Cisco Networking Chapter 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

AUX

An older way to establish a CLI session remotely is via a telephone dialup connection using a modem connected to the auxiliary (AUX) port of a router

What benefit does DHCP provide to a network?

DHCP allows users to refer to locations by a name rather than an IP address

a network administrator is planning an IOS upgrade on several of the head office routers and switches. Which three questions must be answered before continuing with the IOS selection and upgrade?

what models of routers and switches require upgrades? what features are required for the devices? do the routers and switches have enough RAM and flash memory for the proposed IOS versions?

extranet

used by an organization to provide safe and secure access to individuals who work for different organizations but require company data (suppliers, customers, collaborators)

enable and disable commands

used to change the CLI between the user EXEC and privileged EXEC modes.

commands

used to execute an action

keywords

used to identify when or how to execute the command

a router has a valid operating system and a config stored in NVRAM. When the router boots up, which mode will display?

user EXEC mode

Banner Messages

Although requiring passwords is one way to keep unauthorized personnel out of a network, it is vital to provide a method for declaring that only authorized personnel should attempt to gain entry into the device. To do this, add a banner to the device output. Banners can be an important part of the legal process in the event that someone is prosecuted for breaking into a device. Some legal systems do not allow prosecution, or even the monitoring of users, unless a notification is visible. To create a banner message of the day on a network device, use the banner motd # the message of the day # global config command. The "#" in the command syntax is called the delimiting character. It is entered before and after the message. The delimiting character can be any character as long as it does not occur in the message. For this reason, symbols such as the "#" are often used. After the command is executed, the banner will be displayed on all subsequent attempts to access the device until the banner is removed. The exact content or wording of a banner depends on the local laws and corporate policies. The banner should state that only authorized personnel are allowed to access the device. Any wording that implies a login is "welcome" or "invited" is inappropriate. Further, the banner can include scheduled system shutdowns and other information that affects all network users.

types of error messages

Ambiguous command Incomplete command Incorrect command

show running-config

Displays the contents of the currently running configuration file

show startup-config

Displays the saved configuration located in NVRAM

a new network administrator has been asked to enter a banner message on a Cisco device. What is the fastest way a network administrator could test whether the banner is properly configured?

Exit privileged EXEC mode and press Enter

Ctrl-C

Exits the config mode or aborts the current command

Alter the Running Configuration

If changes made to the running configuration do not have the desired effect and the running-config file has not yet been saved, you can restore the device to its previous configuration by removing the changed commands individually or reload the device using the reload privileged EXEC mode command to restore the startup-config. The downside to using the reload command to remove an unsaved running configuration is the brief amount of time the device will be offline, causing network downtime.

IOS

Internetwork Operating System

Automatic IP Address Configuration for End Devices

PCs typically default to using DHCP for automatic IPv4 address configuration. to configure DHCP on a Windows PC, you only need to select "Obtain an IP address automatically" and "Obtain DNS server address automatically". Your PC will search out a DHCP server and be assigned the address settings necessary to communicate on the network. it is possible to display the IP configuration settings on a Windows PC by using the ipconfig command at the command prompt. The output will show the IPv4 address, subnet mask, and gateway information received from the DHCP server.

Ctrl-R

Re-displays a line

a network administrator needs to keep the user ID, password, and session contents private when establishing remote CLI connectivity with a switch to manage it. Which access method should be chosen?

SSH

Configure Passwords

The most important password to configure is access to the privileged EXEC mode. To secure privileged EXEC access, use the enable secret password global config command. To secure the user EXEC access, the console port must be configured. Enter line console configuration mode using the line console 0 global configuration command. The zero is used to represent the first (and in most cases the only) console interface. Next, specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the login command. Console access will now require a password before gaining access to the user EXEC mode. Virtual terminal (VTY) lines enable remote access to the device. To secure VTY lines used for SSH and Telnet, enter line VTY mode using the line vty 0 15 global config command. Many Cisco switches support up to 16 VTY lines that are numbered 0 to 15. Next, specify the VTY password using the password password command. Lastly, enable VTY access using the login command.

Encrypt Passwords

The startup-config and running-config files display most passwords in plaintext. This is a security threat since anyone can see the passwords used if they have access to these files. To encrypt passwords, use the service password-encryption global config command. The command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the configuration file, not to passwords as they are sent over the network. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file. Use the show running-config command to verify that passwords are now encrypted

Save the Running Configuration File

There are two system files that store the device configuration: startup-config - The file stored in Non-volatile Random Access Memory (NVRAM) that contains all of the commands that will be used by the device upon startup or reboot. NVRAM does not lose its contents when the device is powered off. running-config - The file stored in Random Access Memory (RAM) that reflects the current configuration. Modifying a running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its content when the device is powered off or restarted. use the show running-config privileged EXEC mode command to view the running configuration file. To view the startup configuration file, use the show startup-config privileged EXEC command. If power to the device is lost or if the device is restarted, all configuration changes will be lost unless they have been saved. To save changes made to the running configuration to the startup configuration file use the copy running-config startup-config privileged EXEC mode command.

show ip interface brief

This command is useful for verifying the condition of the switch interfaces.

Switch Virtual Interface Configuration

To access the switch remotely, an IP address and a subnet mask must be configured on the SVI. To configure an SVI on a switch, use the interface vlan 1 global configuration command. Vlan 1 is not an actual physical interface but a virtual one. Next assign an IPv4 address using the ip address ip-address subnet-mask interface configuration command. Finally, enable the virtual interface using the no shutdown interface configuration command. After these commands are configured, the switch has all the IPv4 elements ready for communication over the network.

passwords can be used to restrict access to all or parts of the Cisco IOS. Select the modest and interfaces that can be protected with passwords

VTY interface privileged EXEC mode console interface

ipconfig

Windows command that shows the IP configuration settings on a PC

internet

a conglomerate of networks and is now owned by any individual or group

SVI

a logical interface used to remotely manage a switch over an IPv4 network

telnet

a method for remotely establishing a CLI session of a device, through a virtual interface, over a network

Console

a physical port of a Cisco device that provides access to the device via a dedicated management channel, also known as out-of-band access

DHCP

a protocol that dynamically leases IPv4 addresses to DHCP-enabled end devices

SSH

a protocol to establish a remote secure CLI connection over the network

GUI

a user-friendly interface that provides an interaction between a user and an OS through a graphical environment

what is a result of using the service password-encryption command on a Cisco network device?

all passwords in the configuration are now shown in clear text when viewing the configuration

global configuration mode

allows a technician to configure settings on the device that affects the device as a whole, such as configuring a name for the device

Ctrl-Shift-6

allows the user to interrupt an IOS process such as ping or traceroute

CLI

command line interface

traceroute

command to check the path that a packet takes to reach a destination

Ping

command to verify connectivity between the source (the device where the command is issued) and the destination (IP address used as argument)

Tab

completes the remainder of a partially typed command or keyword

which two characters are allowed as part of the hostname of a Cisco device?

dash numbers

which two functions are provided to users by the context-sensitive help feature of the Cisco IOS CLI?

determining which option, keyword, or argument is available for the entered command displaying a list of all available commands within the current mode

what criterion must be followed in the design of an IPv4 addressing scheme for end devices

each IP address must be unique within the local network

network operating system

enables device hardware to function and provides an interface for users to interact.

Ctrl-Z

exits the configuration mode and returns to privileged EXEC mode

Startup Configuration

file that is stored in NVRAM and that contains the configuration that has been saved on a device to be used upon startup or reboot

Running configuration

file that is stored in RAM and that contains the configuration that is being done on a device

Configure Hostnames

from the privileged EXEC mode, access the global configuration mode by entering the configure terminal command. Notice the change in the command prompt. From global configuration mode, enter the command hostname followed by the name of the switch and press Enter. Notice the change in the command prompt name. To remove the configured hostname and return the switch to the default prompt, use the no hostname global config command.

Privileged executive mode (Privileged EXEC)

higher level of heirarchy/# allows all monitoring commands, as well as execution of config and management commands debugging and testing. To execute configuration commands, a network administrator must access privileged EXEC mode. Higher configuration modes, like global configuration mode, can only be reached from privileged EXEC mode. The privileged EXEC mode can be identified by the prompt ending with the # symbol.

what benefit does DHCP provide to a network?

hosts can connect to the network and get an IP address without manual configuration

what is a user trying to determine when issuing a ping 10.1.1.1 command on a PC?

if there is connectivity with the destination device

what command can be used on a Windows PC to see the IP configuration of that computer?

ipconfig

what action can a technician take to discard changes to the router config file and work with the file in NVRAM?

issue the reload command without saving the running configuration

which statement is true about the running configuration file in a Cisco IOS device?

it affects the operation of the device immediately when modified

Console Port IOS CLI access method

it can be used to restore an out-of-box configuration on a switch or router It displays startup, debugging, and error messages by default

AUX port IOS CLI access method

it connects through dialup connections it is not supported on Catalyst switch devices

Virtual Interface IOS CLI access method

it requires an active network connection it allows access through use of Telnet or SSH protocols

user executive mode (User EXEC)

lowest level of heirarchy/view-only mode > basic monitoring commands only. This mode has limited capabilities but is useful for basic operations. It allows only a limited number of basic monitoring commands but does not allow the execution of any commands that might change the configuration of the device. The user EXEC mode is identified by the CLI prompt that ends with the > symbol

Ctrl-A

moves to the beginning of the line

Ctrl-E

moves to the end of the line

Wide Area Network (WAN)

network infrastructure that provides access to other networks over a wide geographical area

Local Area Network (LAN)

network infrastructure that provides access to user and end devices in a small geographical area

Argument

parameter that has to be supplied by the user to an IOS command

Keyword

parameter with a predefined value to be used by an IOS command

Shell

portion of operating system that interacts with applications and the user

kernel

portion of operating system that interfaces directly with computer hardware

context sensitive help

provides a list of commands and the arguments associated with those commands within the context of the current mode, to determine what options, keywords or arguments are paired with a command, or that start with a particular characters or characters

syntax

provides the pattern or format that must be used when entering a command

NIC network interface card

provides the physical connection to the network at the PC or other host device

intranet

refers to a private connection of LANs and WANs that belongs to an organization and is designed to be accessible only by the organizations members, employees, or others with authorization

Secure Shell (SSH)

remote login similar to Telnet but uses more secure network services. Uses stronger password authentication and uses encryption when transporting session data

Up Arrow

scroll backward through former commands

Down Arrow

scroll forward through former commands

Metropolitan Area Network (MAN)

spans an area larger than a LAN but smaller than a WAN (typically a city) and is typically operated by a single entity such as a large organization

Cisco IOS

term that represents the operating systems used by Cisco networking devices

which two features are characteristic of flash memory?

the contents of flash may be overwritten flash provides nonvolatile storage

A switch was configured as shown. A ping to the default gateway was issued, but the ping was not successful. Other switches in the same network can ping this gateway. What is a possible reason for this?

the no shutdown command was not issues for VLAN 1

which interface allows remote management of a Layer 2 switch?

the switch virtual interface

why would a Layer 2 switch need an IP address?

to enable the switch to be managed remotely

why is it important to configure a hostname on a device?

to identify the device during remote access (SSH or telnet)

Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment

use the console port to locally access the switch from a serial or USB interface of the PC


Ensembles d'études connexes

Chapter 13 Care Delivery Strategies

View Set

The Point Drug Therapy for the Treatment of Cancer NCLEX Chapter Review

View Set

Study set 9 for RN NCLEX (Kaplan)

View Set

Sexual Orientation and Same-Sex Marriage

View Set

AP Language and Composition Mock Exam 1

View Set

NClex / Basic Physical Care 2nd set

View Set

Vocabulary Workshop Level G Unit 5 and 6

View Set

Principles of Biochemistry Homework (Chapters 1, 2, 3)

View Set

15 accents diacrítics en català

View Set

Base Pay Administration and Pay for Performance - GR4/C4

View Set