CIS 1885- Chapter 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Interface Input Errors

"input errors" is the sum of all errors in datagrams that were received on the interface being examined. This includes runts, giants, CRC, no buffer, frame, overrun, and ignored counts.

Interface Output Errors

"output errors" is the sum of all errors that prevented the final transmission of datagrams out the interface that is being examined. The reported output errors from the show interfaces command include: collisions and late collisions

To be available, an interface must be:

-Configured with at least one IP address--use the ip address ip-address subnet-mask and the ipv6 address ipv6-address/prefix interface configuration commands -Activated-by default, LAN and WAN interfaces are not activated (shutdown). To enable an interface, it must be activated using the no shutdown command. (this is similar to powering on the interface.) The interface must also be connected to another device (hub, switch, or another router) for the physical layer to be active. -Description-optionally, the interface could also be configured with a short description of up to 240 characters. it is good practice to configure a description on each interface. On production networks, the benefits of interface descriptions are quickly realized as they are helpful in troubleshooting and in identifying a third-party connection and contact information.

Parameters

-FastEthernet0/18 refers to that hardware layer and indicates whether the interface is receiving a carrier detect signal. The second parameter (line protocol is up) refers to the data link layer and indicates whether the data link layer protocol keepalives are being received.

Configure Switch Ports at the Physical Layer

-Switch ports can be manually configured with specific duplex and speed settings. The respective interface configuration commands are duplex and speed. -The default setting for both duplex and speed for switch ports on Cisco Catalyst 2960 and 3560 switch is auto. The 10/100/1000 ports operate in either half- or full-duplex mode when they are set to 10 or 100 Mbps and operate only in full-duplex mode when it is set to 1000 Mbps (1 Gbps)

Verify Routes

-a 'C' next to a route within the routing table indicates that this is a directly connected network. When the router interface is configured with a global unicast address and is in the "up/up" state, the IPv6 prefix and prefix length are added to the IPv6 routing tables as a connected route. -the IPv6 global unicast address applied to the interface is also installed in the routing table as a local route. The local route has a /128 prefix. Local routes are used by the routing table to efficiently process packets with the interface address of the router as the destination.

Loopback interface

-a logical interface that is internal to the router. It is not assigned to a physical port and can never be connected to any other device. It is considered a software interface that is automatically placed in an "up" state, as long as the router is functioning. -it is useful in testing and managing a Cisco IOS device because it ensures that at least one interface will always be available. For example, it can be used for testing purposes, such as testing internal routing processes, by emulating networks behind the router

Loopback Interfaces

-commonly used in lab environments to create additional interfaces. For example, you can create multiple loopback interfaces on a router to simulate more networks for configuration practice and testing purposes. The IPv4 address for each loopback interface must be unique and unused by any other interface. -Enabling and assigning a loopback address is simple, example following

Based on the output of the show interfaces command, possible problems can be fixed as follows:

-if the interface is up and the line protocol is down, a problem exists. There could be an encapsulation type mismatch, the interface on the other end could be error-disabled, or there could be a hardware problem -if the line protocol and the interface are both down, a cable is not attached, or some other interface problem exists. For example, in a back-to-back connection, the other end of the connection may be administratively down -if the interface is administratively down, it has been manually disabled (the shutdown command has been issued) in the active configuration

Four filtering parameters that can be configured after the pipe

-section- shows the entire section that starts with the filtering expression -include- includes all output lines that match the filtering expression -exclude- excludes all output lines that match the filtering expression -begin- shows all the output lines from a certain point, starting with the line that matches the filtering expression.

Verify Routes

-the output of the show ip route and show ipv6 route commans reveal the three directly connected network entries and the three local host route interface entries, as show in the example. -The local host route has an administrative distance of 0. It also has a /32 mask for IPv4, and a /128 mask for IPv6. The local host route is for routes on the router that owns the IP address. It is used to allow the router to process packets destined to that IP.

The boot system Command

-the switch attempts to automatically boot by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable file it can find -The IOS operating system then initializes the interfaces using the Cisco IOS commands found in the startup-config file. The startup-config file is called config.text and is located in flash -In the example, the BOOT environment variable is set using the boot system global configuration mode command. Notice that the IOS is located in a distinct folder and the folder path is specified. Use the command show boot to see what the current IOS boot file is set too.

Filtering of show output

-very useful feature that improves the user experience in the CLI. Filtering commands can be used to display specific sections of output. To enable the filtering command, enter a pipe (|) character after the show command and then enter a filtering parameter and filtering expression

Auto-MDIX

-when automatic medium-dependent interface crossover (auto-MDIX) is enabled, the switch interface automatically detects the required cable connection type (straight-through or crossover) and configured the connection appropriately

Which router bootup sequence is correct?

1- perform the POST and load the boostrap program 2- locate and load the Cisco IOS software 3- locate and load the startup configuration file or enter setup mode

Step 1

1. First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system

Configure a Switch with Initial Settings-Switch Boot Sequence

After a Cisco switch is powered on, it goes through the following five-step boot sequence:

IPv4 Loopback Interfaces

Another common configuration of Cisco IOS routers is enabling a loopback interface

Configure SSH

Before configuring SSH, the switch must be minimally configured with a unique hostname and the correct network connectivity settings. There are 6 steps

show history

By default, command history is enabled and the system captures the last 10 command lines in its history buffer. Use the show history privileged EXEC command to display the contents of the buffer

Switch SVI Configuration Example

By default, the switch is configured to have its management controlled through VLAN 1. All ports are assigned to VLAN 1 by default. For security purposes, it is considered a best practice to use a VLAN other than VLAN 1 for the management VLAN, Step 1: Configure the Management Interface: from the VLAN interface configuration mode, an IPv4 address and subnet mask is applied to the management SVI of the switch.

When verifying routes, what code is used to identify directly connected routes in the routing table?

C

Configure Basic Router Settings

Cisco routers and Cisco switches have many similarities. They support a similar model operating system, similar command structures, and many of the same commands. In addition, both devices have similar initial configuration steps. For example, the following configuration tasks should always be performed. Name the device to distinguish it from other routers and configure passwords, as shown in the example.

Collisions

Collisions in half-duplex operations are normal. However, you should never see collisions on an interface configured for full-duplex communication

Filter Show Command Output

Commands that generate multiple screens of output are, by default, paused after 24 lines. At the end of the paused output, the --More-- text displays. Pressing Enter displays the next line and pressing the spacebar displays the next set of lines. Use the terminal length command to specify the number of lines to be displayed. A value of 0 (zero) prevents the router from pausing between screens of output.

Configure Basic Router Settings

Configure a banner to provide legal notification of unauthorized access, as shown in the example. Save the changes on a router, as shown in the example.

Step 2

Configure the IP domain-configure the IP domain name of the network using the ip domain-name domain-name global configuration mode command

Step 5

Configure the vty lines- enable the SSH protocol on the vty lines using the transport input ssh line configuration mode command. use the line vty configuration mode command and then the login local line configuration mode command to require local authentication for SSH connections from the local username database

Step 4

Configure user authentication-the SSH server can authenticate users locally or using an authentication server. To use the local authentication method, create a username and password using the username username secret password global configuration mode command

Step 1

Connect a PC by console cable to the switch console port. Configure terminal emulation software to connect to the switch

Step 4

Continue pressing the MODE button until the System LED turns briefly amber and then solid green; then release the MODE button

Step 6

Enable SSH version 2- by default, SSH supports both versions 1 and 2. When supporting both version, this is shown in the show up ssh output as supporting version 2. Enable SSH version using the ip ssh version 2 global configuration command.

Giants

Ethernet frames that are larger than the maximum allowed size are called giants

Runt Frames

Ethernet frames that are shorter than the 64-byte minimum allowed length are called runts. Malfunctioning NICs are the usual cause of excessive runt frames, but they can also be caused by collisions

Step 5

Finally, the boot loader locates and loads a default IOS operating system software image into memory and gives control of the switch over to the IOS

Step 3

Generate RSA key pairs- generating an RSA key pair automatically enables SSH. Use the crypto key generate rsa global configuration mode command to enable the SSH server on the switch and generate an RSA key pair. Note: to delete the RSA key pair, use the crypto key zeroize rsa global configuration mode command. After the RSA key pair is deleted, the SSH server is automatically disabled.

Which statement describes the system LED operation on Cisco Catalyst switches?

If the LED is amber, the system is receiving power but it is not functioning properly

terminal history size

It is also practical to increase the number of command lines that the history buffer records during the current terminal session only. Use the terminal history size user EXEC command to increase or decrease the size of the buffer

Step 2

Next, the switch loads the boot loader software. The boot loader is a small program stored in ROM that is run immediately after POST successfully completes

Switch SVI Configuration Example

Note: the SVI for VLAN 99 will not appear as "up/up" until VLAN 99 is created and there is a device connected to a switch port associated with VLAN 99 Note: the switch may need to be configured for IPv6. For example, before you can configure the IPv6 addressing on a Cisco Catalyst 2960 running IOS version 15.0, you will need to enter the global configuration command sdm prefer dual-ipv4-and-ipv6 default and then reload the switch

CRC errors

On Ethernet and serial interfaces, CRC errors usually indicate a media or cable error. Common causes include electrical interference, loose or damaged connections, or incorrect cabling. If you see many CRC errors, there is too much noise on the link and you should inspect the cable. You should also search for and eliminate noise sources.

Verify SSH is Operational

On a PC, an SSH client such as PuTTY, is used to connect to an SSH server. For example, assume the following is configured: -SSH is enabled on switch 1 -Interface VLAN 99 (SVI) with IPv4 address 172.17.99.11 on switch S1 -PC1 with IPv4 address 172.17.99.21 Using a terminal emulator, initiate an SSH connection to the SVI VLAN IPv4 address of S1 from PC1. When connected, the user is prompted for a username and password as shown in the example. Using the configuration from the previous example, the username admin and password ccna are entered. After entering the correct combination, the user is connected via SSH to the command line interface (CLI) on the Catalyst 2960 switch.

Dual Stack Topology

One distinguishing feature between switches and routers is the type of interfaces supported by each. For example, Layer 2 switches support LANs; therefore, they have multiple FastEthernet or Gigabit Ethernet ports. The dual stack topology in the figure is used to demonstrate the configuration of router IPv4 and IPv6 interfaces.

Step 3

Reconnect the power cord to the switch, and within 15 seconds, press and hold down the Mode button while the System LED is still flashing green

Configure Router Interfaces

Routers support LANs and WANs and can interconnect different types of networks; therefore, they support many types on interfaces. For example, G2 ISRs have one or two integrated Gigabit Ethernet interfaces and High-speed WAN Interface Card (HWIC) slots to accommodate other types of network interfaces, including serial, DSL, and cable interfaces.

Network Access Layer Issues-2

Some media errors are not severe enough to cause the circuit to fail but do cause network performance issues. The table explains some of these common errors which can be detected using the show interfaces command.

Switch SVI Configuration Example

Step 2: Configure the default gateway -the switch should be configured with a default gateway if it will be managed remotely from networks that are not directly connected Note: because, it will receive its default gateway information from a router advertisement (RA) message, the switch does not require an IPv6 default gateway

Switch SVI Configuration Ex

Step 3: Verify Configuration -the show ip interface brief and show ipv6 interface brief commands are useful for determining the status of both physical and virtual interfaces. The output shown confirms that interface VLAN 99 has been configured with an IPv4 and Ipv6 address. Note: an IP address applied to the SVI is only for remote management access to the switch; this does not allow the switch to route Layer 3 packets

Telnet Operation

Telnet uses TCP port 23. It is an older protocol that uses unsecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices. A threat actor can monitor packets using Wireshark. For example, in the figure the threat actor captured the username admin and password ccna from a Telnet session

Recovering from a system crash

The boot loader command line supports commands to format the flash file system, reinstall the operating system software, and recover a lost or forgotten password. For example, the dir command can be used to view a list of files within a specified directory.

Step 4

The boot loader initializes the flash file system on the system board

Step 3

The boot loader performs low-level CPU initialization. It initializes the CPU registers, which control where physical memory is mapped, the quantity of memory, and its speed

Recovering from a System Crash

The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files. The boot loader has a command line that provides access to the files stored in flash memory. The boot loader can be accessed through a console connection following these 5 steps

Step 5

The boot loader switch: prompt appears in the terminal emulation software on the PC

Command History Feature

The command history feature is useful because it temporarily stores the list of executed commands to be recalled.

Mode

The mode button is used to move between the different modes--STAT, DUPLX, SPEED, and PoE

Verify Interface Status

The output of the show ip interface brief and show ipv6 interface brief commands can be used to quickly reveal the status of all interfaces on the router. You can verify that the interfaces are active and operational as indicated by the Status of "up" and Protocol of "up", as shown in the example. A different output would indicate a problem with either the configuration

Verify IPv6 Link Local and Multicast Addresses

The output of the show ipv6 interface brief command displays two configured IPv6 addresses per interface. One address is the IPv6 global unicast address that was manually entered. The other address, which begins with FE80, is the link-local unicast address for the interface. A link-local address us automatically added to an interface whenever a global unicast address is assigned. An IPv6 network interface is required to have a link-local address, but not necessarily a global unicast address.

Verify Interface Configuration

The output of the show running-config interface command displays the current commands applied to the specified interface, as shown. The following two commands are used to gather more detailed interface information: -show interfaces-displays interface information and packet flow count for all interfaces on the device. -show ip interface and show ipv6 interface- displays the IPv4 and IPv6 related information for all interfaces on a router.

Network Access Layer Issues

The show interfaces command output displays counters and statistics for the FastEthernet0/18 interface, as shown next

Interface Verification Commands

There are several show commands that can be used to verify the operation and configuration of an interface. The following commands are especially useful to quickly identify the status of an interface

Configure Router Interfaces

This example shows the configure for the interfaces on R1

Verify the Switch Supports SSH

To enable SSH on a Catalyst 2960 switch, the switch must be using a version of the IOS software including cryptographic (encrypted) features and capabilities. Use the show version command on the switch to see which IOS the switch is currently running. An IOS filename that includes the combination "k9" supports cryptographic (encrypted) features and capabilities Ex: shows the output of the show version command

Switch Management Access

To prepare a switch for remote management access, the switch must be configured with an IP address and a subnet mask -to manage the switch from a remote network, the switch must be configured with a default gateway. This is very similar to configuring the IP address information on host devices. -in this figure, the switch virtual interface (SVI) on S1 should be assigned an IP address. The SVI is a virtual interface, not a physical port on the switch. A console cable is used to connect to a PC so that the switch can be initially configured.

Troubleshooting Network Access Layer Issues

To troubleshoot scenarios involving no connection, or a bad connection, between a switch and another device, follow the general process shown in the figure

Step 2

Unplug the switch power cord

Step 1

Verify SSH support-use the show ip ssh command to verify that the switch supports SSH. If the switch is not running an IOS that supports cryptographic features, this command is unrecognized

Troubleshooting

When troubleshooting switch port issues, it is important that the duplex and speed settings are checked Note: mismatched settings for the duplex mode and speed of switch ports can cause connectivity issues. Autonegotiation failure creates mismatched settings All fiber-optic ports, such as 1000BASE-SX ports, operate at only one preset speed and are always full-duplex

Which statement describes SVIs?

a default SVI is created for VLAN 1 for switch administration

Late collisions

a late collision refers to a collision that occurs after 512 bits of the frame have been transmitted. Excessive cable lengths are the most common cause of late collision. Another common cause is duplex misconfiguration

SSH Operation (Secure Shell)

a secure protocol that uses TCP port 22. It provides a secure (encrypted) management connection to a remote device. SSH should replace Telnet for management connections. SSH provides security for remote connections by providing strong encryption when a device is authenticated and also for the transmitted data between the communicating devices The figure shows a Wireshark capture of an SSH session. The threat actor can track the session using the IP address of the administrator device. However, unlike Telnet, with SSH the username and password are encrypted.

Which filtering expression will show all output lines starting from the line matching the filtering expression?

begin

A network administrator has configured VLAN 99 as the management VLAN and has configured it with an IP address and subnet mask. The administrator issues the show interface vlan 99 command and notices that the line protocol is down. Which action can change the state of the line protocol to up?

connect a host to an interface associated with VLAN 99

What type of Ethernet cable would be used to connect one switch to another switch when neither switch supports the auto-MDIX feature?

crossover

show ipv6 interface gigabitethernet 0/0/0 command

displays the interface status and all of the IPv6 addresses belonging to the interface. Along with the link local address and global unicast address, the output includes the multicast addresses assigned to the interface, beginning with prefix FF02, as show in the example.

With auto-MDIX enabled

either type of cable can be used to connect to other devices, and the interface automatically adjusts to communicate successfully

What advantage does SSH offer over Telnet?

encryption

Full-duplex communication

increases bandwidth efficiency by allowing both ends of a connection to transmit and receive data simultaneously. This is also known as bidirectional communication and it requires microsegmentation

Microsegmented LAN

is created when a switch port has only one device connected and is operating in full-duplex mode

An IPv6-enabled interface is required to have which type of address?

link-local

What is the first action in the boot sequence when a switch is powered on?

load a power-on self-test program

What must an administrator have in order to reset a lost password on a router?

physical access to the router

What character is used to enable the filtering of commands?

pipe |

Power over Ethernet LED (PoE)

present if the switch supports PoE. Indicates the PoE status of ports on the switch

Recall commands in the history buffer

press Ctrl + P or the Up arrow key. The command output begins with the most recent command. Repeat the key sequence to recall successively older commands. To return to more recent commands in the history buffer, press Ctrl + N or the Down Arrow key. Repeat the key sequence to recall successively more recent commands.

Gigabit Ethernet and 10 Gb NICs

require full-duplex connections to operate. In full-duplex mode, the collision detection circuit on the NIC is disabled. Full-duplex offers 100 percent efficiency in both directions (transmitting and receiving). This results in a doubling of the potential use of the stated bandwidth

Which tasks can be accomplished by using the command history feature?

set the command history buffer size and recall previously entered commands

Which command will display packet flow counts, collisions, and buffer failures on an interface?

show interface

Which command will provide information about the status of all interfaces including the number of giants, runts, and collisions on the interface?

show interfaces

Which command will display a summary of all IPv6-enabled interfaces on a router that includes the IPv6 address and operational status?

show ipv6 interface brief

Redundant Power Supply LED (RPS)

shows the RPS status

System LED (SYST)

shows whether the system is receiving power and functioning properly

When connecting to switches without the auto-MDIX feature

straight-through cables must be used to connect to devices such as servers, workstations, or routers. Crossover cables must be used to connect to other switches or repeaters

Which prompt is displayed when a network administrator successfully accesses the boot loader on a switch to recover from a system crash?

switch:

When using the auto-MDIX on an interface

the interface speed and duplex must be set to auto so that the feature operates correctly On newer Cisco switches, the MDIX auto interface configuration mode command enables the feature Note: the auto-MDIX feature is enabled by default on Catalyst 2960 and Catalyst 3560 switches but is not available on the older Catalyst 2950 and Catalyst 3550 switches. To examine the auto-MDIX setting for a specific interface, use the show controllers ethernet-controller command with phy keyword. To limit the output to lines referencing auto-MDIX, use the include Auto-MDIX filter

Network Access Layer Issues

the output from the show interfaces command is useful for detecting common media issues. One of the most important parts of this output is the display of the line and data link protocol status, as shown in the example

Verify Switch Port Configuration

the show interfaces command is another commonly used command, which displays status and statistics information on the network interfaces on the switch. The show interfaces command is frequently used when configuring and monitoring network devices -the first line of the output for the show interfaces fastEthernet 0/18 command indicates that the FastEthernet 0/18 interface is up/up, meaning that it is operational. Further down, the output shows that the duplex is full and the speed is 100 Mbps

Verify Switch Port configuration

the show running-config command can be used to verify that the switch has been correctly configured. From the sample abbreviated output on S1, some important information is shown here: -Fast Ethernet 0/18 interface configured with the management VLAN 99 -VLAN 99 configured with an IPv4 address of 172.17.99.11 255.255.255.0 -Default gateway set to 172.17.99.1

show ip interface brief and show ipv6 interface brief

these display a summary for all interfaces including the IPv4 or IPv6 address of the interface and current operational status

show ip route and show ipv6 route

these display the contents of the IPv4 or IPv6 routing table stored in RAM. In Cisco IOS 15, active interfaces should appear in the routing table with two related entries identified by the code 'C' (connected) or 'L' (local). In previous IOS versions, only a single entry with the code 'C' will appear

show running-config interface (interface-id)

this displays the commands applied to the specified interface

Verify SSH is Operational

to display the version and configuration data for SSH on the device that you configured as an SSH server, use the show ip ssh command. In the following example, SSH version 2 is enabled.

Half-duplex communication

unlike full-duplex communication, half-duplex communication is unidirectional. Half-duplex communication creates performance issues because data can flow in only one direction at a time, often resulting in collisions.

Autonegotiation

useful when the speed and duplex settings of the device connecting to the port are unknown or may change. When connecting to known devices such as servers, dedicated workstations, or network devices, a best practice is to manually set the speed and duplex settings

When configuring a switch for SSH access, what other command that is associated with the login local command is required to be entered on the switch?

username username secret secret

Port Duplex LED (DUPLX)

when green, it indicates port duplex mode is selected. Port duplex can then be understood by the light associated with each port.

Port Speed LED (SPEED)

when green, it indicates port speed mode is selected. Port speed can then be understood by the light associated with each port

Port Status LED (STAT)

when green, it indicates port status mode is selected, which is the default. Port status can then be understood by the light associated with each port


Ensembles d'études connexes

ChapPrincipal: A person who has someone else acting for him ter 28: Agency Law

View Set

Legal and ethical responsibilities (Privacy & Security)

View Set

Chapter 1 key terms Microbiology

View Set

Sociology: Marriage and Family Terms Ch. 6-7

View Set

6. Inverse Trigonometry using unit circle or special triangles

View Set

Female Reproductive System (Fallopian Tubes)

View Set

Chapter 9: Project Human Resource Management 2

View Set

Sem 3 - Unit 1 - Addiction - NCO

View Set

Safe Driving Practices Assessment (OSHA-10)

View Set