bos1.cfg with comments

The following two lines tell when the running configuration information in the router was last modified and the last time it was saved to flash memory.

! Last configuration change at 23:56:54 EST Wed Mar 3 1999
! NVRAM config last updated at 23:56:55 EST Wed Mar 3 1999

The following line indicates the version of the Cisco IOS (Internet Operating System) that was running on the router which created this config file. This is useful to the router to know when you install a newer or older version of the IOS on it. This is because as Cisco continues to develop and update its IOS, it may change or modify the syntax of configuration file statements that it uses. When the IOS is loaded by the router and it executes the router's config file, knowing the version of IOS that created the config file helps the IOS determine how to interpret any commands or syntax it may encounter which originated from a different version of the IOS.

version 11.2

The following two lines control how the router formats the time and date stamps it writes in it's log message buffer. The log message buffer can be displayed with the command 'show log'.

service timestamps debug datetime localtime
service timestamps log datetime localtime

The following three lines are so trivial that even the Cisco documentation doesn't say much about them. Basically, they enable services on the router that let you do things like finger the router from another host to see who is logged into it, etc.

service udp-small-servers
service tcp-small-servers
service pt-vty-logging

The following line sets the host name of the router. This appears in the router's command line prompt.

hostname BOS1

The following two lines control access to the router's privledged mode functions. They set the password required by the 'enable' command. The first line contains the enable password for this router, in encrypted form. The second line contains a clear text version of an enable password that the router would use if an old version of IOS that did not support encrypted enable passwords was installed on the router. Without this second line, if an old version of IOS that did not support an encrypted enable password was run on the router, the router would have no enable password. The result would be that you could either not get the router into privledged mode or that it would require no password at all to get into privledged mode, depending on the specific circumstances.

enable secret 5 $1$2igT$Ql8VKYAhFKuwTlkq8wqdi0
enable password ecs

This section of lines serves as a local dns host name table for the router. These can function in place of or in addition to a dns server for the router to make associations between dns names and ip addresses. These entries do not do anything else. They have nothing to do with the routing tables or routing processes.

ip host sparrow.hackme.net 128.119.86.6
ip host sea1-s0.hackme.net 10.0.140.2
ip host bos2-e1.hackme.net 10.0.100.2
ip host bos2.hackme.net 10.0.75.4
ip host grivel.hackme.net 128.119.86.2
ip host lax1.hackme.net 10.0.75.3
ip host lax1-s0.hackme.net 10.0.120.2
ip host lax1-s1.hackme.net 10.0.160.2
ip host lax1-e0.hackme.net 10.0.230.254
ip host sea1.hackme.net 10.0.75.2
ip host sea1-s1.hackme.net 10.0.160.1
ip host sea1-e0.hackme.net 10.0.220.254
ip host bos1.hackme.net 10.0.75.1
ip host bos1-s0.hackme.net 10.0.140.1
ip host bos1-e0p.hackme.net 10.0.200.254
ip host bos1-e0sa.hackme.net 128.119.86.1
ip host bos1-e1.hackme.net 10.0.100.1
ip host bos2-s0.hackme.net 10.0.120.1
ip host bos2-e0.hackme.net 10.0.210.254
ip host win95-1.hackme.net 128.119.86.3
ip host win95-2.hackme.net 128.119.86.4
ip host winnt-1.hackme.net 128.119.86.5
ip host sea1-lo1.hackme.net 172.16.1.254
ip host bos2-lo1.hackme.net 172.17.1.254
ip domain-name hackme.net
ip name-server 208.131.192.119
ip name-server 128.119.91.10

The following line formats the appearance of the router's command line prompt.

prompt %h%s(tty%n)%p

The following two lines tell the router what time zone it is in and how to determine the time of day, based on the date (eastern standard time or eastern daylight savings time)

clock timezone EST -5
clock summer-time EDT recurring

The following three lines define a software-only network interface on the router. This interface looks and behaves just like a physical network interface on the router. In this case, this interface here is used to create an interface that is reachable from elsewhere on the network through any of the routers physical interfaces. If a particular physical interface on the router goes down or becomes unreachable for any reason but there is another physical interface in the router that is still functioning normally, the router can be reached at this loopback interface through the physical interface that is still functioning normally. Without a loopback interface configured, access to the router would have to be through any one specific physical interface at a time. If that particular physical interface became unavailable on the router, the router would be unreachable. Having an interface on the router that is reachable through any and all of the router's other interfaces is used to overcome this limitation.

interface Loopback0
description Primary interface for connecting to this router
ip address 10.0.75.1 255.255.255.255

The next section configures the router's physical network interfaces.

interface Ethernet0
description BOS1 LAN and connection to UMass via OIT/ECS

The next line indicates that this particular physical interface is to have a secondary ip network running through it. A single physical ethernet or other physical network can have many different ip networks and/or other network protocols running on it. It is the responsibility of these network protocols themselves to be able to tell which packets being carried by the physical network are intended for it or not.

ip address 10.0.200.254 255.255.255.0 secondary
ip address 128.119.86.1 255.255.255.0
media-type 10BaseT
!
interface Ethernet1
description Simulated microwave ethernet link to BOS2 (10 Mbps)
ip address 10.0.100.1 255.255.255.0
media-type 10BaseT
!
interface Serial0
description Simulated T1 link to SEA1 (1.544 Mbps)
ip address 10.0.140.1 255.255.255.0
!
interface Serial1
no ip address

The next line indicates that this physical network interface is administratively shut off. To turn this interface on, go into configuration mode on the router, select this interface and enter the command 'no shutdown'. There are various reasons for wanting to be able to administratively set the status of an interface to 'shutdown'. When an interface is down due to trouble or shutdown, the networks that it's part of dropped from the router's local routing table. This table is then possibly propogated to other routers in the network, if a dynamic routing protocol such as EIGRP is being used. In trouble situations, a network link could be going up and down frequently, causing frequent routing table updates and re-convergences throughout the routers in the entire network. This can cause intermittant interruptions in ip packet delivery. Shutting down an interface administratively until the physical link troubles are resolved overcomes this problem.

shutdown

The following section configures the router to run a dynamic routing protocol. In this case, that's EIGRP. 1999 is the Autonomous System number (or AS) each of the lab routers is configured to be a part of. The AS number controls which routers on the physical network that this router will accept EIGRP routing table updates from. Likewise, other routers on the physical network function the same way with respect to accepting routing table updates from this router.

router eigrp 1999

This line means that EIGRP on this router will include routing information for IP networks directly connected to this router's physical interfaces in the routing table that it broadcasts to other routers that are part of it's AS. This is necessary to propogate a route for the 128.119.0.0 network to the rest of the lab routers. Why? Because...

redistribute connected

...the next statement, 'network 10.0.0.0', only turns on EIGRP routing table update processing for interfaces on this router which are part of the 10.0.0.0 network. As well, only route information for the 10.0.0.0 network gets processed into the routing table. Since we want the other lab routers to get a route in their routing table to the 128.119.0.0 network, 'redistribute connected' causes this to happen. How come we don't simply put another network statement (ie., 'network 128.119.0.0) into the config instead? Because in addition to doing what we want (turning on route processing on interfaces that are part of a 128.119.0.0 network), the router will also send and accept routing table updates from those interfaces. This is something we do not want to take a chance of happening because there are routers in the 128.119.0.0 network that we do not administer. It would be possible for someone else administering those other routers, if they knew the AS number we were using, to feed our router routing table updates via our EIGRP routing process. This is something we wish to avoid because without further configuration effort on our router, another router could then feed our router with poor or incorrect routing information, either by mistake or malicious intent by someone.

network 10.0.0.0

This line tells the router to adhere to legacy rules for routing ip networks by class and requiring that they be contiguously implemented.

no ip classless

The following are static routes which have been entered into this router manually. The first entry creates a default route that the router will forward packets to which are destined for ip networks not found in it's routing table. The second line is necessary in order to tell this router where to deliver packets addressed to the 128.119.0.0 network. This is because in classful routing, since we have a portion of the 128.119.0.0 network found on this router's ethernet 0 interface, this router does not consider 128.119.0.0 to be an unknown network and thus does not deliver packets to other portions of the 128.119.0.0 network to its default route.

ip route 0.0.0.0 0.0.0.0 128.119.86.254
ip route 128.119.0.0 255.255.0.0 128.119.86.254

The next two static routes have been placed here as part of the setup to demonstrate a routing loop. These static routes insure that this router will always send packets it receives that are addressed to 172.16.0.0 or 172.17.0.0 to SEA1 and BOS2 routers, respectively.

ip route 172.16.0.0 255.255.0.0 10.0.75.2
ip route 172.17.0.0 255.255.0.0 10.0.75.4

The following lines configure this router's behavior for placing error and status messages in its internal log buffer and also delivering these messages to a network based log file server (syslog). Additionally, these lines also describe which messages will or will not be sent to these logging destinations, based on their severity.

logging buffered 16384 debugging
logging trap debugging
logging facility syslog
logging source-interface Loopback0
logging history size 250
logging history debugging
logging 128.119.86.2
logging 208.131.192.119

The following lines enable SNMP (Simple Network Management Protocol) support on this router. This means that an SNMP network management computer system can poll this router and gather traffic, utilization and error statistics from it. It can also make changes to this router's configuration file. These read-only and read-write operations can only be performed if the SNMP management station knows what the read-only (RO) and read-write (RW) community strings configured here are. Essentially, community strings simply serve as an access control mechanism, just like a password. I'm not really sure why they are not just called passwords in the first place.

snmp-server community ecsro RO
snmp-server community ecsrw RW
snmp-server trap-source Loopback0
snmp-server location ECS Computer Networking Lab, UMass, Amherst
snmp-server contact John Jackson - johnj@external.umass.edu
snmp-server chassis-id BOS1
snmp-server system-shutdown

The following lines control the login banner that a user connecting to the router is shown prior to connecting to the router's command line interface.

banner motd
bos1.hackme.net

UMass ECS Computer Networking Lab

*** AUTHORIZED USE ONLY ***

The following lines control the behavior of this router's console port and virtual terminal ports which allow telnet access to the router's command line interface.

line con 0
exec-timeout 0 0
login
line aux 0
exec-timeout 0 0
password ecs
login
line vty 0 2
exec-timeout 0 0
password ecs
login
line vty 3 4
exec-timeout 5 0
password ecs
login

The following three lines tell this router how to track the current date and time in real time from a Network Time Protol (ntp) server. Additionally, the 'ntp master 1' statement tells this router to function as an ntp server itself. Why? Well, this is the only router in the lab that is able to communicate directly with the rest of the world. It has an address in and thus a connection to the 128.119.0.0 network. The other routers in the lab only have direct connections to the 10.0.0.0 and 172.16.0.0 and 172.17.0.0.0 networks. The other lab routers can access this router as an ntp, however. So, this router functions as a relay for ntp information, providing it to the other routers in the lab. This means that all the lab routers will have correct time and date stamps in their log files. This is very helpful when trying to track down, correlate and troubleshoot problems in the network. Problems can occur at any time of day or night and often, you are left with only residual information from sources such as log files to examine and analyze.

ntp clock-period 17179554
ntp master 1
ntp server 146.189.16.253

This line tells the router this is the end of the configuration file.

end