Switch and End Device Configuration
What are some key differences in different types of media
1. Distance the media can successfully carry a signal 2. Environment in which the media is to be installed 3. Amount of data and the speed at which it must be transmitted 4. Cost of the media and installation
Password requirements for in field practice
1. Use passwords that are more than eight characters in length. 2. Use a combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences. 3. Avoid using the same password for all devices. 4. Do not use common words because they are easily guessed. Note: Most of the labs in this course use simple passwords such as cisco or class.
To what subnet does the IP address 10.1.100.50 belong if a subnet mask of 255.255.0.0 is used? A: 10.1.0.0 B: 10.0.0.0 C: 10.1.100.32 D: 10.1.100.0
A: 10.1.0.0 Topic 2.6.0 - The purpose of a subnet mask is to separate the network portion of the address from the host portion of the IP address. The network portion of the IP address is identified by all binary 1s in the subnet mask. Using a subnet mask of 255.255.0.0 identifies the first two octets of the IP address as the network portion.
What are 4 Access methods
Console Secure Shell (SSH) Telnet Auxiliary (AUX)
Console Port
Console port sits on the Switch Controller (SC) which is the processor of the switch -- the switch's brain SC is usually in the back of the switch
How to manually set IPv4 Address on Windows
Control Panel > Network Sharing Center > Change adapter settings and choose the adapter. Next right-click and select Properties to display the Local Area Connection Properties, as shown in the figure.
How to go down the --More--
Enter - KeyDisplays the next line. Space Bar - Displays the next screen. Any other key * - Ends the display string, returning to previous prompt.* Except "y", which answers "yes" to the --More-- prompt, and acts like the Space bar
How do you exit User EXEC Mode?
Enter the disable command IE Switch# disable Switch>
How would you configure a host name?
Global Config Mode hostname {name} IE Switch# configure terminal Switch(config)# hostname Sw-Floor-1 Sw-Floor-1(config)#
In band vs out of band management
In-Band Management is the ability to administer a network via the LAN Out-of-Band Management is a solution that provides a secure dedicated alternate access method into an IT network infrastructure to administer connected devices and IT assets without using the corporate LAN.
What does windows firewall block by default?
Ping ICMP (ping) requests. Turn'em on if YE want the ICMP reply
What are 3 different CLI emulation programs
PuTTY Tera Term SecureCRT
IPv6 GUA Configuration on Router
R1(config)# interface gigabitethernet 0/0/0 R1(config-if)# ipv6 address 2001:db8:acad:1::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# interface gigabitethernet 0/0/1 R1(config-if)# ipv6 address 2001:db8:acad:2::1/64 R1(config-if)# no shutdown R1(config-if)# exit R1(config)# interface serial 0/1/0 R1(config-if)# ipv6 address 2001:db8:acad:3::1/64 R1(config-if)# no shutdown
How to show a switches mac address-table?
S1# show mac address-table Notice that we are in privileged EXEC mode To run this from any other config mode add "do" first. IE S1(config-if)#do show mac address-table
Secure Shell (SSH)
SSH is an in-band and recommended method for remotely establishing a secure CLI connection, through a virtual interface, over a network. Unlike a console connection, SSH connections require active networking services on the device, including an active interface configured with an address. Most versions of Cisco IOS include an SSH server and an SSH client that can be used to establish SSH sessions with other devices.
If power to the device is lost, or if the device is restarted, all configuration changes will be lost unless they have been saved. How do we prevent this?
Save/copy running-config to startup-config Use cmd: copy running-config startup-config
What are the two important configuration files in Cisco IOS?
Startup-config, running-config
Hypothetically how would you enter a line config mode for a virtual terminal management interface?
Switch# conf t Switch(config)# line vty 0 15 Switch(config-line)# Virtual management interfaces are used for remote management
Telnet
Telnet is an insecure, in-band method of remotely establishing a CLI session, through a virtual interface, over a network. Unlike SSH, Telnet does not provide a secure, encrypted connection and should only be used in a lab environment. User authentication, passwords, and commands are sent over the network in plaintext. The best practice is to use SSH instead of Telnet. Cisco IOS includes both a Telnet server and Telnet client.
Hardware
The physical part of a computer including underlying eletronics
What is the structure of an IPv4 Address
The structure of an IPv4 address is called dotted decimal notation and is represented by four decimal numbers between 0 and 255. IPv4 addresses are assigned to individual devices connected to a network. IPv4 addresses use subnet masks that are a 32-bit value that differentiates the network portion of the address from the host portion subnet mask determines to which subnet the device is a member
Shell
The user interface that allows users to request specific tasks from the computer. These requests can be made either through the CLI or the GUI interfaces
Must each end device have an IP address?
YES Examples of end devices: Computers (work stations, laptops, file servers, web servers) Network printers VoIP phones Security cameras Smart phones Mobile handheld devices (such as wireless barcode scanners)
Can you move from one subconfiguration mode to another?
Yes IE Switch(config-line)# interface FastEthernet 0/1 Switch(config-if)#
Reading Command Syntax (Description command)
boldface - Boldface text indicates commands and keywords that you enter literally as shown. italics - Italic text indicates arguments for which you supply values. [x] - Square brackets indicate an optional element (keyword or argument). {x} - Braces indicate a required element (keyword or argument). [x {y | z }] - Braces and vertical lines within square brackets indicate a required choice within an optional element. Spaces are used to clearly delineate parts of the command. For instance, the syntax for using the description command is description string. The argument is a string value provided by the user. The description command is typically used to identify the purpose of an interface. For example, entering the command, description Connects to the main headquarter office switch, describes where the other device is at the end of the connection.
How to prevent unwanted DNS Lookups
cmd: no ip domain lookup This stops the switch/router from checking for a DNS server to check for a domain name
How can we see whats in the running-config file or startup config file
cmd: show running-config, show startup-config IE Sw-Floor-1# show running-config Sw-Floor-1# show startup-config
What do you command do you issue in User EXEC Mode to get to Privileged Mode?
enable IE Switch>enable -return Switch#
What do Virtual Terminal (VTY) line enable?
enable remote access using Telnet or SSH to the device.
How to enable VTY (virtual terminal) and secure it
enter line VTY mode using the line vty 0 15 global config command. Next, specify the VTY password using the password password command. Lastly, enable VTY access using the login command. IE Sw-Floor-1# configure terminal Sw-Floor-1(config)# line vty 0 15 Sw-Floor-1(config-line)# password cisco Sw-Floor-1(config-line)# login Sw-Floor-1(config-line)# end Sw-Floor-1#
How to you enter interface configuration mode from global configuration mode?
interface {interface you want to configure} IE Switch(config)#interface vlan 1 Switch(config-if)#
Command that can be to see speed, duplex, media type, MAC address, port type, and other layer1/2-related information
show interfaces
How to examine interfaces on switch that show IP address and state?
show ip interface brief - Privileged EXEC mode
Basic Show Commands
show running-config To verify the current configuration and settings show interfaces To verify the interface status and see if there are any error messages show ip interface To verify the Layer 3 information of an interface show arp To verify the list of known hosts on the local Ethernet LANs show ip route To verify the Layer 3 routing information show protocols To verify which protocols are operational show version To verify the memory, interfaces, and licences of the device
How to set a password for Privileged EXEC Mode
use the enable secret password global config command IE Sw-Floor-1# configure terminal Sw-Floor-1(config)# enable secret class Sw-Floor-1(config)# exit Sw-Floor-1#
Static GUA Configuration on a Windows Host
-As shown in the figure, the default gateway address configured for PC1 is 2001:db8:acad:1::1. This is the GUA of the R1 GigabitEthernet interface on the same network. -Alternatively, the default gateway address can be configured to match the LLA of the GigabitEthernet interface. -Using the LLA of the router as the default gateway address is considered best practice. -Either configuration will work.
Privileged EXEC Mode (#)
-Mode allows access to all commands and features. -The user can use any monitoring commands and execute configuration and management commands. I.E: Switch# Router# -To execute configuration commands, a network administrator must access privileged EXEC mode. Higher configuration modes, like global configuration mode, can only be reached from privileged EXEC mode.
User EXEC Mode (>)
-Mode allows access to only a limited number of basic monitoring commands. -It is often referred to as "view-only" mode. I.E: Switch> Router> It allows only a limited number of basic monitoring commands Does not allow = any commands that might change the configuration of the device. The user EXEC mode is identified by the CLI prompt that ends with the > symbol.
The debug Command
-OS processes, protocols, mechanisms and events generate messages to communicate their status. -These messages can provide valuable information when troubleshooting or verifying system operations. - -The IOS debug command allows the administrator to display these messages in real-time for analysis. It is a very important tool for monitoring events on a Cisco IOS device. -The Cisco IOS allows for narrowing the output of debug to include only the relevant feature or subfeature. This is important because debugging output is assigned high priority in the CPU process and it can render the system unusable. I.E: -Router# no debug ip icmp -Router# no debug ip icmp -undebug all - stops all debugging processes IMPORTANT!!!!: -Commands such as debug all and debug ip packet generate a substantial amount of output and can use a large portion of system resources. The router could get so busy displaying debug messages that it would not have enough processing power to perform its network functions, or even listen to commands to turn off debugging.
Host name requirements
-Start with a letter -Contain no spaces -End with a letter or digit -Use only letters, digits, and dashes -Be less than 64 characters in length
Interface Configuration Mode
-Used to configure a switch port or router network interface. I.E Router(config-if)# Switch(config-if)#
Line Configuration Mode
-Used to configure console, SSH, Telnet, or AUX access. I.E Router(config-line)# Switch(config-line)#
The terminal monitor Command
-debug messages are log messages which are prevented from being displayed on vty lines. -To display log messages on a terminal (virtual console), use the terminal monitor privileged EXEC command. To stop logging messages on a terminal, use the terminal no monitor privileged EXEC command.
After making configuration changes on a Cisco switch, a network administrator issues a copy running-config startup-config command. What is the result of issuing this command? A: The new configuration will be stored in flash memory. B: The new configuration will be loaded if the switch is restarted. C: The current IOS file will be replaced with the newly configured file. D: The configuration changes will be removed and the original configuration will be restored.
B: The new configuration will be loaded if the switch is restarted.
What is the short cut to get from any subconfiguration mode back to Privileged EXEC mode?
CTRL + Z OR enter "end"
SVIs (Switch Virtual Interfaces)
Cisco IOS Layer 2 ports do not support Layer 3 IP addresses. Therefore, switches have one or more switch virtual interfaces (SVIs). These are virtual interfaces because there is no physical hardware on the device associated with it. An SVI is created in software. The virtual interface lets you remotely manage a switch over a network using IPv4 and IPv6. The default SVI is interface VLAN1. Note: A Layer 2 switch does not need an IP address. The IP address assigned to the SVI is used to remotely access the switch. An IP address is not necessary for the switch to perform its operations.
Cisco IOS
Cisco internetwork operating system Each device router or switch type uses a different version of Cisco IOS Other Cisco OSes: IOS XE IOS XR NX-OS Note: The operating system on home routers is usually called firmware. The most common method for configuring a home router is by using a web browser-based GUI.
CLI
Command line interface Is less resource intensive and very stable when compared to a GUI
Global Configuration Mode
Commands entered in this mode affect the entire system I.E Router(config)# Switch(config)# -Global configuration mode is accessed before other specific configuration modes. -From here you can enter into sub configuration modes -2 popular subconfiguration modes: 1. Line Configuration Mode 2. Interface Configuration Mode
Kernel
Communicates between the hardware and software of a computer and manages how hardware resources are used to meet software requirements.
Commands used to exit out of an operation.
Ctrl-C -When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode. When in setup mode, aborts back to the command prompt. Ctrl-Z - When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode. Ctrl-Shift-6 - All-purpose break sequence used to abort DNS lookups, traceroutes, pings, etc.
Which IOS mode allows access to all commands and features? A: Global Configuration mode B: Interface subconfiguration mode C: Line console subconfiguration mode D: Privileged EXEC mode E: User EXEC mode
D: Privileged EXEC mode
IPv6 LLA Configuration on a router
R1(config)# interface gigabitethernet 0/0/0 R1(config-if)# ipv6 address fe80::1:1 link-local R1(config-if)# exit R1(config)# interface gigabitethernet 0/0/1 R1(config-if)# ipv6 address fe80::2:1 link-local R1(config-if)# exit R1(config)# interface serial 0/1/0 R1(config-if)# ipv6 address fe80::3:1 link-local R1(config-if)# exit -------- Statically configured LLAs are used to make them more easily recognizable as belonging to router R1. In this example, all the interfaces of router R1 have been configured with an LLA that begins with fe80::n:1 where n is a number. -The exact same LLA could be configured on each link as long as it is unique on that link. This is because LLAs only have to be unique on that link. -However, common practice is to create a different LLA on each interface of the router to make it easy to identify the router and the specific interface.
If changes made to the running config do not have the desired effect and the running-config has not yet been saved, what do we do?
Remove the changed commands individually OR use the reload privileged EXEC mode command to restore the startup-config. when issue reload it will ask to save config to startup-config you can say n or no OR y or yes The downside to using the reload command to remove an unsaved running config is the brief amount of time the device will be offline, causing network downtime.
How do you factory reset the config of a device?
Remove the start-up config using > erase startup-config -after this is issued the switch/router will prompt you for conformation -- press ENTER to ACCEPT After removing the startup config from NVRAM, reload the device to remote the current running config file from RAM -- the device will now load default startup config that was shipped with the device
Auxiliary (AUX)
Some devices, such as routers, may also support a legacy auxiliary port that was used to establish a CLI session remotely over a telephone connection using a modem. Similar to a console connection, the AUX port is out-of-band and does not require networking services to be configured or available.
Hot Keys and Shortcuts
Tab - Completes a partial command name entry. Backspace - Erases the character to the left of the cursor. Ctrl+D - Erases the character at the cursor. Ctrl+K - Erases all characters from the cursor to the end of the command line. Esc D - Erases all characters from the cursor to the end of the word. Ctrl+U or Ctrl+X - Erases all characters from the cursor back to the beginning of the command line. Ctrl+W - Erases the word to the left of the cursor. Ctrl+A - Moves the cursor to the beginning of the line. Left Arrow or Ctrl+B - Moves the cursor one character to the left. Esc B - Moves the cursor back one word to the left. Esc F - Moves the cursor forward one word to the right. Right Arrow or Ctrl+F - Moves the cursor one character to the right. Ctrl+E - Moves the cursor to the end of command line. Up Arrow or Ctrl+P - Recalls the previous command in the history buffer, beginning with the most recent command. Down Arrow or Ctrl+N - Goes to the next line in the the history buffer. Ctrl+R or Ctrl+I or Ctrl+L - Redisplays the system prompt and command line after a console message is received.
Console
This is a physical management port that provides out-of-band access to a Cisco device. Out-of-band access refers to access via a dedicated management channel that is used for device maintenance purposes only. The advantage of using a console port is that the device is accessible even if no networking services are configured, such as performing the initial configuration. A computer running terminal emulation software and a special console cable to connect to the device are required for a console connection.
Banner Messages (How to set banner messages)
To create a banner message of the day on a network device, use the banner motd # the message of the day # global config command. -The "#" in the command syntax is called the delimiting character. - can use any character as delimiter as long as it doesn't appear in the message -The banner will be displayed on all subsequent attempts to access the device until the banner is removed. IE Sw-Floor-1# configure terminal Sw-Floor-1(config)# banner motd #Authorized Access Only#
What are the 2 command modes Cisco IOS uses?
User EXEC Mode, Privileged EXEC Mode
How do you get into Global Configuration Mode from Privileged EXEC Mode?
configure terminal (conf t) IE Switch#confgure terminal (return) Switch(config)#
How to set a password for User EXEC Mode
line console 0: The zero is used to represent the first (and in most cases the only) console interface. password password - password command Login - enables User EXEC access using PW IE Sw-Floor-1# configure terminal Sw-Floor-1(config)# line console 0 Sw-Floor-1(config-line)# password cisco Sw-Floor-1(config-line)# login Sw-Floor-1(config-line)# end Sw-Floor-1#
How to you enter line configuration mode from global configuration mode?
line {management line type} {# wished to access} IE Switch(config)#line console 0 Switch(config-line)#
Enable the router as an IPv6 router
the ipv6 unicast-routing global configuration command must be used.
IPv6 Addresses
IPv6 addresses are 128 bits in length and written as a string of hexadecimal values. Every four bits is represented by a single hexadecimal digit; for a total of 32 hexadecimal values. Groups of four hexadecimal digits are separated by a colon (:) v6 addresses are not case-sensitive and can be written in either lowercase or uppercase.
The show cdp neighbors Command
The Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol that runs at the data link layer. -Because CDP operates at the data link layer, two or more Cisco network devices, such as routers that support different network layer protocols, can learn about each other even if Layer 3 connectivity has not been established. -This command is very helpful when two Cisco routers cannot route across their shared data link. -As helpful as CDP is, it can also be a security risk because it can provide useful network infrastructure information to threat actors. -best practices suggest that CDP should be enabled only on interfaces that are connecting to other infrastructure Cisco devices. CDP advertisements should be disabled on user-facing ports. -To disable CDP globally, use the global configuration command no cdp run. To disable CDP on an interface, use the interface command no cdp enable. CDP provides the following information about each CDP neighbor device: Device identifiers - The configured host name of a switch, router, or other device Address list - Up to one network layer address for each protocol supported Port identifier - The name of the local and remote port in the form of an ASCII character string, such as FastEthernet 0/0 Capabilities list - For example, whether a specific device is a Layer 2 switch or a Layer 3 switch Platform - The hardware platform of the device--for example, a Cisco 1841 series router. Command: show cdp neighbor The show cdp neighbors detail command reveals the IP address of a neighboring device, as shown in the output. The show cdp neighbors detail command will help determine if one of the CDP neighbors has an IP configuration error.
Encrypt Passwords!!!!!!!
The startup-config and running-config files display most passwords in plaintext. This is a security threat because anyone can discover the passwords if they have access to these files. To encrypt all plaintext passwords, use the service password-encryption global config command The command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the configuration file, not to passwords as they are sent over the network. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file. Use the show running-config command to verify that passwords are now encrypted. IE Sw-Floor-1# configure terminal Sw-Floor-1(config)# service password-encryption Sw-Floor-1(config)#
Running-config File
This is stored in Random Access Memory (RAM). It reflects the current configuration. Modifying a running configuration affects the operation of a Cisco device immediately. -RAM is volatile memory. It loses all of its content when the device is powered off or restarted.
Startup-config File
This is the saved configuration file that is stored in NVRAM. It contains all the commands that will be used by the device upon startup or reboot. Flash does not lose its contents when the device is powered off.
How to Configure a Switch Virtual Interface
To access the switch remotely, an IP address and a subnet mask must be configured on the SVI DON'T FORGET TO TURN THE INTERFACE ON set DG by doing ip default-gateway ip-address IE Sw-Floor-1# configure terminal Sw-Floor-1(config)# interface vlan 1 Sw-Floor-1(config-if)# ip address 192.168.1.20 255.255.255.0 Sw-Floor-1(config-if)# no shutdown Sw-Floor-1(config-if)# exit Sw-Floor-1(config)# ip default-gateway 192.168.1.1