Thus far in this chapter, we've dealt with configuring routers by hand. Cisco embeds a configuration tool with each of its routers. The most current incarnation of this tool is its Security Device Manager (SDM). It is a Web-based GUI that helps simplify router configuration and deployment. Different router models may have different built-in configuration tools, but they offer the same basic functionality. Flip back to Chapter 3 for more information on router setup using the HTTP Server User Interface.
In addition to the embedded configuration tool, Cisco makes two software applications to serve as tools:
ConfigMaker A midrange tool that runs on Windows. It's used for configuring Ethernet LANs as well as WAN connectivity, targeted for use by reasonably proficient network managers or consultants.
Fast Step An older, low-end tool that runs on Windows. It is used to configure and install small Cisco routers and access servers, targeted for use by less-sophisticated users.
We'll quickly run through configuring a router using each tool. In doing this, we'll cover some router configuration concepts not discussed during the setup procedure.
Both tools use a graphical user interface to assist with the task of getting routers up and running. Neither tool addresses large or complex internetworking problems. A separate product called NetSys Baseliner is used for enterprise internetwork modeling and management. ConfigMaker and Fast Step are meant for use by intermediates and beginners only.
ConfigMaker is a Microsoft Windows–based tool used to design and configure small networks. It works both for LAN configurations and WAN connectivity, with support for a wide range of Cisco devices and protocols. ConfigMaker provides a clean and intuitive desktop work environment that strikes a good balance between ease of use and functionality. But it isn't intended for power users, since it has no support for high-end devices such as Cisco 7000 Series routers or high-end switches. Nor does ConfigMaker support the Token Ring LAN protocol or any router utilizing a version of IOS prior to 11.2.
ConfigMaker runs on Windows 98, Windows Me, Windows 2000, Windows XP, or Windows NT 4.0 with at least Service Pack 3. Cisco makes it available at no charge. To try it out, download a copy from Cisco's Web site at http://www.cisco.com/public/sw-center/sw-netmgmt.shtml.
For the growing number of technical staff in smalland medium-sized enterprises who want to handle their own network configurations, ConfigMaker is probably the solution-as long as their networks are made up of all or nearly all Cisco devices.
At the center of ConfigMaker's desktop is a network diagram area into which network "objects" are placed, configured, and linked together. At the outset, the network diagram area is empty, like a sheet of drafting paper before the first line is drawn. The network diagram area is surrounded by three windows, each put there to help you build a network through to completion:
Device Window Source for devices to drag into Network Diagram; located in the upper-left pane.
Connections Window Source for wide area network connections to drag into Network Diagram; located in the lower-left pane.
Cisco ConfigMaker Checklist of the chronological steps that must be completed in network configuration, located in the rightmost pane.
The first step is to drag devices from the Device window onto the Network Diagram area. It's a simple proposition; just choose whatever devices are to be part of the network: routers, hubs, LAN cables, and so on. As each device is put into the diagram, ConfigMaker prompts for settings needed to make it functional. The prompt routines are similar to the Add New Hardware routine in Microsoft Windows Control Panel.
Once the devices have been put into the diagram, it's time to connect them into a network. This is done by dragging one or more connections into the diagram from the Connections window. To connect a device to the network, first click the connection and then the device to be connected. Figure 4-9 shows the ConfigMaker desktop with the beginnings of an Ethernet network displayed in the network diagram area, with two Cisco routers connected to an Ethernet LAN. The user keeps adding devices and connections until the entire network is depicted in the diagram.
Figure 4-9: A look at the ConfigMaker desktop
Building a network through this graphical interface is great for conceptualizing network topology, but ConfigMaker is more than merely a network-diagramming program. Every item put into the diagram drawn in the Device window has intelligence behind it. As each network object (device or network connection) is put in, ConfigMaker asks for line item details, such as settings, names, and so on. This information is stored in a database hidden behind the diagram, and is used by ConfigMaker to check for completeness and internal consistency. ConfigMaker enforces a quality assurance methodology over the network design process, as described in the following:
As a device is added to the network, information is collected about it.
The information is checked for consistency with the rest of the database.
If an error is made, ConfigMaker prompts the user to correct it right away.
ConfigMaker's rules-based logic keeps checking the entire network for correctness as each new object (device or connection) is added.
As the perceptive beginner you are, you're probably wondering why Ethernet is in both the Device and Connections windows. If you drag the Ethernet icon from the Device window, it's defined to your diagram as a local area network segment; drag Ethernet from the Connections window, and it becomes a wide area network link. In other words, the Ethernet LAN segment-a cable or a hub box-is treated as a physical device, while the Ethernet connection logically represents an internetwork link.
To see the database kept by ConfigMaker, right-click any device and select Properties. A dialog box with multiple tabs will appear, presenting all the information known about a device. Figure 4-10, for example, shows the hardware configuration tab. The tab's left window contains all the possible modules that can be plugged into the device. The right window shows the current configuration. In this example, the Cisco 4500 is configured with one six-slot Ethernet module and a one-port T1/ISDN module. ConfigMaker has the logic to catch most configuration errors before they happen: The user is prevented from inserting a network module into an incompatible device, and a proper interface must be in a device before it can be connected to the network. Glancing at our example in Figures 4-9 and 4-10, the Cisco 4500 router was allowed to connect to the Ethernet network because it was first configured with its six-port Ethernet interface, and it could also be hooked up to a T1/ISDN connection.
Figure 4-10: A look at the ConfigMaker Properties dialog box for a Cisco 4500 router
The boxes along the bottom of the ConfigMaker screen (Figure 4-10) make up a legend of color-keyed status conditions. Table 4-7 gives a legend for the color keys. A device icon or connection line will change colors on the screen as the configuration status of the object changes.
Additional information is needed on the device or connection.
Addresses (IP addresses, submasks, and so on) are needed for the device.
The device config file is ready for delivery (or the connection has the required information).
The device config file was delivered and encountered an error.
The device config file was delivered successfully.
The Using Cisco ConfigMaker pane is a help system and checklist all in one. Located to the right of the Network Diagram, it uses wizards to guide the user through the major steps of network configuration. The Using Cisco ConfigMaker pane is divided into three parts, two of which contain wizards dedicated to a particular job:
AutoDetect Device Wizard A series of "Add New Hardware" dialog box prompts that gather necessary description and settings information for network devices.
Deliver Configurations Wizard Automatically downloads config files to devices.
Firewall Wizard Allows you to establish firewall policies and determine which LANs can access the Internet or corporate network, as well as which internal LANs can access each other.
The AutoDetect Device Wizard Using the AutoDetect Device Wizard is optional. If you use it, it will automatically sense and identify the type of hardware to be configured. AutoDetect Device is handy if you're configuring devices remotely and aren't there to physically inspect hardware components for model numbers, installed interface modules, and so on. The AutoDetect Device Wizard supports both network and virtual terminal (VTY) connections to the devices being configured.
The Firewall Wizard The Firewall Wizard is used to configure and define firewall policies. That is, it is a mechanism you can use to decide which LANs can access the Internet and, within a network, which LANs can access each other. This is a useful tool because it allows you to establish policies for each LAN in your network. Figure 4-11 shows the Firewall Wizard screen, where you can set and manage firewall policies.
Figure 4-11: The Firewall Wizard is used to configure firewalls in ConfigMaker
The Deliver Configuration Wizard The Deliver Configuration Wizard does just that: It automatically downloads config files created by ConfigMaker into the target devices. To use this, the devices must be connected (through the console port or network) to the PC on which ConfigMaker is running.
An important benefit of ConfigMaker is that users will find it hard to make mistakes. Many configuration mistakes involve wrong choices for particular devices. In ConfigMaker-which is Cisco-specific-if you try to put an incompatible device in a particular router, an error message will stop you. If you leave out something necessary, ConfigMaker will prompt you. This capacity for quality assurance not only helps avoid mistakes, but also helps keep the user up-to-date on product options (which change constantly).
Perhaps the most important benefit of ConfigMaker is that you don't need to know the Cisco IOS software command-line interface to be able to configure network devices and connections. When you need to input something, the correct choices are right there in front of you. The Windows-based GUI makes that possible. The use of Windows conventions (the "Add New Hardware" prompts, the menu bar, and so on) and color keys makes it easy to learn and use.
ConfigMaker strikes a good enough balance between capability and ease of use that both nonexperts and those with internetworking expertise can use it. It's a godsend for the uninitiated, not only for getting a network up and running, but also for learning internetworking basics.
ConfigMaker has limits, however. It's not meant for designing and managing large or complicated networks. For example, only routers up through the Cisco 4000 Series are supported, not the high-end router series, and its functionality won't let you simulate network behavior.
Cisco Fast Step is a configuration utility that ships with low-end routers and access servers. It is targeted for use by the novice network user to configure end-to-end connections between a PC and an Internet service provider (ISP) or corporate intranets. Fast Step runs on Microsoft Windows 95, 98, NT 4.0, 2000, or XP. It ships on a CD-ROM for installation on a Windows PC, and can be used two ways:
To configure the router interactively while connected to the router, either over a serial cable from its PC COM port to the router console port or through an Ethernet link
To build a configuration file for later download to the router or as a base to configure other routers (the file can be read by Fast Step's Setup Wizard)
After installing Fast Step, clicking the icon starts a sequence of dialog boxes prompting the user to input the information needed to configure and install the router. The sequence can go over a dozen dialog boxes, depending on the options taken. To help sort things out, every Fast Step screen has a Tasks window on the left side. You can see where you are in the process by finding which task is highlighted in the Task window on the left side of any Fast Step screen. As outlined in Table 4-8, Fast Step groups configuration tasks into four major steps.
Description of Tasks
Find and Connect
Provide router number; select setup mode (interactive or download); define connection type (ISP or corporate); give settings; access provider IP address and phone numbers, user name, password, and so on
Specify router name; router read-only password; and router Enable Secret password; specify the types of services (Web server, mail server, FTP server)
Specify IP address for LAN connection provided by ISP or orporate intranet
Setup and Test
Save config file to router and run; save config file for use with other routers
Fast Step starts by asking for general information about the configuration session, such as the model of the router to be configured and whether a new config file is to be created or a preconfigured file will be used.
Then more specific information is requested. Fast Step asks you to enter the PPP (Pointto-Point Protocol) user name issued to you by the ISP or your corporate intranet administrator. The PPP user name is case-sensitive, so be sure to type it exactly as it appears on the information given by your ISP or network administrator.
Next, enter your PPP password. This isn't your network login password. The PPP password is only for dial-in remote access over a router-to-router connection. Be sure that the password complies with the requirements set by your ISP or corporate network (minimum number of characters, and so on). This password is sometimes called a "PAP" or "CHAP" password and is also case-sensitive. Last, enter the central router or PPP name of the router to which you'll be connecting (not the name of the router you're configuring). PPP, CHAP, and PAP are covered in Chapter 6.
The second half of the Find and Connect step is to provide the information and settings needed to hook up the router to the Internet. To do this, Fast Step prompts for more involved parameters, such as switch type, ISDN SPIDs, and access phone numbers. (SPID stands for service provider ID, usually an ISP.)
Then things get really involved-at least by a beginner's standards. Figure 4-12 shows Fast Step prompting for IP address information.
Figure 4-12: Fast Step will prompt you for IP address information
Only one of the three options can be taken:
Don't provide any address because you don't have them yet.
Give a range of addresses provided to you by your ISP or corporate network administrator.
Give an IP network address and subnet mask.
This information is meant to identify the LAN segment the user will be connected to with an address unique to the Internet. Fast Step needs this information to make the connection. These settings are, in essence, the user's address as it is presented to the rest of the Internet (or corporate intranet community). Fast Step can automatically discover the address, but lets the user input it directly if desired.
Fast Step next asks for parameters having to do with router security and router server publishing. Figure 4-13 shows the user being prompted to give the router a name, a readonly password, and an enable password.
Figure 4-13: Fast Step prompts for a router name and administrative passwords
A number of rules apply to the names and passwords here-violate one and an error message stops you. The online help system tells the user what the rules are. These passwords apply to gaining access to the router itself for administrative purposes. Fast Step then lets the user configure one or all of four Internet services options:
Single server (both a Web server and mail server-the most common option)
Web server (a Web page but with no e-mail service)
Mail server (only Internet e-mail services)
FTP server (the ability for Internet users to download information from your site)
Internetworking pros often call these options "servers." For example, if the parameter to offer FTP downloads from the user's LAN was set to "yes," that LAN is running an FTP server. Don't be put off by this; it's just a fancy term for a service.
Finally, Fast Step prompts for the IP addresses of the wide area network to which the user's LAN is connected. These addresses, shown in Figure 4-14, identify the ISP or corporate network on the Internet.
Figure 4-14: Fast Step will prompt you for the ISP's address information last
Looking at Figures 4-12 and 4-14, we see that Fast Step wants two sets of addresses, which are used to identify two separate network segments to be involved in connecting the user's remote LAN to the Internet. This can confuse the beginner. Keep in mind here that the router will connect to the ISP/intranet by way of a point-to-point, router-torouter connection-not over some nebulous Internet IP address. The address information provided in Figure 4-13 is used to identify the router being configured using Fast Step. This router is what connects the user's LAN to the Internet. Because that LAN will presumably have more than one user operating on the Internet at any given time, Fast Step asked for a range of IP addresses-one per user (Figure 4-13). On the other hand, the remote address prompted for in Figure 4-14 will be used to identify the network segment identifying the ISP/intranet through which the user will connect.
Figure 4-15 helps sort out these addresses. The LAN local to the user (and the router being configured using Fast Step here) is usually issued a block of IP addresses. The example in Figure 4-12 has a block of 254 addresses issued for the user's internal network (10.1.13.1–10.1.13.254, inclusive).
Figure 4-15: There are three network segments involved in an intranet remote connection
The ISP or corporate intranet has an IP address to identify its network segment, and a subnet mask for that IP address-255.255.255.248-allows for up to six possible host addresses within that subnetwork.
If the scenario calls for hooking up to a corporate intranet, a third network segment comes into play: the corporation's main network segment, which is on the left side of Figure 4-15. To the user configuring the router, the internetwork cloud in the middle is the same service whether the connection is made through a private corporate network or an ISP, and the corporate network segment on the left side likely can be reached only by passing through a firewall.
In the last part of the configuration, Fast Step lets you complete the router configuration process by doing one of the following:
Loading the config file into the router
Making a separate copy of the config file
If the user opts to make a separate copy, the file must, of course, be given a name. The choice exists either to save the file as-is in Fast Step's CFG format for use on other routers, or save it in IOS command format for use as a template from which to build slightly different config files for other routers. Here's the top portion of a Cisco 801 router config file created using Fast Step:
! Cisco IOS router configuration file ! Automatically made by Cisco Fast Step v2.0 ! Designed for Cisco C801 ! March 31, 1999 ! Cisco Fast Step Template no service udp-small-servers no service tcp-small-servers service password-encryption hostname veltepub003 username tonyv password Password enable secret SuperSecret no ip source-route isdn switch-type basic-5ess . . .
Fast Step's series of dialog boxes prompt the user to give all the information required to configure an end-to-end connection between a home or small office PC and an ISP (or corporate intranet). That's good because, like it or not, network configurations can get complicated.
Compared to ConfigMaker, the prompts leave more room for omission and error. This is largely because Fast Step's job is different from ConfigMaker's. For example, to decide which interface to configure into a slot in a Cisco router, ConfigMaker gives you a window containing only interfaces compatible with the router being configured. By contrast, Fast Step asks mostly for open-ended answers that come from outside sources-rather than providing an input selection window inside the Fast Step screen. The user must refer to outside documents for such things as phone numbers, control numbers, user names, IP addresses, and so on. Cisco knows this, which is why they provide worksheets in the Quick Start Guide to help users gather required configuration parameters before starting.
Extensive input edits are in force throughout Fast Step. This helps the user catch mistakes as they happen. If the user tries to input something illegal, an exclamation point will appear to the right of the field, and an error message will appear in the prompt box. The edits can be both a blessing and a curse. For example, if you try to input a bad PPP password, the prompt box informs you that it "does not meet the accepted rules." Fair enough, but what are the rules? Press the Help button, and your answer is "Password is a login password given to you by your Internet service provider or network administrator," when what you really need to know is what the syntax rules are. The Fast Step help subsystem is generally good, but at times uneven.
However, with Fast Step's prompts and abundant choices, as well as a little effort, a novice can configure and install a low-end router to the Internet. Without Fast Step, a layperson would have little chance of configuring and rolling out a router. Fast Step may not be perfect, but it gives you more than a fighting chance.