Cisco IOS – How to Configure OSPF

Introduction With this article, we will look at the basic commands used within Cisco IOS to configure OSPF. Basic Configuration To initially configure OSPF, at a minimum, you must configure three things – process ID, router ID, and the network. Process ID – Defines the OSPF process ID that OSPF will run under. This is … Read more

Route Leaking within an MPLS Network

Introduction First of all, what is a route leak? A route leak is the propagation of routing announcement(s) beyond their intended scope – RFC7908 Within this article we will look at 2 methods of route leaking within an MPLS environment – static routes and route maps. To demonstrate both methods we will look at 2 … Read more

How to Configure an L3 MPLS VPN on Cisco IOS

Introduction Within this article we will walk through the various steps required in configuring MPLS. NOTE This article does not look to explain the various terms and concepts of MPLS, for details around these please see Getting to Know MPLS. Overview Within our example we will have 2 customers COSTA and STARBUCKS. Each customer consisting … Read more

What is CEF (Cisco Express Forwarding)?


Introduction Cisco Express Forwarding (CEF) is a packet-switching technique used within Cisco routers. The main purpose of CEF is to optimize the forwarding of packets and increase the packet switching speed. History Prior to CEF there were 2 methods for packet-switching – Process- Switching and Fast-Switching. Process-Switching The first method, process-switching is the oldest and … Read more

DMVPN Tutorial

Introduction DMVPN (Dynamic Multipoint Virtual Private Network) is a feature within the Cisco IOS based router family which provides the ability to dynamically build IPSEC tunneling between peers based on an evolved iteration of hub and spoke tunneling. DMVPN uses a combination of the following technologies : Multipoint GRE (mGRE) Next-Hop Resolution Protocol (NHRP) Dynamic … Read more

Configuring a Pre-Shared Site to Site VPN between 2 Cisco Routers

Below shows the configuration for one side of a Site to Site VPN between 2 Cisco routers using pre-shared keys. router(config)# crypto isakmp enable Phase 1 router(config)# crypto isakmp policy 10router(config-isakmp)# authenticaton pre-sharerouter(config-isakmp)# encryption [?]router(config-isakmp)# group [?]router(config-isakmp)# hash [?]router(config-isakmp)# lifetime 86400router(config)# crypto isakmp identity addressrouter(config)# cryption isakmp [key] address [peer ip] Phase 2 router(config)# crypto … Read more

What are reflective access-lists ?

Reflective access-lists allows the router to pass “established” tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session. (config)# ip access-list … Read more

Securing your IOS configuration and files

In a worst case scenario someone could gain access to your router, clear the boot image and config. This would result in a lengthy down time and a lot stress. Cisco have tried to address this but the use of the following commands which prevents the clearing of your config and boot image (config) # … Read more

How to Secure your Cisco Router

Below shows a number of commands that you can use for securing your Cisco router. Block Denied Logins – Useful for delaying denied logins when someone is trying to brute force your router. (config)# login block-for [seconds] attempts [attempts] within [seconds] Quiet Login – Allows you to still login once the router has blocked login … Read more

Creating CLI Views on a Cisco Router

CLI Views allow your to to create sub administrator within your Cisco device. This can also be thought of as an extension to privilege levels, giving you further granularity over what your users are allowed to do. Creating views Below shows you the commands required to create a view mode. In all the examples we … Read more

Configuring TACACS+ on a Cisco Router

TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco proprietary protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ uses port tcp 49 and provides separate authentication, authorization and accounting services. Below shows you the general steps involved, First of all … Read more

How to enable SDM on your router

SDM (Security Device Manager) allows you to configure and manage your router via the use of a GUI. Please find the steps below : Download the file from Cisco’s website. Ensure that you have the sdmconfig*.cfg file within your routers flash for your version of router. You can confirm this by using the command … Read more

How do I create a tunnel interface on a Cisco Router ?

Below shows you the steps on how to create a tunnel interface on a Cisco router with the inclusion of OSPF based commands so that Dynamic routing updates can be sent across the link to the remote peer. interface Tunnel0ip address [IP] [Mask]ip ospf network point-to-pointip ospf mtu-ignoretunnel source FastEthernet0/0tunnel destination [remote peer ip]

Cisco Router – How to configure SSH

Below shows you how to enable SSH on your router using a username of “mr” and a password of “bean”, allowing access from the fa0/0 interface. Router(config)#ip ssh source-interface fastEthernet 0/0Router(config)#ip ssh authentication-retries 3Router(config)#ip ssh version 2 Router(config)#ip domain-name local.netRouter(config)#crypto key generate rsa modulus 768Router(config)#username mr password 7 bean Router(config)#line vty 0 15Router(config-line)# transport input … Read more

Router – Named Access-Lists

Below gives you an example of how to create a named Access-List, router(config)#ip access-list extended OUTSIDE_INrouter(config-ext-nacl)#permit ip any any 

Router – Port Forwarding

You will need to have already set your interfaces to inside and outside using the commands, ip nat ouside ip nat inside Once done you can add the command below. This would allow the IP to be accessed on port 23 via the IP address of the interface fa 0/0 using port 2333. ip … Read more

Router – Secure a Router – Basic

Below are a few steps to set up basic security on a router, Banner Set Banner. (config)#banner motd Passwords Set Secret enable password. (config)#enable secret <password> Set Line terminal passwords. (config)#line <terminal> <number>(config-line)#password <password>(config-line)#login Line Timeout On VTY set timout out (config-line)#exec-timeout <min> Copy the Config changes #(config) Copy running-config startup-config

Router – DTE / DCE

A DTE (Date Terminating Equipment) cable is the normal cable you should use. Being DTE you should expect the other end to provide clocking.A DCE (Data Communication Equipment) means that this device must provide the clocking on the wire. If your device is the DCE, you must provide clocking using the clock rate command.

Router – NAT

Use the following commands to dictate which interface should be defined as the inside and outside. (config)access-list 1 permit (config)#ip nat inside source list 1 interface FastEthernet0/0 overload  Show/Debug Commands show ip nat translations debug ip nat no debug all

Router – Access-lists

Below shows you a basic access-list configuration. R3>enableR3#configure terminalR3(config)#access-list 56 permit 56 deny 56 permit anyR3(config)#interface serial 0R3(config-if)#ip access-group 56 inR3(config-if)#exitR3(config)#exit

Router – Installing IOS onto new FLASH

You will need to first install the flash module into the device. Then run the following commands via the console port (rommon), to check your systems resources for the install. rommon 1 > devrommon 2 > meminfo    Then to copy it from your tftp server… rommon 3 > IP_ADDRESS=     rommon 4 > IP_SUBNET_MASK=   rommon 5 … Read more

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial