What parameter can be added to the end of a Cisco IOS ip route

You can prevent your router from receiving fraudulent route updates by configuring neighbor router authentication. When configured, neighbor authentication occurs whenever routing updates are exchanged between neighbor routers. This authentication ensures that a router receives reliable routing information from a trusted source.

Without neighbor authentication, unauthorized or deliberately malicious routing updates could compromise the security of your network traffic. A security compromise could occur if an unfriendly party diverts or analyzes your network traffic. For example, an unauthorized router could send a fictitious routing update to convince your router to send traffic to an incorrect destination. This diverted traffic could be analyzed to learn confidential information about your organization or merely used to disrupt your organization’s ability to effectively communicate using the network. Neighbor authentication prevents any such fraudulent route updates from being received by your router.

When neighbor authentication has been configured on a router, the router authenticates the source of each routing update packet that it receives. This is accomplished by the exchange of an authenticating key (sometimes referred to as a password) that is known to both the sending and the receiving router.

There are two types of neighbor authentication used: plain text authentication and Message Digest Algorithm Version 5 (MD5) authentication. Both forms work in the same way, with the exception that MD5 sends a "message digest" instead of the authenticating key itself. The message digest is created using the key and a message, but the key itself is not sent, preventing it from being read while it is being transmitted. Plain text authentication sends the authenticating key itself over the wire.

Note	Note that plain text authentication is not recommended for use as part of your security strategy. Its primary use is to avoid accidental changes to the routing infrastructure. Using MD5 authentication, however, is a recommended security practice.

In plain text authentication, each participating neighbor router must share an authenticating key. This key is specified at each router during configuration. Multiple keys can be specified with some protocols; each key must then be identified by a key number.

In general, when a routing update is sent, the following authentication sequence occurs:

1. A router sends a routing update with a key and the corresponding key number to the neighbor router. In protocols that can have only one key, the key number is always zero. The receiving (neighbor) router checks the received key against the same key stored in its own memory.

2. If the two keys match, the receiving router accepts the routing update packet. If the two keys do not match, the routing update packet is rejected.

MD5 authentication works similarly to plain text authentication, except that the key is never sent over the wire. Instead, the router uses the MD5 algorithm to produce a "message digest" of the key (also called a "hash"). The message digest is then sent instead of the key itself. This ensures that nobody can eavesdrop on the line and learn keys during transmission.

Another form of neighbor router authentication is to configure key management using key chains. When you configure a key chain, you specify a series of keys with lifetimes, and the Cisco IOS software rotates through each of these keys. This decreases the likelihood that keys will be compromised. To find complete configuration information for key chains, refer to the "Managing Authentication Keys" section in the Configuring IP Routing Protocol-Independent Features module of the Cisco IOS IP Routing: Protocol-Independent Configuration Guide.

This module provides basic configuration procedures for the Cisco 800M Series ISR and contains the following sections.

To configure the global parameters for your router, follow these steps.

You can connect WAN interfaces either by using straight polarity connectors or reversed polarity connectors.

• Straight Polarity: If Mag-jack RJ45 connector has a dot or digit marked on front housing, it can be used with any type of cables.
• Reversed Polarity: If Mag-jack RJ45 connector has no dots or digit marked on front housing, it can be used with coupler and short cable (Cat5E UTP cable) to connect other devices which doesn’t support auto polarity correction.

To configure Gigabit Ethernet (GE) WAN interfaces, follow these steps, beginning in global configuration mode.

The loopback interface acts as a placeholder for the static IP address and provides default routing information.

To configure a loopback interface, follow these steps, beginning in global configuration mode.

To configure parameters to control access to the router, perform the following steps.

To manually configure Gigabit Ethernet (GE) LAN interfaces, follow these steps, beginning in global configuration mode.

Static routes provide fixed routing paths through the network. They are manually configured on the router. If the network topology changes, the static route must be updated with a new route. Static routes are private routes unless they are redistributed by a routing protocol.

To configure static routes, perform these steps in global configuration mode.

In dynamic routing, the network protocol adjusts the path automatically, based on network traffic or topology. Changes in dynamic routes are shared with other routers in the network.

The Cisco routers can use IP routing protocols, such as Routing Information Protocol (RIP) or Enhanced Interior Gateway Routing Protocol (EIGRP), to learn routes dynamically. You can configure either of these routing protocols on your router.

A push or reset button is available on the rear side of the Cisco 800M Series ISR and it is designed to provide a disaster recovery method for the router.

Push button can be useful for recovery during one of the two scenarios:

• During ROMMON initialization
• For loading a specific configuration file without accessing the router IOS prompt after IOS is up and running.

If you press the push button for more than three seconds and then release the push button after IOS is up and running, IOS detects this event and looks for configuration files in the order of priority.If the IOS finds the configuration file, it copies the configuration file to the startup configuration file. Then the router reloads itself and the new configuration takes effect. If the configuration files cannot be found, pressing reset button has no effect.

The order of priority in which the router looks for configuration file is given as follows:

1. usbflash0:customer-config. SN

2. usbflash0:customer-config

3. flash:customer-config. SN

4. flash:customer-config

Note SN is the hardware serial number.

The Zero Touch Deployment (ZTD) through USB feature in Cisco 800M Series ISRs is an ease-of-use feature that loads a customized configuration from a USB flash drive. This feature requires that the router has no startup configuration in its nonvolatile RAM (NVRAM). The feature also requires that a valid configuration file, with the filename extension.cfg, is stored in the USB flash drive. A valid configuration file can be created by saving the running configuration of a router to flash, USB flash, or to a TFTP Server.

When a router with no startup configuration boots up, it checks for a valid configuration file within the USB flash drive. The pre-requisites for deployment using the Zero Touch Deployment through USB feature are:

• Boot up router with no startup-configuration.
• Cisco USB flash drive inserted in the first available USB slot.
• A valid configuration file in ASCII text with the filename extension.cfg

If the USB flash drive has multiple.cfg files, the router chooses the one with the highest index number in the USB Flash drive. To avoid loading an incorrect.cfg file, ensure that there is only one.cfg file in the USB flash drive.

The Cisco 800M Series ISR uses second core and it is actively used in detecting USB flash drive if 3G Wireless WAN module is present on the router. If 3G Wireless WAN module is not present, USB flash drive is detected by the IOS. When 3G Wireless WAN module is present, USB detection is a bit delayed for the Cisco 800M series ISR due to the delay in second core initialization. While system startup is in progress and push button is pressed, a timer is started to check the completion of second core initialization. For some reason if second core takes more time, system reports an error message and continues the normal start up. After second core initialization router waits up to 10 seconds for USB detection and then complete the configuration. In case the USB flash drive does not contain a deployment configuration, router enters the configuration mode.