Chapter 8 - Configuring Basic Switch Management (Key Terms & Topics)

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

DNS

An application layer protocol used throughout the Internet for translating host names into their associated IP addresses.

transport input {telnet | ssh | all | none}

Command the defines whether Telnet/SSH access is allowed into a switch. (vty line configuration mode.)

login

What command is used to tell IOS to prompt for a password ? (Console and vty configuration mode.)

password pass-value

What command lists the password required if the login command is configured. (Console and vty configuration mode.)

login local

What command tells IOS to prompt for a username and password, to be checked against locally configured username global configuration commands on this switch or router. (Console and vty configuration mode.)

login local

What command would you use to allow local username and passwords for telnet?

line console 0

What command would you use to change the context to console configuration mode?

line vty 1st-vty last-vty

What command would you use to change the context to vty configuration mode for the range of vty lines listed in the command?

Fully Qualified Domain Name

What does FQDN stand for?

b. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 2 configuration mode. c. The ip default-gateway 172.16.2.254 command in global configuration mode.

A Layer 2 switch configuration places all its physical ports into VLAN 2. Th eIP addressing plan shows that address 172.16.2.250 (with mask 255.255.255.0) is reserved for use by this new LAN switch , and that 172.16.2.254 is already configured on the router connected to the same VLAN. The switch needs to support SSH connections into the switch from any subnet in the network. Which of the following commands are part of the required configuration in this case? (choose 2) a. The ip address 137.16.2.250 255..255.255.0 command in interface vlan 1 configuration mode. b. The ip address 172.16.2.250 255.255.255.0 command in interface vlan 2 configuration mode. c. The ip default-gateway 172.16.2.254 command in global configuration mode. d. The switch cannot support SSH because all its ports connect to VLAN 2, and the IP address must be configured on interface VLAN 1.

Secure Shell (SSH)

A TCP/IP application layer protocol that supports terminal emulation between a client and server, using dynamic key exchange and encryption to keep the communications private.

VLAN interface

A configuration concept inside Cisco switches, used as an interface between IOS running on the switch and a VLAN supported inside the switch, so that the switch can assign an IP address and send IP packets into the VLAN.

log message

A message generated by any computer, but including Cisco routers and switches, for which the device OS wants to notify

a. Radius & d. TACACS+

A network engineer was tasked with helping build a new Cisco network. As part of this implementation, one of the requirements is to have a central database of authorized users that is used by the deployed network devices. Which protocols could the engineer use that would provide these capabilities? (select 2) a. RADIUS b. SSH c. AAA d. TACACS+

enable mode

A part of the Cisco IOS CLI in which the user can use the most powerful and potentially disruptive commands on a router or switch, including the ability to then reach configuration mode and reconfigure the router.

AAA server

A server that holds security information and provides services related to user login, particularly authentication ( is the user who they say they are), Authorization ( once authenticated, what do we allow the user to do), and accounting (tracking the user).

2

A switch's IPv4 configuration has nothing to do with how a layer ___ switch forwards Ethernet Frames, but to Telnet and Secure Shell (SSH) to a switch, the switch needs to be configured with an IP address.

a. enable secret

A user opens a terminal emulator after connecting their PC physically to the console port of a router. The user logs in to the router's user mode, and then continues the process to reach privileged mode. Assume that the router is configured to use the strongest security options. Which command must be configured to support that last step of reaching privileged mode? a. enable secret b. password c. line console 0 d. enable password e. login

local username

A username (with matching password), configured on a router or switch. It is considered local because it exists on the router or switch, and not on a remote server.

The switch IP configuration

All remote access and management protocols require that what be completed and working ?

b. A username name secret password global configuration command c. A login local vty mode subcommand

An engineer had formerly configures a Cisco 2960 switch to allow Telnet access so that the switch expected a password of mypassword from the Telnet user. The engineer then change the configuration to support Secure Shell. Which of the following commands could have been part of the new configuration? (Choose two answers.) a. A username name secret password vty mode subcommand b. A username name secret password global configuration command c. A login local vty mode subcommand d. A transport input ssh global configuration command

a. A login vty mode subcommand

An engineer wants to setup simple password protection with no usernames for some switches in a lab, for the purpose of keeping curious co-workers from logging into the lab switches from their desktop PCs. Which of the following commands would be a useful part of that configuration? a. A login vty mode subcommand b. A password password console subcommand c. A login local vty subcommand d. A transport input ssh vty subcommand

a. The ip address command in interface configuration mode d. The ip default-gateway command in global configuration mode. f. The password command in vty line configuration mode.

An engineer's desktop PC connects to a switch at the main site. A router at the main site connects to each branch office through a serial link, with one small router and switch at each branch. Which of the following commands must be configured on the branch office switches, in the listed configuration mode, to allow the engineer to tel-net to the branch office switches? (choose 3) a. The ip address command in interface configuration mode b. The ip address command in global configuration mode. c. The ip default-gateway command in VLAN configuration mode. d. The ip default-gateway command in global configuration mode. e. The password command in console line configuration mode. f. The password command in vty line configuration mode.

AAA

Authentication, Authorization, and Accounting. Authentication confirms the identity of the user or device. Authorization determines what the user or device is allowed to do. Accounting records information about access attempts, including inappropriate requests.

enable

From ___ mode an attacker could reload a switch and or change the configuration.

b. enable secret

Imagine that you have configured the enable secret command, followed by the enable password command, from the console. Which command defines the password that you had to enter to access privileged mode? a. enable password b. enable secret c. Neither d. The password command if it is configured.

history buffer

In a Cisco router or switch, the function by which IOS keeps a list of commands that the user has used in this login session, both in EXEC mode and configuration mode. The user can then recall these commands for easier repeating or making small edits and issuing similar commands.

b. SW2 needs to configure a default gateway of 10.1.1.254. & d. PC2 needs to configure a default gateway of 10.1.1.254.

In the figure, PC2 needs to be able to send and receive data with IP hosts that are reachable through R1 out its serial link. Also, SW2 needs to be reachable via Telnet from hosts to the right of R1. Assuming that only the information shown in the figure has been configured on PC2 and SW2, which of the following need to be configured? ( Pick 2) a. SW2 needs to configure a default gateway of 10.1.1.255. b. SW2 needs to configure a default gateway of 10.1.1.254. c. SW2 can automatically use CDP to learn about R1's IP address and then use it as SW2's default gateway. d. PC2 needs to configure a default gateway of 10.1.1.254. e. PC2 needs to configure a default gateway of 10.1.1.255. f. PC2 needs to configure a default gateway of 10.1.1.200.

a. line vty 0 4 & c. password whatever

In the figure, SW2 can be pinged from a management station to the right of R1, but the Telnet connection fails, with a message stating something about missing passwords. Which of the following commands, when entered in the correct order, allow Telnet into the switch's user mode, using a password of whatever? Note that the commands might not be listed in the order in which they should be entered in the switch. (Select 2) a. line vty 0 4 b. enable telnet c. password whatever d. enable telnet password whatever e. line telnet 0 4

default gateway

On an IP host, the IP address of some router to which the host sends packets when the packet's destination address is on a subnet other than the local subnet.

b. The configuration needs to use a login local command instead of the login command under line vty 0 4. (Explanation: The configuration is correct, other than the fact that it is missing a login local command under the VTY lines. As configured with the login command, but without a password command under line vty 0 4, the router will expect the user to type only a password, but the password is not configured - so the router will instantly reject login for Telnet users. SSH requires the use of both a username and password.)

The exhibit shows some configuration commands that sit in a text file. After adding this configuration to the router, the user will attempt to use username "fred" and password "hope." Which of the following best describes the accuracy of the configuration for allowing a user attached to subnet 10.1.1.0/24 to use SSH to connect to this router? a. The user should be able to use SSH successfully. b. The configuration needs to use a login local command instead of the login command under line vty 0 4. c. The configuration needs to include an ssh enable global configuration command. d. The transport input telnet ssh command needs to instead be transport input ssh.

name resolution

The process by which an IP host discovers the IP address associated with a hostname, often involving sending a DNS request to a DNS server, with the server supplying the IP address used by a host with the listed hostname.

Telnet

The standard terminal-emulation application layer protocol in the TCP/IP protocol stack. Telnet is used for remote terminal connection, enabling users to log in to remote systems and use resources as if they were connected to a local system. Telnet is defined in RFC 854.

Terminal history size x

This EXEC command changes the length of the history buffer for the current user only, only for the current login to the switch.

show dhcp lease

This EXEC command lists any info the switch aquires as a DHCP client. This includes IP address, subnet mask, and default gateway info.

show ssh

This EXEC command lists info for current SSH connections into and out of the local switch.

show ip ssh

This EXEC command lists status information for the SSH server, including the SSH version.

show history

This EXEC command lists the commands in the current history buffer.

show running-config

This EXEC command lists the currently used configuration.

show interfaces vlan number

This EXEC command lists the interface status, the switch's IPv4 address and mask, and much more.

show crypto key mypubkey rsa

This EXEC command lists the public and shared key created for use with SSH using the crypto key regenerate rsa global configuration command.

show ip default-gateway

This EXEC command lists the switche's settings for its IPv4 default gateway.

show running-config | begin line vty

This EXEC command pipes (sends) the command output to the begin command, which only lists output beginning with the first line that contains the text "line vty".

ip name-server server-ip-1 server-ip-2 ...

This Global command configures the IPv4 addresses for DNS servers, so any commands when logged in to the switch will use the DNS for name resolution.

ip default-gateway address

This Global command configures the switch's default gateway IPv4 address. Not required if the switch uses DHCP. (Global command)

[no] logging console

This Global command disables or enables the display of log messages to the console.

hostname name

This Global command sets a switches hostname.

enable secret pass-value

This Global command sets the switch's password that is required for any user to reach enable mode.

interface vlan number

This command changes the context to VLAN interface mode. (VLAN 1, allows the configuration of the switch's IP address.)

ip address dhcp

This command configures the switch as a DHCP client to discover its IPv4 address, mask, and default gateway. (VLAN interface mode)

Crypto Key Generate RSA

This command creates and stores (in a hidden location in flash memory) the keys required by SSH. (Global Command)

username name secret pass-value

This command defines one of possibly multiple usernames and associated passwords, used for user authentication. Used when the login local line configuration command has been used. (Global Command)

history size length

This command defines the number of commands held in the history buffer, for later recall, for users of those lines. (Line config mode)

exec-timeout minutes [seconds]

This command sets the inactivity timeout, so that after the defined period of no action, IOS closes the current user login session. (Console or vty mode)

ip address ip-address subnet-mask

This command statically configures the switch's IP address and mask. (in VLAN interface mode)

logging synchronous

This command tells IOS to send log messages to the user at natural breaking points between commands rather than in the middle of a line of output. (Console or vty mode)

the use of a simple shared password

To enable a simple password you use the commands login and then password. The command login tells the IOS to enable what??

True

True or False The default switch configuration allows a console user to move into user mode and then privileged mode with no passwords, but prevents Telnet and SSH users from even accessing user mode.

f. The password red

What password does the router use for privileged mode when both enable password blue and enable secret red are configured? a. The password blue b. The password configured first c. The password configured last d. None; the service password-encryption command e. needs to be issued f. The password red

username username-value password password-value

What two commands do you use to configure a local username and password on a switch?

login password

What two commands do you use to configure a simple password for users who want to enter user mode via console or telnet?

a. logging synchronous

Which of the following line subcommands tells a switch to wait until a show command's output has completed before displaying log messages on the screen? a. logging synchronous b. no ip domain-lookup c. exec-timeout 0 0 d. history size 15

a. Configuring the enable secret command. & c. Enabling SSH and disabling Telnet access using the transport input ssh VTY line subcommand.

Which two of the following actions provide the best security for accessing a router's privileged mode remotely? a. Configuring the enable secret command. b. Configuring the enable password command. c. Enabling SSH and disabling Telnet access using the transport input ssh VTY line subcommand. d. Enabling SSH access using the transport input telnet ssh VTY line subcommand.

b. logging synchronous

You are in the process of troubleshooting a network problem on a Cisco device, but you are having a problem getting the right commands entered on the device to fix it. The reason is that every time you attempt to configure the commands, the console generates another message, your command gets split, and you lose your place in the command. What command could you configure on the device to have it automatically place the commands that are entered onto a fresh line and redrawn up to the point where the command entry was interrupted? a. logging console brief b. logging synchronous c. logging console redraw d. logging regenerate


Set pelajaran terkait

NRSG 305 Practice Questions Exam 4

View Set

los avances tecnológicos (sustantivos y adjetivos)

View Set

Full Disclosure in Financial Reporting

View Set

French Family Vocabulary Practice

View Set