CIS 1885- Chapter 1
Interface Input Errors
"input errors" is the sum of all errors in datagrams that were received on the interface being examined. This includes runts, giants, CRC, no buffer, frame, overrun, and ignored counts.
Interface Output Errors
"output errors" is the sum of all errors that prevented the final transmission of datagrams out the interface that is being examined. The reported output errors from the show interfaces command include: collisions and late collisions
To be available, an interface must be:
-Configured with at least one IP address--use the ip address ip-address subnet-mask and the ipv6 address ipv6-address/prefix interface configuration commands -Activated-by default, LAN and WAN interfaces are not activated (shutdown). To enable an interface, it must be activated using the no shutdown command. (this is similar to powering on the interface.) The interface must also be connected to another device (hub, switch, or another router) for the physical layer to be active. -Description-optionally, the interface could also be configured with a short description of up to 240 characters. it is good practice to configure a description on each interface. On production networks, the benefits of interface descriptions are quickly realized as they are helpful in troubleshooting and in identifying a third-party connection and contact information.
Parameters
-FastEthernet0/18 refers to that hardware layer and indicates whether the interface is receiving a carrier detect signal. The second parameter (line protocol is up) refers to the data link layer and indicates whether the data link layer protocol keepalives are being received.
Configure Switch Ports at the Physical Layer
-Switch ports can be manually configured with specific duplex and speed settings. The respective interface configuration commands are duplex and speed. -The default setting for both duplex and speed for switch ports on Cisco Catalyst 2960 and 3560 switch is auto. The 10/100/1000 ports operate in either half- or full-duplex mode when they are set to 10 or 100 Mbps and operate only in full-duplex mode when it is set to 1000 Mbps (1 Gbps)
Verify Routes
-a 'C' next to a route within the routing table indicates that this is a directly connected network. When the router interface is configured with a global unicast address and is in the "up/up" state, the IPv6 prefix and prefix length are added to the IPv6 routing tables as a connected route. -the IPv6 global unicast address applied to the interface is also installed in the routing table as a local route. The local route has a /128 prefix. Local routes are used by the routing table to efficiently process packets with the interface address of the router as the destination.
Loopback interface
-a logical interface that is internal to the router. It is not assigned to a physical port and can never be connected to any other device. It is considered a software interface that is automatically placed in an "up" state, as long as the router is functioning. -it is useful in testing and managing a Cisco IOS device because it ensures that at least one interface will always be available. For example, it can be used for testing purposes, such as testing internal routing processes, by emulating networks behind the router
Loopback Interfaces
-commonly used in lab environments to create additional interfaces. For example, you can create multiple loopback interfaces on a router to simulate more networks for configuration practice and testing purposes. The IPv4 address for each loopback interface must be unique and unused by any other interface. -Enabling and assigning a loopback address is simple, example following
Based on the output of the show interfaces command, possible problems can be fixed as follows:
-if the interface is up and the line protocol is down, a problem exists. There could be an encapsulation type mismatch, the interface on the other end could be error-disabled, or there could be a hardware problem -if the line protocol and the interface are both down, a cable is not attached, or some other interface problem exists. For example, in a back-to-back connection, the other end of the connection may be administratively down -if the interface is administratively down, it has been manually disabled (the shutdown command has been issued) in the active configuration
Four filtering parameters that can be configured after the pipe
-section- shows the entire section that starts with the filtering expression -include- includes all output lines that match the filtering expression -exclude- excludes all output lines that match the filtering expression -begin- shows all the output lines from a certain point, starting with the line that matches the filtering expression.
Verify Routes
-the output of the show ip route and show ipv6 route commans reveal the three directly connected network entries and the three local host route interface entries, as show in the example. -The local host route has an administrative distance of 0. It also has a /32 mask for IPv4, and a /128 mask for IPv6. The local host route is for routes on the router that owns the IP address. It is used to allow the router to process packets destined to that IP.
The boot system Command
-the switch attempts to automatically boot by using information in the BOOT environment variable. If this variable is not set, the switch attempts to load and execute the first executable file it can find -The IOS operating system then initializes the interfaces using the Cisco IOS commands found in the startup-config file. The startup-config file is called config.text and is located in flash -In the example, the BOOT environment variable is set using the boot system global configuration mode command. Notice that the IOS is located in a distinct folder and the folder path is specified. Use the command show boot to see what the current IOS boot file is set too.
Filtering of show output
-very useful feature that improves the user experience in the CLI. Filtering commands can be used to display specific sections of output. To enable the filtering command, enter a pipe (|) character after the show command and then enter a filtering parameter and filtering expression
Auto-MDIX
-when automatic medium-dependent interface crossover (auto-MDIX) is enabled, the switch interface automatically detects the required cable connection type (straight-through or crossover) and configured the connection appropriately
Which router bootup sequence is correct?
1- perform the POST and load the boostrap program 2- locate and load the Cisco IOS software 3- locate and load the startup configuration file or enter setup mode
Step 1
1. First, the switch loads a power-on self-test (POST) program stored in ROM. POST checks the CPU subsystem. It tests the CPU, DRAM, and the portion of the flash device that makes up the flash file system
Configure a Switch with Initial Settings-Switch Boot Sequence
After a Cisco switch is powered on, it goes through the following five-step boot sequence:
IPv4 Loopback Interfaces
Another common configuration of Cisco IOS routers is enabling a loopback interface
Configure SSH
Before configuring SSH, the switch must be minimally configured with a unique hostname and the correct network connectivity settings. There are 6 steps
show history
By default, command history is enabled and the system captures the last 10 command lines in its history buffer. Use the show history privileged EXEC command to display the contents of the buffer
Switch SVI Configuration Example
By default, the switch is configured to have its management controlled through VLAN 1. All ports are assigned to VLAN 1 by default. For security purposes, it is considered a best practice to use a VLAN other than VLAN 1 for the management VLAN, Step 1: Configure the Management Interface: from the VLAN interface configuration mode, an IPv4 address and subnet mask is applied to the management SVI of the switch.
When verifying routes, what code is used to identify directly connected routes in the routing table?
C
Configure Basic Router Settings
Cisco routers and Cisco switches have many similarities. They support a similar model operating system, similar command structures, and many of the same commands. In addition, both devices have similar initial configuration steps. For example, the following configuration tasks should always be performed. Name the device to distinguish it from other routers and configure passwords, as shown in the example.
Collisions
Collisions in half-duplex operations are normal. However, you should never see collisions on an interface configured for full-duplex communication
Filter Show Command Output
Commands that generate multiple screens of output are, by default, paused after 24 lines. At the end of the paused output, the --More-- text displays. Pressing Enter displays the next line and pressing the spacebar displays the next set of lines. Use the terminal length command to specify the number of lines to be displayed. A value of 0 (zero) prevents the router from pausing between screens of output.
Configure Basic Router Settings
Configure a banner to provide legal notification of unauthorized access, as shown in the example. Save the changes on a router, as shown in the example.
Step 2
Configure the IP domain-configure the IP domain name of the network using the ip domain-name domain-name global configuration mode command
Step 5
Configure the vty lines- enable the SSH protocol on the vty lines using the transport input ssh line configuration mode command. use the line vty configuration mode command and then the login local line configuration mode command to require local authentication for SSH connections from the local username database
Step 4
Configure user authentication-the SSH server can authenticate users locally or using an authentication server. To use the local authentication method, create a username and password using the username username secret password global configuration mode command
Step 1
Connect a PC by console cable to the switch console port. Configure terminal emulation software to connect to the switch
Step 4
Continue pressing the MODE button until the System LED turns briefly amber and then solid green; then release the MODE button
Step 6
Enable SSH version 2- by default, SSH supports both versions 1 and 2. When supporting both version, this is shown in the show up ssh output as supporting version 2. Enable SSH version using the ip ssh version 2 global configuration command.
Giants
Ethernet frames that are larger than the maximum allowed size are called giants
Runt Frames
Ethernet frames that are shorter than the 64-byte minimum allowed length are called runts. Malfunctioning NICs are the usual cause of excessive runt frames, but they can also be caused by collisions
Step 5
Finally, the boot loader locates and loads a default IOS operating system software image into memory and gives control of the switch over to the IOS
Step 3
Generate RSA key pairs- generating an RSA key pair automatically enables SSH. Use the crypto key generate rsa global configuration mode command to enable the SSH server on the switch and generate an RSA key pair. Note: to delete the RSA key pair, use the crypto key zeroize rsa global configuration mode command. After the RSA key pair is deleted, the SSH server is automatically disabled.
Which statement describes the system LED operation on Cisco Catalyst switches?
If the LED is amber, the system is receiving power but it is not functioning properly
terminal history size
It is also practical to increase the number of command lines that the history buffer records during the current terminal session only. Use the terminal history size user EXEC command to increase or decrease the size of the buffer
Step 2
Next, the switch loads the boot loader software. The boot loader is a small program stored in ROM that is run immediately after POST successfully completes
Switch SVI Configuration Example
Note: the SVI for VLAN 99 will not appear as "up/up" until VLAN 99 is created and there is a device connected to a switch port associated with VLAN 99 Note: the switch may need to be configured for IPv6. For example, before you can configure the IPv6 addressing on a Cisco Catalyst 2960 running IOS version 15.0, you will need to enter the global configuration command sdm prefer dual-ipv4-and-ipv6 default and then reload the switch
CRC errors
On Ethernet and serial interfaces, CRC errors usually indicate a media or cable error. Common causes include electrical interference, loose or damaged connections, or incorrect cabling. If you see many CRC errors, there is too much noise on the link and you should inspect the cable. You should also search for and eliminate noise sources.
Verify SSH is Operational
On a PC, an SSH client such as PuTTY, is used to connect to an SSH server. For example, assume the following is configured: -SSH is enabled on switch 1 -Interface VLAN 99 (SVI) with IPv4 address 172.17.99.11 on switch S1 -PC1 with IPv4 address 172.17.99.21 Using a terminal emulator, initiate an SSH connection to the SVI VLAN IPv4 address of S1 from PC1. When connected, the user is prompted for a username and password as shown in the example. Using the configuration from the previous example, the username admin and password ccna are entered. After entering the correct combination, the user is connected via SSH to the command line interface (CLI) on the Catalyst 2960 switch.
Dual Stack Topology
One distinguishing feature between switches and routers is the type of interfaces supported by each. For example, Layer 2 switches support LANs; therefore, they have multiple FastEthernet or Gigabit Ethernet ports. The dual stack topology in the figure is used to demonstrate the configuration of router IPv4 and IPv6 interfaces.
Step 3
Reconnect the power cord to the switch, and within 15 seconds, press and hold down the Mode button while the System LED is still flashing green
Configure Router Interfaces
Routers support LANs and WANs and can interconnect different types of networks; therefore, they support many types on interfaces. For example, G2 ISRs have one or two integrated Gigabit Ethernet interfaces and High-speed WAN Interface Card (HWIC) slots to accommodate other types of network interfaces, including serial, DSL, and cable interfaces.
Network Access Layer Issues-2
Some media errors are not severe enough to cause the circuit to fail but do cause network performance issues. The table explains some of these common errors which can be detected using the show interfaces command.
Switch SVI Configuration Example
Step 2: Configure the default gateway -the switch should be configured with a default gateway if it will be managed remotely from networks that are not directly connected Note: because, it will receive its default gateway information from a router advertisement (RA) message, the switch does not require an IPv6 default gateway
Switch SVI Configuration Ex
Step 3: Verify Configuration -the show ip interface brief and show ipv6 interface brief commands are useful for determining the status of both physical and virtual interfaces. The output shown confirms that interface VLAN 99 has been configured with an IPv4 and Ipv6 address. Note: an IP address applied to the SVI is only for remote management access to the switch; this does not allow the switch to route Layer 3 packets
Telnet Operation
Telnet uses TCP port 23. It is an older protocol that uses unsecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices. A threat actor can monitor packets using Wireshark. For example, in the figure the threat actor captured the username admin and password ccna from a Telnet session
Recovering from a system crash
The boot loader command line supports commands to format the flash file system, reinstall the operating system software, and recover a lost or forgotten password. For example, the dir command can be used to view a list of files within a specified directory.
Step 4
The boot loader initializes the flash file system on the system board
Step 3
The boot loader performs low-level CPU initialization. It initializes the CPU registers, which control where physical memory is mapped, the quantity of memory, and its speed
Recovering from a System Crash
The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files. The boot loader has a command line that provides access to the files stored in flash memory. The boot loader can be accessed through a console connection following these 5 steps
Step 5
The boot loader switch: prompt appears in the terminal emulation software on the PC
Command History Feature
The command history feature is useful because it temporarily stores the list of executed commands to be recalled.
Mode
The mode button is used to move between the different modes--STAT, DUPLX, SPEED, and PoE
Verify Interface Status
The output of the show ip interface brief and show ipv6 interface brief commands can be used to quickly reveal the status of all interfaces on the router. You can verify that the interfaces are active and operational as indicated by the Status of "up" and Protocol of "up", as shown in the example. A different output would indicate a problem with either the configuration
Verify IPv6 Link Local and Multicast Addresses
The output of the show ipv6 interface brief command displays two configured IPv6 addresses per interface. One address is the IPv6 global unicast address that was manually entered. The other address, which begins with FE80, is the link-local unicast address for the interface. A link-local address us automatically added to an interface whenever a global unicast address is assigned. An IPv6 network interface is required to have a link-local address, but not necessarily a global unicast address.
Verify Interface Configuration
The output of the show running-config interface command displays the current commands applied to the specified interface, as shown. The following two commands are used to gather more detailed interface information: -show interfaces-displays interface information and packet flow count for all interfaces on the device. -show ip interface and show ipv6 interface- displays the IPv4 and IPv6 related information for all interfaces on a router.
Network Access Layer Issues
The show interfaces command output displays counters and statistics for the FastEthernet0/18 interface, as shown next
Interface Verification Commands
There are several show commands that can be used to verify the operation and configuration of an interface. The following commands are especially useful to quickly identify the status of an interface
Configure Router Interfaces
This example shows the configure for the interfaces on R1
Verify the Switch Supports SSH
To enable SSH on a Catalyst 2960 switch, the switch must be using a version of the IOS software including cryptographic (encrypted) features and capabilities. Use the show version command on the switch to see which IOS the switch is currently running. An IOS filename that includes the combination "k9" supports cryptographic (encrypted) features and capabilities Ex: shows the output of the show version command
Switch Management Access
To prepare a switch for remote management access, the switch must be configured with an IP address and a subnet mask -to manage the switch from a remote network, the switch must be configured with a default gateway. This is very similar to configuring the IP address information on host devices. -in this figure, the switch virtual interface (SVI) on S1 should be assigned an IP address. The SVI is a virtual interface, not a physical port on the switch. A console cable is used to connect to a PC so that the switch can be initially configured.
Troubleshooting Network Access Layer Issues
To troubleshoot scenarios involving no connection, or a bad connection, between a switch and another device, follow the general process shown in the figure
Step 2
Unplug the switch power cord
Step 1
Verify SSH support-use the show ip ssh command to verify that the switch supports SSH. If the switch is not running an IOS that supports cryptographic features, this command is unrecognized
Troubleshooting
When troubleshooting switch port issues, it is important that the duplex and speed settings are checked Note: mismatched settings for the duplex mode and speed of switch ports can cause connectivity issues. Autonegotiation failure creates mismatched settings All fiber-optic ports, such as 1000BASE-SX ports, operate at only one preset speed and are always full-duplex
Which statement describes SVIs?
a default SVI is created for VLAN 1 for switch administration
Late collisions
a late collision refers to a collision that occurs after 512 bits of the frame have been transmitted. Excessive cable lengths are the most common cause of late collision. Another common cause is duplex misconfiguration
SSH Operation (Secure Shell)
a secure protocol that uses TCP port 22. It provides a secure (encrypted) management connection to a remote device. SSH should replace Telnet for management connections. SSH provides security for remote connections by providing strong encryption when a device is authenticated and also for the transmitted data between the communicating devices The figure shows a Wireshark capture of an SSH session. The threat actor can track the session using the IP address of the administrator device. However, unlike Telnet, with SSH the username and password are encrypted.
Which filtering expression will show all output lines starting from the line matching the filtering expression?
begin
A network administrator has configured VLAN 99 as the management VLAN and has configured it with an IP address and subnet mask. The administrator issues the show interface vlan 99 command and notices that the line protocol is down. Which action can change the state of the line protocol to up?
connect a host to an interface associated with VLAN 99
What type of Ethernet cable would be used to connect one switch to another switch when neither switch supports the auto-MDIX feature?
crossover
show ipv6 interface gigabitethernet 0/0/0 command
displays the interface status and all of the IPv6 addresses belonging to the interface. Along with the link local address and global unicast address, the output includes the multicast addresses assigned to the interface, beginning with prefix FF02, as show in the example.
With auto-MDIX enabled
either type of cable can be used to connect to other devices, and the interface automatically adjusts to communicate successfully
What advantage does SSH offer over Telnet?
encryption
Full-duplex communication
increases bandwidth efficiency by allowing both ends of a connection to transmit and receive data simultaneously. This is also known as bidirectional communication and it requires microsegmentation
Microsegmented LAN
is created when a switch port has only one device connected and is operating in full-duplex mode
An IPv6-enabled interface is required to have which type of address?
link-local
What is the first action in the boot sequence when a switch is powered on?
load a power-on self-test program
What must an administrator have in order to reset a lost password on a router?
physical access to the router
What character is used to enable the filtering of commands?
pipe |
Power over Ethernet LED (PoE)
present if the switch supports PoE. Indicates the PoE status of ports on the switch
Recall commands in the history buffer
press Ctrl + P or the Up arrow key. The command output begins with the most recent command. Repeat the key sequence to recall successively older commands. To return to more recent commands in the history buffer, press Ctrl + N or the Down Arrow key. Repeat the key sequence to recall successively more recent commands.
Gigabit Ethernet and 10 Gb NICs
require full-duplex connections to operate. In full-duplex mode, the collision detection circuit on the NIC is disabled. Full-duplex offers 100 percent efficiency in both directions (transmitting and receiving). This results in a doubling of the potential use of the stated bandwidth
Which tasks can be accomplished by using the command history feature?
set the command history buffer size and recall previously entered commands
Which command will display packet flow counts, collisions, and buffer failures on an interface?
show interface
Which command will provide information about the status of all interfaces including the number of giants, runts, and collisions on the interface?
show interfaces
Which command will display a summary of all IPv6-enabled interfaces on a router that includes the IPv6 address and operational status?
show ipv6 interface brief
Redundant Power Supply LED (RPS)
shows the RPS status
System LED (SYST)
shows whether the system is receiving power and functioning properly
When connecting to switches without the auto-MDIX feature
straight-through cables must be used to connect to devices such as servers, workstations, or routers. Crossover cables must be used to connect to other switches or repeaters
Which prompt is displayed when a network administrator successfully accesses the boot loader on a switch to recover from a system crash?
switch:
When using the auto-MDIX on an interface
the interface speed and duplex must be set to auto so that the feature operates correctly On newer Cisco switches, the MDIX auto interface configuration mode command enables the feature Note: the auto-MDIX feature is enabled by default on Catalyst 2960 and Catalyst 3560 switches but is not available on the older Catalyst 2950 and Catalyst 3550 switches. To examine the auto-MDIX setting for a specific interface, use the show controllers ethernet-controller command with phy keyword. To limit the output to lines referencing auto-MDIX, use the include Auto-MDIX filter
Network Access Layer Issues
the output from the show interfaces command is useful for detecting common media issues. One of the most important parts of this output is the display of the line and data link protocol status, as shown in the example
Verify Switch Port Configuration
the show interfaces command is another commonly used command, which displays status and statistics information on the network interfaces on the switch. The show interfaces command is frequently used when configuring and monitoring network devices -the first line of the output for the show interfaces fastEthernet 0/18 command indicates that the FastEthernet 0/18 interface is up/up, meaning that it is operational. Further down, the output shows that the duplex is full and the speed is 100 Mbps
Verify Switch Port configuration
the show running-config command can be used to verify that the switch has been correctly configured. From the sample abbreviated output on S1, some important information is shown here: -Fast Ethernet 0/18 interface configured with the management VLAN 99 -VLAN 99 configured with an IPv4 address of 172.17.99.11 255.255.255.0 -Default gateway set to 172.17.99.1
show ip interface brief and show ipv6 interface brief
these display a summary for all interfaces including the IPv4 or IPv6 address of the interface and current operational status
show ip route and show ipv6 route
these display the contents of the IPv4 or IPv6 routing table stored in RAM. In Cisco IOS 15, active interfaces should appear in the routing table with two related entries identified by the code 'C' (connected) or 'L' (local). In previous IOS versions, only a single entry with the code 'C' will appear
show running-config interface (interface-id)
this displays the commands applied to the specified interface
Verify SSH is Operational
to display the version and configuration data for SSH on the device that you configured as an SSH server, use the show ip ssh command. In the following example, SSH version 2 is enabled.
Half-duplex communication
unlike full-duplex communication, half-duplex communication is unidirectional. Half-duplex communication creates performance issues because data can flow in only one direction at a time, often resulting in collisions.
Autonegotiation
useful when the speed and duplex settings of the device connecting to the port are unknown or may change. When connecting to known devices such as servers, dedicated workstations, or network devices, a best practice is to manually set the speed and duplex settings
When configuring a switch for SSH access, what other command that is associated with the login local command is required to be entered on the switch?
username username secret secret
Port Duplex LED (DUPLX)
when green, it indicates port duplex mode is selected. Port duplex can then be understood by the light associated with each port.
Port Speed LED (SPEED)
when green, it indicates port speed mode is selected. Port speed can then be understood by the light associated with each port
Port Status LED (STAT)
when green, it indicates port status mode is selected, which is the default. Port status can then be understood by the light associated with each port