Cisco Networking Chapter 2
AUX
An older way to establish a CLI session remotely is via a telephone dialup connection using a modem connected to the auxiliary (AUX) port of a router
What benefit does DHCP provide to a network?
DHCP allows users to refer to locations by a name rather than an IP address
a network administrator is planning an IOS upgrade on several of the head office routers and switches. Which three questions must be answered before continuing with the IOS selection and upgrade?
what models of routers and switches require upgrades? what features are required for the devices? do the routers and switches have enough RAM and flash memory for the proposed IOS versions?
extranet
used by an organization to provide safe and secure access to individuals who work for different organizations but require company data (suppliers, customers, collaborators)
enable and disable commands
used to change the CLI between the user EXEC and privileged EXEC modes.
commands
used to execute an action
keywords
used to identify when or how to execute the command
a router has a valid operating system and a config stored in NVRAM. When the router boots up, which mode will display?
user EXEC mode
Banner Messages
Although requiring passwords is one way to keep unauthorized personnel out of a network, it is vital to provide a method for declaring that only authorized personnel should attempt to gain entry into the device. To do this, add a banner to the device output. Banners can be an important part of the legal process in the event that someone is prosecuted for breaking into a device. Some legal systems do not allow prosecution, or even the monitoring of users, unless a notification is visible. To create a banner message of the day on a network device, use the banner motd # the message of the day # global config command. The "#" in the command syntax is called the delimiting character. It is entered before and after the message. The delimiting character can be any character as long as it does not occur in the message. For this reason, symbols such as the "#" are often used. After the command is executed, the banner will be displayed on all subsequent attempts to access the device until the banner is removed. The exact content or wording of a banner depends on the local laws and corporate policies. The banner should state that only authorized personnel are allowed to access the device. Any wording that implies a login is "welcome" or "invited" is inappropriate. Further, the banner can include scheduled system shutdowns and other information that affects all network users.
types of error messages
Ambiguous command Incomplete command Incorrect command
show running-config
Displays the contents of the currently running configuration file
show startup-config
Displays the saved configuration located in NVRAM
a new network administrator has been asked to enter a banner message on a Cisco device. What is the fastest way a network administrator could test whether the banner is properly configured?
Exit privileged EXEC mode and press Enter
Ctrl-C
Exits the config mode or aborts the current command
Alter the Running Configuration
If changes made to the running configuration do not have the desired effect and the running-config file has not yet been saved, you can restore the device to its previous configuration by removing the changed commands individually or reload the device using the reload privileged EXEC mode command to restore the startup-config. The downside to using the reload command to remove an unsaved running configuration is the brief amount of time the device will be offline, causing network downtime.
IOS
Internetwork Operating System
Automatic IP Address Configuration for End Devices
PCs typically default to using DHCP for automatic IPv4 address configuration. to configure DHCP on a Windows PC, you only need to select "Obtain an IP address automatically" and "Obtain DNS server address automatically". Your PC will search out a DHCP server and be assigned the address settings necessary to communicate on the network. it is possible to display the IP configuration settings on a Windows PC by using the ipconfig command at the command prompt. The output will show the IPv4 address, subnet mask, and gateway information received from the DHCP server.
Ctrl-R
Re-displays a line
a network administrator needs to keep the user ID, password, and session contents private when establishing remote CLI connectivity with a switch to manage it. Which access method should be chosen?
SSH
Configure Passwords
The most important password to configure is access to the privileged EXEC mode. To secure privileged EXEC access, use the enable secret password global config command. To secure the user EXEC access, the console port must be configured. Enter line console configuration mode using the line console 0 global configuration command. The zero is used to represent the first (and in most cases the only) console interface. Next, specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the login command. Console access will now require a password before gaining access to the user EXEC mode. Virtual terminal (VTY) lines enable remote access to the device. To secure VTY lines used for SSH and Telnet, enter line VTY mode using the line vty 0 15 global config command. Many Cisco switches support up to 16 VTY lines that are numbered 0 to 15. Next, specify the VTY password using the password password command. Lastly, enable VTY access using the login command.
Encrypt Passwords
The startup-config and running-config files display most passwords in plaintext. This is a security threat since anyone can see the passwords used if they have access to these files. To encrypt passwords, use the service password-encryption global config command. The command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the configuration file, not to passwords as they are sent over the network. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file. Use the show running-config command to verify that passwords are now encrypted
Save the Running Configuration File
There are two system files that store the device configuration: startup-config - The file stored in Non-volatile Random Access Memory (NVRAM) that contains all of the commands that will be used by the device upon startup or reboot. NVRAM does not lose its contents when the device is powered off. running-config - The file stored in Random Access Memory (RAM) that reflects the current configuration. Modifying a running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its content when the device is powered off or restarted. use the show running-config privileged EXEC mode command to view the running configuration file. To view the startup configuration file, use the show startup-config privileged EXEC command. If power to the device is lost or if the device is restarted, all configuration changes will be lost unless they have been saved. To save changes made to the running configuration to the startup configuration file use the copy running-config startup-config privileged EXEC mode command.
show ip interface brief
This command is useful for verifying the condition of the switch interfaces.
Switch Virtual Interface Configuration
To access the switch remotely, an IP address and a subnet mask must be configured on the SVI. To configure an SVI on a switch, use the interface vlan 1 global configuration command. Vlan 1 is not an actual physical interface but a virtual one. Next assign an IPv4 address using the ip address ip-address subnet-mask interface configuration command. Finally, enable the virtual interface using the no shutdown interface configuration command. After these commands are configured, the switch has all the IPv4 elements ready for communication over the network.
passwords can be used to restrict access to all or parts of the Cisco IOS. Select the modest and interfaces that can be protected with passwords
VTY interface privileged EXEC mode console interface
ipconfig
Windows command that shows the IP configuration settings on a PC
internet
a conglomerate of networks and is now owned by any individual or group
SVI
a logical interface used to remotely manage a switch over an IPv4 network
telnet
a method for remotely establishing a CLI session of a device, through a virtual interface, over a network
Console
a physical port of a Cisco device that provides access to the device via a dedicated management channel, also known as out-of-band access
DHCP
a protocol that dynamically leases IPv4 addresses to DHCP-enabled end devices
SSH
a protocol to establish a remote secure CLI connection over the network
GUI
a user-friendly interface that provides an interaction between a user and an OS through a graphical environment
what is a result of using the service password-encryption command on a Cisco network device?
all passwords in the configuration are now shown in clear text when viewing the configuration
global configuration mode
allows a technician to configure settings on the device that affects the device as a whole, such as configuring a name for the device
Ctrl-Shift-6
allows the user to interrupt an IOS process such as ping or traceroute
CLI
command line interface
traceroute
command to check the path that a packet takes to reach a destination
Ping
command to verify connectivity between the source (the device where the command is issued) and the destination (IP address used as argument)
Tab
completes the remainder of a partially typed command or keyword
which two characters are allowed as part of the hostname of a Cisco device?
dash numbers
which two functions are provided to users by the context-sensitive help feature of the Cisco IOS CLI?
determining which option, keyword, or argument is available for the entered command displaying a list of all available commands within the current mode
what criterion must be followed in the design of an IPv4 addressing scheme for end devices
each IP address must be unique within the local network
network operating system
enables device hardware to function and provides an interface for users to interact.
Ctrl-Z
exits the configuration mode and returns to privileged EXEC mode
Startup Configuration
file that is stored in NVRAM and that contains the configuration that has been saved on a device to be used upon startup or reboot
Running configuration
file that is stored in RAM and that contains the configuration that is being done on a device
Configure Hostnames
from the privileged EXEC mode, access the global configuration mode by entering the configure terminal command. Notice the change in the command prompt. From global configuration mode, enter the command hostname followed by the name of the switch and press Enter. Notice the change in the command prompt name. To remove the configured hostname and return the switch to the default prompt, use the no hostname global config command.
Privileged executive mode (Privileged EXEC)
higher level of heirarchy/# allows all monitoring commands, as well as execution of config and management commands debugging and testing. To execute configuration commands, a network administrator must access privileged EXEC mode. Higher configuration modes, like global configuration mode, can only be reached from privileged EXEC mode. The privileged EXEC mode can be identified by the prompt ending with the # symbol.
what benefit does DHCP provide to a network?
hosts can connect to the network and get an IP address without manual configuration
what is a user trying to determine when issuing a ping 10.1.1.1 command on a PC?
if there is connectivity with the destination device
what command can be used on a Windows PC to see the IP configuration of that computer?
ipconfig
what action can a technician take to discard changes to the router config file and work with the file in NVRAM?
issue the reload command without saving the running configuration
which statement is true about the running configuration file in a Cisco IOS device?
it affects the operation of the device immediately when modified
Console Port IOS CLI access method
it can be used to restore an out-of-box configuration on a switch or router It displays startup, debugging, and error messages by default
AUX port IOS CLI access method
it connects through dialup connections it is not supported on Catalyst switch devices
Virtual Interface IOS CLI access method
it requires an active network connection it allows access through use of Telnet or SSH protocols
user executive mode (User EXEC)
lowest level of heirarchy/view-only mode > basic monitoring commands only. This mode has limited capabilities but is useful for basic operations. It allows only a limited number of basic monitoring commands but does not allow the execution of any commands that might change the configuration of the device. The user EXEC mode is identified by the CLI prompt that ends with the > symbol
Ctrl-A
moves to the beginning of the line
Ctrl-E
moves to the end of the line
Wide Area Network (WAN)
network infrastructure that provides access to other networks over a wide geographical area
Local Area Network (LAN)
network infrastructure that provides access to user and end devices in a small geographical area
Argument
parameter that has to be supplied by the user to an IOS command
Keyword
parameter with a predefined value to be used by an IOS command
Shell
portion of operating system that interacts with applications and the user
kernel
portion of operating system that interfaces directly with computer hardware
context sensitive help
provides a list of commands and the arguments associated with those commands within the context of the current mode, to determine what options, keywords or arguments are paired with a command, or that start with a particular characters or characters
syntax
provides the pattern or format that must be used when entering a command
NIC network interface card
provides the physical connection to the network at the PC or other host device
intranet
refers to a private connection of LANs and WANs that belongs to an organization and is designed to be accessible only by the organizations members, employees, or others with authorization
Secure Shell (SSH)
remote login similar to Telnet but uses more secure network services. Uses stronger password authentication and uses encryption when transporting session data
Up Arrow
scroll backward through former commands
Down Arrow
scroll forward through former commands
Metropolitan Area Network (MAN)
spans an area larger than a LAN but smaller than a WAN (typically a city) and is typically operated by a single entity such as a large organization
Cisco IOS
term that represents the operating systems used by Cisco networking devices
which two features are characteristic of flash memory?
the contents of flash may be overwritten flash provides nonvolatile storage
A switch was configured as shown. A ping to the default gateway was issued, but the ping was not successful. Other switches in the same network can ping this gateway. What is a possible reason for this?
the no shutdown command was not issues for VLAN 1
which interface allows remote management of a Layer 2 switch?
the switch virtual interface
why would a Layer 2 switch need an IP address?
to enable the switch to be managed remotely
why is it important to configure a hostname on a device?
to identify the device during remote access (SSH or telnet)
Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment
use the console port to locally access the switch from a serial or USB interface of the PC