Cisco – Performing a Password Reset on a Cisco Router

If you ever find yourself locked out of a Cisco router because you forgot the enable secret (privileged mode) password you may use the following steps to perform a password recovery on the Cisco device. The router in this example is 1700 series Cisco router.

1. Press ctrl+break during the boot sequence and enter ROM monitor mode.

monitor: command “boot” aborted due to user interrupt
rommon 1 >

2. Change the configuration register value to 2142 (0×2142).

rommon 1 > confreg 0×2142

You must reset or power cycle for new config to take effect

3. Reload the router using the ‘reset’ command.

rommon 2 > reset

4. Respond with a ‘no’ when prompted to enter setup mode.

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: no

5. Type ‘enable’ to enter privileged mode.

Router>enable

6. Copy the startup-config file into the running-config file.

Router#copy startup-config running-config
Destination filename [running-config]?

1154 bytes copied in 0.892 secs (1294 bytes/sec)

7. Configure the enable secret password (in this example I set the enable secret password to ‘cisco’).

router-1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#enable secret cisco

8. Change the configuration register back to the default value of 2102 (0×2102).

router-1(config)#config-register 0×2102

9. Copy the running-config file into the startup-config file.

router-1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]

10. Reload the router (optional).

router-1#reload
Proceed with reload? [confirm]

Once the router reloads all you have to do is login to user mode then use your new privileged mode password (the example above used ‘cisco’).

Enjoy!


Domain Name System – Propagation

If you ever update Domain Name System (DNS) records on a DNS server you may use the following method to verify that the updated record(s) are propagating to all internet DNS servers. The server in this example is utilizing Linux CentOS-5.5 64bit.

The command you may use is the following “nslookup” and the manual reveals the following information concerning the syntax of this command.

NAME
nslookup – query Internet name servers interactively

SYNOPSIS
nslookup [-option] [name | -] [server]

For instance, if I wanted to verify the A record for the domain google.com on separate DNS servers then I would use the following command.

# nslookup google.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: google.com
Address: 74.125.115.104
Name: google.com
Address: 74.125.115.105
Name: google.com
Address: 74.125.115.147
Name: google.com
Address: 74.125.115.99
Name: google.com
Address: 74.125.115.103
Name: google.com
Address: 74.125.115.106

# nslookup google.com 128.107.241.185
Server: 128.107.241.185
Address: 128.107.241.185#53

Non-authoritative answer:
Name: google.com
Address: 209.85.229.147
Name: google.com
Address: 209.85.229.99
Name: google.com
Address: 209.85.229.104

# nslookup google.com 151.197.0.38
Server: 151.197.0.38
Address: 151.197.0.38#53

Non-authoritative answer:
Name: google.com
Address: 74.125.91.104
Name: google.com
Address: 74.125.91.103
Name: google.com
Address: 74.125.91.106
Name: google.com
Address: 74.125.91.105
Name: google.com
Address: 74.125.91.147
Name: google.com
Address: 74.125.91.99

The examples above query the Google, Cisco and Verizon DNS servers. During a search on the internet, I found the following list of public DNS servers that you may use.

Google
======
8.8.8.8
8.8.4.4

Level 3 Communications (Broomfield, CO, US)
=============================
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

Verizon (Reston, VA, US)
================
151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43

Cisco (San Jose, CA, US)
================
64.102.255.44
128.107.241.185


Cisco – Configuring a Wide Area Network (WAN) and Telnet

You may use the following commands to configure a Wide Area Network (WAN) between two Cisco routers in a lab environment. The routers in this example are Cisco 2501 routers. Also, I will print the output from the “router-1″ router and you may mirror these configurations on the “router-2″ router (I will note any exceptions below).

This network will consist of two routers. The Internet Protocol (IP) address of “router-1″ will be 172.16.4.100/24 and the IP address of router-2 will be 172.16.4.101/24. This IP addressing assignment puts these routers on the same network so that they may communicate as a Wide Area Network (WAN) link.

1. Configure the interfaces.

===START===

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#interface serial 0
router-1(config-if)#ip address 172.16.4.100 255.255.255.0
router-1(config-if)#clock rate 4000000
router-1(config-if)#description Wide Area Network (WAN) Link – DCE
router-1(config-if)#no shutdown

===END===

Notice that this is interface “Serial 0″ on the router. Additionally, I have given the interface a description and I have used the “clock rate” command as this interface will provide the clocking for this WAN (using the back-to-back serial cable).

2. Configure the telnet password on each router.

===START===

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#line vty 0
router-1(config-line)#password abc123
router-1(config-line)#login

===END===

In the above example I chose a very simple password “abc123″ because this is a lab environment.

3. Connect the back-to-back serial cable to the routers. You will plug the date communication equipment (DCE) end of the cable into the router that will be providing the clocking for this network (router-1 in this example) and plugging the date terminal equipment (DTE) end of the cable into the router that will be receiving the clock in this network (router-2 in this example).

In a non-production environment (such as the one in this example) I must use a back-to-back serial cable and use the “clock rate” command on the DCE side of the cable or the network will not function.

Now that all of the configurations have been provided on “router-1″ you may mirror these configurations on “router-2″. The difference would be that interface Serial 0 on “router-2″ would have an IP address of 172.16.4.101, you would not use the “clock rate” command on this router and optionally you may change the description to the following “Wide Area Network (WAN) Link – DTE”.

At this point we can test the IP connectivity between the routers by using the PING command as well as using the Telnet function.

router-1#ping 172.16.4.101

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echoes to 172.16.4.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
router-1#telnet 172.16.4.101
Trying 172.16.4.101 … Open
User Access Verification

Password:
router-2>

From the above output we see that we can PING and Telnet to router-2 successfully so this wide area network link is functioning correctly.


Cisco – Configure a Description on a Cisco Interface

You may use the following commands to configure a description on a Cisco router or switch. Please note that this will not affect the performance of the router or switch but I recommend doing this for easier administration.

===BEFORE===

router-1#show running-config interface FastEthernet0
Building configuration…

Current configuration : 68 bytes
!
interface FastEthernet0
no ip address
shutdown
speed auto
end

===CONFIGURING THE DESCRIPTION===

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#interface FastEthernet0
router-1(config-if)#description Local Area Network (LAN) Link – 1
router-1(config-if)#^Z

===AFTER===

router-1#show running-config interface FastEthernet0
Building configuration…

Current configuration : 115 bytes
!
interface FastEthernet0
description Local Area Network (LAN) Link – 1
no ip address
shutdown
speed auto
end

===SAVE THE CONFIGURATION===

router-1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration…
[OK]

I understand that this is a basic task so please stay tuned for more advanced configurations in the future.


Cisco – Configuring a Dynamic Host Configuration Protocol (DHCP) Server

You may use the following commands to configure a DHCP server on a Cisco router. The router in this example is a non-ISR 1720 Cisco router being run on Graphic Network Simulator 3 (GNS3). This configuration will name the pool of Internet Protocol (IP) addresses as Marketing, assign an IP address, subnet mask, default gateway, Domain Name System (DNS) server, DHCP lease and excluded IP addresses 172.16.2.1-172.16.2.99.

router-1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#ip dhcp pool Marketing
router-1(dhcp-config)#network 172.16.2.0 255.255.0.0
router-1(dhcp-config)#default-router 172.16.1.1
router-1(dhcp-config)#dns-server 172.16.3.1
router-1(dhcp-config)#lease 8 0 0
router-1(dhcp-config)#exit
router-1(config)#
router-1(config)#ip dhcp excluded-address 172.16.2.1 172.16.2.99
router-1(config)#

You can see that I started in privileged mode and moved the command prompt to global configuration mode to configure the DHCP settings. I named the pool “Marketing” for this example. Additionally, the “default-router” setting is the IP address of the router’s interface that the hosts will connect to. Lastly, the lease command is configured in days, hours then minutes (so the configured lease is for exactly eight days).

I hope this post proves helpful to you!


Cisco – Router and Switch Modes

You may use the following commands to change the information stored in the dynamic RAM (running-config) or NVRAM (startup-config) on a Cisco router or switch.

To make changes to the configuration running in dynamic RAM (running-config file) you may use the following commands. In particular, the “configure terminal” command (or “config t” for short) is used to make changes to the running-config which is the configuration currently stored in the DRAM of the Cisco device.

router-1>enable
router-1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router-1(config)#

To make changes to NVRAM (the startup-config file) you may use the following commands. In particular, the “configure memory” command (or “config mem” for short) is used to make changes to the startup-config file. The startup-config file is the file that contains the router or switch default configuration after boot.

router-1>enable
router-1#configure memory

R2#

As you can see, when I entered the “configure memory” command the hostname of the router changed. This is due to the fact that I originally changed the hostname of the router to “router-1″ but did not save the information in DRAM (running-config) into NVRAM (startup-config).

As always, if you make a change to the running-config you must save it to the startup-config or any configuration changes will be lost after your next reboot of the router or switch. The commands to save the running-config into the startup-config are the following, “copy running-config startup-config”, “copy run start” or “write mem”.

Enjoy!


Cisco – Configuring a Router or Switch Hostname

You may use the following commands to configure the hostname on a Cisco router or switch. Changing the hostname will not affect the performance of the router or switch but it will help you identify the particular device you are connected to. Also, this is a non-ISR 1700 series router run on the Graphical Network Simulator 3 (GNS3) platform.

R1>enable
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#hostname Florida
Florida(config)#hostname Orlando
Orlando(config)#hostname Miami
Miami(config)#hostname Tampa
Tampa(config)#

Again, changing the hostname will not improve or degrade the performance of the hardware device but I believe it is a good network administration practice.


Microsoft Windows Server 2008 – Ping Responses

By default, Windows Server 2008 is configured to block all incoming Internet Control Message Protocol (ICMP) echo requests. You can enable the echo requests by making a configuration change to the Windows firewall using the following two methods.

1. Open the command prompt and type the following command “netsh firewall set icmpsetting 8”.
2. Open the Windows Firewall with Advanced Security. Navigate to the inbound rules and enable “File and Printer Sharing (Echo Request – ICMPv4-In)”.


CentOS

To learn more about Linux Community Enterprise Operating System (CentOS) then visit the official Linux CentOS website at www.centos.org.


Networking – Open System Interconnection (OSI) Model

The Open Systems Interconnection (OSI) model is one of the fundamental building blocks for building your networking knowledge upon. This conceptual model is based upon the following seven layers.

7. Application

6. Presentation

5. Session

4. Transport

3. Network

2. Data Link

1. Physical