1 / 66

CIS 81 Fundamentals of Networking Chapter 2: Configuring a Network Operating System

Learn how to access and navigate Cisco IOS to configure network devices, configure hostnames, limit access to device configurations, and more.

aengel
Download Presentation

CIS 81 Fundamentals of Networking Chapter 2: Configuring a Network Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 81 Fundamentals of NetworkingChapter 2: Configuring a Network Operating System Rick Graziani Cabrillo College graziani@cabrillo.edu Spring 2015

  2. Chapter 2 - Objectives • Explain the purpose of Cisco IOS. • Explain how to access and navigate Cisco IOS to configure network devices. • Describe the command structure of Cisco IOS software. • Configure hostnames on a Cisco IOS device using the CLI. • Use Cisco IOS commands to limit access to device configurations. • Use Cisco IOS commands to save the running configuration. • Explain how devices communicate across network media. • Configure a host device with an IP address. • Verify connectivity between two end devices.

  3. Cisco IOSOperating Systems All networking equipment depend on operating systems: • End users (PCs, laptops, smart phones, tablets) • Switches • Routers • Wireless access points • Firewalls Cisco Internetwork Operating System (IOS) • Collection of network operating systems used on Cisco devices

  4. Cisco IOSOperating Systems

  5. Cisco IOSPurposeof OS • PC operating systems (Windows 8, Linux & OS X) perform technical functions that enable • Use of a input and output devices • Manage processes and programs • Manage file systems, security, hardware, etc. • Switch or router IOS provides options to • Same functions as host operating systems • Configure interfaces • Enable routing and switching functions • All networking devices come with a default IOS (switches, routers, firewalls) • Possible to upgrade the IOS version or feature set

  6. Cisco IOSLocation of the Cisco IOS IOS stored in Flash • Non-volatile storage – not lost when power is lost • Can be changed or overwritten as needed • Can be used to store multiple versions of IOS • IOS copied from flash to volatile RAM when booted • Quantity of flash and RAM memory determines IOS that can be used

  7. Cisco IOSIOS Functions Major functions performed or enabled by Cisco routers and switches include:

  8. Router/Switch Bootup Process (more in later course)

  9. Bootup Process running-config startup-config IOS Bootup program IOS (running) ios (partial)

  10. Where is the permanent configuration file stored used during boot-up? NVRAM (B) Where is the diagnostics software stored executed by hardware modules? ROM (D) Where is the backup (partial) copy of the IOS stored? ROM (D) Where is IOS permanently stored before it is copied into RAM? FLASH (C) Where are all changes to the configuration immediately stored? RAM (A) A B D C running-config startup-config IOS Bootup program IOS (running) ios (partial)

  11. ? ? ? ? ? ? ? running-config startup-config IOS Bootup program IOS (running) ios (partial)

  12. B A D startup-config running-config Bootup program A C D IOS (running) IOS ios (partial) A B D C running-config IOS startup-config Bootup program IOS (running) ios (partial)

  13. Cisco IOSCCO Account Benefits and IOS Files This video introduces Cisco Connection Online (CCO). CCO has a wealth of information available regarding Cisco products and services.

  14. Accessing a Cisco IOS DeviceConsole Access Method Most common methods to access the Command Line Interface • Console • Telnet or SSH • AUX port

  15. Accessing a Cisco IOS DeviceConsole Access Method Console port • Device is accessible even if no networking services have been configured (out-of-band) • Need a special console cable (aka rollover cable) • Allows configuration commands to be entered • Should be configured with passwords to prevent unauthorized access • Device should be located in a secure room so console port can not be easily accessed

  16. Establishing a HyperTerminal session (next week) Router Console port Terminal or a PC with terminal emulation software Rollover cable • Connect PC using the RJ-45/mini-USB to Serial/USB rollover cable. • Configure the terminal or PC terminal emulation software for: • 9600 baud • 8 data bits • no parity • 1 stop bit • no flow control Com1 or Com2 serial port Or USB port with USB-to-Serial adapter

  17. Terminal (Serial) Settings) Configure the terminal or PC terminal emulation software for: • 9600 baud • 8 data bits • no parity • 1 stop bit • no flow control.

  18. Establishing a Terminal/Serial/Console session • PuTTY • Tera Term • SecureCRT • HyperTerminal • OS X Terminal • Zoc • Important: A console connection is not the same as a network connection! Dumb Terminal =

  19. Accessing a Cisco IOS DeviceTelnet, SSH, and AUX Access Methods Telnet • Method for remotely accessing the CLI over a network • Require active networking services and one active interface that is configured Secure Shell (SSH) – Preferred over Telnet • Remote login similar to Telnet but utilizes more security • Stronger password authentication • Uses encryption when transporting data Aux Port (not used too much) • Out-of-band connection • Uses telephone line • Can be used like console port

  20. C:\> ping C:\> ssh Ethernet Connection Network connection needed NIC When can you use a network connection to connect to the router? When there is a network connection to the router (telnet). What software/command do you need? TCP/IP, Terminal prompt (DOS), Tera Term, etc. What cable and ports do you use? PC & Router: Ethernet NIC Ethernet straight-through cable When should you not use a network connection to configure the router? When the change may disconnect the telnet connection.

  21. Accessing a Cisco IOS DeviceTerminal Emulation Programs Software available for connecting to a networking device (usually same as terminal/serial/console connection): • PuTTY • TeraTerm • SecureCRT • HyperTerminal • OS X Terminal • Zoc

  22. Navigating the IOSCisco IOS Modes of Operation

  23. Navigating the IOSCisco IOS Modes of Operation enable configure terminal interface < > router < > line < >

  24. Navigating the IOSPrimary Modes enable enable

  25. Navigating the IOSGlobal Configuration Mode and Submodes Global configuration mode and interface configuration modes can only be reached from the privileged EXEC mode.

  26. Navigating the IOSNavigating between IOS Modes Similar IOS commands for switches and routers

  27. Navigating the IOSNavigating between IOS Modes (cont.) Switch> user mode Switch> enable go to privilege mode Switch# configure terminal go to global configuration mode Switch(config)# interface vlan 1 go to interface mode Switch(config-if)# exit Switch(config)# exit Switch# config t Shortened commands and parameters Switch(config)# vlan 1 go to VLAN configuration mode Switch(config-vlan)# end go to privilege-EXEC mode Switch# disable Switch> enable Switch# config t Switch(config)# line vty 0 4 go to interface (line) mode Switch(config-line)# exit Switch(config)#

  28. Common Commands for Switches and Routers Switch(config)# hostname name Switch(config)# enable secret password privilege password Switch(config)# line console 0 console password Switch(config-line)# password password Switch(config-line)# login Switch(config)# line vty 0 4 telnet password Switch(config-line)# password password Switch(config-line)# login Switch> user mode Switch> enable Switch# privilege mode Switch# configure terminal Switch(config)# exit Switch# config t Switch(config)# banner motd # message # banner Switch(config)# interfacetype number configure interface Switch(config-if)# descriptiondescription

  29. Making your life easier! Switch# enable Switch(config)# line console 0 Console port Switch(config-line)# logging synchronous Switch(config-line)# exec-timeout 0 0 Switch(config)# noip domain-lookup Switch(config-line)# login Switch(config)# banner motd # message # banner Switch(config)# interfacetype number configure interface Switch(config-if)# descriptiondescription

  30. Navigating the IOSNavigating between IOS Modes

  31. The Command StructureIOS Command Structure

  32. The Command StructureCisco IOS Command Reference IOS Command Conventions The general syntax for a command is the command followed by any appropriate keywords (defined) and arguments (undefined). An argument is generally not a predefined word. An argument is a value or variable defined by the user. Switch(config-if)# descriptionstring • Boldface text indicates commands and keywords that are typed as shown • Italic text indicates an argument for which you supply the value. For the description command, the argument is a string value. • The string value can be any text string of up to 80 characters. • Example: Switch(config-if)# descriptionMainHQ Office Switch

  33. The Command StructureCisco IOS Command Reference • For the ping command: Switch> pingIP-address Switch> ping10.10.10.5 • The command is ping and the user defined argument is the 10.10.10.5. • Similarly, the syntax for entering the traceroute command is: Switch> tracerouteIP-address Switch> traceroute192.168.254.254 • The command istracerouteand the user defined argument is the 192.168.254.254.

  34. The Command StructureContext Sensitive Help

  35. The Command StructureCommand Syntax Check

  36. The Command StructureCommand Syntax Check

  37. The Command StructureCommand Syntax Check

  38. The Command StructureHot Keys and Shortcuts • Tab - Completes the remainder of a partially typed command or keyword • Ctrl-R - Redisplays a line • Ctrl-A – Moves cursor to the beginning of the line • Ctrl-Z - Exits configuration mode and returns to user EXEC • Down Arrow - Allows the user to scroll forward through former commands • Up Arrow - Allows the user to scroll backward through former commands • Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping or traceroute. • Ctrl-C - Aborts the current command and exits the configuration mode

  39. The Command StructureIOS Examination Commands

  40. The Command StructureThe show version Command

  41. The Command StructureNavigating the IOS

  42. HostnamesWhy the Switch Let’s focus on • Creating a two PC network connected via a switch • Setting a name for the switch • Limiting access to the device configuration • Configuring banner messages • Saving the configuration

  43. HostnamesDevice Names Hostnames allow devices to be identified by network administrators over a network or the Internet. Some guidelines for naming conventions are that names should: • Start with a letter • Contain no spaces • End with a letter or digit • Use only letters, digits, and dashes • Be less than 64 characters in length Without names, network devices are difficult to identify for configuration purposes.

  44. HostnamesConfiguring Hostnames Switch(config)# hostname Sw-Floor-3 Sw-Floor3(config)# Switch(config)# hostname Sw-Floor-2 Sw-Floor2(config)# Switch(config)# hostname Sw-Floor-1 Sw-Floor1(config)#

  45. Limiting Access to Device ConfigurationsSecuring Device Access • The passwords introduced here are: • Enable password - Limits access to the privileged EXEC mode • Enable secret - Encrypted, limits access to the privileged EXEC mode • Console password - Limits device access using the console connection • VTY password - Limits device access over Telnet Note: In most of the labs in this course, we will be using simple passwords such as cisco or class.

  46. Limiting Access to Device ConfigurationsSecuring Privileged EXEC Access class • use the enable secret command, not the older enable password command • enable secret  provides greater security because the password is encrypted

  47. Limiting Access to Device ConfigurationsSecuring User EXEC Access • Console port must be secured • reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access • vty lines allow access to a Cisco device via Telnet • number of vty lines supported varies with the type of device and the IOS version

  48. Limiting Access to Device ConfigurationsEncrypting Password Display service password-encryption • prevents passwords from showing up as plain text when viewing the configuration  • purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file • once applied, removing the encryption service does not reverse the encryption

  49. Limiting Access to Device ConfigurationsBanner Messages Switch(config)# banner motd # This is a secure system Authorized Access Only!!! # Sw-Floor3(config)# • Important part of the legal process in the event that someone is prosecuted for breaking into a device • Wording that implies that a login is "welcome" or "invited" is not appropriate

  50. Saving ConfigurationsConfiguration Files Switch# show running-config Switch# copy running-config startup-config <Changes made> Switch# delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch# erase startup-config Switch# reload System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm]

More Related