Basic Router Configuration

This section includes information about some basic router configuration, and contains the following sections:

Default Configuration

When you boot up the router, the router looks for a default file name-the PID of the router. For example, the Cisco 4000 Series Integrated Services Routers look for a file named isr 4451.cfg. The Cisco 4000 Series ISR looks for this file before finding the standard files-router-confg or the ciscortr.cfg.

The Cisco 4000 ISR looks for the isr4451.cfg file in the bootflash. If the file is not found in the bootflash, the router then looks for the standard files-router-confg and ciscortr.cfg. If none of the files are found, the router then checks for any inserted USB that may have stored these files in the same particular order.


Note

If there is a configuration file with the PID as its name in an inserted USB, but one of the standard files are in bootflash, the system finds the standard file for use.

Use the show running-config command to view the initial configuration, as shown in the following example: 

Router# show running-config
Building configuration...
Current configuration : 977 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
ipv6 multicast rpf use-bgp
!
!
multilink bundle-name authenticated
!
!
redundancy
mode none
!
 
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
 
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
login
!
!
end

Configuring Global Parameters

To configure the global parameters for your router, follow these steps.

SUMMARY STEPS

  1. configure terminal
  2. hostname name
  3. enable secret password
  4. no ip domain-lookup

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:


Router> enable
Router# configure terminal
Router(config)#

Enters global configuration mode when using the console port.

Use the following to connect to the router with a remote terminal: 

telnet router-name or address
Login: login-id
Password: *********
Router> enable

Step 2

hostname name

Example:


Router(config)# hostname Router

Specifies the name for the router.

Step 3

enable secret password

Example:


Router(config)# enable secret cr1ny5ho

Specifies an encrypted password to prevent unauthorized access to the router.

Step 4

no ip domain-lookup

Example:


Router(config)# no ip domain-lookup

Disables the router from translating unfamiliar words (typos) into IP addresses.

For complete information on global parameter commands, see the Cisco IOS Release Configuration Guide documentation set.

Configuring Gigabit Ethernet Interfaces

To manually define onboard Gigabit Ethernet interfaces, follow these steps, beginning from global configuration mode.

SUMMARY STEPS

  1. interface gigabitethernet slot/bay/port
  2. ip address ip-address mask
  3. ipv6 address ipv6-address/prefix
  4. no shutdown
  5. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

interface gigabitethernet slot/bay/port

Example:


Router(config)# interface gigabitethernet 0/0/1

Enters the configuration mode for a Gigabit Ethernet interface on the router.

Step 2

ip address ip-address mask

Example:


Router(config-if)# ip address 192.168.12.2 255.255.255.0

Sets the IP address and subnet mask for the specified Gigabit Ethernet interface. Use this Step if you are configuring an IPv4 address.

Step 3

ipv6 address ipv6-address/prefix

Example:


Router(config-if)# ipv6 address 2001.db8::ffff:1/128

Sets the IPv6 address and prefix for the specified Gigabit Ethernet interface. Use this step instead of Step 2, if you are configuring an IPv6 address.

Step 4

no shutdown

Example:


Router(config-if)# no shutdown

Enables the Gigabit Ethernet interface and changes its state from administratively down to administratively up.

Step 5

exit

Example:


Router(config-if)# exit

Exits configuration mode for the Gigabit Ethernet interface and returns to privileged EXEC mode.

Configuring a Loopback Interface

Before you begin

The loopback interface acts as a placeholder for the static IP address and provides default routing information.

To configure a loopback interface, follow these steps.

SUMMARY STEPS

  1. interface type number
  2. (Option 1) ip address ip-address mask
  3. (Option 2) ipv6 address ipv6-address/prefix
  4. exit

DETAILED STEPS

  Command or Action Purpose

Step 1

interface type number

Example:


Router(config)# interface Loopback 0

Enters configuration mode on the loopback interface.

Step 2

(Option 1) ip address ip-address mask

Example:


Router(config-if)# ip address 10.108.1.1 255.255.255.0

Sets the IP address and subnet mask on the loopback interface. (If you are configuring an IPv6 address, use the ipv6 address ipv6-address/prefix command described below.

Step 3

(Option 2) ipv6 address ipv6-address/prefix

Example:


Router(config-if)# 2001:db8::ffff:1/128

Sets the IPv6 address and prefix on the loopback interface.

Step 4

exit

Example:


Router(config-if)# exit

Exits configuration mode for the loopback interface and returns to global configuration mode.

Example

The loopback interface in this sample configuration is used to support Network Address Translation (NAT) on the virtual-template interface. This configuration example shows the loopback interface configured on the Gigabit Ethernet interface with an IP address of 192.0.2.0/24, which acts as a static IP address. The loopback interface points back to virtual-template1, which has a negotiated IP address. 

!
interface loopback 0
ip address 192.0.2.0 255.255.255.0 (static IP address)
ip nat outside
!
interface Virtual-Template1
ip unnumbered loopback0
no ip directed-broadcast
ip nat outside

Enter the show interface loopback command. You should see an output similar to the following example: 


Router# show interface loopback 0
Loopback0 is up, line protocol is up 
  Hardware is Loopback
  Internet address is 203.0.113.1/24
  MTU 1514 bytes, BW 8000000 Kbit, DLY 5000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation LOOPBACK, loopback not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Queueing strategy: fifo
  Output queue 0/0, 0 drops; input queue 0/75, 0 drops
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

Alternatively, use the ping command to verify the loopback interface, as shown in the following example: 


Router# ping 192.0.2.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.0, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Hardware Limitations for MAC Filters

This section provides the number and distribution of supported virtual MAC addresses on the Cisco 4000 Series ISRs. The virtual MAC address filters are supported on the following interfaces:

  • GigabitEthernet Interface MAC Filters

  • TenGigabitEthernet Interface MAC Filters

GigabitEthernet Interface MAC Address Filters

The device supports a set of 32 MAC address filters. You can be use these filters across the four GE ports. Each 4 GEport reserves one entry for the primary MAC address (BIA). You can use the remaining 28 MAC filters for features such as Hot Standby Router Protocol (HSRP).


Note
Each port can use any number of the available feature filters. A single port can use a maximum of 28 feature filters. If all the 4 GE ports uses the filters equally, then each port can have a maximum of seven filters.

TenGigabitEthernet Interface MAC Address Filters

The device supports a set of 32 MAC address filters. You can be use these filters across the two 10GE ports. Each 10GE port reserves one entry for the primary MAC address (BIA). You can use the remaining 30 MAC filters for features such as HSRP.


Note
Each port can use any number of the available feature filters. A single port can use a maximum of 30 feature filters. If both the ports uses the filters equally, then each port can have a maximum of 15 filters.

This limitation applies to port-channel configuration as well. With port-channel configuration, vMACs are reserved per physical interface even when they are bundled in a single port-channel interface. Therefore, the 30 available MAC filters can be attached to a maximum of 15 port-channels.

MAC Filter Distribution

The following tables provide the MAC filter distribution for the Cisco 4000 Series ISRs:

Table 1. Cisco 4461 ISR MAC Filter Distribution

Interface

Total Filters

Primary MAC Address (BIA)

Feature Filters

Gigabit0/0/0

32

=

1

+

28

Gigabit0/0/1

1

Gigabit0/0/2

1

Gigabit0/0/3

1

TenGigabit0/0/0

32

=

1

+

30

TenGigabit0/0/1

1
Table 2. Cisco 4451 and 4431 ISRs GigabitEthernet Interface MAC Filters Distribution

Interface

Total Filters

Primary MAC Address (BIA)

Feature Filters

Gigabit0/0/0

32

=

1

+

28

Gigabit0/0/1

1

Gigabit0/0/2

1

Gigabit0/0/3

1
Table 3. Cisco ISR4351 and 4331 ISR MAC Filter Distribution

Interface

Total Filters

Primary MAC Address (BIA)

Feature Filters

Gigabit0/0/0

16

=

1

+

15

Gigabit0/0/1

16

1

15

Gigabit0/0/2

16

1

15
Table 4. Cisco 4321 and 4221 ISRs MAC Filter Distribution

Interface

Total Filters

Primary MAC Address (BIA)

Feature Filters

Gigabit0/0/0

16

=

1

+

15

Gigabit0/0/1

16

 =

1

 +

15

Configuring Command-Line Access

To configure parameters to control access to the router, follow these steps.

SUMMARY STEPS

  1. line [aux | console | tty | vty] line-number
  2. password password
  3. login
  4. exec-timeout minutes [seconds]
  5. exit
  6. line [aux | console | tty | vty] line-number
  7. password password
  8. login
  9. end

DETAILED STEPS

  Command or Action Purpose

Step 1

line [aux | console | tty | vty] line-number

Example:


Router(config)# line console 0

Enters line configuration mode, and specifies the type of line.

The example provided here specifies a console terminal for access.

Step 2

password password

Example:


Router(config-line)# password 5dr4Hepw3

Specifies a unique password for the console terminal line.

Step 3

login

Example:


Router(config-line)# login

Enables password checking at terminal session login.

Step 4

exec-timeout minutes [seconds]

Example:


Router(config-line)# exec-timeout 5 30
Router(config-line)#

Sets the interval during which the EXEC command interpreter waits until user input is detected. The default is 10 minutes. Optionally, adds seconds to the interval value.

The example provided here shows a timeout of 5 minutes and 30 seconds. Entering a timeout of 0 0 specifies never to time out.

Step 5

exit

Example:


Router(config-line)# exit

Exits line configuration mode to re-enter global configuration mode.

Step 6

line [aux | console | tty | vty] line-number

Example:


Router(config)# line vty 0 4
Router(config-line)#

Specifies a virtual terminal for remote console access.

Step 7

password password

Example:


Router(config-line)# password aldf2ad1

Specifies a unique password for the virtual terminal line.

Step 8

login

Example:


Router(config-line)# login

Enables password checking at the virtual terminal session login.

Step 9

end

Example:


Router(config-line)# end

Exits line configuration mode, and returns to privileged EXEC mode.

Example

The following configuration shows the command-line access commands.

You do not have to input the commands marked default. These commands appear automatically in the configuration file that is generated when you use the show running-config command. 

!
line console 0
exec-timeout 10 0
password 4youreyesonly
login
transport input none (default)
stopbits 1 (default)
line vty 0 4
password secret
login
!

Configuring Static Routes

Static routes provide fixed routing paths through the network. They are manually configured on the router. If the network topology changes, the static route must be updated with a new route. Static routes are private routes unless they are redistributed by a routing protocol.

To configure static routes, follow these steps.

SUMMARY STEPS

  1. (Option 1) ip route prefix mask {ip-address | interface-type interface-number [ip-address]}
  2. (Option 2) ipv6 route prefix/mask {ipv6-address | interface-type interface-number [ipv6-address]}
  3. end

DETAILED STEPS

  Command or Action Purpose

Step 1

(Option 1) ip route prefix mask {ip-address | interface-type interface-number [ip-address]}

Example:


Router(config)# ip route 192.168.1.0 255.255.0.0 10.10.10.2

Specifies a static route for the IP packets. (If you are configuring an IPv6 address, use the ipv6 route command described below.)

Step 2

(Option 2) ipv6 route prefix/mask {ipv6-address | interface-type interface-number [ipv6-address]}

Example:


Router(config)# ipv6 route 2001:db8:2::/64

Specifies a static route for the IP packets.

Step 3

end

Example:


Router(config)# end

Exits global configuration mode and enters privileged EXEC mode.

Example

In the following configuration example, the static route sends out all IP packets with a destination IP address of 192.168.1.0 and a subnet mask of 255.255.255.0 on the Gigabit Ethernet interface to another device with an IP address of 10.10.10.2. Specifically, the packets are sent to the configured PVC.

You do not have to enter the command marked default. This command appears automatically in the configuration file generated when you use the running-config command. 

!
ip classless (default)
ip route 192.168.1.0 255.255.255.0

To verify that you have configured static routing correctly, enter the show ip route command (or show ipv6 route command) and look for static routes marked with the letter S.

When you use an IPv4 address, you should see verification output similar to the following: 


Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.10.10.2/24 is subnetted, 1 subnets
C       10.10.10.2 is directly connected, Loopback0
S*   0.0.0.0/0 is directly connected, FastEthernet0

When you use an IPv6 address, you should see verification output similar to the following: 


Router# show ipv6 route
IPv6 Routing Table - default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
       I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
       EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE -
Destination
       NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       ls - LISP site, ld - LISP dyn-EID, a - Application

C   2001:DB8:3::/64 [0/0]
       via GigabitEthernet0/0/2, directly connected
S   2001:DB8:2::/64 [1/0]
       via 2001:DB8:3::1

Configuring Dynamic Routes

In dynamic routing, the network protocol adjusts the path automatically, based on network traffic or topology. Changes in dynamic routes are shared with other routers in the network.

A router can use IP routing protocols, such as Routing Information Protocol (RIP) or Enhanced Interior Gateway Routing Protocol (EIGRP), to learn about routes dynamically.

Configuring Routing Information Protocol

To configure the RIP on a router, follow these steps.

SUMMARY STEPS

  1. router rip
  2. version {1 | 2}
  3. network ip-address
  4. no auto-summary
  5. end

DETAILED STEPS

  Command or Action Purpose

Step 1

router rip

Example:


Router(config)# router rip

Enters router configuration mode, and enables RIP on the router.

Step 2

version {1 | 2}

Example:


Router(config-router)# version 2

Specifies use of RIP version 1 or 2.

Step 3

network ip-address

Example:


Router(config-router)# network 192.168.1.1
Router(config-router)# network 10.10.7.1

Specifies a list of networks on which RIP is to be applied, using the address of the network of each directly connected network.

Step 4

no auto-summary

Example:


Router(config-router)# no auto-summary

Disables automatic summarization of subnet routes into network-level routes. This allows subprefix routing information to pass across classful network boundaries.

Step 5

end

Example:


Router(config-router)# end
Exits router configuration mode, and enters privileged EXEC mode.

Example

The following configuration example shows RIP Version 2 enabled in IP networks 10.0.0.0 and 192.168.1.0. To see this configuration, use the show running-config command from privileged EXEC mode. 

!
Router# show running-config
Building configuration...

Current configuration : 1616 bytes
!
! Last configuration change at 03:17:14 EST Thu Sep 6 2012
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable password cisco
!
no aaa new-model
!
transport-map type console consolehandler
 banner wait ^C
Waiting for IOS vty line
^C
 banner diagnostic ^C
Welcome to diag mode
^C
!
clock timezone EST -4 0
!
!


ip domain name cisco.com
ip name-server vrf Mgmt-intf 203.0.113.1
ip name-server vrf Mgmt-intf 203.0.113.129

!
ipv6 multicast rpf use-bgp
!
!
multilink bundle-name authenticated
!
redundancy
 mode none
!
ip ftp source-interface GigabitEthernet0
ip tftp source-interface GigabitEthernet0
!
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 172.18.77.212 255.255.255.240
 negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 172.18.77.209
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password cisco
 login
!
transport type console 0 input consolehandler
!
ntp server vrf Mgmt-intf 10.81.254.131
!
end

To verify that you have configured RIP correctly, enter the show ip route command and look for RIP routes marked with the letter R. You should see an output similar to the one shown in the following example: 

Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.108.1.0 is directly connected, Loopback0
R    10.0.0.0/8 [120/1] via 10.2.2.1, 00:00:02, Ethernet0/0/0

Configuring Enhanced Interior Gateway Routing Protocol

To configure Enhanced Interior Gateway Routing Protocol (EIGRP), follow these steps.

SUMMARY STEPS

  1. router eigrp as-number
  2. network ip-address
  3. end

DETAILED STEPS

  Command or Action Purpose

Step 1

router eigrp as-number

Example:


Router(config)# router eigrp 109

Enters router configuration mode, and enables EIGRP on the router. The autonomous-system number identifies the route to other EIGRP routers and is used to tag the EIGRP information.

Step 2

network ip-address

Example:


Router(config)# network 192.168.1.0
Router(config)# network 10.10.12.115

Specifies a list of networks on which EIGRP is to be applied, using the IP address of the network of directly connected networks.

Step 3

end

Example:


Router(config-router)# end
Exits router configuration mode, and enters privileged EXEC mode.

Example

The following configuration example shows the EIGRP routing protocol enabled in IP networks 192.168.1.0 and 10.10.12.115. The EIGRP autonomous system number is 109. To see this configuration, use the show running-config command. 

Router# show running-config
.
.
.
!
router eigrp 109
	network 192.168.1.0
		network 10.10.12.115
!
.
.
.

To verify that you have configured IP EIGRP correctly, enter the show ip route command, and look for EIGRP routes marked by the letter D. You should see verification output similar to the following: 

Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.108.1.0 is directly connected, Loopback0
D    	10.0.0.0/8 [90/409600] via 10.2.2.1, 00:00:02, Ethernet0/0