify the existing configuration or create another configuration. The Router> prompt indicates that you are now at the command-line interface (CLI) and you have just completed a initial router configuration. Nevertheless, this is not a complete configuration. At this point, you have two choices:
This section describes you how to access the command-line interface (CLI) to perform the initial configuration on the router.
Note To configure the initial router settings by using the Cisco IOS CLI, you must set up a console connection.
If the default configuration file is installed on the router prior to shipping, the system configuration dialog message does not appear, To configure the device, follow these steps:
Step 1 Enter the appropriate answer when the following system message appears on the router.
Step 2 Press Return to terminate autoinstall and continue with manual configuration:
Several messages are displayed, ending with a line similar to the following:
Step 3 Press Return to bring up the Router>
prompt.
Step 4 Type enable to enter privileged EXEC mode:
The hostname is used in CLI prompts and default configuration filenames. If you do not configure the router hostname, the router uses the factory-assigned default hostname “Router.”
4. Verify that the router prompt displays your new hostname.
|
|
|
---|---|---|
|
||
|
||
|
||
Verify that the router prompt displays your new hostname. |
||
|
To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password command or enable secret command. Both commands accomplish the same thing—they allow you to establish an encrypted password that users must enter to access privileged EXEC (enable) mode.
We recommend that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS XE software.
For more information, see the “Configuring Passwords and Privileges” chapter in the Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password Encryption Facts tech note and the Improving Security on Cisco Routers tech note.
If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously.
|
|
|
---|---|---|
|
||
|
||
|
(Optional) Sets a local password to control access to various privilege levels. |
|
|
Specifies an additional layer of security over the enable password command.
|
|
|
||
|
||
|
This section describes how to configure the console line’s idle privileged EXEC timeout. By default, the privileged EXEC command interpreter waits 10 minutes to detect user input before timing out.
When you configure the console line, you can also set communication parameters, specify autobaud connections, and configure terminal operating parameters for the terminal that you are using. For more information on configuring the console line, see the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide. In particular, see the “Configuring Operating Characteristics for Terminals” and “Troubleshooting and Fault Management” chapters.
The following example shows how to set the console idle privileged EXEC timeout to 2 minutes 30 seconds:
The following example shows how to set the console idle privileged EXEC timeout to 30 seconds:
The router provides an Ethernet management port named GigabitEthernet0.
The purpose of this interface is to allow users to perform management tasks on the router. It is an interface that should not and often cannot forward network traffic. It ca, however, be used to access the router through Telnet and SSH to perform management tasks on the router. The interface is most useful before a router begins routing, or in troubleshooting scenarios when other forwarding interfaces are inactive.
Note he following aspects of the management ethernet interface:
By default, a forwarding VRF is configured for the interface with a special group named “Mgmt-intf.” This cannot be changed. This isolates the traffic on the management interface away from the forwarding plane. The basic configuration is like other interfaces; however, there are many forwarding features that are not supported on these interfaces. No forwarding features can be configured on the GigabitEthernet0 interface as it is only used for management.
The Gigabit Ethernet Management port is always GigabitEthernet0.
The port can be accessed in configuration mode.
This sections shows how to assign an IP address and interface description to an Ethernet interface on your router.
For comprehensive configuration information on Gigabit Ethernet interfaces, see the “Configuring LAN Interfaces” chapter of Cisco IOS Interface and Hardware Component Configuration Guide, http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflanin.html
For information on interface numbering, see the software configuration guide for your router.
|
|
|
---|---|---|
|
||
|
Displays a brief status of the interfaces that are configured for IP. |
|
|
||
interface { fastethernet | gigabitethernet } 0/ port |
Specifies the Ethernet interface and enters interface configuration mode. Note For information on interface numbering, see Slots, Subslots (Bay), Ports, and Interfaces in Cisco 4000 Series ISRs. |
|
Router(config-if)# description GE int to 2nd floor south wing |
(Optional) Adds a description to an interface configuration. The description helps you remember what is attached to this interface. The description can be useful for troubleshooting. |
|
|
||
|
||
|
||
|
Displays a brief status of the interfaces that are configured for IP. Verify that the Ethernet interfaces are up and configured correctly. |
Configuring the GigabitEthernet Interface: Example
Sample Output for the show ip interface brief Command
This section describes how to specify a default route with IP routing enabled. For alternative methods of specifying a default route, see the Configuring a Gateway of Last Resort Using IP Commands Technical Specifications Note.
The Cisco IOS-XE software uses the gateway (router) as a last resort if it does not have a better route for a packet and if the destination is not a connected network. This section describes how to select a network as a default route (a candidate route for computing the gateway of last resort). The way in which routing protocols propagate the default route information varies for each protocol.
For comprehensive configuration information about IP routing and IP routing protocols, see the Configuring IP Routing Protocol-Independent Feature at cisco.com.
IP routing is automatically enabled in the Cisco ISO- XE software. When IP routing is configured, the system will use a configured or learned route to forward packets, including a configured default route.
Note This task section does not apply when IP routing is disabled. To specify a default route when IP routing is disabled, refer to the Configuring a Gateway of Last Resort Using IP Commands Technical Specifications Note at cisco.com.
A router might not be able to determine the routes to all other networks. To provide complete routing capability, the common practice is to use some routers as smart routers and give the remaining routers default routes to the smart router. (Smart routers have routing table information for the entire internetwork.) These default routes can be passed along dynamically, or can be configured into the individual routers.
Most dynamic interior routing protocols include a mechanism for causing a smart router to generate dynamic default information that is then passed along to other routers.
If a router has an interface that is directly connected to the specified default network, the dynamic routing protocols running on the router generates or sources a default route. In the case of RIP, the router will advertise the pseudonetwork 0.0.0.0. In the case of IGRP, the network itself is advertised and flagged as an exterior route.
A router that is generating the default for a network may also need a default of its own. One way a router can generate its own default is to specify a static route to the network 0.0.0.0 through the appropriate device.
When default information is being passed along through a dynamic routing protocol, no further configuration is required. The system periodically scans its routing table to choose the optimal default network as its default route. In the case of RIP, there is only one choice, network 0.0.0.0. In the case of IGRP, there might be several networks that can be candidates for the system default. The Cisco IOS-XE software uses both administrative distance and metric information to determine the default route (gateway of last resort). The selected default route appears in the gateway of last resort display of the show ip route EXEC command.
If dynamic default information is not being passed to the software, candidates for the default route are specified with the ip default-network global configuration command. In this usage, the ip default-network command takes an unconnected network as an argument. If this network appears in the routing table from any source (dynamic or static), it is flagged as a candidate default route and is a possible choice for the default route.
If the router has no interface on the default network, but does have a route to it, it considers this network as a candidate default path. The route candidates are examined and based on administrative distance and metric, the best one is chosen. The gateway to the best default path becomes the gateway of last resort.
3. ip route dest-prefix mask next-hop-ip-address [ admin-distance ] [ permanent ]
4. ip default-network network-number
or
ip route dest-prefix mask next-hop-ip-address
Specifying a Default Route: Example
Sample Output for the show ip route Command
Virtual terminal (vty) lines are used to allow remote access to the router. This section shows you how to configure the virtual terminal lines with a password, so that only authorized users can remotely access the router.
By default, the router has five virtual terminal lines. However, you can create additional virtual terminal lines. See the Cisco IOS XE Dial Technologies Configuration Guide at http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/2_xe/dia_2_xe_book.html.
Line passwords and password encryption is described in the C isco IOS XE Security Configuration Guide: Secure Connectivity document available at the following URL: http://www.cisco.com/en/US/docs/ios/ios_xe/sec_secure_connectivity/configuration/guide/2_xe/sec_secure_connectivity_xe_book.html. See the Security with Passwords, Privilege Levels, and Login Usernames for CLI Sessions on Networking Devices section. If you want to secure the virtual terminal lines (vty) with an access list, see the Access Control Lists: Overview and Guidelines.
3. line vty line-number [ ending-line-number ]
8. From another network device, attempt to open a Telnet session to the router.
The following example shows how to configure virtual terminal lines with a password:
After you configure the vty lines, follow these steps:
This section describes how to enter line configuration mode for the auxiliary line. How you configure the auxiliary line depends on your particular implementation of the auxiliary (AUX) port. See the following documents for information on configuring the auxiliary line:
4. See the Technical Specifications Note and sample configurations to configure the line for your particular implementation of the AUX port.
This section describes how to verify network connectivity for your router.
The following display shows sample output for the ping command when you ping the IP address 192.168.7.27:
The following display shows sample output for the ping command when you ping the IP hostname donald:
This section describes how to avoid losing your configuration at the next system reload or power cycle by saving the running configuration to the startup configuration in NVRAM. The NVRAM provides 256KB of storage on the router.
|
|
|
---|---|---|
|
Enables privileged EXEC mode. Enter your password if prompted. |
|
copy running-config startup-config |
Saves the running configuration to the startup configuration. |
To aid file recovery and minimize downtime in case of file corruption, we recommend that you save backup copies of the startup configuration file and the Cisco IOS-XE software system image file on a server.
Copying the Startup Configuration to a TFTP Server: Example
The following example shows the startup configuration being copied to a TFTP server:
Copying from Flash Memory to a TFTP Server: Example
The following example shows the use of the show {flash0|flash1}: command in privileged EXEC to learn the name of the system image file and the use of the copy {flash0|flash1}: tftp: privileged EXEC command to copy the system image to a TFTP server. The router uses the default username and password.
Note To avoid losing work you have completed, be sure to save your configuration occasionally as you proceed. Use the copy running-config startup-config command to save the configuration to NVRAM.
Enter the following commands at Cisco IOS-XE to verify the initial configuration on the router:
When you have completed and verified the initial configuration, specific features and functions are ready to be configured. See the Software Configuration Guide for the Cisco 4400 and Cisco 4300 Series ISRs.
The ROM Monitor is a bootstrap program that initializes the hardware and boots the Cisco IOS XE software when you power on or reload a router. When you connect a terminal to the router that is in ROM Monitor mode, the ROM Monitor command-line interface (CLI) prompt is displayed.
During normal operation, users do not use ROM Monitor mode. ROM Monitor mode is used only in special circumstances, such as reinstalling the entire software set, resetting the router password, or specifying a configuration file to use at startup.
The ROM Monitor software is known by different names. It is sometimes called ROMMON because of the CLI prompt in ROM Monitor mode. It is also called the boot software, boot image, or boot helper. Although it is distributed with the routers that use the Cisco IOS XE software, the ROM Monitor software is a program that is separate from the Cisco IOS XE software. During normal startup, the ROM Monitor initializes the router, and then control passes to the Cisco IOS XE software. After the Cisco IOS XE software takes over, the ROM Monitor is no longer in use. For more information, see the ROMMON Overview section of the Upgrading Field-Programmable Hardware Devices for Cisco 4000 Series ISRs