CIS 81 Fundamentals of Networking Chapter 2: Configuring a Network Operating System

1
CIS 81 Fundamentals of NetworkingChapter 2
Configuring a Network Operating System

• Rick Graziani
• Cabrillo College
• graziani_at_cabrillo.edu
• Fall 2013

2
Chapter 2 - Objectives

• Explain the purpose of Cisco IOS.
• Explain how to access and navigate Cisco IOS to
  configure network devices.
• Describe the command structure of Cisco IOS
  software.
• Configure hostnames on a Cisco IOS device using
  the CLI.
• Use Cisco IOS commands to limit access to device
  configurations.
• Use Cisco IOS commands to save the running
  configuration.
• Explain how devices communicate across network
  media.
• Configure a host device with an IP address.
• Verify connectivity between two end devices.

3
Cisco IOSOperating Systems

• All networking equipment depend on operating
  systems
• End users (PCs, laptops, smart phones, tablets)
• Switches
• Routers
• Wireless access points
• Firewalls
• Cisco Internetwork Operating System (IOS)
• Collection of network operating systems used on
  Cisco devices

4
Cisco IOSOperating Systems
5
Cisco IOSPurpose of OS

• PC operating systems (Windows 8, Linux OS X)
  perform technical functions that enable
• Use of a input and output devices
• Manage processes and programs
• Manage file systems, security, hardware, etc.
• Switch or router IOS provides options to
• Same functions as host operating systems
• Configure interfaces
• Enable routing and switching functions
• All networking devices come with a default IOS
  (switches, routers, firewalls)
• Possible to upgrade the IOS version or feature set

6
Cisco IOSLocation of the Cisco IOS

• IOS stored in Flash
• Non-volatile storage not lost when power is
  lost
• Can be changed or overwritten as needed
• Can be used to store multiple versions of IOS
• IOS copied from flash to volatile RAM when booted
• Quantity of flash and RAM memory determines IOS
  that can be used

7
Cisco IOSIOS Functions

• Major functions performed or enabled by Cisco
  routers and switches include

8
Router/Switch Bootup Process (more in later
course)
9
Bootup Process
running-config
startup-config
IOS
Bootup program
IOS (running)
ios (partial)
10
Where is the permanent configuration file stored
used during boot-up?
NVRAM (B)
Where is the diagnostics software stored executed
by hardware modules?
ROM (D)
Where is the backup (partial) copy of the IOS
stored?
ROM (D)
Where is IOS permanently stored before it is
copied into RAM?
FLASH (C)
Where are all changes to the configuration
immediately stored?
RAM (A)
A
B
D
C
running-config
startup-config
IOS
Bootup program
IOS (running)
ios (partial)
11
?
?
?
?
?
?
?
running-config
startup-config
IOS
Bootup program
IOS (running)
ios (partial)
12
B
A
D
startup-config
Bootup program
running-config
A
IOS (running)
C
D
IOS
ios (partial)
A
B
D
C
running-config
startup-config
IOS
Bootup program
IOS (running)
ios (partial)
13
Cisco IOSCCO Account Benefits and IOS Files
This video introduces Cisco Connection Online
(CCO). CCO has a wealth of information available
regarding Cisco products and services.
14
Accessing a Cisco IOS DeviceConsole Access Method

• Most common methods to access the Command Line
  Interface
• Console
• Telnet or SSH
• AUX port

15
Accessing a Cisco IOS DeviceConsole Access Method

• Console port
• Device is accessible even if no networking
  services have been configured (out-of-band)
• Need a special console cable (aka rollover cable)
• Allows configuration commands to be entered
• Should be configured with passwords to prevent
  unauthorized access
• Device should be located in a secure room so
  console port can not be easily accessed

16
Establishing a HyperTerminal session (next week)
Router
Console port
Terminal or a PC with terminal emulation software
Rollover cable
Com1 or Com2 serial port Or USB port with
USB-to-Serial adapter

• Connect PC using the RJ-45/mini-USB to Serial/USB
  rollover cable.
• Configure the terminal or PC terminal emulation
  software for
• 9600 baud
• 8 data bits
• no parity
• 1 stop bit
• no flow control

17
Terminal (Serial) Settings)

• Configure the terminal or PC terminal emulation
  software for
• 9600 baud
• 8 data bits
• no parity
• 1 stop bit
• no flow control.

18
Establishing a Terminal/Serial/Console session

• PuTTY
• Tera Term
• SecureCRT
• HyperTerminal
• OS X Terminal
• Zoc

• Important A console connection is not the same
  as a network connection!

Dumb Terminal

19
Accessing a Cisco IOS DeviceTelnet, SSH, and AUX
Access Methods

• Telnet
• Method for remotely accessing the CLI over a
  network
• Require active networking services and one active
  interface that is configured
• Secure Shell (SSH) Preferred over Telnet
• Remote login similar to Telnet but utilizes more
  security
• Stronger password authentication
• Uses encryption when transporting data
• Aux Port (not used too much)
• Out-of-band connection
• Uses telephone line
• Can be used like console port

20
C\gt ping
C\gt ssh
Ethernet Connection
Network connection needed
NIC
When can you use a network connection to connect
to the router?
When there is a network connection to the router
(telnet).
What software/command do you need?
TCP/IP, Terminal prompt (DOS), Tera Term, etc.
What cable and ports do you use?
PC Router Ethernet NIC
Ethernet straight-through cable
When should you not use a network connection to
configure the router?
When the change may disconnect the telnet
connection.
21
Accessing a Cisco IOS DeviceTerminal Emulation
Programs

• Software available for connecting to a networking
  device (usually same as terminal/serial/console
  connection)
• PuTTY
• Tera Term
• SecureCRT
• HyperTerminal
• OS X Terminal
• Zoc

22
Navigating the IOSCisco IOS Modes of Operation
23
Navigating the IOSCisco IOS Modes of Operation
enable
configure terminal
interface lt gt
router lt gt
line lt gt
24
Navigating the IOSPrimary Modes
enable
enable
25
Navigating the IOSGlobal Configuration Mode and
Submodes
Global configuration mode and interface
configuration modes can only be reached from the
privileged EXEC mode.
26
Navigating the IOSNavigating between IOS Modes
Similar IOS commands for switches and routers
27
Navigating the IOSNavigating between IOS Modes
(cont.)
Switchgt user mode Switchgt enable go to
privilege mode Switch configure terminal
go to global configuration mode Switch(config)
interface vlan 1 go to interface
mode Switch(config-if) exit Switch(config)
exit Switch config t Shortened
commands and parameters Switch(config) vlan 1
go to VLAN configuration mode Switch(config-vl
an) end go to privilege-EXEC mode Switch
disable Switchgt enable Switch config t
Switch(config) line vty 0 4 go to interface
(line) mode Switch(config-line)
exit Switch(config)
28
Common Commands for Switches and Routers

• Switchgt user mode
• Switchgt enable
• Switch privilege mode
• Switch configure terminal
• Switch(config) exit
• Switch config t

Switch(config) hostname name
Switch(config) enable secret password privilege
password Switch(config) line console 0 console
password Switch(config-line) password
password Switch(config-line) login Switch(config)
line vty 0 4 telnet password Switch(config-lin
e) password password Switch(config-line) login
Switch(config) banner motd message banner
Switch(config) interface type number configure
interface Switch(config-if) description
description
29
Making your life easier!
Switch enable Switch(config) line console
0 Console port Switch(config-line) logging
synchronous IOS will not Switch(config-line)
exec-timeout 0 0 password Switch(config) no ip
domain-lookup password Switch(config-line) login
Switch(config) banner motd message banner
Switch(config) interface type number configure
interface Switch(config-if) description
description
30
Navigating the IOSNavigating between IOS Modes
31
The Command StructureIOS Command Structure
32
The Command StructureCisco IOS Command Reference

• IOS Command Conventions
• The general syntax for a command is the command
  followed by any appropriate keywords (defined)
  and arguments (undefined).
• An argument is generally not a predefined word.
• An argument is a value or variable defined by the
  user.
• Switch(config-if) description string
• Boldface text indicates commands and keywords
  that are typed as shown
• Italic text indicates an argument for which you
  supply the value. For the description command,
  the argument is a string value.
• The string value can be any text string of up to
  80 characters.
• Example
• Switch(config-if) description MainHQ Office
  Switch

33
The Command StructureCisco IOS Command Reference

• For the ping command
• Switchgt ping IP-address
• Switchgt ping 10.10.10.5
• The command is ping and the user defined argument
  is the 10.10.10.5.
• Similarly, the syntax for entering the traceroute
  command is
• Switchgt traceroute IP-address
• Switchgt traceroute 192.168.254.254
• The command is traceroute and the user defined
  argument is the 192.168.254.254.

34
The Command StructureContext Sensitive Help
35
The Command StructureCommand Syntax Check
36
The Command StructureCommand Syntax Check
37
The Command StructureCommand Syntax Check
38
The Command StructureHot Keys and Shortcuts

• Tab - Completes the remainder of a partially
  typed command or keyword
• Ctrl-R - Redisplays a line
• Ctrl-A Moves cursor to the beginning of the
  line
• Ctrl-Z - Exits configuration mode and returns to
  user EXEC
• Down Arrow - Allows the user to scroll forward
  through former commands
• Up Arrow - Allows the user to scroll backward
  through former commands
• Ctrl-Shift-6 - Allows the user to interrupt an
  IOS process such as ping or traceroute.
• Ctrl-C - Aborts the current command and exits the
  configuration mode

39
The Command StructureIOS Examination Commands
40
The Command StructureThe show version Command
41
The Command StructureNavigating the IOS
42
HostnamesWhy the Switch

• Lets focus on
• Creating a two PC network connected via a switch
• Setting a name for the switch
• Limiting access to the device configuration
• Configuring banner messages
• Saving the configuration

43
HostnamesDevice Names

• Hostnames allow devices to be identified by
  network administrators over a network or the
  Internet.
• Some guidelines for naming conventions are that
  names should
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Without names, network devices are difficult to
identify for configuration purposes.
44
HostnamesConfiguring Hostnames
Switch(config) hostname Sw-Floor-3 Sw-Floor3(co
nfig)
Switch(config) hostname Sw-Floor-2 Sw-Floor2(co
nfig)
Switch(config) hostname Sw-Floor-1 Sw-Floor1(co
nfig)
45
Limiting Access to Device ConfigurationsSecuring
Device Access

• The passwords introduced here are
• Enable password - Limits access to the privileged
  EXEC mode
• Enable secret - Encrypted, limits access to the
  privileged EXEC mode
• Console password - Limits device access using the
  console connection
• VTY password - Limits device access over Telnet

Note In most of the labs in this course, we will
be using simple passwords such as cisco or class.
46
Limiting Access to Device ConfigurationsSecuring
Privileged EXEC Access
class

• use the enable secret command, not the older
  enable password command
• enable secret  provides greater security because
  the password is encrypted

47
Limiting Access to Device ConfigurationsSecuring
User EXEC Access

• Console port must be secured
• reduces the chance of unauthorized personnel
  physically plugging a cable into the device and
  gaining device access
• vty lines allow access to a Cisco device via
  Telnet
• number of vty lines supported varies with the
  type of device and the IOS version

48
Limiting Access to Device ConfigurationsEncryptin
g Password Display

• service password-encryption
• prevents passwords from showing up as plain text
  when viewing the configuration 
• purpose of this command is to keep unauthorized
  individuals from viewing passwords in the
  configuration file
• once applied, removing the encryption service
  does not reverse the encryption

49
Limiting Access to Device ConfigurationsBanner
Messages
Switch(config) banner motd This is a secure
system Authorized Access Only!!!
Sw-Floor3(config)

• Important part of the legal process in the event
  that someone is prosecuted for breaking into a
  device
• Wording that implies that a login is "welcome" or
  "invited" is not appropriate

50
Saving ConfigurationsConfiguration Files

• Switch show running-config
• Switch copy running-config startup-config

• ltChanges madegt
• Switch delete vlan.dat 
• Delete filename vlan.dat?
• Delete flashvlan.dat? confirm
• Switch erase startup-config
• Switch reload
• System configuration has been modified. Save?
  yes/no n
• Proceed with reload? confirm

51
Saving ConfigurationsCapturing Text
52
Saving ConfigurationsCapturing Text
53
Ports and AddressesIP Addressing in the Large

• Each end device on a network must be configured
  with an IP address
• Structure of an IPv4 address is called dotted
  decimal
• IP address displayed in decimal notation, with
  four decimal numbers between 0 and 255
• With the IP address, a subnet mask is also
  necessary
• IP addresses can be assigned to both physical
  ports and virtual interfaces
• IPv4 and IPv6 addresses will be discussed in more
  detail later

54
Ports and AddressesInterfaces and Ports

• Terms are used interchangeably
• Some interfaces can be can be configured with an
  IP address such as
• NIC (Ethernet interface) on a host/computer
• Routers Ethernet or Serial interfaces

• Switches have ports (interfaces) but do not
  typically have IP addresses assigned to them
• Used to connect devices on LANs that do have IP
  addresses such as hosts, routers, printers.

55
Addressing DevicesConfiguring a Switch Virtual
Interface

• Allows the network administrator to communicate
  (SSH, telnet, ping) with the switch.
• It is OPTIONAL
• Layer 2 switches do NOT need an IP address to
  forward Ethernet frames.
• IP address - together with subnet mask, uniquely
  identifies end device on internetwork (more
  later)
• Subnet mask - determines which part of a larger
  network is used by an IP address interface VLAN 1
  - interface configuration mode
• ip address 192.168.10.2 255.255.255.0 -
  configures the IP address and subnet mask for the
  switch
• no shutdown - administratively enables the
  interface
• Switch still needs to have physical ports
  configured and VTY lines to enable remote
  management

56
Addressing DevicesManual IP Address
Configuration for End Devices
More later!
57
Addressing DevicesAutomatic IP Address
Configuration for End Devices
More later!
58
Addressing DevicesIP Address Conflicts
More later!
59
In Class Lab
60
Verifying ConnectivityTest the Loopback Address
on an End Device
C\gt ping 127.0.0.1 Reply from 127.0.0.1
bytes32 timelt1ms TTL128 Reply from 127.0.0.1
bytes32 timelt1ms TTL128 Reply from 127.0.0.1
bytes32 timelt1ms TTL128 Reply from 127.0.0.1
bytes32 timelt1ms TTL128
61
Verifying ConnectivityTesting the Interface
Assignment
62
Verifying ConnectivityTesting End-to-End
Connectivity
63
Configuring a Network Operating SystemChapter 2
Summary

• Services provided by the Cisco IOS accessed using
  a command-line interface (CLI)
• accessed by either the console port, the AUX
  port, or through telnet or SSH
• can make configuration changes to Cisco IOS
  devices
• a network technician must navigate through
  various hierarchical modes of the IOS
• Cisco IOS routers and switches support a similar
  operating system
• Introduced the initial settings of a Cisco IOS
  switch device
• setting a name
• limiting access to the device configuration
• configuring banner messages
• saving the configuration

64
DEMO
65
In Class Lab
66
CIS 81 Fundamentals of NetworkingChapter 2
Configuring a Network Operating System

• Rick Graziani
• Cabrillo College
• graziani_at_cabrillo.edu
• Fall 2013