The Cisco 3750 switch has contributed greatly to Cisco's success in the networking hardware market. Its features provide efficient and reliable network switching services. You can find a pre-owned 3750 model at a good price, and if you do buy a pre-owned Cisco 3750 switch, you may need to change the password before you are able configure it to work on your network. Fortunately, Cisco has provided a built-in procedure that allows you to change the password.
Things You'll Need
Cisco 3750 switch and serial cable
Computer with terminal emulation software
How to Change the Password on a Catalyst 3750 Switch？
1. Connect your computer to the 3750 switch using the blue serial cable that typically comes with it. Connect the 9-pin d-shell connector to your computer's serial port, and connect the RJ-45 connector to the switch's console port.
2. Configure a terminal session to the switch. Power up your computer, open a terminal emulator application, and configure a terminal session with the following settings:
1 stop bit
8 data bits
Xon/Xoff flow control
Save the configuration with a name that you can recognize later.
3. Hold down the "Mode" button on the left front of the Cisco 3750 switch, and plug in the power cable. Five seconds after the Stat LED goes off, release the "Mode" button. The SYST LED should start to blink amber.
4. At the command prompt, issue the following commands to the switch to prepare it for the reset procedure, and rename the current configuration file:
rename flash:config.text flash:config.old
5. Boot the 3750 switch by issuing the "boot" command and pressing "Enter." At the "System Configuration Dialog" prompt, answer "n" and press "Enter" twice. This should display the "Switch>" prompt.
6. Issue the "en" command at the prompt, and press "Enter." You should see the prompt change from "Switch>" to "Switch#." Rename the configuration file with the following command:
rename flash:config.old flash:config.text (press "Enter")
Press "Enter" to accept the destination filename default.
7. Copy the configuration file into the 3750 memory with the following command:
copy flash:config.text system:running-config
Press "Enter" when prompted for a destination filename to accept the default.
8. eate new passwords for the 3750 switch with the following commands:
enable secret spswd (spswd = your new secret password)
enable password enpswd (enpswd = your new enable password)
line vty 0 15
password tpswd (tpswd = your new terminal password)
line con 0
password cpswd (cpswd = your new console password)
The 3750 will issue a "Building Configuration" message. When you see the [OK] message at the Sw1# prompt, you have completed the password change for the Cisco 3750 switch.
Tips: More info of Cisco 3750 switches you can visit at cisco.com
Cisco IOS software is installed in the manageable Cisco switches for better LAN management. It delivers network services and enabled networked applications. The Cisco IOS has a command line interface that helps users to execute the Cisco IOS commands.
Cisco Switch Commands
The Cisco switch IOS has different EXEC modes with distinctive prompts. These modes execute different Cisco switch commands. Each mode has a set of specific commands.
The fundamentals of the Cisco IOS User Interface are as follows:
- Uses a command line interface
- Operations vary on different series of switches
- Type or paste entries in the console command modes
- Enter key instructs device to parse and execute the commands
- Two primary EXEC modes are user mode and privileged mode
- Command modes have distinctive prompts
Cisco IOS Software Exec
There are two main EXEC modes for entering the Cisco switch commands:
- Limited switch examination
- Command prompt on the switch is switch
- Detailed switch examination
- Enables configuration and debugging
- Prerequisites for other configuration modes
- Command prompt on the router is switches#
Cisco Telnet Commands
There are two primary ways to access a Cisco manageable switch to use command line interface.
- Out of band Console connection
- Via Ethernet through Telnet
Telnet is a utility used for remotely logging into a device. To telnet a Cisco IOS switch from a computer, type the following command on the CMD computer’s terminal:
Telnet IP address of the switch
Just like: Telnet 192.168.0.253
Cisco Catalyst 1900 Switch Commands
The following are some basic Cisco Catalyst 1900 switch commands:
- Show running-config: This command displays the memory status of the Cisco Catalyst 1900 switch
- Show interfaces: This command displays detailed information about all the interfaces of Cisco Catalyst 1900 switch.
- Show interfaces Ethernet 0/1: This command displays detailed information about a specific 10baseT Ethernet interface of the Cisco Catalyst 1900 switch
- Show interfaces Fast Ethernet 0/26: This command displays the detailed information about a specific 100baseT Fast Ethernet interface of the Cisco Catalyst 1900 switch
- Show ip: This command displays the ip configuration of the Cisco Catalyst 1900 switch
- Show Mac-address-table: This command displays the Mac addresses of the devices that are currently connected to the Cisco Catalyst 1900 switch.
- Show Mac-address-table security: This command displays the address table size and the addressing security of each interface of the Cisco Catalyst 1900 switch.
- Show VLAN: This command displays the status of current VLANs enabled on the Cisco Catalyst 1900 switch.
- Show VLAN-membership: This command displays the VLAN membership of all the ports on the Cisco Catalyst 1900 switch.
- Show Spantree 1: This command displays the complete information about the spanning tree protocol 1 that is enabled by default on the Cisco Catalyst 1900 switch.
- Copy nvram tftp: //host/dst_file: This command sends the configuration to a TFTP server.
- Copy tftp: //host/src_file nvram: This command downloads the configuration from a TFTP server.
- Delete nvram: This command resets the system configuration to factory defaults.
Show Cisco Switch Commands
Here are some show commands of Cisco switches:
- Show version: This command displays the hardware and software status of the Cisco switch
- Show flash: This command displays the files and directories in the flash of the Cisco switch
- Show interfaces: This command displays the detailed information about all the interfaces of the Cisco switch
- Show interfaces fast Ethernet 0/x: This command displays the detailed information about the specific interface of the Cisco switch
- Show interfaces VLAN 1: This command displays the ip address configuration of VLAN 1
- Show running-config: This command displays the status of RAM
- Show startup-config: This command displays the status of NVRAM
- Show-mac-address-table: This command displays the MAC address of the devices that are directly connected to any switch port.
- Show port-security: [interface] [address]: This command displays the port security options on the interface
- Show history: This command displays the last ten commands that are executed in the switch configuration
- Show line: This command is used to view the brief information about all the Cisco switch lines
- Show line console 0: This command is used to view the detailed information about the specific line of the Cisco switch
- Erase startup-config: This command is used to erase the nvram of the Cisco switch
Cisco Switch Configuration Commands
- Configure terminal: This command is used to enter the global configuration mode of the Cisco switch
- Hostname: This command assigns the Cisco switch’s hostname
- Enable password: This command sets the enable password of the Cisco switch
- Enable secret: This command sets the encrypted password of the Cisco switch that is used for entering into the privileged mode
- Interface VLAN 1: This is a global configuration command used to configure the VLAN interface of the Cisco switch
- Interface fast Ethernet 0/x: This command configures the specific interface of the Cisco switch
- IP address: This command configures the ip address of any interface of the Cisco switch
- IP default-gateway: This is an interface configuration command to set the default gateway
- Speed: This command sets the speed for the interface of the Cisco switch
- Duplex: This command sets the duplex setting for the interface of the Cisco switch
- Line console 0: This command is used to enter in the specific line configuration mode of the Cisco switch
- Password: This command sets the password of any line of the Cisco switch
Upgrading IOS on Cisco routers and network switches is highly recommendable because of the following reasons
Patch critical vulnerabilities: Just like any other network device or application, Cisco routers and switches are also prone to security holes. And because routers and switches are critical to network infrastructure, you should plug these security holes as soon as possible.
Incorporate new features: Unless an update is simply a bug fix, every new release of the Cisco IOS includes new features. Upgrading your routers and switches in a timely manner means you’ll have more features to potentially make your job easier.
Stay current: “Staying current” with the latest IOS may sound like a flimsy justification to upgrade, especially when you consider your daily task list. However, when you consider the many different tools that communicate with the router’s IOS, staying current can take on a new importance. For example, if you’re using a SNMP network management tool, it may require your router to run a certain version of the IOS.
Things You'll Need
Microsoft Windows 7 computer with telnet client and TFTP service installed
IP address of the Microsoft Windows 7 computer
Cisco router with telnet service enabled
IP address of the Cisco router
Cisco IOS image located in the TFTP service root directory
Password for the Cisco router telnet connection
Privilege Exec mode password for the Cisco router
Steps to upgrade IOS on Cisco router
1. Click the "Globe" button, then select the "Search" box, and then type "cmd." Right-click on the command line icon that appears and click "Run as Administrator." The command line window will appear.
2. Enter "telnet x.x.x.x," on the command prompt, replacing the "x.x.x.x" with the IP address of a Cisco router, and then press the "Enter" key. Telnet will then connect to the Cisco router.
3. Enter the telnet password when requested on the command prompt, and then tap the "Enter" key.
4. Enter "enable" on the command prompt, and tap the "Enter" key. Type the Privilege Exec password for the Cisco router when requested, and press the "Enter" key.
5. Enter the "copy tftp flash" command on the command prompt, and then tap the "Enter" key.
6. Enter the IP address of the Windows 7 computer on the command line as the IP address of the TFTP server from which to copy the new IOS image, and then tap the "Enter" key.
7. Enter the exact name of the IOS file on the command prompt when requested, and then tap the "Enter" key.
8. Enter the name of the IOS file as the destination file name and tap the "Enter" key.
9. Type "Y" when the "Erase flash: before copying? [confirm]" message appears, and press the "Enter" key. The new IOS file will then be copied to the router flash drive.
10. Enter "configure terminal" on the command line, and then tap the "Enter" key.
11. Type "no boot system" and press the "Enter" key. Then type "boot system flash:ios_filename," except replace the "ios_filename" with the exact name of the IOS file that was just transferred to the Cisco router, and then tap the "Enter" key.
12. Type the "exit" command at the command prompt and tap the "Enter" key, and then type "write memory" and tap the "Enter" key.
13. Enter the "reload" command on the command prompt, and then press the "Enter" key. The Cisco router will restart and boot into the new IOS.
What is a Network Protocol?
A protocol is a set of rules that governs the communications between computers on a network. These rules include guidelines that regulate the following characteristics of a network: access method, allowed physical topologies, types of cabling, and speed of data transfer.
Types of Network Protocols
The most common network protocols are:
- Local Talk
- Token Ring
The follow is some common-used network symbols to draw different kinds of network protocols.
The Ethernet protocol is by far the most widely used. Ethernet uses an access method called CSMA/CD (Carrier Sense Multiple Access/Collision Detection). This is a system where each computer listens to the cable before sending anything through the network. If the network is clear, the computer will transmit. If some other node is already transmitting on the cable, the computer will wait and try again when the line is clear. Sometimes, two computers attempt to transmit at the same instant. When this happens a collision occurs. Each computer then backs off and waits a random amount of time before attempting to retransmit. With this access method, it is normal to have collisions. However, the delay caused by collisions and retransmitting is very small and does not normally affect the speed of transmission on the network.
The Ethernet protocol allows for linear bus, star, or tree topologies. Data can be transmitted over wireless access points, twisted pair, coaxial, or fiber optic cable at a speed of 10 Mbps up to 1000 Mbps.
To allow for an increased speed of transmission, the Ethernet protocol has developed a new standard that supports 100 Mbps. This is commonly called Fast Ethernet. Fast Ethernet requires the use of different, more expensive network concentrators/hubs and network interface cards. In addition, category 5 twisted pair or fiber optic cable is necessary. Fast Ethernet is becoming common in schools that have been recently wired.
Local Talk is a network protocol that was developed by Apple Computer, Inc. for Macintosh computers. The method used by Local Talk is called CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). It is similar to CSMA/CD except that a computer signals its intent to transmit before it actually does so. Local Talk adapters and special twisted pair cable can be used to connect a series of computers through the serial port. The Macintosh operating system allows the establishment of a peer-to-peer network without the need for additional software. With the addition of the server version of AppleShare software, a client/server network can be established.
The Local Talk protocol allows for linear bus, star, or tree topologies using twisted pair cable. A primary disadvantage of Local Talk is speed. Its speed of transmission is only 230 Kbps.
The Token Ring protocol was developed by IBM in the mid-1980s. The access method used involves token-passing. In Token Ring, the computers are connected so that the signal travels around the network from one computer to another in a logical ring. A single electronic token moves around the ring from one computer to the next. If a computer does not have information to transmit, it simply passes the token on to the next workstation. If a computer wishes to transmit and receives an empty token, it attaches data to the token. The token then proceeds around the ring until it comes to the computer for which the data is meant. At this point, the data is captured by the receiving computer. The Token Ring protocol requires a star-wired ring using twisted pair or fiber optic cable. It can operate at transmission speeds of 4 Mbps or 16 Mbps. Due to the increasing popularity of Ethernet, the use of Token Ring in school environments has decreased.
Fiber Distributed Data Interface (FDDI) is a network protocol that is used primarily to interconnect two or more local area networks, often over large distances. The access method used by FDDI involves token-passing. FDDI uses a dual ring physical topology. Transmission normally occurs on one of the rings; however, if a break occurs, the system keeps information moving by automatically using portions of the second ring to create a new complete ring. A major advantage of FDDI is speed. It operates over fiber optic cable at 100 Mbps.
Asynchronous Transfer Mode (ATM) is a network protocol that transmits data at a speed of 155 Mbps and higher. ATM works by transmitting all data in small packets of a fixed size; whereas, other protocols transfer variable length packets. ATM supports a variety of media such as video, CD-quality audio, and imaging. ATM employs a star topology, which can work with fiber optic as well as twisted pair cable.
ATM is most often used to interconnect two or more local area networks. It is also frequently used by Internet Service Providers to utilize high-speed access to the Internet for their clients. As ATM technology becomes more cost-effective, it will provide another solution for constructing faster local area networks.
The most recent development in the Ethernet standard is a protocol that has a transmission speed of 1 Gbps. Gigabit Ethernet is primarily used for backbones on a network at this time. In the future, it will probably be used for workstation and server connections also. It can be used with both fiber optic cabling and copper. The 1000BaseTX, the copper cable used for Gigabit Ethernet, is expected to become the formal standard in 1999.
Compare the Network Protocols
Twisted Pair, Coaxial, Fiber
Linear Bus, Star, Tree
Twisted Pair, Fiber
Linear Bus or Star
4 Mbps - 16 Mbps
Twisted Pair, Fiber
Linear Bus, Star, Tree
Network Diagramming Software
Edraw Network Diagrammer is a new, rapid and powerful network design software for network drawings with rich examples and templates. Easy to draw network topology, Cisco network design diagram, LAN/WAN diagram, network cabling diagrams, active directory, network planform and physical network diagram.
“How do I enable the wireless in a Cisco Aironet access point?” “What is the best way to setup a wireless network with several access points to give uninterrupted connectivity?” “Resetting a Cisco wireless AP 350? I found an old Cisco wireless access point (Aironet 350 AP352E2C) and was wondering how I can reset it?”
---From Yahoo Answers
Are you also looking to set up an easily accessible wireless network at home or the office? Indeed, wireless access is a great choice for easy, convenient internet and network access from anywhere you need it. And different products can allow you to extend the wireless range to just your apartment, your office building, or your entire campus. Cisco has a variety of products designed to fit every wireless requirement that you could need.
Further info on wireless access points for home, small business, and large enterprises as follows
Cisco Wireless Access Points for Home---Valet
The Valet series is made with the home in mind. Valet products are inexpensive, sleekly designed, and they’re very easy to set up. They also function as your home’s router, allowing you to connect all computers (wireless or corded) to the internet. With the Valet, you can connect your house’s bluetooth or wireless-enabled game systems or other devices with no effort at all. The included Cisco software makes the Valet easy to install and customize on any PC.
Cisco Wireless for the Office---Small Business Access Points
Cisco small business wireless access points, designed with a business owner in mind, allow you to connect farther, faster, and safer than ever before, and the more important is providing a big payoff for small business’ dollar.
The extended range of the small business WAP4410N wireless access point allows employees and guests to connect to the internet anywhere within a large range of connectivity. You can connect a variety of wireless devices in seconds to the network, and you do not even need an available outlet to connect the access point to power. These wireless access points support power-over-ethernet devices, so you can install them quickly and easily anywhere you like.
The small business series has advanced security features to protect your network from unauthorized gateways into your network. They also offer support for the fastest speeds possible with their expanded range, ensuring that your wireless users have all the performance they need right at their fingertips.
Wireless Access Points for Larger Enterprises---Aironet
The Aironet series is designed to fit in perfectly with an enterprise environment and provides sleek, rugged, and powerful performance for an extended range of use and easy scalability. The Aironets also support power-over-ethernet, this greatly lessens the difficulty of installation. Its high-capacity performance can handle large amounts of users while still offering security that large operations need to protect their network. They are also built with clean-air technology and an energy-efficient construction that will help your business reduce its carbon footprint.
For supporting a large user base, covering an extended range, and standing up to rugged environments, large businesses or institutional facilities should consider the Aironet series of wireless access points to give them the performance they need.
That’s it for this guide to Cisco wireless access points. Whether you are at home or small, medium or larger office, going wireless can greatly increase your productivity and ease of access for all your wireless devices.
The Cisco ASA 5510 security device is the second model in the ASA series (ASA 5505, 5510, 5520 etc.) and is fairly popular since is intended for small to medium enterprises. Like the smallest ASA 5505 model, the Cisco ASA 5510 comes with two license options: The Base license and the Security Plus license. The second one (security plus) provides some performance and hardware enhancements over the base license, such as 130,000 Maximum firewall connections (instead of 50,000), 100 Maximum VLANs (instead of 50), Failover Redundancy, etc. Also, the security plus license enables two of the five firewall network ports to work as 10/100/1000 instead of only 10/100.
Next we will see a simple Internet Access scenario which will help us understand the basic steps needed to setup an ASA 5510. Assume that we are assigned a static public IP address 100.100.100.1 from our ISP. Also, the internal LAN network belongs to subnet 192.168.10.0/24. Interface Ethernet0/0 will be connected on the outside (towards the ISP), and Ethernet0/1 will be connected to the Inside LAN switch.
The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts. All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface.
Let's see a snippet of the required configuration steps for this basic scenario:
Step1: Configure a privileged level password (enable password)
By default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Configure this under Configuration Mode:
ASA5510(config)# enable password mysecretpassword
Step2: Configure the public outside interface
ASA5510(config)# interface Ethernet0/0
ASA5510(config-if)# nameif outside
ASA5510(config-if)# security-level 0
ASA5510(config-if)# ip address 100.100.100.1 255.255.255.252
ASA5510(config-if)# no shut
Step3: Configure the trusted internal interface
ASA5510(config)# interface Ethernet0/1
ASA5510(config-if)# nameif inside
ASA5510(config-if)# security-level 100
ASA5510(config-if)# ip address 192.168.10.1 255.255.255.0
ASA5510(config-if)# no shut
Step 4: Configure PAT on the outside interface
ASA5510(config)# global (outside) 1 interface
ASA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0
Step 5: Configure Default Route towards the ISP (assume default gateway is 100.100.100.2)
ASA5510(config)# route outside 0.0.0.0 0.0.0.0 100.100.100.2 1
Step 6: Configure the firewall to assign internal IP and DNS address to hosts using DHCP
ASA5510(config)# dhcpd dns 188.8.131.52
ASA5510(config)# dhcpd address 192.168.10.10-192.168.10.200 inside
ASA5510(config)# dhcpd enable inside
The above basic configuration is just the beginning for making the appliance operational. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc.
And so it begins. After a bleak summer that included 6,500 job cuts, Cisco Systems (CSCO) is working hard to raise its voice and rally partners. Channel Chief Edison Peres has issued a video blog to crystallize the company’s partner strategy. Andrew Sage, Cisco’s VP, Partner Led, is set to provide strategy updates soon. And CEO John Chambers (pictured) recently rallied the Cisco sales force to further support partners. All of the chatter includes Cisco executives talking about the “Next Cisco.” But has the Next Cisco really arrived?
In the video blog, Peres reinforces the fact that 80 percent of sales involve partners:
As expected, Cisco has also simplified its messaging. Instead of focusing on roughly 50 markets, Cisco is zeroing in on five opportunities:
- Core (routing and switching/Cisco routers&Cisco switches)
- Data center/virtualization
- Architectures for business transformation
Some folks on Wall Street are embracing Cisco’s streamlined focus. Auriga USA, an institutional broker, predicts that Cisco can grow faster than rivals over the next years while taking market share from Hewlett-Packard and Juniper Networks, according to Tech Trader Daily,
Still, let’s not forget that Cisco stumbled badly only a few months ago. First, the company essentially said “all is well” during Cisco Partner Summit (Feb. 28-March 3, 2011). But by April, Chambers conceded that Cisco had lost its focus. Cisco soon killed the Flip video camera. And by August 2011, Cisco cut roughly 6,500 positions.
But here’s where things get extra interesting. Sometime around the time Cisco started layoffs, Wall Street began to think that Cisco was in better shape than some of its rivals. And more recently, Hewlett-Packard’s decision to potentially sell or spin-off its PC division may have triggered some distractions within the halls of HP… potentially helping Cisco to gain some ground in the server market (though servers are not part of HP’s potential PC spin-off plan).
Yes, Cisco still has massive market share in switching and routing. And folks like Peres and Sage have the channel’s respect. But here’s one remaining riddle: How exactly does Sage’s role differ from Peres’s role? The VAR Guy expects to gain more answers and insights within the next few days…
The Internet is formed by networks throughout the world interconnecting and passing on data to each other. Routers make the Internet work by forwarding data using a unified addressing system. They can send information to anywhere in the world as long as that location has an IP address.
Routers vary inside to large expensive machines for commercial applications to small wireless boxes for the home electronics market. A router combines dedicated hardware and specialist software to achieve its task. To be effective, a router needs to be connected to at least two separate networks because its main task is to forward data from one network to another.
Look at the following figure, it directly display the relationship between computers and router
What is Router Used for?
Routers rely on the Internet Protocol to provide a common addressing system. The protocol defines an address structure which is universally implemented and is enforced by one controlling authority in each country. The IP address of any computer contactable over the Internet has to be unique. The computer sending information over the Internet has to package that data into a packet. The data packet contains a header which includes the IP address of the destination computer. Routers read this address and then forward the packet in the direction of its destination.
A router prepares for its work by compiling a list of possible routes to a particular destination. The format of the table does not require that every IP address is listed. They can be noted in groups. When a router is first installed it contacts its neighboring routers. These are the routers to which it is immediately connected. Each of these neighbors send their routing tables to the new router which then compiles its own routing table. Routers regularly exchange their routing tables and so information about routes held on one router eventually ripples through to all routers in the world.
The routing table contains several different paths to the same destination. The router uses an algorithm to rank these alternatives. There are many different routing algorithms in the world, but they generally all rely on the direction and the distance travelled to reach the target. The distance is often recorded as the number of links the route crosses. The direction tells the router which of its immediate neighbors starts that route.
Although the routing table contains alternative routes it does not list the routers in the path of that route, only the first router in the chain. The next router receiving the data packet then makes a calculation to decide which of its neighbors will receive the packet next, and so on. This distributed decision making allows routes to be switched in case of broken connections further down the line of which the originating router is unaware.
How to connect a router to computers
1. Ensure that both computers have a LAN (or an Ethernet) card allowing the sharing of files and peripherals. Though all new computers and laptops are equipped with such cards, you may need to buy and attach LAN cards for older models. (A network card is a devised either installed inside a desktop computer or a card that slides into a laptop. A router is the piece that will allow you to receive wireless internet and networking from the devise with the network card installed.)
2. Connect the cable from your Internet Service Provider (ISP) to the Internet port of your router. Note that if you have an ADSL connection, your input cable would be a telephone line that needs to be inserted into the ADSL port of the router. For all other connections, you would have a thicker cable known as CAT5 (or CAT6).
3. Take two Ethernet cables and plug them into the Ethernet ports of the router. Note that you will require a router with at least two Ethernet ports to share Internet on two computers. Plug the other end of each of the cables into the Ethernet port of the computers. If you have a router with a single Ethernet port, buy a network switch or hub and connect the router with it (using the Ethernet cable). In turn, the switch (or hub) that includes at least two Ethernet ports will have to be connected to the computers. (More info of switch, hub and router you can visit “Identifying What is Router, Switch and Hub”)
4. Switch on the router and the computers.
5. Configure the router by referring to its user manual. The configuration process defers depending on the type and brand of the router. Once configured, you should be able to access Internet on both computers.
TACACS stands for Terminal Access Control Access-Control System. It lets administrators manage passwords and configurations on a number of routers using a single server. In larger enterprises, where there are many routers required to maintain the infrastructure, updating an entire network's configuration from a single reference point makes managing hundreds of systems a quick task. You will need to authenticate with the TACACS server before deploying a new configuration.
1. Log into the Cisco 3750 using your SSH client or a direct cable link. Supply your administrative user name and password and connect to the IP address specified by your system administrator.
2. Type "Tacacs-server host <ip>." Replace <ip> with the Internet Protocol address of the TACACS host server.
3. Type "password <password>" where "<password>" is your current TACACS password.
4. Type the command "tac_plus_executable -P -C <config path>." This command will invoke the TACACS server and set it into password replacement mode. The -C parameter will allow you to specify a configuration file that contains a list of user names and passwords authorized to access routers on the TACACS network.
The process of configuring a Cisco brand router involves the invoking of the User, Privilege, Configuration, Interface, and Line modes. These various modes are utilized to allow the definition of information relative to the password, hostname, IP address along with the subnet mask, clock rate, and line configurations that will dictate the behavior of the router device. Prior to powering up the router to undertake its configuration, it is necessary to first set up a terminal emulation application to 9600 baud with eight data bits, no parity and single bit stop. This process will also be used to define the type of protocol that will be implemented across the network which will be supported by the router that will be connected to the computer system’s serial port.
- Cisco router
- Ethernet cable
- terminal emulator utility like HyperTerminal
The initial steps to the configuration process after setting up the terminal emulation program is to power up the Cisco router and wait for the message prompt to be displayed.
To implement basic configuration, type at the command prompt the text 'Enter Privilege Mode' followed by the 'Router > enable' command.
When the cursor appears; type the 'Enter Configuration Mode' and the Router# configuration terminal command.
In order to implement password protection when accessing Privilege Mode, the 'Router(config)# enable password p@ssw0rd' and the 'Router(config)#enable secret s3cr3t' commands must be issued.
The 'Router(config)#hostname myrouter1 [Set the hostname to myrouter1]' instruction provides the user with a way of defining the Hostname or the Router Name that will be broadcasted across the network.
The commands to configure the Ethernet port consists of the 'myrouter1(config)# inte f0/0 [Enter Ethernet Interface Mode ( f0/0 for interface1, f0/1 for interface 2)]', 'myrouter1(config-if)# ip add 192.168.0.1 255.255.255.0 [Set IP address and subnet mask]', and 'myrouter1(config-if)#no shut [Active the port]' commands. These commands will allow the smooth flow of network traffic on the defined communication portals.
Configuration of the Serial Port makes use of the 'myrouter1(config-if)#inte s 0/0/0 [Enter Serial Interface Mode]', 'myrouter1(config-if)#ip add 192.168.20.1 255.255.255.0 [Set IP address and subnet mask]', and 'myrouter1(config-if)#no shut [Active the port]' commands.
It is also necessary to set the bandwidth that will be used by the router. This is commonly done by using the 'myrouter1(config-if)#clock rate 1000000 [Set the bandwidth to 1Gig]' and 'myrouter1(config-if)#exit' commands.
The Secure Console is defined by using the 'myrouter1(config)#line con 0', 'myrouter1(config-line)#password c0ns0l3', 'myrouter1(config-line)#login', and 'myrouter1(config-line)#exit' commands. These instructions will configure the access credentials that will be used to bring up this utility.
The auxiliary password that will be used to connect any modem device to the router hardware via the remote connection console may be done by using the 'myrouter1(config)#line aux0', 'myrouter1(config-line)#password auXo', 'myrouter1(config-line)#login', and 'myrouter1(config-line)#exit' instructions.
Securing the login process via SSH or Telnet processes is done by using Virtual Terminal Password. The commands 'myrouter1(config)#line vty 0 4', 'myrouter1(config-line)#password v1rtu@1', 'myrouter1(config-line)#login', 'myrouter1(config-line)#exit', and 'myrouter1(config)#exit' are executed within the Secure VTY line utility.
To finish the configuration process, the settings must be saved either by using the 'myrouter1#wr me' or 'myrouter1#copy run start' commands.