chapter 2: configuring a network operating system to keep the user id, password, and session...
TRANSCRIPT
Intro to Networks v5
Chapter 2:Configuring a Network Operating System
Introduction to Networks
Intro to Networks v5 2
2950 and 2960 Switches
Key components of a 2950 or 2960 switch:
12, 24, or 48 10/100 Ethernet Ports
Port Status LEDs
Mode Button (SYST, RPS, Port)
Console port
Dual Purpose 10/100/1000 or SFP port(s)
Cisco IOS software
Port Status:
• Off: No link, or port was administratively shut
down.
• Green: Link present.
• Blinking green: Port is transmitting or receiving
data.
• Alternating green/amber: Link fault.
• Amber: Port is blocked by Spanning Tree
Protocol (STP) and is not forwarding data.
• Blinking amber: Port Is blocked by STP and is
transmitting or receiving packets.
Intro to Networks v5 3
Routers
Cisco 1841
Cisco 1941
Intro to Networks v5 4
Operating Systems
Intro to Networks v5 5
Purpose of OS
Switch or router IOS provides options to:
• Configure interfaces
• Enable routing and switching functions
All networking devices come with a default IOS
Possible to upgrade the IOS version or feature set if you know:
• Models number
• Amount of RAM and flash memory
• What features are required (feature set)
Intro to Networks v5 6
IOS Functions
Major functions performed or enabled by Cisco
routers and switches include:
Intro to Networks v5 7
Console Access Method
Most common methods to access the Command Line Interface:
Console port
Device is accessible even if no networking services have been configured (out-of-band)
Need a special console cable
Allows configuration commands to be entered
Should be configured with passwords to prevent unauthorized access
Device should be located in a secure room so console port can not be easily accessed
Used for initial configuration, use the console port to locally access the switch or router from a serial or USB interface of the PC
Displays startup, debugging, and error messages by default
Intro to Networks v5 8
Telnet, SSH, and AUX Access MethodsTelnet
Method for remotely accessing the CLI over a network
Require active networking services and one active interface that is configured
Secure Shell (SSH)
Remote login similar to Telnet but utilizes more security
Stronger password authentication
Uses encryption when transporting data
Used to keep the user ID, password, and session contents private when establishing remote CLI connectivity
Aux Port
Out-of-band connection
Uses telephone line (dialup)
Can be used like console port
Not supported on Catalyst switches
Intro to Networks v5 9
Terminal Emulation Programs
Software available for connecting to a networking device
PuTTY
Tera Term
SecureCRT
HyperTerminal
OS X Terminal
Intro to Networks v5 10
Cisco IOS Modes of Operation
Intro to Networks v5 11
Primary and Configuration Modes
(available at Bootup)
Prompt changes denoting the current CLI mode
Intro to Networks v5 12
IOS Command Structure
Intro to Networks v5 13
Context Sensitive Help (?)
Displays a list of all available commands within the current mode
Helps determine which option, keyword, or argument is available for the entered command
Intro to Networks v5 14
Command Syntax Check
Intro to Networks v5 15
Hot Keys and Shortcuts
Tab - Completes the remainder of a partially typed command or keyword
Ctrl-R - Redisplays a line
Ctrl-A – Moves cursor to the beginning of the line
Ctrl-Z - Exits configuration mode and returns to user EXEC
Down Arrow - Allows the user to scroll forward through former commands
Up Arrow - Allows the user to scroll backward through former commands
Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping or traceroute.
Ctrl-C - Aborts the current command and exits the configuration mode
Intro to Networks v5 16
Router Configuration Sources
RAM – holds running configuration. Is lost with power down.
NVRAM – holds startup configuration. Retains contents when power is removed.
Flash – holds IOS images. Similar to NVRAM.
ROM – holds bootstrap and POST. Has basic IOS in case no full IOS is found.
Intro to Networks v5 17
Location of the Cisco IOS
IOS stored in Flash Non-volatile storage – not lost when power is lost
Can be changed or overwritten as needed
Can be used to store multiple versions of IOS
IOS copied from flash to volatile RAM
Quantity of flash and RAM memory determines IOS that can be used
Intro to Networks v5 18
The ROM modes allow a user to recover a password by changing the registry
settings, to replace the Cisco IOS image file, or recover from system failures
3 modes in the IOS
Intro to Networks v5 19
Step 1 Bootstrap loader in ROM executes
Step 3
Step 2 IOS loads
The configuration file is loaded
Before anything else happens, there is a Power On Self-Test (POST)
A Router Starts Up
Intro to Networks v5 20
A.
B.
C.
A.
B.
C.
Steps in Router Initialization
ROM Basic IOS Rom Monitor Mode
Intro to Networks v5 21
IOS Examination Commands
Intro to Networks v5 22
The show version Command
IOS version
Boot ROM version
Router up time
Last restart method
Location and System image
filename
Configuration register setting
# & type of interfaces on
the router
Bootstap ROM version
Platform
Intro to Networks v5 23
This command would show all of the Cisco IOS image files – not just the one that the router booted from.
Might compare to a directory listing
The show flash Command
Intro to Networks v5 24
Device (Host) Names
Some guidelines for naming conventions are that names should:
Start with a letter
Contain no spaces
End with a letter or digit
Use only letters, digits, and dashes (- or _)
Be less than 64 characters in length
Without names, network devices are difficult to
identify for configuration purposes.
Intro to Networks v5 25
1. Hostnames
Hostnames allow devices to be identified by network administrators over a network or the Internet.
Used to identify the device during remote access (SSH or telnet).
Commands:
• hostname
• no ip domain-lookup
Intro to Networks v5 26
Banner Messages
banner motd
Important part of the legal process in the event that someone is prosecuted for breaking into a device
Wording that implies that a login is "welcome" or "invited" is not appropriate
Often used for legal notification because it is displayed to all connected terminals
To test whether the banner is properly configured type exitfrom user mode and then press Enter.
Intro to Networks v5 27
2. Passwords
Modes and interfaces that can be protected with passwords:
Enable password - Limits access to the privileged EXEC mode
Enable secret - Encrypted, limits access to the privileged EXEC mode
Console password - Limits device access using the console connection
VTY password - Limits device access over Telnet Auxiliary password - Limits device access using the
auxiliary connection Logging synchronous
Note: We will use passwords: cisco or class
Intro to Networks v5 28
Securing User EXEC Access
Console port must be secured
• Reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access
vty lines allow access to a Cisco device via Telnet
• Requires an active Internet connection
• Number of vty lines supported varies with the type of device and the IOS version
Intro to Networks v5 29
Securing Privileged EXEC Access
enable secret
Provides greater security because the password is encrypted
Intro to Networks v5 30
Encrypting Password Display
service password-encryption
Prevents passwords from showing up as plain text when viewing the configuration
Purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file
Once applied, removing the encryption service does not reverse the encryption
Intro to Networks v5 31
3. Interfaces
interface serial 0/0/0
• ip address address subnetmask
• no shutdown
• clockrate 56000 (DCE only)
• description your own text
interface serial 0/0/1
fastEthernet 0/0
fastEthernet 0/1
loopback 0
Intro to Networks v5 32
4. Protocols
router rip
•network network address
Other router protocols
• igrp
•eigrp
•ospf
• is-is
•bgp
Intro to Networks v5 33
5. IP Hosts
ip hosts name interface-addresses
Intro to Networks v5 34
6. Verify and Save
Commands:
•show interfaces [s 0/0/0]
•show ip interface brief
•show ip route
•show cdp neighbors [brief]
•show controllers
•ping address
• telnet address
Copy running-config startup-config
Intro to Networks v5 35
The show interfaces Command
Intro to Networks v5 36
The show ip interface brief Command
Intro to Networks v5 37
The show ip route Command
Displays routing table information about all known networks and subnets
Intro to Networks v5 38
The show cdp neighbors Commands Information gathered by CDP includes:
Device identifiers - configured host name
Address list - Layer 3 address, if configured
Port identifier - directly connected port
Capabilities list - function or functions provided by the device
Platform - hardware platform of the device
Intro to Networks v5 39
Configuration Files Switch# reload
•System configuration has been modified. Save? [yes/no]: n
•Proceed with reload? [confirm]
Startup configuration is removed by using the erase startup-config•Switch# erase startup-config
On a switch you must also issue the delete vlan.dat
• Switch# delete vlan.dat
• Delete filename [vlan.dat]?
• Delete flash:vlan.dat? [confirm]
• The running configuration (RAM) affects the operation of the device immediately when modified.
• Issue the reload command without saving the running configuration to discard the changes and work with the file in NVRAM.
Intro to Networks v5 40
Basic Router Setup
conf t
hostname R1
enable secret class
enable password cisco
no ip domain-lookup
banner motd $ Welcome to router R1 $
cdp run
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
exit
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
ip address 197.63.58.65 255.255.255.192
no shutdown
interface Serial0/0/0
description R1 s0/0/0 to R2 s0/0/1
ip address 155.6.0.1 255.255.255.252
clock rate 56000
no shutdown
exit
router rip
network 1.1.1.1
network 155.6.0.0
network 197.63.58.64
exit
ip host r1 1.1.1.1 197.63.58.65
ip host r2 2.2.2.2 198.65.72.97
ip host r3 3.3.3.3 199.197.50.65
end
copy run start
Intro to Networks v5 41
Basic Switch Setup
config t
hostname S1
enable secret class
enable password cisco
no ip domain-lookup
banner motd $ Welcome to switch S1 $
cdp run
line con 0
password cisco
logging synchronous
login
line vty 0 15
password cisco
logging synchronous
login
exit
interface Vlan1
ip address 197.63.58.126 255.255.255.192
no shutdown
exit
ip default-gateway 197.63.58.65
end
copy run start
Intro to Networks v5 42
DHCP Server Commands
Router1>enableRouter1#config tRouter1(config)#ip dhcp pool MYPOOLRouter1(dhcp-config)#network 172.16.0.0 255.255.0.0Router1(dhcp-config)#dns-server 172.16.1.103 172.16.2.103Router1(dhcp-config)#default-router 172.16.1.100Router1(dhcp-config)#lease 7 8 30Router1(dhcp-config)#exitRouter1(config)#ip dhcp excluded-address 172.16.1.100 172.16.1.103
show ip dhcp bindings
Lowest IP Address Highest IP Address
Network Address
Descriptive Name
Default-Gateway
Intro to Networks v5 43
NAT Commands (Static)
Router1>enableRouter1#config tRouter1(config)#interface fastethernet 0/0Router1(config-if)#ip address 172.32.232.1 255.255.555.0Router1(config-if)#ip nat insideRouter1(config-if)#exitRouter1(config)#interface serial 0/0Router1(config-if)#ip address 209.165.201.1 255.255.255.252Router1(config-if)#ip nat outsideRouter1(config-if)#exitRouter1(config)#ip nat inside source static 172.31.232.14 209.165.201.1Router1(config)#exit
show ip nat statistics
show ip nat translations
Computer’s IP Address
Serial Port’s IP Address
Intro to Networks v5 44
Configuring a Switch Virtual Interface
A virtual interface allows remote management of a Layer 2 switch:
• interface VLAN 1 - interface configuration mode
• ip address 192.168.10.2 255.255.255.0 - configures the IP address and subnet mask for the switch
• no shutdown - administratively enables the interface
• ip default-gateway 192.168.10.220 – tells the switch where to send data destine for the Internet
Switch still needs to have physical ports configured and VTY lines to enable remote management
no shutdown
Intro to Networks v5 45
IP Address Configuration for End Devices
With DHCP, hosts can connect to the network and get an IP address without manual configuration.
Intro to Networks v5 46
Examining the IP configuration
ipconfig /all
Used on a Windows PC to see the IP configuration of that computer
Each IP address must be unique within the local network (LAN)
Intro to Networks v5 47
Testing End-to-End Connectivity
Ping tests connectivity with the destination device
Ping 127.0.0.1
Ping NIC IP address
Ping default gateway
Ping next hop
Ping next interface
Ping end device
Intro to Networks v5 48
Capturing Text
Intro to Networks v5 49