Cisco IOS Router Basic Configuration

hussien.samer · July 11, 2015, 6:36pm

Hi Rene,

How do we know how many VTY lines ( SSH or Telnet ) open in the same router at the same time?
and how to kick one of them or all them except the line that I used?

ReneMolenaar · July 12, 2015, 10:40am

Hi Hussein,

You can see all lines with the “show line” command and you can disconnect one with the “clear line” command. For SSH it’s better to use “show ssh” as you will be able to see the usernames.

Rene

ReneMolenaar · July 12, 2015, 10:48am

Hi Hussein,

Normally a router only has L3 interfaces, you will find the VLAN interfaces normally on L2 or L3 switches.

On a L2 switch, this is where you configure the IP address so you can manage it remotely through telnet or SSH.

On L3 switches, we can use an IP address on a VLAN interface as the default gateway for a VLAN. Here’s an example for this:

https://networklessons.com/switching/intervlan-routing/

Rene

hussien.samer · July 12, 2015, 9:00pm

thanks Rene,

I I understood the benefit of assigning an IP address on a VLAN interface
on a L2 & L3 switches.

But when I use 2911 router in packet tracer or any other routers, observed one of the interface is vlan and his protocol status is always down and I know that router’s interfaces are routed port so there is no way to access this vlan to one of this router interfaces so my question is what is the benefit of this vlan interface and how to change his protocol status to up.

Greetings,

ReneMolenaar · July 12, 2015, 9:06pm

Hi Hussein,

Did you use one of the Etherswitch modules in the 2911?

Rene

hussien.samer · July 12, 2015, 9:41pm

Nope,

I use 2911 in cisco packet tracer and I just drag and drop the icon of this router without add any etherswitch modules؟

I think etherswitch modules it can be added in GNS3 only, right ? or am I wrong?

ReneMolenaar · July 13, 2015, 10:57am

Hi Hussein,

I just checked and packet tracer does support the HWIC-4ESW module for switching ports. Normally on a router we don’t use VLAN interfaces, only if you require a L3 interface for switchports. The switchports of a switch module are a good example but it’s also used for the internal access point on a 1941. Here’s an example where I used it:

https://networklessons.com/wireless/cisco-1941w-wireless-configuration-example/

Rene

aravindchp · August 3, 2016, 4:53am

Hi Rene,

I really appreciate your efforts in explaining some of the difficult topics in a much simpler and easy to understand method.

I have a small query on this topic.

If I want to swap a faulty router with a new one and If I have config file available on the flash of faulty router, and after I erase start-up configs and copy config file to NVRAM and ready to reload the new router, do I need to enter Yes or No?

yourname#reload
System configuration has been modified. Save? [yes/no]: no >>>>>>>>>> Here at this point

Please clarify.

Thanks

Aravind

lagapidis · August 3, 2016, 10:55am

Hello Aravind.

If I’ve understood your question correctly, you’ve erased the startup config from the new router, and you’ve copied the startup config from the old router to the new router.

If that is the case, then the startup config in the new router is the configuration you want to end up with when you reload, regardless of what the running config is. So, if you want to keep the startup config, then you should answer NO so that upon reload, the startup config will be loaded.

I hope this has been helpful!

Laz

aravindchp · August 3, 2016, 5:04pm

Hi Laz,

Thank you. Yes, your explanation was helpful.

Regards

Aravind

mrleeiian · October 27, 2016, 5:03am

Hi Rene,

I have a particular problem with a switch which I cant access.

line vty 0 4
 exec-timeout 0 0
 password 7 121F54041A0D5D0A
 logging synchronous
 login
 transport input all
 transport output all

line vty 5 15
 access-class 23 in
 exec-timeout 0 0
 password 7 03020A180E0970424
 login
 transport input telnet
 transport output telnet

My ipaddress is in the acl 23.
Both ports are configured with the correct vlan, this switch and switch connecting to it.
Transport input is all.
the switch that I cannot access is pingable but will refuse ssh and telnet.
Default gateway correct. (checked old configs)

Is the switch busted? Or am I missing something?

andrew · October 27, 2016, 6:59pm

We will need more information. What IP are you trying to reach on the switch? Is this IP an SVI or assigned to a physical interface? What IP are you making the connection from? What are the details of your access-list 23? Have you tried making your connection on the same subnet as the IP to which you are trying to connect? When say it is refusing the connection, is the port open, but actively rejecting your attempt, or you get no response at all? If you are using SSH, I assume you have done a crypto key generate rsa?

mrleeiian · November 2, 2016, 1:09am

We will need more information. What IP are you trying to reach on the switch? 10.0.212.x/24

Is this IP an SVI or assigned to a physical interface?
SVI with correct ip default-gateway 10.0.212.1 configured

What IP are you making the connection from?
10.13.8.10/24

What are the details of your access-list 23?
access-list 23 permit 10.13.8.0 0.0.0.255

Have you tried making your connection on the same subnet as the IP to which you are trying to connect?
Yes my jumphost is in the same subnet as the access-list 23

When say it is refusing the connection, is the port open, but actively rejecting your attempt, or you get no response at all?
I am getting a response. “The remote system refused the connection” error message on both telnet and ssh.

If you are using SSH, I assume you have done a crypto key generate rsa?
Cant do a sh crypto key rsa but I have some old configs that show the below
crypto pki trustpoint TP-self-signed-xxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxxxx
revocation-check none
rsakeypair TP-self-signed-2890998016
!
!
crypto pki certificate chain TP-self-signed-xxxxxxxx
bunch of numbers/characters

lagapidis · November 13, 2016, 4:21pm

Hello I Ian

Looking over your config and your comments, I suggest you check the following:

Since you can ping the IP address, routing to the device is successful, so no problems there.
There’s no timeout, so it can’t be busy ports
A refusal of connection with this message that you report means that something, such as a lack of ssh or telnet configuration, is not allowing you to connect.
Are there any restrictions on the SVI interface such as access lists?

The quickest way to solve this would probably be to do a password recovery via a console and check the config. You should remove any configuration of the VTY lines and reconfigure them including a new crypto key generate rsa for your SSH configuration.

I hope this has been helpful!

Laz

shantel · December 26, 2016, 7:10pm

19 posts were merged into an existing topic: Configuring Cisco router for the first time

cephasdal · June 18, 2020, 10:06pm

Switch(config)#enable algorithm-type ?
  md5     Encode the password using the MD5 algorithm
  scrypt  Encode the password using the SCRYPT hashing algorithm
  sha256  Encode the password using the PBKDF2 hashing algorithm

lagapidis · June 22, 2020, 6:19am

Hello Pau

The algorithm-type keyword for the enable command is not available in packet tracer. I tried it on several different devices but it was not available. This is a command that simply chooses the algorithm that will be used to hash the enable secret. You can find out more about it at the following command line reference:

I hope this has been helpful!

Laz