chapter 2: configuring a network operating system to keep the user id, password, and session...

Intro to Networks v5

Chapter 2:Configuring a Network Operating System

Introduction to Networks

Intro to Networks v5 2

2950 and 2960 Switches

Key components of a 2950 or 2960 switch:

12, 24, or 48 10/100 Ethernet Ports

Port Status LEDs

Mode Button (SYST, RPS, Port)

Console port

Dual Purpose 10/100/1000 or SFP port(s)

Cisco IOS software

Port Status:

• Off: No link, or port was administratively shut

down.

• Green: Link present.

• Blinking green: Port is transmitting or receiving

data.

• Alternating green/amber: Link fault.

• Amber: Port is blocked by Spanning Tree

Protocol (STP) and is not forwarding data.

• Blinking amber: Port Is blocked by STP and is

transmitting or receiving packets.


Routers

Cisco 1841

Cisco 1941


Operating Systems


Purpose of OS

Switch or router IOS provides options to:

• Configure interfaces

• Enable routing and switching functions

All networking devices come with a default IOS

Possible to upgrade the IOS version or feature set if you know:

• Models number

• Amount of RAM and flash memory

• What features are required (feature set)


IOS Functions

Major functions performed or enabled by Cisco

routers and switches include:


Console Access Method

Most common methods to access the Command Line Interface:

Console port

Device is accessible even if no networking services have been configured (out-of-band)

Need a special console cable

Allows configuration commands to be entered

Should be configured with passwords to prevent unauthorized access

Device should be located in a secure room so console port can not be easily accessed

Used for initial configuration, use the console port to locally access the switch or router from a serial or USB interface of the PC

Displays startup, debugging, and error messages by default


Telnet, SSH, and AUX Access MethodsTelnet

Method for remotely accessing the CLI over a network

Require active networking services and one active interface that is configured

Secure Shell (SSH)

Remote login similar to Telnet but utilizes more security

Stronger password authentication

Uses encryption when transporting data

Used to keep the user ID, password, and session contents private when establishing remote CLI connectivity

Aux Port

Out-of-band connection

Uses telephone line (dialup)

Can be used like console port

Not supported on Catalyst switches


Terminal Emulation Programs

Software available for connecting to a networking device

PuTTY

Tera Term

SecureCRT

HyperTerminal

OS X Terminal


Cisco IOS Modes of Operation


Primary and Configuration Modes

(available at Bootup)

Prompt changes denoting the current CLI mode


IOS Command Structure


Context Sensitive Help (?)

Displays a list of all available commands within the current mode

Helps determine which option, keyword, or argument is available for the entered command


Command Syntax Check


Hot Keys and Shortcuts

Tab - Completes the remainder of a partially typed command or keyword

Ctrl-R - Redisplays a line

Ctrl-A – Moves cursor to the beginning of the line

Ctrl-Z - Exits configuration mode and returns to user EXEC

Down Arrow - Allows the user to scroll forward through former commands

Up Arrow - Allows the user to scroll backward through former commands

Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping or traceroute.

Ctrl-C - Aborts the current command and exits the configuration mode


Router Configuration Sources

RAM – holds running configuration. Is lost with power down.

NVRAM – holds startup configuration. Retains contents when power is removed.

Flash – holds IOS images. Similar to NVRAM.

ROM – holds bootstrap and POST. Has basic IOS in case no full IOS is found.


Location of the Cisco IOS

IOS stored in Flash Non-volatile storage – not lost when power is lost

Can be changed or overwritten as needed

Can be used to store multiple versions of IOS

IOS copied from flash to volatile RAM

Quantity of flash and RAM memory determines IOS that can be used


The ROM modes allow a user to recover a password by changing the registry

settings, to replace the Cisco IOS image file, or recover from system failures

3 modes in the IOS


Step 1 Bootstrap loader in ROM executes

Step 3

Step 2 IOS loads

The configuration file is loaded

Before anything else happens, there is a Power On Self-Test (POST)

A Router Starts Up


A.

B.

C.

A.

B.

C.

Steps in Router Initialization

ROM Basic IOS Rom Monitor Mode


IOS Examination Commands


The show version Command

IOS version

Boot ROM version

Router up time

Last restart method

Location and System image

filename

Configuration register setting

# & type of interfaces on

the router

Bootstap ROM version

Platform


This command would show all of the Cisco IOS image files – not just the one that the router booted from.

Might compare to a directory listing

The show flash Command


Device (Host) Names

Some guidelines for naming conventions are that names should:

Start with a letter

Contain no spaces

End with a letter or digit

Use only letters, digits, and dashes (- or _)

Be less than 64 characters in length

Without names, network devices are difficult to

identify for configuration purposes.


1. Hostnames

Hostnames allow devices to be identified by network administrators over a network or the Internet.

Used to identify the device during remote access (SSH or telnet).

Commands:

• hostname

• no ip domain-lookup


Banner Messages

banner motd

Important part of the legal process in the event that someone is prosecuted for breaking into a device

Wording that implies that a login is "welcome" or "invited" is not appropriate

Often used for legal notification because it is displayed to all connected terminals

To test whether the banner is properly configured type exitfrom user mode and then press Enter.


2. Passwords

Modes and interfaces that can be protected with passwords:

Enable password - Limits access to the privileged EXEC mode

Enable secret - Encrypted, limits access to the privileged EXEC mode

Console password - Limits device access using the console connection

VTY password - Limits device access over Telnet Auxiliary password - Limits device access using the

auxiliary connection Logging synchronous

Note: We will use passwords: cisco or class


Securing User EXEC Access

Console port must be secured

• Reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access

vty lines allow access to a Cisco device via Telnet

• Requires an active Internet connection

• Number of vty lines supported varies with the type of device and the IOS version


Securing Privileged EXEC Access

enable secret

Provides greater security because the password is encrypted


Encrypting Password Display

service password-encryption

Prevents passwords from showing up as plain text when viewing the configuration

Purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file

Once applied, removing the encryption service does not reverse the encryption


3. Interfaces

interface serial 0/0/0

• ip address address subnetmask

• no shutdown

• clockrate 56000 (DCE only)

• description your own text

interface serial 0/0/1

fastEthernet 0/0

fastEthernet 0/1

loopback 0


4. Protocols

router rip

•network network address

Other router protocols

• igrp

•eigrp

•ospf

• is-is

•bgp


5. IP Hosts

ip hosts name interface-addresses


6. Verify and Save

Commands:

•show interfaces [s 0/0/0]

•show ip interface brief

•show ip route

•show cdp neighbors [brief]

•show controllers

•ping address

• telnet address

Copy running-config startup-config


The show interfaces Command


The show ip interface brief Command


The show ip route Command

Displays routing table information about all known networks and subnets


The show cdp neighbors Commands Information gathered by CDP includes:

Device identifiers - configured host name

Address list - Layer 3 address, if configured

Port identifier - directly connected port

Capabilities list - function or functions provided by the device

Platform - hardware platform of the device


Configuration Files Switch# reload

•System configuration has been modified. Save? [yes/no]: n

•Proceed with reload? [confirm]

Startup configuration is removed by using the erase startup-config•Switch# erase startup-config

On a switch you must also issue the delete vlan.dat

• Switch# delete vlan.dat

• Delete filename [vlan.dat]?

• Delete flash:vlan.dat? [confirm]

• The running configuration (RAM) affects the operation of the device immediately when modified.

• Issue the reload command without saving the running configuration to discard the changes and work with the file in NVRAM.


Basic Router Setup

conf t

hostname R1

enable secret class

enable password cisco

no ip domain-lookup

banner motd $ Welcome to router R1 $

cdp run

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

logging synchronous

login

exit

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0

ip address 197.63.58.65 255.255.255.192

no shutdown

interface Serial0/0/0

description R1 s0/0/0 to R2 s0/0/1

ip address 155.6.0.1 255.255.255.252

clock rate 56000

no shutdown

exit

router rip

network 1.1.1.1

network 155.6.0.0

network 197.63.58.64

exit

ip host r1 1.1.1.1 197.63.58.65

ip host r2 2.2.2.2 198.65.72.97

ip host r3 3.3.3.3 199.197.50.65

end

copy run start


Basic Switch Setup

config t

hostname S1

enable secret class

enable password cisco

no ip domain-lookup

banner motd $ Welcome to switch S1 $

cdp run

line con 0

password cisco

logging synchronous

login

line vty 0 15

password cisco

logging synchronous

login

exit

interface Vlan1

ip address 197.63.58.126 255.255.255.192

no shutdown

exit

ip default-gateway 197.63.58.65

end

copy run start


DHCP Server Commands

Router1>enableRouter1#config tRouter1(config)#ip dhcp pool MYPOOLRouter1(dhcp-config)#network 172.16.0.0 255.255.0.0Router1(dhcp-config)#dns-server 172.16.1.103 172.16.2.103Router1(dhcp-config)#default-router 172.16.1.100Router1(dhcp-config)#lease 7 8 30Router1(dhcp-config)#exitRouter1(config)#ip dhcp excluded-address 172.16.1.100 172.16.1.103

show ip dhcp bindings

Lowest IP Address Highest IP Address

Network Address

Descriptive Name

Default-Gateway


NAT Commands (Static)

Router1>enableRouter1#config tRouter1(config)#interface fastethernet 0/0Router1(config-if)#ip address 172.32.232.1 255.255.555.0Router1(config-if)#ip nat insideRouter1(config-if)#exitRouter1(config)#interface serial 0/0Router1(config-if)#ip address 209.165.201.1 255.255.255.252Router1(config-if)#ip nat outsideRouter1(config-if)#exitRouter1(config)#ip nat inside source static 172.31.232.14 209.165.201.1Router1(config)#exit

show ip nat statistics

show ip nat translations

Computer’s IP Address

Serial Port’s IP Address


Configuring a Switch Virtual Interface

A virtual interface allows remote management of a Layer 2 switch:

• interface VLAN 1 - interface configuration mode

• ip address 192.168.10.2 255.255.255.0 - configures the IP address and subnet mask for the switch

• no shutdown - administratively enables the interface

• ip default-gateway 192.168.10.220 – tells the switch where to send data destine for the Internet

Switch still needs to have physical ports configured and VTY lines to enable remote management

no shutdown


IP Address Configuration for End Devices

With DHCP, hosts can connect to the network and get an IP address without manual configuration.


Examining the IP configuration

ipconfig /all

Used on a Windows PC to see the IP configuration of that computer

Each IP address must be unique within the local network (LAN)


Testing End-to-End Connectivity

Ping tests connectivity with the destination device

Ping 127.0.0.1

Ping NIC IP address

Ping default gateway

Ping next hop

Ping next interface

Ping end device


Capturing Text

chapter 2: configuring a network operating system to keep the user id, password, and session...

Documents