Cisco CCNA Chapter 2: Configure a Network Operating System
What is the Purpose of a Network OS?
A CLI-based network operating system like the Cisco IOS on a switch or router enables a network technician to: • Use a keyboard to run CLI-based network programs • Use a keyboard to enter text and text-based commands • View output on a monitor
Why is SSH better then Telnet?
Best practice dictates to use SSH instead of Telnet for remote management CLI connections. Cisco IOS includes a Telnet server and a Telnet client that can be used to establish Telnet sessions with other devices.
Why does a Cisco IOS Layer 2 switch have physical ports?
Cisco IOS Layer 2 switches have physical ports for devices to connect. These ports do not support Layer 3 IP addresses. Therefore, switches have one or more switch virtual interfaces (SVIs). These are virtual interfaces because there is no physical hardware on the device associated with it. An SVI is created in software.
In network operating systems what is Kemel?
Communicates between the hardware and software of a computer and manages how hardware resources are used to meet software requirements.
Examples of end devices
Computers (work stations, laptops, file servers, web servers) Network printers VoIP phones Security cameras Smart phones Mobile handheld devices (such as wireless barcode scanners)
What is a Console?
Console - This is a physical management port that provides out-of-band access to a Cisco device. Out-of-band access refers to access via a dedicated management channel that is used for device maintenance purposes only.
Not only does each link on the Internet require a specific network media type
Each link also requires a particular network technology. For example, Ethernet is the most common local area network (LAN) technology used today. Ethernet ports are found on end-user devices, switch devices, and other networking devices that can physically connect to the network using a cable.
Alter the Running Configuration
If changes made to the running configuration do not have the desired effect and the running-config file has not yet been saved, you can restore the device to its previous configuration by removing the changed commands individually or reload the device using the reloadprivileged EXEC mode command to restore the startup-config.
Manual IP Address Configuration for End Devices
In order for an end device to communicate over the network, it must be configured with a unique IPv4 address and subnet mask. IP address information can be entered into end devices manually, or automatically using Dynamic Host Configuration Protocol (DHCP).
Interface Addressing Verification
In the same way that you use commands and utilities like ipconfig to verify a PC host's network configuration, you also use commands to verify the interfaces and address settings of intermediary devices like switches and routers.
Interface Configuration Mode
Interface Configuration Mode - Used to configure a switch port or router network interface.
Line Configuration Mode
Line Configuration Mode - Used to configure console, SSH, Telnet, or AUX access.
Interfaces and Ports
Network communications depend on end user device interfaces, networking device interfaces, and the cables that connect them. Each physical interface has specifications, or standards, that define it. A cable connecting to the interface must be designed to match the physical standards of the interface. Types of network media include twisted-pair copper cables, fiber-optic cables, coaxial cables, or wireless.
Automatic IP Address Configuration for End Devices
PCs typically default to using DHCP for automatic IPv4 address configuration. DHCP is a technology that is used in almost every network. The best way to understand why DHCP is so popular is by considering all the extra work that would have to take place without i
Privileged EXEC Mode
Privileged EXEC Mode - To execute configuration commands, a network administrator must access privileged EXEC mode. Higher configuration modes, like global configuration mode, can only be reached from privileged EXEC mode. The privileged EXEC mode can be identified by the prompt ending with the # symbol.
PuTTY
PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port.
Why is Secure Shell (SSH) recommended?
SSH is the recommended method for remote management because it provides a secure connection. SSH provides encrypted password authentication and transport of session data. This keeps the user ID, password, and the details of the management session private. Most versions of Cisco IOS include an SSH server and an SSH client that can be used to establish SSH sessions with other devices.
What is Secure Shell (ssh)?
Secure Shell (SSH) - SSH is a method for remotely establishing a secure CLI connection through a virtual interface, over a network. Unlike a console connection, SSH connections require active networking services on the device including an active interface configured with an address.
SecureCRT
SecureCRT is a commercial SSH and Telnet client and terminal emulator by VanDyke Software. Originally a Windows product, VanDyke has recently added a Mac OS X version[1] and Linux version
What is Telnet?
Telnet - Telnet is an insecure method of remotely establishing a CLI session through a virtual interface, over a network. Unlike SSH, Telnet does not provide a securely encrypted connection. User authentication, passwords, and commands are sent over the network in plaintext.
Tera Term
Tera Term (rarely TeraTerm) is an open-source, free, software implemented, terminal emulator (communications) program. It emulates different types of computer terminals, from DEC VT100 to DEC VT382. It supports telnet, SSH 1 & 2 and serial port connections. It also has a built-in macro scripting language (supporting Oniguruma regular expressions) and a few other useful plugins.
OS X Terminal
Terminal (Terminal.app) is the terminal emulator included in the macOS operating system by Apple. Terminal originated in NeXTSTEP and OPENSTEP, the predecessor operating systems of macOS.
Hotkeys and Shortcuts
The IOS CLI provides hot keys and shortcuts that make configuring, monitoring, and troubleshooting easier. Commands and keywords can be shortened to the minimum number of characters that identify a unique selection. For example, the configurecommand can be shortened to conf because configure is the only command that begins with conf. An even shorter version of con will not work because more than one command begins with con. Keywords can also be shortened.
What is the advantage of a Console?
The advantage of using a console port is that the device is accessible even if no networking services have been configured, such as when performing an initial configuration of the networking device. When performing an initial configuration, a computer running terminal emulation software is connected to the console port of the device using a special cable. Configuration commands for setting up the switch or router can be entered on the connected computer.
How To Configure privileged EXEC Mode password?
The most important password to configure is access to the privileged EXEC mode. To secure privileged EXEC access, use the enable secret password global config command.
Operating System hardware
The physical part of a computer including underlying electronics.
End-to-End Connectivity Test
The ping command can be used to test connectivity to another device on the network or a website on the Internet.
Configure Hostnames
The privileged EXEC mode, access the global configuration mode by entering the configure terminal command. Notice the change in the command prompt. From global configuration mode, enter the command hostname followed by the name of the switch and press Enter. Notice the change in the command prompt name. Note: To remove the configured hostname and return the switch to the default prompt, use the no hostname global config command. Always make sure the documentation is updated each time a device is added or modified. Identify devices in the documentation by their location, purpose, and address. Use the Syntax Checker to practice entering a hostname on a switch.
Encrypt Passwords
The startup-config and running-config files display most passwords in plaintext. This is a security threat since anyone can see the passwords used if they have access to these files. To encrypt passwords, use the service password-encryption global config command. The command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the configuration file, not to passwords as they are sent over the network. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file. Use the show running-config command to verify that passwords are now encrypted. Use the Syntax Checker in the figure to practice encrypting passwords.
What is the structure of an IPv4 address called?
The structure of an IPv4 address is called dotted decimal notation and is represented by four decimal numbers between 0 and 255. IPv4 addresses are assigned to individual devices connected to a network.
What is an IP Address?
The use of IP addresses is the primary means of enabling devices to locate one another and establish end-to-end communication on the Internet. Each end device on a network must be configured with an IP address.
Secure Device Access
The use of weak or easily guessed passwords continues to be a security issue in many facets of the business world. Network devices, including home wireless routers, should always have passwords configured to limit administrative access. Cisco IOS can be configured to use hierarchical mode passwords to allow different access privileges to a network device. All networking devices should limit access. Use strong passwords that are not easily guessed.
In network operating systems what is Shell?
The user interface that allows users to request specific tasks from the computer. These requests can be made either through the CLI or GUI interfaces.
What do virtual interfaces do?
The virtual interface provides a means to remotely manage a switch over a network using IPv4. Each switch comes with one SVI appearing in the default configuration "out-of-the-box." The default SVI is interface VLAN1.
Save the Running Configuration File
There are two system files that store the device configuration:startup-config - The file stored in Non-volatile Random Access Memory (NVRAM) that contains all of the commands that will be used by the device upon startup or reboot. NVRAM does not lose its contents when the device is powered off .running-config - The file stored in Random Access Memory (RAM) that reflects the current configuration. Modifying a running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its content when the device is powered off or restarted. show running-config privileged EXEC mode command to view the running configuration file. To view the startup configuration file, use the show startup-config privileged EXEC command. If power to the device is lost or if the device is restarted, all configuration changes will be lost unless they have been saved. To save changes made to the running configuration to the startup configuration file use the copy running-config startup-config privileged EXEC mode command.
Switch Virtual Interface Configuration
To access the switch remotely, an IP address and a subnet mask must be configured on the SVI. To configure an SVI on a switch, use the interface vlan 1 global configuration command. Vlan 1 is not an actual physical interface but a virtual one. Next assign an IPv4 address using the ip address ip-address subnet-maskinterface configuration command. Finally, enable the virtual interface using the no shutdowninterface configuration command. After these commands are configured, the switch has all the IPv4 elements ready for communication over the network.
How to configure DHCP on a Windows PC?
To configure DHCP on a Windows PC, you only need to select "Obtain an IP address automatically" and "Obtain DNS server address automatically". Your PC will search out a DHCP server and be assigned the address settings necessary to communicate on the network.
Global Configuration Mode
To configure the device, the user must enter Global Configuration Mode, which is commonly called global config mode. From global config mode, CLI configuration changes are made that affect the operation of the device as a whole. Global configuration mode is identified by a prompt that ends with (config)# after the device name, such as Switch(config)#. Global configuration mode is accessed before other specific configuration modes. From global config mode, the user can enter different sub-configuration modes. Each of these modes allows the configuration of a particular part or function of the IOS device.
How to create a banner message?
To create a banner message of the day on a network device, use the banner motd # the message of the day # global config command. The "#" in the command syntax is called the delimiting character. It is entered before and after the message. The delimiting character can be any character as long as it does not occur in the message. For this reason, symbols such as the "#" are often used. After the command is executed, the banner will be displayed on all subsequent attempts to access the device until the banner is removed. Because banners can be seen by anyone who attempts to log in, the message must be worded very carefully. The exact content or wording of a banner depends on the local laws and corporate policies. The banner should state that only authorized personnel are allowed to access the device. Any wording that implies a login is "welcome" or "invited" is inappropriate. Further, the banner can include scheduled system shutdowns and other information that affects all network users.
How To Configure the user EXEC access passwords?
To secure the user EXEC access, the console port must be configured. Enter line console configuration mode using the line console 0 global configuration command. The zero is used to represent the first (and in most cases the only) console interface. Next, specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the logincommand. Console access will now require a password before gaining access to the user EXEC mode.
User EXEC Mode
User EXEC Mode - This mode has limited capabilities but is useful for basic operations. It allows only a limited number of basic monitoring commands but does not allow the execution of any commands that might change the configuration of the device. The user EXEC mode is identified by the CLI prompt that ends with the > symbol.
How to configure Virtual terminal (VTY) Passwords?
Virtual terminal (VTY) lines enable remote access to the device. To secure VTY lines used for SSH and Telnet, enter line VTY mode using the line vty 0 15 global config command. Many Cisco switches support up to 16 VTY lines that are numbered 0 to 15. Next, specify the VTY password using the password password command. Lastly, enable VTY access using the login command.
Device Names
When configuring a networking device, one of the first steps is configuring a unique device name or hostname. Hostnames that appear in CLI prompts can be used in various authentication processes between devices, and should be used on topology diagrams. If the device name is not explicitly configured, a factory assigned default name is used by the Cisco IOS. The default name for a Cisco IOS switch is "Switch." If all network devices were left with their default names, it would be difficult to identify a specific device. For instance, when accessing a remote device using SSH, it is important to have confirmation that you are connected to the proper device.
Basic IOS Command Structure
has a specific format or syntax and can only be executed in the appropriate mode. The general syntax for a command is the command followed by any appropriate keywords and arguments. • Keyword - a specific parameter defined in the operating system (in the figure, ip protocols) • Argument - not predefined; a value or variable defined by the user (in the figure, 192.168.10.5)
Manually configure an IPv4 address on a Windows host
manually configure an IPv4 address on a Windows host, open the Control Panel > Network Sharing Center > Change adapter settings and choose the adapter. Next right-click and select Properties to display the Local Area Connection Properties.
Different types of network media have different features and benefits.
purpose. Some of the differences between various types of media include: • Distance the media can successfully carry a signal • Environment in which the media is to be installed • Amount of data and the speed at which it must be transmitted • Cost of the media and installation
Configuration Command Modes
• Global Configuration Mode • Line Configuration Mode • Interface Configuration Mode
Examples of Terminal Emulation Programs
• PuTTY • Tera Term • SecureCRT • OS X Terminal
Primary Command Modes
• User EXEC Mode • Privileged EXEC Mode