How to Configure IP Addresses on a Cisco Router
Configuring routers is a routine operation for network administrators. Enterprise-grade routers are very different from consumer-grade routers, though. Consumer-grade routers come mostly configured out of the box. Likewise, consumer-grade ISP services typically configure home ‘routers’ with a dynamic IP address.
In contrast, business-grade ISP services assign static IP addresses. Before an enterprise-grade router can be installed in a network, it needs to have an IP address assigned to it first. So, we will walk through how to configure an IP address on a Cisco router today.
Configuring a Cisco router with an IP address is not a complicated process. There are typically four steps involved:
Verify the current interface configuration of the router
Choose the interface that you want to assign an IP address to
Assign the IP address
Enable the interface on the Cisco router
We will walk through each of those steps, explain how to complete them, and why they are essential.
An Overview of How to Configure IP Addresses on Cisco Devices [VIDEO]
In this video, Jeremy Cioara covers assigning IP addresses and enabling interfaces on Cisco routers. Unlike switches, which are essentially plug and play, routers require a bit of configuration before they can do what they were designed to. You'll see a straightforward, four-step process to enabling interfaces that will equip you to do this yourself.
How to Display Interfaces on a Cisco Device
Before you assign an IP address to a Cisco router, you need to know the current configuration of that device. Typically, Cisco routers have all their interfaces shut down out of the box. Therefore, we need to verify the state of those interfaces before proceeding, especially if this router is being re-used.
The rest of the instructions through this article will assume that you are connected to the Cisco router.
To show the interfaces in a Cisco router, use the ‘show IP interface brief’ command in the console window. For example, this command will output the following information:
Each interface and interface name
The IP address for that interface
Whether each interface is up or down on the Layer 1 level (status column)
Whether each interface is up or down on the Layer 2 level (protocol column)
The Status and Protocol columns will have one of three messages:
Each message has a clear indication of the status of its associated interface. The ‘Up’ message is self-explanatory. That means that the associated interface is working correctly. The ‘Administratively Down’ message indicates that the interface is disabled by configuration. Otherwise, the network admin purposefully disabled that interface for some reason. Finally, the ‘Down’ message means the associated interface isn’t working for other reasons (like unplugging the network cable from the network port).
Out of the box, Cisco routers have the ‘Administratively Down’ configuration for each interface. This is different from Cisco Switches. Cisco Switches come pre-configured out of the box. They can be safe to implement into an existing network almost right away. On the other hand, an unconfigured router can make a network inoperable.
That’s because an improperly configured router can send data from the network into a black hole. Routers are the pieces of equipment that push data to and from networks or network segments. If a router isn’t correctly configured, it won’t know where to send that information to. Hence, that data is sent to purgatory. It is simply dropped from the network.
So, you need to verify the status of the interfaces on a Cisco router before you configure an IP address for it. We need to configure as much of the router as possible before connecting it to a network, so this is an excellent first step.
What is the Difference Between Status and Protocol on a Cisco Router?
When you use the ‘show IP interface brief’ command in the console when connected to a Cisco router, the router will dump information about each interface on the router to the console display. That information will include the link-state labeled as ‘Status’ and ‘Protocol.’
Many new network admins may not understand the difference between both states. After all, aren’t they both the same?
The ‘Status’ and ‘Protocol’ states represent different layers of the OSI networking model , though. The ‘Status’ column represents Layer one, or the physical connection layer. The ‘Protocol’ column represents Layer 2 of the OSI model. The physical layer explains whether a cable is physically connected or if the physical hardware for that interface is working correctly. The protocol layer explains whether that interface is receiving signals that it can understand and recognize.
Understanding the difference between Layer 1 and Layer 2 and their operational status is essential for configuring Cisco routers and diagnosing issues with them down the road.
How to Choose an Interface to Assign an IP Address on a Cisco Device
When we configure an IP address for a new Cisco router, we need to verify the current state of the interfaces of that router. After we confirm the state of those interfaces, we need to select an interface in the console before configuring an IP address. This process is easy.
Running the ‘show IP interface brief’ command in the console of a Cisco router will list each interface and the designation for those interfaces. Pay attention to those interfaces. Also, make sure to match the interface in the console with the physical interface on the Cisco router. That way, you don’t plug the ethernet cable into the wrong port.
To select an interface in the console, first enter the global configuration mode in the router. Then, use the ‘configure terminal’ command in the console to enter configuration mode.
After switching to the configuration mode in the router, use the ‘interface’ command followed by the interface itself to select that interface. You can also add a question mark after the ‘interface’ command instead of the interface designation for additional help.
In the example above, we used interface g0/0. That means we selected the first interface that is a gigabit ethernet port on our router. The interfaces in your Cisco router may be labeled differently depending on the device you are configuring.
How to Assign an IP Address to a Cisco Router
Before we can assign an IP address to a Cisco router, we need to complete a couple of steps. First, we need to run the ‘show IP interface brief’ command. This will list each interface in the router as well as their status. Then, we need to enter global configuration mode with the ‘configure terminal’ command and select an interface using the ‘interface’ command in the console of that router. The ‘interface’ command must be followed by the interface designation. Once we have our interface selected, we can assign an IP address to it.
Assigning an IP address to an interface in a Cisco router is as simple as using the ‘IP address’ command. That command must be followed by the IP address for that interface port as well as its subnet.
Ip address 192.168.1.1 255.255.255.0
Entering that command will not produce any confirmation messages unless there was an error. In this case, no news is good news.
After assigning the IP address to an interface in a Cisco router, run the ‘show IP interface brief’ command again. When that command displays information about each interface in the router, you should see the IP address assigned to your chosen interface under the IP address column. If you do not, try repeating the process.
That’s it! It’s that simple to assign an IP address to a Cisco router.
How to Find the IP Address to Assign to a Cisco Router
Many new network admins may not understand where to find the IP address to assign to a new Cisco router. Those admins may have received that information from a senior network administrator or through documentation, but if those resources aren’t available, where would you find the IP address to assign to a Cisco router?
Often, that information comes from the ISP (Internet Service Provider). Businesses will typically choose to have a static IP address assigned to them from their ISP.
This is done for stability reasons. In a dynamic environment, the external IP address of a network can be changed by the ISP. If your business hosts something like a VPN , though, that could be an issue. Static IP addresses keep network configurations static for things like VPNs or DNS entries.
This is in stark contrast to the typical consumer-grade ISP connection. In these cases, the ISP will always use DHCP to assign a network address to consumer customers. But, of course, a business can use DHCP addresses, too. This is more common with small and medium-sized companies that may not need to host services that depend on a static IP address.
Cisco routers can be configured to use DHCP instead of being assigned a static IP address, too. To do that, add ‘dhcp’ instead of the IP address and subnet mask to the ‘IP address’ command in the console in a Cisco router.
Ip address DHCP
How to Enable an Interface on a Cisco Router
After configuring an IP address for a Cisco router, you will most likely need to enable the interface to be active. Cisco routers come with all the interfaces on them shut down out of the box. This is for important network safety reasons. So, the interface you just configured needs to be enabled.
First, we can verify a Cisco router’s status and configuration using the ‘show run’ command from the configuration console for a Cisco device. That command will display all the current information for that device and its interfaces. More than likely, the information displayed from that command will be too much to fit on your screen. Use the space button to jump through the configuration information.
Look for the configuration information for the interface you need to enable. This should show that the interface is currently administratively down.
Once the status of that interface has been verified, we need to enable it. First, we need to select that interface. Use the ‘interface’ command in the console followed by the interface name.
E.g., interface GigabitEthernet0/0
In our example, the name of the interface we are working with is GigabitEthernet0/0. Of course, the name of the interface you are working with may be different.
Now that the interface is selected, use the ‘no shutdown’ command to enable that interface. If all goes well, you should see three messages. The first message shows that the interface is down. The next two messages should state that the ‘Status’ and ‘Protocol’ are now up. You should also see lights blinking next to the physical interface port that you just configured on the router.
Remember that the status and protocol states in a Cisco router represent different layers of the OSI network model. The status state represents layer 1, while the protocol state represents layer 2. This is why the console shows two different status prompts after running the ‘no shutdown’ command.
We covered a lot of information in this article! Consider this guide a rough tutorial on assigning an IP address to a Cisco router. Still, we did not cover other important topics like what a subnet is or how to secure a router. If you would like to learn more, consider our CCNA training .
Though assigning an IP address to a Cisco router is easy, it is also very routine. Furthermore, this is a function that you will perform a lot as a network admin. So, let’s go over how to assign an IP address to a Cisco router with a short and sweet tl;dr instruction set.
Verify the interface status with the ‘show IP interface brief’ command.
After verifying all interfaces are down, enter global configuration mode with the ‘configure terminal’ command.’
Select the interface you want to configure with the ‘interface’ command followed by the interface name.
Assign an IP address to that interface with the ‘ip address’ command followed by the IP address and the subnet mask for that interface.
Run the ‘show IP interface brief’ command again to verify the IP address has been assigned to the network interface.
Run the ‘no shutdown’ command to enable that interface.
That’s it! Keep these instructions handy until they become second nature. Businesses use static IP addresses for all sorts of things, but above all else, they use static IP addresses to keep networks from breaking or requiring additional maintenance. Understanding how to assign an IP address to a Cisco router is vital for any network admin.
- Product Product
- Browse training
- All courses
- Certification training
- New training
- Solutions Solutions
- All Solutions
- Resources Resources
- Learner stories
- Why e-learning?
- Customer reviews
- Ultimate Cert Guides
- Company Company
- Become a Trainer
- Transparency in Coverage
- Support Support
- Help Center
How to Assign an IP Address to Cisco Router Interface in GNS3
In this article, we will examine how to assign an IP to the FastEthernet, GigabitEthernet or Serial interfaces of a Router or Switch running on a graphical network simulator.
How to Configure an IP Address to Cisco Router
After configuring an IP address to a Router or Switch, you must turn on the corresponding port with no shutdown command.
To assign the IP address and subnet mask, the interface “ Interface + Port No ” command is used to switch to the corresponding port.
Now open the CLI prompt of a Router that you added to GNS3 and follow the instructions below to configure the FastEthernet0/0 interface, for example.
The basic logic of the above command;
If you want to display other commands under the IP address command, execute “ ip address ? ” command.
Depending on your network topology, the port numbers of the router’s interfaces may vary.
How to Change Router IP Address ⇒ Video
You can watch the video below to assign an IP to the interfaces of Cisco Routers on your network or change existing addresses, and you can also subscribe to our YouTube channel to support us!
Setting an IP address to a Cisco network device is very simple. In our later articles, we will cover more detailed the Cisco commands. Thanks for following us!
♦ Cisco Hostname ♦ Cisco Interface ♦ Cisco Boot Time ♦ GNS3 IOS ♦ What Does GNS3 Do
Hi, I'm Tolga, a computer expert with 20 years of experience. I help fix computer issues with things like hardware, systems, networks, virtualization, servers, and operating systems. Check out my website for helpful info, and feel free to ask me anything. Keep yourself in the loop about the newest technologies!
Your email address will not be published. Required fields are marked *
Email Address: *
Save my name, email, and website in this browser for the next time I comment.
How to Configure a Cisco Router for Internet Access (step by step)
March 6, 2022
Are you looking to configure a Cisco router for Internet access for the first time? Yes? Great! This post is for you then.
I am going to show you step-by-step a quick and easy way to configure a Cisco IOS router to provide Internet connectivity securely. After putting together a network design diagram , we’re going to execute the following tasks:
Table of Contents
- Configure router interfaces
- Configure the built-in DHCP Server
- Configure Network Address Translation (NAT)
Configure Zone-Based Firewall
At the end of this post, your router should be ready to allow your users to access the Internet.
Are you ready? Let’s go.
Network Design Diagram
The first thing you need to do is to create a basic diagram to lay out all the IP addresses (private and public), physical interfaces (internal and external), and features you want to be turned on. Having a visual of your final network will make it easier for you to carry out the staging, testing, and implementation of your Internet router.
So we have the following information:
- ISP-facing interface: GigabitEthernet 0/0 (or Gi0/0)
- External/Public IP subnet: 126.96.36.199 255.255.255.252
- IP address assigned to the Internet Service Provider (ISP) end: 188.8.131.52
- IP address assigned to you (the customer): 184.108.40.206
- User-facing interface: GigabitEthernet 0/1 (or Gi0/1)
- Internal/Private IP subnet: 172.16.10.0 /24
- IP address assigned to the router: 172.16.10.1
Let’s now configure these IP addresses on the router’s interfaces.
Configure Router Interfaces
Your ISP should provide you with an Ethernet connection to their router. This line, however, could provide IP addresses dynamically via DHCP or statically (manually configured on the router).
In case the ISP’s line provides IP addresses dynamically, I’m going to give you the commands to allow your router to request and receive its public IP address from the ISP. Remember, the provider’s end has to be configured to provide an IP address with the DHCP protocol, which is the protocol used to assign IP addresses.
In our case, the ISP gave you the IP address you need to assign to your router’s ISP-facing interface. I like to use Gi0/0 to connect the ISP’s Ethernet line. Here are the commands to configure an IP address on your Cisco router.
Now you need to tell your router that any IP packet it doesn’t have a route for, it needs to send it to the ISP. You need to configure a default route.
Make sure that your Interface is up.
You can test connectivity to your ISP by pinging the ISP’s end of Internet line connected to Gi0/0.
You can test Internet connectivity by pinging a public IP device on the Internet. For instance, you can ping one of Google’s DNS servers 220.127.116.11.
Let’s configure now your internal IP address on interface Gi0/1.
Now that your router itself has Internet connectivity, let’s configure your router to provide IP addresses to your internal devices.
Configure DHCP Server
A Dynamic Host Configuration Protocol (DHCP) server is a service built into your router that allows your router to distribute IP addresses of a previously configured pool of addresses.
In our example, the network’s internal subnet is 172.16.10.0 /24 and the router has been assigned the 172.16.10.1 IP address to its Gi0/1 interface. You can tell the router to start assigning IP addresses starting from 172.16.10.11 through 172.16.10.254.
A /24 equals to 255.255.255.0. Decimal 255 is 11111111 (eight 1s) in binary. So, 255.255.255.0 equals to 11111111.11111111.11111111.0. And that is 24 bits. That’s why 255.255.255.0 is the same as a /24.
To check your DHCP Pool settings, use the show ip dhcp pool command:
When a computer on the inside of the network comes up, that computer will request an IP address via a DHCP Request. When the router sees that request on its Gi0/1 interface, it’ll respond with an IP address from the pool of IPs you just configured. Since you excluded IPs from 172.16.10.1 through 172.16.10.10, the first available IP would be 172.16.10.11.
In addition to the IP address for the PC itself, the DHCP Reply message also contains the IP addresses of the DNS servers (18.104.22.168 and 22.214.171.124) and the default gateway (172.16.10.1) configured.
Notice that we’re using public DNS servers. Remember Internet communications happen in terms of IP addresses. When you type www.cisco.com on your browser, your computer sends a request to its DNS server assigned by DHCP, in our case is 126.96.36.199, and this server with an IP address related to www.cisco.com. Your browser then sends an HTTP request to that IP address to load the home page of www.cisco.com.
If 188.8.131.52 doesn’t respond, a request is sent to 184.108.40.206 as configured above.
A default gateway is used when your PC wants to talk to an IP address that belongs to anything outside its IP address group. For instance, your PC was assigned an IP address from a pool of IPs that starts with 172.16.10.1 through 172.16.10.254.
Your DHCP server, however, was also configured to exclude IPs from 172.16.10.1 through 172.16.10.10 for dynamic assigned. Nevertheless, all IPs from 172.16.10.1 through 172.16.10.254 belong to your group and therefore you can communicate with them directly. Anything outside of that group needs to be sent to the default gateway.
For that reason, when your computer needs to send a DNS request to 220.127.116.11, that request is sent to its default gateway, 172.16.10.1.
Use the show ip dhcp binding command to see what IP addresses have been assigned off the pool configured.
Notice that the first IP address assigned is the first IP available on the pool.
The Internet doesn’t know how to talk to any of your PCs with an IP that starts with 172.16.10. That IP subnet is considered private, not routable on the Internet. The only public IP you have on your router is the IP address assigned to your Gi0/0 interface and that is 18.104.22.168.
Network Address Translation (NAT) is another service that can be activated on your router that allows your router to hide your private IP addresses behind your public IP. In other words, your router will convert any private IP range into a public IP or public range.
Simply put, anyone on the Internet won’t know that IP communications, such as browsing a web server, are coming from PCs with IPs within the 172.16.10.0 /24 private range. What the Internet will see is IP communications coming from 22.214.171.124 IP address. And this is thanks to NAT.
When you click on a link on a webpage, that click is a request to display the contents of the webpage the link is pointing to. That request leaves your PC as an IP packet sourced from the IP address of your PC and destined to the IP address of the web server that hosts that new webpage. Remember that the link is based on a name that is then resolved into an IP address by your DNS server.
To configure NAT on your router, enter the following commands:
To look at the configuration, use the show ip nat statistics command:
What we’re saying here is that all traffic sourced from any of the IP addresses that belong to the 172.16.10.0 /24 subnet that comes in Gi0/1, goes out Gi0/0, and is directed to ANY IP, replace that source IP of 172.16.10.X with the IP address configured on Gi0/0 interface.
So, for the Internet, traffic is coming from 126.96.36.199 and not from 172.16.10.X. In other words, 172.16.10.X is being replaced/impersonated by 188.8.131.52.
The Inside Local IP is the original IP. The Inside Global is the NAT IP that’s impersonating the original IP. The Outside Local and Global are the destination IPs on the Internet. In this case, a ping was executed from 172.16.10.11 to 184.108.40.206. Notice that the protocol is ICMP.
Here’s the output of web access on TCP port 80 from 172.16.10.11 to 220.127.116.11.
You should know that there are other processes, such as Port Address Translation (PAT), working at the same time to keep track of all the sources and destinations IPs and their TCP ports.
To increase security and reject unauthorized traffic coming from the Internet, you can make use of the Cisco IOS Firewall. Let’s take a look.
The IOS firewall, or Zone-Based Firewall, requires the Security License on your router, so make sure you have it.
When configuring this firewall, you’re going to create two zones: the Protected Zone (internal network) and the Untrusted Zone (Internet).
This firewall will keep track of all TCP, UDP, and ICMP conversations initiated from the inside of your network that pass through the router and to the Internet. Notice that I mentioned, “initiated from the inside.”
Return traffic will then be expected by the router and allowed through towards the internal PCs that requested the traffic initially.
Any traffic initiated from the Internet will be denied!
Here’s the list of configuration commands you need to configure the Zone-Based Firewall:
So, here are the steps:
- You create the security zones.
- You create class-maps to define what traffic you want the IOS firewall to look at – in our case TCP, UDP, and ICMP.
- You create a policy-map that will “inspect” the traffic defined by the class-map – in other words, inspect TCP, UDP, and ICMP conversations.
- To this zone-pair, you attach the policy-map created to activate traffic inspection.
- You define what interfaces belong to the source and destination zones.
Remember that inspection enables the router to keep track of all the conversation details such as source and destination TCP and UDP ports as well as ICMP traffic.
Here’s a list of show commands for verifications:
At this point, all your users should be able to browse the Internet. All traffic initiated from the Internet will be denied by the firewall. All traffic that comes back from the Internet as a result of requests coming from internal users will be allowed through the firewall.
LOOKING FOR Certification Guides & Practice Tests?
Online Learning Platform for Network Engineers
(formerly Safari Books Online )
In this post, we covered the step-by-step design and configuration of a Cisco IOS router to allow Internet access. So, at this point, your router should allow your users Internet access with the protection of Cisco’s Zone-Based Firewall.
I hope this post was informative for you.
ABOUT THE AUTHOR
Alirio Zavarce, CCIE #28672, is a seasoned enterprise route-switch consultant with 30 years of experience with data networks. Alirio started this networking blog to help his peers become better network engineers and share all his everyday experiences and troubleshooting tips. More about me...
If Alirio had to prepare to take it again, here's what he would do to pass the CCIE lab .
6 thoughts on “How to Configure a Cisco Router for Internet Access (step by step)”
I’ve tried to test your solution on PT 8.2. The part that i have a problem is the ISP configuration. Which PT device is used for this object ? How can i assigne my ISP address in this device ? Can you give more explaination of this point.
Hi Philippe. I’m not sure I understand your question. Could you please elaborate a little bit more?
Very interesting and complete explanation how to configure cisco router as a firewall. All works fine! Thanks a lot!
I’m glad it helped. Thanks for your feedback.
great thanks for you Mr
You’re very welcome!
Leave a Comment Cancel reply
Save my name, email, and website in this browser for the next time I comment.
- 90% Refund @Courses
- Trending Now
- Data Structures & Algorithms
- Foundational Courses
- Data Science
- Practice Problem
- Machine Learning
- System Design
- DevOps Tutorial
- Web Development
- Web Browser
- DSA to Development
- CCNA Tutorial for Beginners
Basics of Computer Networking
- Network and Communication
- LAN Full Form
- What is OSI Model? - Layers of OSI Model
- TCP/IP Model
- How Data Encapsulation & De-encapsulation Works?
Components of Computer Networking
- NIC Full Form
- What is a network switch, and how does it work?
- What is Network Hub and How it Works?
- Introduction of a Router
- Types of Ethernet Cable
- Transport Layer responsibilities
- Introduction of Ports in Computers
- What is Transmission Control Protocol (TCP)?
- TCP 3-Way Handshake Process
- User Datagram Protocol (UDP)
- Introduction and IPv4 Datagram Header
- Difference between Unicast, Broadcast and Multicast in Computer Network
- Structure and Types of IP Address
- What is IPv4?
- Role of Subnet Mask
- Introduction of Classful IP Addressing
- Introduction To Subnetting
- Classless Inter Domain Routing (CIDR)
- Introduction of Variable Length Subnet Mask (VLSM)
- Private IP Addresses in Networking
Data Link Layer
- What is Ethernet?
- What is MAC Address?
- What is an IP Address?
- Ethernet Frame Format
- What is Power Over Ethernet (POE)?
Cisco Networking Devices
- Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways and Brouter)
- Collision Detection in CSMA/CD
- Collision Domain and Broadcast Domain in Computer Network
- Difference between layer-2 and layer-3 switches
Life of a Packet
- Working of Domain Name System (DNS) Server
- Configuring DHCP and Web Server in Cisco Packet Tracer
- How Address Resolution Protocol (ARP) works?
Router and Switch Basic Configuration
- Cisco Router basic commands
Configure IP Address for Interface in Cisco Switches
- Transmission Modes in Computer Networks (Simplex, Half-Duplex and Full-Duplex)
- Link Layer Discovery Protocol (LLDP)
- What is Cisco Discovery Protocol (CDP)?
Cisco Device Management
- What are the different memories used in a CISCO router?
- Router Boot Sequence
- Recovering password in Cisco Routers
- Catalyst Switch Password Reset in Cisco
- Process of Backing Up and Restoring the Cisco IOS
- File Transfer Protocol (FTP)
- Difference between FTP and TFTP
- Backing up Cisco IOS Router image
- Steps Involves in Cisco Router Configuration Backups
Basic Network Trouble shooting
- Troubleshooting Questions on OS and Networking asked in Cloud based Interview
- Internet Control Message Protocol (ICMP)
- What is Ping?
- traceroute command in Linux with Examples
- What is IP Routing?
- Routing Tables in Computer Network
- Difference between Static and Dynamic Routing
- What is Floating Static Route ?
- How to Add a Static Route to Windows Routing Table?
Dynamic Routing Protocols
- Routing Protocol Code
- Difference between IGRP and BGP
- Administrative Distance (AD) and Autonomous System (AS)
- Configuring a Loopback Interface in Cisco
- What is a Loopback Address?
- What is Passive-Interface Command Behavior in RIP, EIGRP & OSPF?
Interior Gateway Protocols
- Routing Information Protocol (RIP)
- Configuring RIP Default Information Originate in Cisco
- Configuring RIP Versions 1 and 2 in Cisco
- EIGRP fundamentals
- Features of Enhanced Interior Gateway Routing Protocol (EIGRP)
- Types of EIGRP Packet in Computer Network
- How to Configure EIGRP Summarization in Cisco?
Open Shortest Path First(OSPF)
- Open shortest path first (OSPF) router roles and configuration
- Difference between EIGRP and OSPF
- Bandwidth Allocation Control Protocol (BACP)
- Open shortest path first (OSPF) - Set 2
- OSPF Implementation
- Explain OSPF DR/BDR Election?
- Configuring OSPF Passive Interface in Cisco
- Configuring OSPF Default Route Propagation
- Configuring OSPF Maximum Paths
- Configuring OSPF Route Summarization in Cisco
- Configuring OSPF Network Types in Cisco
Virtual Local Area Network(VLAN)
- Three-Layer Hierarchical Model in Cisco
- 2 - Tier And 3 - Tier Architecture in Networking
- Spine-Leaf Architecture
- Virtual LAN (VLAN)
- Configuring and Verifying VLANs in Cisco
- Access and Trunk Ports
- What is ISL(Inter-Switch Link)?
- Inter-Switch Link (ISL) and IEEE 802.1Q
- Access Ports (Data and Voice) in CCNA
- Dynamic Trunking Protocol (DTP)
- VLAN Trunking Protocol (VTP)
- What are the VTP Modes?
Inter-V LAN Routing
- Inter VLAN Routing by Layer 3 Switch
- Configuration of Router on a stick
Dynamic Host Control Protocol(DHCP)
- Difference between DNS and DHCP
- How to Configure DHCP Server on a Cisco Router?
- DHCP Relay Agent in Computer Network
- What is APIPA (Automatic Private IP Addressing)?
Hot Standby Routing Protocol(HSRP)
- Redundant Link problems in Computer Network
- Firsthop Redundancy Protocol
- Hot Standby Router Protocol (HSRP)
Spanning Tree Protocol(STP)
- Introduction of Spanning Tree Protocol (STP)
- What is Bridge in Computer Network - Types, Uses, Functions & Differences
- Working of Spanning Tree Protocol (STP)
- Root Bridge Election in Spanning Tree Protocol
- How Spanning Tree Protocol (STP) Select Designated Port?
- Types of Spanning Tree Protocol (STP)
- Rapid Spanning Tree Protocol
- Configuring Spanning Tree Protocol Portfast
- EtherChannel in Computer Network
- Configure, Verify and Troubleshoot (Layer 2/Layer 3) EtherChannel
- Link Aggregation Control Protocol
- DHCP Snooping
- Wireless Security | Set 1
- Port Security in Computer Network
- Configuring Port Security on Cisco IOS Switch
Access Control List(ACL)
- Standard Access-List
- Static NAT Configuration in Cisco
- Dynamic NAT Configuration in Cisco
- Extended Access-List
- Reflexive Access-List
IPv6 Addressing and Routing
- What is IPv6?
- Internet Protocol version 6 (IPv6)
- IPv6 EUI-64 (Extended Unique Identifier)
- Differences between IPv4 and IPv6
- Global Unicast Address in CCNA
- Link Local Address
- What is IPv6 Address Planning?
- How to Configure IPv6 on CISCO Router?
- What is IPv6 Stateless Address Autoconfiguration ?
- RPL (IPv6 Routing protocol)
Wide Area Network
- WAN Full Form
- What is VPN & How It Works?
- Overview of Wireless Wide Area Network (WWAN)
- Multi Protocol Label Switching (MPLS)
- Point-to-Point Protocol (PPP) Suite
- Types of Cyber Attacks
- Types of Network Firewall
- Introduction of Firewall in Computer Network
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- Difference Between Symmetric and Asymmetric Key Encryption
- HTTP Full Form
- Explain the Working of HTTPS
- What is Attack Mitigation?
Network Device Security
- TELNET and SSH in Cisco devices
- How to configure SSH Client in Linux ?
- AAA (Authentication, Authorization and Accounting) configuration (locally)
- RADIUS Protocol
- TACACS+ Protocol
- Network Time Protocol (NTP)
- Configure and Verify NTP Operating in Client and Server Mode
Network Device Management
- What is Syslog server and its working ?
- Command-Line Tools and Utilities For Network Management in Linux
- Simple Network Management Protocol (SNMP)
- Overview of SNMPv3
- Wired and Wireless Networking
- What is a Wireless Access Point?
- Cisco Wireless Architecture and AP Modes
- Physical Infrastructure Connections of WLAN Components
- WiFi and its Amendments
- Types of Wireless Security Encryption
To configure an IP Address on a switch interface, first, we must change the interface from a layer 2 interface to a layer 3 interface. A point to note is that to provide an IP Address to a switch interface, the switch first must be a Multilayer Switch and all ports of an MLS is layer 2 by default. There are two ways to configure an IP address to a switch interface that is given below:
Consider a Multilayer Switch:
First, we need to check whether an interface is a layer 2 port or a layer 3 port.
Switch port: Enabled means that the port is currently a layer 2 port. To change the interface from a layer 2 switch to a layer 3 switch:
Providing IP address to an interface:
Checking if an IP address has been provided to the interface
Consider this topology:
First, we again make the fa0/1 port of Switch0 a layer 3 port.
Then we provide interface Fa0/0 and configure a DHCP pool for the network 192.168.1.0/24 on router0.
Checking DHCP pool status:
After that, we go to Switch’s interface fa0/1 and execute the command:
Simulation of the DORA Process:
Whether you're preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, GeeksforGeeks Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we've already empowered, and we're here to do the same for you. Don't miss out - check it out now !
Looking for a place to share your ideas, learn, and connect? Our Community portal is just the spot! Come join us and see what all the buzz is about!
Please Login to comment...
- CCNA IP Addressing
- Top 12 AI Testing Tools for Test Automation in 2024
- 7 Best ChatGPT Plugins for Converting PDF to Editable Formats
- Microsoft is bringing Linux's Sudo command to Windows 11
- 10 Best AI Voice Cloning Tools to be Used in 2024 [Free + Paid]
- 10 Best IPTV Service Provider Subscriptions
Improve your Coding Skills with Practice
What kind of Experience do you want to share?
- Create Post
- Create Chapter Note
- Create Note for Selection
- View All Notes
- Show All Notes on Page
- Hide All Notes on Page
- Print with Notes
- Share on Facebook
- Share on Twitter
- Email a Link
- Copy Link to Clipboard
- Cisco Catalyst 3560-E Series Switches
Published On: August 6ᵗʰ, 2019 02:02
Catalyst 3750-E and 3560-E Switch Software Configuration Guide, 12.2(35)SE2
Assigning the switch ip address and default gateway.
This chapter describes how to create the initial switch configuration (for example, assigning the IP address and default gateway information) by using a variety of automatic and manual methods. It also describes how to modify the switch startup configuration. Unless otherwise noted, the term switch refers to a Catalyst 3750-E or 3560-E standalone switch and to a Catalyst 3750-E switch stack.
This chapter consists of these sections:
Understanding the Boot Process
To start your switch, you need to follow the procedures in the hardware installation guide for installing and powering on the switch and setting up the initial switch configuration (IP address, subnet mask, default gateway, secret and Telnet passwords, and so forth).
The normal boot process involves the operation of the boot loader software, which performs these activities:
The boot loader provides access to the flash file system before the operating system is loaded. Normally, the boot loader is used only to load, uncompress, and start the operating system. After the boot loader gives the operating system control of the CPU, the boot loader is not active until the next system reset or power-on.
The boot loader also provides trap-door access into the system if the operating system has problems serious enough that it cannot be used. The trap-door mechanism provides enough access to the system so that if it is necessary, you can format the flash file system, reinstall the operating system software image by using the Xmodem Protocol, recover from a lost or forgotten password, and finally restart the operating system. For more information, see the "Recovering from a Software Failure" section on page 43-2 and the "Recovering from a Lost or Forgotten Password" section on page 43-3 .
Before you can assign switch information, make sure you have connected a PC or terminal to the console port or a PC to the Ethernet management port, and make sure you have configured the PC or terminal-emulation software baud rate and character format to match these of the switch console port:
Assigning Switch Information
You can assign IP information through the switch setup program, through a DHCP server, or manually.
Use the switch setup program if you want to be prompted for specific IP information. With this program, you can also configure a hostname and an enable secret password. It gives you the option of assigning a Telnet password (to provide security during remote management) and configuring your switch as a command or member switch of a cluster or as a standalone switch. For more information about the setup program, see the hardware installation guide.
The switch stack is managed through a single IP address. The IP address is a system-level setting and is not specific to the stack master or to any other stack member. You can still manage the stack through the same IP address even if you remove the stack master or any other stack member from the stack, provided there is IP connectivity.
Use a DHCP server for centralized control and automatic assignment of IP information after the server is configured.
If you are an experienced user familiar with the switch configuration steps, manually configure the switch. Otherwise, use the setup program described previously.
These sections contain this configuration information:
Default Switch Information
Table 3-1 shows the default switch information.
Table 3-1 Default Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP provides configuration information to Internet hosts and internetworking devices. This protocol consists of two components: one for delivering configuration parameters from a DHCP server to a device and a mechanism for allocating network addresses to devices. DHCP is built on a client-server model, in which designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices. The switch can act as both a DHCP client and a DHCP server.
During DHCP-based autoconfiguration, your switch (DHCP client) is automatically configured at startup with IP address information and a configuration file.
With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch. However, you need to configure the DHCP server for various lease options associated with IP addresses. If you are using DHCP to relay the configuration file location on the network, you might also need to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server.
The DHCP server for your switch can be on the same LAN or on a different LAN than the switch. If the DHCP server is running on a different LAN, you should configure a DHCP relay device between your switch and the DHCP server. A relay device forwards broadcast traffic between two directly connected LANs. A router does not forward broadcast packets, but it forwards packets based on the destination IP address in the received packet.
DHCP-based autoconfiguration replaces the BOOTP client functionality on your switch.
DHCP Client Request Process
When you boot your switch, the DHCP client is invoked and requests configuration information from a DHCP server when the configuration file is not present on the switch. If the configuration file is present and the configuration includes the ip address dhcp interface configuration command on specific routed interfaces, the DHCP client is invoked and requests the IP address information for those interfaces.
Figure 3-1 shows the sequence of messages that are exchanged between the DHCP client and the DHCP server.
Figure 3-1 DHCP Client and Server Message Exchange
The client, Switch A, broadcasts a DHCPDISCOVER message to locate a DHCP server. The DHCP server offers configuration parameters (such as an IP address, subnet mask, gateway IP address, DNS IP address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message.
In a DHCPREQUEST broadcast message, the client returns a formal request for the offered configuration information to the DHCP server. The formal request is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. With this message, the client and server are bound, and the client uses configuration information received from the server. The amount of information the switch receives depends on how you configure the DHCP server. For more information, see the "Configuring the TFTP Server" section .
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server.
The DHCP server sends the client a DHCPNAK denial broadcast message, which means that the offered configuration parameters have not been assigned, that an error has occurred during the negotiation of the parameters, or that the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client).
A DHCP client might receive offers from multiple DHCP or BOOTP servers and can accept any of the offers; however, the client usually accepts the first offer it receives. The offer from the DHCP server is not a guarantee that the IP address is allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address. If the switch accepts replies from a BOOTP server and configures itself, the switch broadcasts, instead of unicasts, TFTP requests to obtain the switch configuration file.
Configuring DHCP-Based Autoconfiguration
If your DHCP server is a Cisco device, see the "Configuring DHCP" section of the "IP Addressing and Services" section of the Cisco IOS IP Configuration Guide, Release 12.2 for additional information about configuring DHCP.
DHCP Server Configuration Guidelines
Follow these guidelines if you are configuring a device as a DHCP server:
You should configure the DHCP server with reserved leases that are bound to each switch by the switch hardware address.
If you want the switch to receive IP address information, you must configure the DHCP server with these lease options:
If you want the switch to receive the configuration file from a TFTP server, you must configure the DHCP server with these lease options:
Depending on the settings of the DHCP server, the switch can receive IP address information, the configuration file, or both.
If you do not configure the DHCP server with the lease options described previously, it replies to client requests with only those parameters that are configured. If the IP address and the subnet mask are not in the reply, the switch is not configured. If the router IP address or the TFTP server name are not found, the switch might send broadcast, instead of unicast, TFTP requests. Unavailability of other lease options does not affect autoconfiguration.
Configuring the TFTP Server
Based on the DHCP server configuration, the switch attempts to download one or more configuration files from the TFTP server. If you configured the DHCP server to respond to the switch with all the options required for IP connectivity to the TFTP server, and if you configured the DHCP server with a TFTP server name, address, and configuration filename, the switch attempts to download the specified configuration file from the specified TFTP server.
If you did not specify the configuration filename, the TFTP server, or if the configuration file could not be downloaded, the switch attempts to download a configuration file by using various combinations of filenames and TFTP server addresses. The files include the specified configuration filename (if any) and these files: network-config, cisconet.cfg, hostname .config, or hostname .cfg, where hostname is the switch's current hostname. The TFTP server addresses used include the specified TFTP server address (if any) and the broadcast address (255.255.255.255).
For the switch to successfully download a configuration file, the TFTP server must contain one or more configuration files in its base directory. The files can include these files:
If you specify the TFTP server name in the DHCP server-lease database, you must also configure the TFTP server name-to-IP-address mapping in the DNS-server database.
If the TFTP server to be used is on a different LAN from the switch, or if it is to be accessed by the switch through the broadcast address (which occurs if the DHCP server response does not contain all the required information described previously), a relay must be configured to forward the TFTP packets to the TFTP server. For more information, see the "Configuring the Relay Device" section . The preferred solution is to configure the DHCP server with all the required information.
Configuring the DNS
The DHCP server uses the DNS server to resolve the TFTP server name to an IP address. You must configure the TFTP server name-to-IP address map on the DNS server. The TFTP server contains the configuration files for the switch.
You can configure the IP addresses of the DNS servers in the lease database of the DHCP server from where the DHCP replies will retrieve them. You can enter up to two DNS server IP addresses in the lease database.
The DNS server can be on the same or on a different LAN as the switch. If it is on a different LAN, the switch must be able to access it through a router.
Configuring the Relay Device
You must configure a relay device, also referred to as a relay agent , when a switch sends broadcast packets that require a response from a host on a different LAN. Examples of broadcast packets that the switch might send are DHCP, DNS, and in some cases, TFTP packets. You must configure this relay device to forward received broadcast packets on an interface to the destination host.
If the relay device is a Cisco router, enable IP routing ( ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
For example, in Figure 3-2 , configure the router interfaces as follows:
On interface 10.0.0.2:
On interface 18.104.22.168
Figure 3-2 Relay Device Used in Autoconfiguration
Obtaining Configuration Files
Depending on the availability of the IP address and the configuration filename in the DHCP reserved lease, the switch obtains its configuration information in these ways:
The switch receives its IP address, subnet mask, TFTP server address, and the configuration filename from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve the named configuration file from the base directory of the server and upon receipt, it completes its boot-up process.
The switch receives its IP address, subnet mask, and the configuration filename from the DHCP server. The switch sends a broadcast message to a TFTP server to retrieve the named configuration file from the base directory of the server, and upon receipt, it completes its boot-up process.
The switch receives its IP address, subnet mask, and the TFTP server address from the DHCP server. The switch sends a unicast message to the TFTP server to retrieve the network-confg or cisconet.cfg default configuration file. (If the network-confg file cannot be read, the switch reads the cisconet.cfg file.)
The default configuration file contains the hostnames-to-IP-address mapping for the switch. The switch fills its host table with the information in the file and obtains its hostname. If the hostname is not found in the file, the switch uses the hostname in the DHCP reply. If the hostname is not specified in the DHCP reply, the switch uses the default Switch as its hostname.
After obtaining its hostname from the default configuration file or the DHCP reply, the switch reads the configuration file that has the same name as its hostname ( hostname -confg or hostname .cfg, depending on whether network-confg or cisconet.cfg was read earlier) from the TFTP server. If the cisconet.cfg file is read, the filename of the host is truncated to eight characters.
If the switch cannot read the network-confg, cisconet.cfg, or the hostname file, it reads the router-confg file. If the switch cannot read the router-confg file, it reads the ciscortr.cfg file.
Figure 3-3 shows a sample network for retrieving IP information by using DHCP-based autoconfiguration.
Figure 3-3 DHCP-Based Autoconfiguration Network Example
Table 3-2 shows the configuration of the reserved leases on the DHCP server.
Table 3-2 DHCP Server Configuration
DNS Server Configuration
The DNS server maps the TFTP server name tftpserver to IP address 10.0.0.3.
TFTP Server Configuration (on UNIX)
The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method. This file contains the hostname to be assigned to the switch based on its IP address. The base directory also contains a configuration file for each switch ( switcha-confg , switchb-confg , and so forth) as shown in this display:
DHCP Client Configuration
No configuration file is present on Switch A through Switch D.
In Figure 3-3 , Switch A reads its configuration file as follows:
Switches B through D retrieve their configuration files and IP addresses in the same way.
Manually Assigning IP Information
Beginning in privileged EXEC mode, follow these steps to manually assign IP information to multiple switched virtual interfaces (SVIs):
To remove the switch IP address, use the no ip address interface configuration command. If you are removing the address through a Telnet session, your connection to the switch will be lost. To remove the default gateway address, use the no ip default-gateway global configuration command.
For information on setting the switch system name, protecting access to privileged EXEC commands, and setting time and calendar services, see "Administering the Switch."
Checking and Saving the Running Configuration
You can check the configuration settings you entered or changes you made by entering this privileged EXEC command:
To store the configuration or changes you have made to your startup configuration in flash memory, enter this privileged EXEC command:
This command saves the configuration settings that you made. If you fail to do this, your configuration will be lost the next time you reload the system. To display information stored in the NVRAM section of flash memory, use the show startup-config or more startup-config privileged EXEC command.
For more information about alternative locations from which to copy the configuration file, see "Working with the Cisco IOS File System, Configuration Files, and Software Images."
Modifying the Startup Configuration
These sections describe how to modify the switch startup configuration:
See also "Working with the Cisco IOS File System, Configuration Files, and Software Images," for information about switch configuration files. See the "Switch Stack Configuration Files" section on page 5-15 for information about switch stack configuration files.
Default Boot Configuration
Table 3-3 shows the default boot configuration.
Table 3-3 Default Boot Configuration
Automatically Downloading a Configuration File
You can automatically download a configuration file to your switch by using the DHCP-based autoconfiguration feature. For more information, see the "Understanding DHCP-Based Autoconfiguration" section .
Specifying the Filename to Read and Write the System Configuration
By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Beginning in privileged EXEC mode, follow these steps to specify a different configuration filename:
To return to the default setting, use the no boot config-file global configuration command.
By default, the switch automatically boots; however, you can configure it to manually boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to manually boot during the next boot cycle:
To disable manual booting, use the no boot manual global configuration command.
Booting a Specific Software Image
By default, the switch attempts to automatically boot the system using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable image it can by performing a recursive, depth-first search throughout the flash file system. In a depth-first search of a directory, each encountered subdirectory is completely searched before continuing the search in the original directory. However, you can specify a specific image to boot.
Beginning in privileged EXEC mode, follow these steps to configure the switch to boot a specific image during the next boot cycle:
To return to the default setting, use the no boot system global configuration command.
Controlling Environment Variables
With a normally operating switch, you enter the boot loader mode only through a switch console connection configured for 9600 bps. Unplug the switch power cord, and press the switch Mode button while reconnecting the power cord. You can release the Mode button a second or two after the LED above port 1 turns off. Then the boot loader switch: prompt appears.
The switch boot loader software provides support for nonvolatile environment variables, which can be used to control how the boot loader, or any other software running on the system, behaves. Boot loader environment variables are similar to environment variables that can be set on UNIX or DOS systems.
Environment variables that have values are stored in flash memory outside of the flash file system.
Each line in these files contains an environment variable name and an equal sign followed by the value of the variable. A variable has no value if it is not listed in this file; it has a value if it is listed in the file even if the value is a null string. A variable that is set to a null string (for example, " ") is a variable with a value. Many environment variables are predefined and have default values.
Environment variables store two kinds of data:
You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
Table 3-4 describes the function of the most common environment variables.
Table 3-4 Environment Variables
When the switch is connected to a PC through the Ethernet management port, you can download or upload a configuration file to the boot loader by using TFTP. Make sure the environment variables in Table 3-5 are configured.
Table 3-5 Environment Variables for TFTP
Scheduling a Reload of the Software Image
You can schedule a reload of the software image to occur on the switch at a later time (for example, late at night or during the weekend when the switch is used less), or you can synchronize a reload network-wide (for example, to perform a software upgrade on all switches in the network).
Configuring a Scheduled Reload
To configure your switch to reload the software image at a later time, use one of these commands in privileged EXEC mode:
This command schedules a reload of the software to take affect in the specified minutes or hours and minutes. The reload must take place within approximately 24 days. You can specify the reason for the reload in a string up to 255 characters in length.
To reload a specific switch in a switch stack, use the reload slot stack-member-number privileged EXEC command.
This command schedules a reload of the software to take place at the specified time (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date. If you do not specify the month and day, the reload takes place at the specified time on the current day (if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight.
The reload command halts the system. If the system is not set to manually boot, it reboots itself. Use the reload command after you save the switch configuration information to the startup configuration ( copy running-config startup-config ).
If your switch is configured for manual booting, do not reload it from a virtual terminal. This restriction prevents the switch from entering the boot loader mode and thereby taking it from the remote user's control.
If you modify your configuration file, the switch prompts you to save the configuration before reloading. During the save operation, the system requests whether you want to proceed with the save if the CONFIG_FILE environment variable points to a startup configuration file that no longer exists. If you proceed in this situation, the system enters setup mode upon reload.
This example shows how to reload the software on the switch on the current day at 7:30 p.m:
This example shows how to reload the software on the switch at a future time:
To cancel a previously scheduled reload, use the reload cancel privileged EXEC command.
Displaying Scheduled Reload Information
To display information about a previously scheduled reload or to find out if a reload has been scheduled on the switch, use the show reload privileged EXEC command.
It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled).
Welcome to the custom book wizard. Using this tool you can create books containing a custom selection of content. To get started, enter a name for the book or select an existing book to add to.
Select the topics and posts that you would like to add to your book.
Preview your selected content before you download or save to your dashboard.
PDF View with Adobe Reader on a variety of devices.
ePub View in various apps on iPhone, iPad, Android, Sony Reader or Windows devices.
Mobi View on Kindle device or Kindle app on multiple devices.
Save to Dashboard
Save the custom book to your dashboard for future downloads.
Your contact details will be kept confidential and will not be shared outside Cisco. If we need additional information regarding your feedback, we will contact you at this email address.
Content library - -.
Click on the file types below to dowload the content in that format.