CH 6 REVIEW

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

SSH

1. Set your hostname: Router(config)#hostname Todd 2. Set the domain name—both the hostname and domain name are required for the encryption keys to be generated: Todd(config)#ip domain-name Lammle.com 3. Set the username to allow SSH client access: Todd(config)#username Todd password Lammle 4. Generate the encryption keys for securing the session: Todd(config)#crypto key generate rsa [512]: 1024 5. Enable SSH version 2 on the device—not mandatory, but strongly suggested: Todd(config)#ip ssh version 2 6. Connect to the VTY lines of the switch or router: Todd(config)#line vty 0 15 7. Tell the lines to use the local database for password: Todd(config-line)#login local 8. Configure your access protocols: Todd(config-line)#transport input ? all All protocols none No protocols ssh TCP/IP SSH protocol telnet TCP/IP Telnet protocol Beware of this next line, and make sure you never use it in production because it's a horrendous security risk: Todd(config-line)#transport input all I recommend using the next line to secure your VTY lines with SSH: Todd(config-line)#transport input ssh ? telnet TCP/IP Telnet protocol <cr>

At which layer of the OSI model would you assume the problem is if you type show interface serial 1 and receive the following message? Serial1 is down, line protocol is down A. Physical layer B. Data Link layer C. Network layer D. None; it is a router problem.

A. If you see that a serial interface and the protocol are both down, then you have a Physical layer problem. If you see serial1 is up, line protocol is down, then you are not receiving (Data Link) keepalives from the remote end.

Auxiliary Password

Auxiliary Password To configure the auxiliary password on a router, go into global configuration mode and type line aux ?. And by the way, you won't find these ports on a switch. This output shows that you only get a choice of 0-0, which is because there's only one port: Todd#config t Todd(config)#line aux ? <0-0> First Line number Todd(config)#line aux 0 Todd(config-line)#login % Login disabled on line 1, until 'password' is set Todd(config-line)#password aux Todd(config-line)#login

Which of the following commands will display the current IP addressing and the layer 1 and 2 status of an interface? (Choose two.) A. show version B. show interfaces C. show controllers D. show ip interface E. show running-config

B, D. The commands show interfaces and show ip interface will show you the layer 1 and 2 status and the IP addresses of your router's interfaces.

Which of the following commands will configure all the default VTY ports on a switch? A. Switch# line vty 0 4 B. Switch(config)# line vty 0 4 C. Switch(config-if)# line console 0 D. Switch(config)# line vty all

B. From global configuration mode, use the line vty 0 4 command to set all five default VTY lines. However, you would typically always set all lines, not just the defaults.

What is the problem with an interface if you type show interface g0/1 and receive the following message? Gigabit 0/1 is administratively down, line protocol is down A. The keepalives are different times. B. The administrator has the interface shut down. C. The administrator is pinging from the interface. D. No cable is attached.

B. If an interface is shut down, the show interface command will show the interface as administratively down. (It is possible that no cable is attached, but you can't tell that from this message.)

You type Switch#sh r and receive a % ambiguous command error. Why did you receive this message? A. The command requires additional options or parameters. B. There is more than one show command that starts with the letter r. C. There is no show command that starts with r. D. The command is being executed from the wrong mode.

B. The % ambiguous command error means that there is more than one possible show command that starts with r. Use a question mark to find the correct command.

Using the given output, what type of interface is shown? [output cut] Hardware is MV96340 Ethernet, address is 001a.2f55.c9e8 (bia 001a.2f55.c9e8) Internet address is 192.168.1.33/27 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 A. 10 Mb B. 100 Mb C. 1000 Mb D. 1000 MB

B. The bandwidth shown is 100000 kbits a second, which is a FastEthernet port, or 100 Mbs.

Which two of the following commands are required when configuring SSH on your router? (Choose two.) A. enable secret password B. exec-timeout 0 0 C. ip domain-name name D. username name password password E. ip ssh version 2

C, D. To configure SSH on your router, you need to set the username command, the ip domainname, login local, and the transport input ssh under the VTY lines and the crypto key command. However, SSH version 2 is suggested but not required.

If you delete the contents of NVRAM and reboot the switch, what mode will you be in? A. Privileged mode B. Global mode C. Setup mode D. NVRAM loaded mode

C. If you delete the startup-config and reload the switch, the device will automatically enter setup mode. You can also type setup from privileged mode at any time.

The output of the show running-config command comes from _________. A. NVRAM B. Flash C. RAM D. Firmware

C. Once the IOS is loaded and up and running, the startup-config will be copied from NVRAM into RAM and from then on, referred to as the running-config.

If you wanted administrators to see a message when logging into the switch, which command would you use? A. message banner motd B. banner message motd C. banner motd D. message motd

C. The banner motd sets a message of the day for administrators when they login to a switch or router.

Which of the following commands sets the privileged mode password to Cisco and encrypts the password? A. enable secret password Cisco B. enable secret cisco C. enable secret Cisco D. enable password Cisco

C. The enable secret password is case sensitive, so the second option is wrong. To set the enable secret password, use the enable secret password command from global configuration mode. This password is automatically encrypted.

Which of the following prompts indicates that the switch is currently in privileged mode? A. Switch(config)# B. Switch> C. Switch# D. Switch(config-if)

C. The prompts offered as options indicate the following modes: Switch(config)# is global configuration mode. Switch> is user mode. Switch# is privileged mode. Switch(config-if)# is interface configuration mode.

Which command will show you whether a DTE or a DCE cable is plugged into serial 0/0 on your router's WAN port? A. sh int s0/0 B. sh int serial0/0 C. show controllers s0/0 D. show serial0/0 controllers

C. The show controllers serial 0/0 command will show you whether either a DTE or DCE cable is connected to the interface. If it is a DCE connection, you need to add clocking with the clock rate command.

Which command will delete the contents of NVRAM on a switch? A. delete NVRAM B. delete startup-config C. erase flash D. erase startup-config E. erase start

C. Wireless AP's are very popular today and will be going away about the same time that rock n' roll does. The idea behind these devices (which are layer 2 bridge devices) is to connect wireless products to the wired Ethernet network. The wireless AP will create a single collision domain and is typically its own dedicated broadcast domain as well.

Which of the following commands displays the configurable parameters and statistics of all interfaces on a switch? A. show running-config B. show startup-config C. show interfaces D. show versions

C. With the show interfaces command, you can view the configurable parameters, get statistics for the interfaces on the switch, check for input and CRC errors, and verify if the interfaces are shut down.

You try to telnet into SF from router Corp and receive this message: Corp#telnet SF Trying SF (10.0.0.1)...Open Password required, but none set [Connection to SF closed by foreign host] Corp# Which of the following sequences will address this problem correctly? A. Corp(config)#line console 0 Corp(config-line)#password password Corp(config-line)#login B. SF config)#line console 0 SF(config-line)#enable secret password SF(config-line)#login C. Corp(config)#line vty 0 4 Corp(config-line)#password password Corp(config-line)#login D. SF(config)#line vty 0 4 SF(config-line)#password password SF(config-line)#login

D. To allow a VTY (Telnet) session into your router, you must set the VTY password. Option C is wrong because it is setting the password on the wrong router. Notice that you have to set the password before you set the login command.

What command do you type to save the configuration stored in RAM to NVRAM? A. Switch(config)# copy current to starting B. Switch# copy starting to running C. Switch(config)# copy running-config startup-config D. Switch# copy run start

D. To copy the running-config to NVRAM so that it will be used if the router is restarted, use the copy running-config startup-config command in privileged mode (copy run start for short).

You type show interfaces fa0/1 and get this output: 275496 packets input, 35226811 bytes, 0 no buffer Received 69748 broadcasts (58822 multicasts) 0 runts, 0 giants, 0 throttles 111395 input errors, 511987 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 58822 multicast, 0 pause input 0 input packets with dribble condition detected 2392529 packets output, 337933522 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out What could the problem possibly be with this interface? A. Speed mismatch on directly connected interfaces B. Collisions causing CRC errors C. Frames received are too large D. Interference on the Ethernet cable

D. Typically, we'd see the input errors and CRC statistics increase with a duplex error, but it could be another Physical layer issue such as the cable might be receiving excessive interference or the network interface cards might have a failure. Typically, you can tell if it is interference when the CRC and input errors output grow but the collision counters do not, which is the case with this question.

You type the following command into the switch and receive the following output: Switch#show fastethernet 0/1 ^ % Invalid input detected at '^' marker. Why was this error message displayed? A. You need to be in privileged mode. B. You cannot have a space between fastethernet and 0/1. C. The switch does not have a FastEthernet 0/1 interface. D. Part of the command is missing.

D. You can view the interface statistics from user mode, but the command is show interface fastethernet 0/0.

If you wanted to determine if serial interface 0/2 on your router should provide clocking, what command would you use?

Router# show controllers serial 0/2

Clock Rate

Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#int s0/0/0 Router(config-if)#clock rate ? Speed (bits per second) 1200 2400 4800 Choose clockrate from list above Router(config-if)#clock rate 1000000 The clock rate command is set in bits per second. Besides looking at the cable end to check for a label of DCE or DTE, you can see if a router's serial interface has a DCE cable connected with the show controllers int command: Router#sh controllers s0/0/0 Interface Serial0/0/0 Hardware is GT96K DTE V.35idb at 0x4342FCB0, driver data structure at 0x434373D4

What command is used to set a serial interface to provide clocking to another router at 1000 Kb?

Router(config)# clock rate 1000000

If you wanted to set the enable secret password to cisco, what command(s) would you type?

Switch# config t Switch(config)# enable secret cisco

How would you set the name of a switch to Sales?

Switch# config t Switch(config)# hostname Sales

If you type show int fastethernet 0/1 and notice the port is administratively down, what commands would you execute to enable the interface?

Switch# config t Switch(config)# int f0/1 Switch(config-if)# no shutdown

If you wanted to set the user-mode password to todd for the console port, what command(s) would you type?

Switch# config t Switch(config)# line console 0 Switch(config-line)# password todd Switch(config-line)# login

If you telnet into a switch and get the response connection refused, password not set, what commands would you execute on the destination device to stop receiving this message and not be prompted for a password?

Switch# config t switch config)# line vty 0 15 switch(config-line)# no login

If you wanted to delete the configuration stored in NVRAM, what command(s) would you type?

Switch# erase startup-config

You want to reinitialize the switch and totally replace the running-config with the current startup-config. What command will you use?

Switch# reload

What command would you use to see the terminal history size?

Switch# show terminal

Clock command

Switch#clock set 2:34:01 21 august 2013

Enabling password/secret

There are five passwords you'll need to secure your Cisco routers: console, auxiliary, telnet/SSH (VTY), enable password, and enable secret. Todd(config)#enable secret todd Todd(config)#enable password todd The enable password you have chosen is the same as your enable secret. This is not recommended. Re-enter the enable password. If you try to set the enable secret and enable passwords the same, the device will give you a polite warning to change the second password. Make a note to yourself that if there aren't any old legacy routers involved, you don't even bother to use the enable password!

Description

Todd#config t Todd(config)#int fa0/1 Todd(config-if)#description Sales VLAN Trunk Link Todd(config-if)#^Z And on a router serial WAN: Router#config t Router(config)#int s0/0/0 Router(config-if)#description WAN to Miami Router(config-if)#^Z

Line console passwords

Todd(config)#line console 0 Todd(config-line)#password console Todd(config line)#login

Encryption of passwords

Todd(config)#service password-encryption

Telnet passwords

Todd(config-line)#line vty 0 ? % Unrecognized command Todd(config-line)#exit Todd(config)#line vty 0 ? <1-15> Last Line number <cr> Todd(config)#line vty 0 15 Todd(config-line)#password telnet Todd(config-line)#login


Kaugnay na mga set ng pag-aaral

Chapter 2 practice test questions

View Set

Module 3 lessons learned points earned

View Set

Las estaciones y los meses del año: Spanish 1

View Set

Global Supply Chain Midterm Fall I 2020

View Set

Chapter 8 Motivation and reward system management

View Set