How to configure cisco router for the first time (CCNA Level) | 2021

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

configuring cisco router can be a tough call if you've never done it before in this video i'm going to show you how to configure cisco router from scratch hi this is david godibaza from its solutions network i've been in the itu world for over 20 years and now i have my own youtube channel let's get started okay let's let's start so i have a computer here with static ip addresses on it and i have a cisco router with the empty configuration there's no startup configuration at all and there's an isp we have subnet and ip addresses from the isp and we have internal network information this is the cisco device and it has no configuration at all this is the first boot and as you can see we get all these meshes during the first boot so we need to go into enable mode and in the enable mode we can try and run the command show ip interface brief which will give us the information about the interfaces we have they all are down means disabled and we'll have the ip address assigned to it as you can see in the topology we're gonna use gigabit ethernet 2 for the inside interface and we're going to use gigabit one as an outside interface let's go start and configure them show ip interface brief will show us information about the interfaces we have so we have four interfaces all of them are shut down and we don't have the ip addresses on them we need to configure these interfaces in order to you know have the configured router first we're going to configure the gigabit one that's in our outside interface ip address 12.34.56.22 as you can see on the topology in the background that's our ip address we need to enable this interface and then we need to configure the gigabit ethernet 2 with the ip address 192 168 2. 1. slash 24 again no shutdown so let's see what we have now this is what we have we have outside inside ip this is what we have we have inside ip we have outside ip and let's try in the pink isp ip address that would be one okay we pin we can ping isp and we enabled interfaces let's see if the computer can ping a cisco router okay we already have the ib address on the computer and let's go ahead and try to ping cisco router by typing ping 192 168 to 1. okay we can ping cisco device perfect let's move on and uh try to add the default gateway the reason why we need to add the default gateway because cisco doesn't know how to go to the outside world so if we pin google dns cisco won't be able to ping that because it doesn't have a clue where to go and to make sure we can check show ip route and as you can see there is no default route in the drawing table so what we are going to do to fix that is we are going to add the routing table we we are going to add the default gateway into routing table and our default gateway will be 12.34.56 and if we check routing table again we'll see that now we have this default gateway and if we ping google dns we should be able to ping them ping it okay perfect we can ping google dns but that's not enough to allow inside computers to surf the internet so if you paint google dns from the computer you won't be able to print it the reason for that is that we don't get the answers from the isp because isp doesn't know about this internal soundness at all so what we need to do is translate this source subnet any ip from the subnet into public ip which is 12.34.56.2 and to do that we need to create an access list to match the traffic then we need to put the global configuration for the net and we need to do not configuration on the interfaces so let's create the first the access list permit to match the traffic we need to use permit permit ip and our source subnet would be our internal subnet and any destination then we need to put the actual net configuration we're gonna use the access list we just created and we want to translate our source subnet into gigabit ethernet one ip address and we need to enable ip not inside and ip not outside on the interfaces perfect so now we should be able to ping the google dns from the windows computer and we are able to ping it okay now let's make it easier we want to have the dhcp server running on the network because we don't like to use static ips just like we have on this windows computer and for that we need to create the hp configuration on the cisco device let's first exclude several ips from the pool because we could use this ips to manage the access points switches or all sorts of stuff ipdhcp excluded address to 192.168 to 1 and let's make it 10 okay so all the ips from this range will be excluded from being assigned on the computers now let's create the actual dhp pool name that name it lan subnet put the network put the default gateway because we obviously need to have the default gateway on the computer what once the computer gets the ip address from the dhcp server and we also need to have the dns server so let's let's do the dns error as well perfect let's go ahead and try to change it to the dhp client instead of static ip instead of manual ip and see what's going to happen okay so this is our first ip.11 remember because we excluded all the first 10 ips all the ips from this range first in ips and that's why we have dot 11. we have the same subnet as the configuration and we have the gateway as per our configuration and of course we have the dns because we included the dns in the dhp configuration perfect it's it's done now let's configure the remote access because we don't want to use the console cable and physically connect to the router every time we want to run the command or check the status or you know like troubleshoot or change the configuration let's go ahead and enable triple a new model which is authentication authorization and accounting and create the username cisco and the password cisco one two three now you might have seen that uh some people use password instead of secret but remember password is not good it's bad it's unencrypted it can be decrypted it's no good just don't use it so every time you have to create the username inside the cisco device use secret instead of password okay and we need to create the enable password because we didn't add the privilege mode on the user here you can actually do that from here we can now that's weird okay so now let's create the enable password and again we use secret not the password you have an option here to use the password but use secret it's more secure and our password will be sasa okay perfect now in order to load let's first connect through the telnet and see how it works cisco cisco one two three enable password sasa perfect is there but remember telnet is not good because it's a plain text if someone captures the traffic they can see the password that's why we want to use ssh and in order to use ssh we need to generate sh keys and to generate ssh keys we need to assign hostname and we need to give domain name so let's go ahead and do that hostname would be r1 and ip domain name would be david lab local okay that will work crypto key generate rsa this is how we generate sh keys and we give the maximum bit uh key size because we want to be more secure you know we like security and because sh version 1.99 is vulnerable we want to change it to version 2. okay perfect now if you remember we didn't disable the telnet so if we'll try to connect we'll still we are still able to connect to it which is not cool we need to disable telnet and to do that we're going to line with ui no 0 up to what we have 98 and we do transport input ssh and we don't include telnet only ssh this will disable telnet and nobody can use telnet anymore which is good because you know we don't want someone to use the telnet we only want to use sh right now we want to make it more secure so let's add the axle on the outside interface and only and on virtual interface for the sh ip access list standard so we want to allow connections only from the from this computer with ips.11 i believe yes let's go ahead and try to add this ip only with ui filter permit 192 168 to 11 and assign this access list to the virtual port this is how you do that access class which by filters filter and for inbound connections incoming connections cool now we run this access list there's no match because we haven't tried to connect to it but if we try using party game for example we will be able to see match in this access list you see so if we change the ip on the computer we won't be able to connect to the cisco device anymore using this using the different ap because we didn't put the whole subnet here we put only one ip now let's create access list for the outside interface outside filter and let's add some of the lines there so first let's allow the icmp code replies because if we ping something from the inside world like this for example right we want to receive replies and to do that we need to upload icmp echo replies we're gonna upload the icmp replies only so this line says that the permit icmp protocol coming from any host coming from any source to the host of our public ip and if it's echo reply okay so that means if someone pings our ip from the outside they will not be able to get the response but if we ping from the inside we will get the response permit udp any equal domain and house 12.34 that's 56.2 now what is that what this does is we allow to we allow dns responses to come in inside router from the outside world because when we try to ping google for example or apple the computer will try to resolve the ip address and for that computer will use port 53 on google dns and that's what we are saying that the premiered udp protocol coming from any locat any source that the source port is domain 50 that's a udp port 53 and this is not the udp port this is just 250 453 and this is how we said that it's a udp so it's a udp port 53 and if the response comes to the ip with the destination in ip header 12.34.56.2 hello that and also when we try to serve the internet for example google.com or apple.com we want to allow these responses also to come in without allowing anything extra so for that we do perma tcp any and it sold to the destination 12.34.56.2 and here's the keyword here hold on and here's the keyword here establish match establish connections that means if that means if the connection is reply for the connection that was initiated from the inside it will allow that but the new connections for example someone's trying to ssh or someone is trying to do any kind of tcp connection rather will not allow that it will drop the connection because it's not the reply for the connection initiated from the inside now let's assign this access list to the outside interface for that we go into interface configuration mode and type ip access group then access this name outside filter and direction of the packets in our case that's inbound so if we try to see the interface configuration this is what we have we have ip address we say that it's a not outside interface this is the access list by the way we can see match here you see there's no match yet right okay we have two lines because he accidentally typed um press the enter here let's remove that okay perfect now let's go ahead and try to resolve the ip address and ping [Music] so because of this command we run on the windows machine we will be able to see match here and match here you see we have four packets because windows pings sends four ping packets by default and we have one match because we tried to resolve the ip address and if we also try to telnet on port 80 we should get match here on the third line and of course we have it now let's save the configuration because it it's already done we already configured everything we wanted in this session and it's now time to save the configuration copy running configuration startup configuration so what we say here is take configuration from the memory and save it into startup config file so next time when we boot the router it will load the configuration from the startup config file and this is it basic configuration of the cisco router is done we have assigned the ip address we enable the network address translation we add the static route we configured remote access and we had some little bit security to protect from to protect our remote access and to protect the outside the face from the internal garbage let me know what you think in the comments thanks for watching and have a wonderful day and before i forget please subscribe to the channel for the upcoming videos you

Info

Channel: IT Solutions Network

Views: 2,459

Rating: undefined out of 5

Keywords: how to configure a cisco router fomr scratch (ccna level) | 2021, cisco router configuration step by step, cisco router setup, cisco routers for beginners, cisco router commands, how to configure cisco router, how to configure cisco router for internet access, cisco initial router configuration, how to configure a cisco router, cisco, router, ccna, ios, cisco router, cli, isp, setup, How to configure cisco router for the first time

Id: fURwhooNZpo

Channel Id: undefined

Length: 18min 14sec (1094 seconds)

Published: Tue Feb 23 2021