Geek.Like.Todd

Simple Cisco DHCP —

I’m doing a little labwork and wanted to post this really for nothing other than to assist with my remembering it, and hey.. maybe you might find it helpful. Typically whenever I need DHCP I turn to an OS to do that for me, if AD is involved, I’m using Windows, if it’s not I’ll use Linux.  But if you have neither, but do have a Cisco Router, never fear it can do that for you.  Here is our lab, consisting of a single router, a switch, and 3 workstations:

DHCPLAB

Our IP address range for this lab is 192.168.1.0/24 and we want to reserve ip range 192.168.1.1 – 192.168.1.49 but allow the rest be available for our pool.

My fake PC clients are all set to DHCP.

Step one: Assign an interface on the router for the network.
dhcptest(config)#int fa 0/0
dhcptest(config-if)#description inside
dhcptest(config-if)#ip address 192.168.1.1 255.255.255.0
dhcptest(config-if)#no shut

Step two: Reserve your IP’s that you wish to exclude from your pool.

dhcptest(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.49

Step three: Create your pool, in our test we are naming our pool “inside” but you may name yours whatever you want.

dhcptest(config)#ip dhcp pool inside
dhcptest(dhcp-config)# network 192.168.1.0 255.255.255.0
dhcptest(dhcp-config)#default-router 192.168.1.1
dhcptest(dhcp-config)#dns-server 8.8.8.8 8.8.4.4

Step four: check your dhcp binding

dhcptest#sho ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.1.50 0060.7098.9145 -- Automatic
192.168.1.51 00D0.BCA1.3A33 -- Automatic
192.168.1.52 0060.2F5A.3953 -- Automatic
192.168.1.53 000A.4143.6916 -- Automatic

Enjoy!
Here is a link to Cisco’s Guide on DHCP, with cooler options than mine..
Cisco DHCP

Note, I used packet tracer, and in my version, I couldn’t set a second DNS server, but the documentation tells me I can set 8.  😀

Here is a Link to the Packet Tracer File I used:

DHCP LAB


MST3k!! #BringBackMST3K —

I’m a huge huge..  mystie.. I have been since maybe season 2?  I was young.. I don’t remember when I started watching.. but Comedy Central and SciFi were both young at the time..  anyhow.. I’m super excited to see that this might happen.. and I really really want another MST3k season. So much that I’m willing to support it.

Don’t know what MST3k is? Well.. I want to explain it.. but I dont really.. nothing else ever came out at the time to challenge it.. and even tho with Rifftrax and other post Mike / Joel / Other MST3k member products.. they didn’t have the magic of Mike, Joel and the bots.  If you really want to see what it’s about.. On Turkey Day.. go here.. MST3k on Youtube

Anyhow… I’ve gotten my family sucked into it.. they have a favorite.. it’s the Final Sacrifice.. the worst thing to ever come out of canada..


Cisco CLI Fun- How to enable SSH on a Cisco Router —

So by default on many IOS devices you can access via console cable or telnet, but telnet is not secure, luckily many cisco devices will support ssh, provided you set it up.

Note- some older devices don’t allow ssh. In my lab I didn’t have settings in any Catalyst 35xx devices or example.

I’ll break it down into the steps, if you have any of these already configured you can skip where you like.

Step 1 – Set a Hostname and domain.

The RSA key you will generate later needs a hostname and a domain since it’s a requirement.

Set a host name with:
RTR(config)#hostname bob

Set a domain with:
bob(config)#ip domain name bob.local

This would set the host+domain to bob.bob.local

Step 2 – Generate an RSA Key

The RSA key is the same as the SSL keys you exchange when you use a web page via https.

bob(config)#crypto key generate rsa general-keys

you will be prompted for the bit strength of the key and the default is 512. I use 1024, you can use more, keep in mind everything increases the larger you go.

If you already have a key you will be warned to overwrite it.

If you ever change the hostname or domain you will need to generate a new key.

Step 3 – Create a user with higher privilege.

You don’t actually have to use higher privilege, but I do, simply because you can use this with SDM should you wish to in that java hell, and because I don’t want to remember enable secrets because i’m lazy 😀

bob(config)#username bob privilege 15 secret Y0urM0m

bob is the username, the password is stored encrypted as Y0urM0m.

Step 4 – Setup your Virtual Terminals

bob(config)#line vty 0 15

bob(config-line)#login local

bob(config-line)#transport input ssh.

This tells VTY to use the username you setup, and allows only ssh to be used over vty. It’s helpful to not close the Telnet session you have open while you test the ssh settings.. lest you forgot the password or well.. anything.. that would have you running to the device with a console cable.