I’m doing a little labwork and wanted to post this really for nothing other than to assist with my remembering it, and hey.. maybe you might find it helpful. Typically whenever I need DHCP I turn to an OS to do that for me, if AD is involved, I’m using Windows, if it’s not I’ll use Linux. But if you have neither, but do have a Cisco Router, never fear it can do that for you. Here is our lab, consisting of a single router, a switch, and 3 workstations:
Our IP address range for this lab is 192.168.1.0/24 and we want to reserve ip range 192.168.1.1 – 192.168.1.49 but allow the rest be available for our pool.
My fake PC clients are all set to DHCP.
Step one: Assign an interface on the router for the network. dhcptest(config)#int fa 0/0
dhcptest(config-if)#ip address 192.168.1.1 255.255.255.0
Step two: Reserve your IP’s that you wish to exclude from your pool.
I’m a huge huge.. mystie.. I have been since maybe season 2? I was young.. I don’t remember when I started watching.. but Comedy Central and SciFi were both young at the time.. anyhow.. I’m super excited to see that this might happen.. and I really really want another MST3k season. So much that I’m willing to support it.
Don’t know what MST3k is? Well.. I want to explain it.. but I dont really.. nothing else ever came out at the time to challenge it.. and even tho with Rifftrax and other post Mike / Joel / Other MST3k member products.. they didn’t have the magic of Mike, Joel and the bots. If you really want to see what it’s about.. On Turkey Day.. go here.. MST3k on Youtube
Anyhow… I’ve gotten my family sucked into it.. they have a favorite.. it’s the Final Sacrifice.. the worst thing to ever come out of canada..
So by default on many IOS devices you can access via console cable or telnet, but telnet is not secure, luckily many cisco devices will support ssh, provided you set it up.
Note- some older devices don’t allow ssh. In my lab I didn’t have settings in any Catalyst 35xx devices or example.
I’ll break it down into the steps, if you have any of these already configured you can skip where you like.
Step 1 – Set a Hostname and domain.
The RSA key you will generate later needs a hostname and a domain since it’s a requirement.
Set a host name with: RTR(config)#hostname bob
Set a domain with: bob(config)#ip domain name bob.local
This would set the host+domain to bob.bob.local
Step 2 – Generate an RSA Key
The RSA key is the same as the SSL keys you exchange when you use a web page via https.
bob(config)#crypto key generate rsa general-keys
you will be prompted for the bit strength of the key and the default is 512. I use 1024, you can use more, keep in mind everything increases the larger you go.
If you already have a key you will be warned to overwrite it.
If you ever change the hostname or domain you will need to generate a new key.
Step 3 – Create a user with higher privilege.
You don’t actually have to use higher privilege, but I do, simply because you can use this with SDM should you wish to in that java hell, and because I don’t want to remember enable secrets because i’m lazy 😀
bob(config)#username bob privilege 15 secret Y0urM0m
bob is the username, the password is stored encrypted as Y0urM0m.
Step 4 – Setup your Virtual Terminals
bob(config)#line vty 0 15
bob(config-line)#transport input ssh.
This tells VTY to use the username you setup, and allows only ssh to be used over vty. It’s helpful to not close the Telnet session you have open while you test the ssh settings.. lest you forgot the password or well.. anything.. that would have you running to the device with a console cable.