Chapter 2
Configuring a network operating system
Router - forwards packets to and receives data packets from the Internet
switch - connects end devices using network cables
wireless access point -consists of a radio transmitter capable of connecting end devices wirelessly
firewall appliance - secures outgoing traffic and restricts incoming traffic
operating system enables the hardware to function
Cisco Internetwork Operating System (IOS)
IOS - generic term for the collection of network operating systems used on Cisco networking devices
kernel - portion of the OS code that interacts directly with hardware
shell - portion of the OS code that interacts with user and applications
user can interact with the shell through command line interface (CLI) or graphical user interface (GUI)
purpose of IOS
security
routing
QoS
Addressing
managing resources
interface
Accessing Cisco IOS
-console
-telnet/SSH
-Aux port
Console - outbound access - access via a dedicated channel for maintenance only
-available without configured networking services
telnet - remote access through a virtual interface over a network
-requires active networking on the device
-can also access any other devices via a built-in telnet client
SSH - secure shell - similar to telnet, but uses encryption
-stronger password authentication
-encrypts transmission
-requires active networking on the device
AUX - access via telephone dial-up
-requires no networking services to be set up
-can be used locally
Navigating IOS
user exec mode >
privileged exec mode #
global config (config)#
specific config modes (config-if)#
(config-line)#
user exec mode >
-view mode
-basic operations
privileged exec mode #
global configuration mode - change device as a whole
> enable/disable
#configure terminal
to leave modes -> exit or ctrl-Z
command structure
switch> ping 192.168.31.1
prompt command space keyword/argument
switch> show ip protocols
bold - type as shown
italics - supply value
Cisco IOS command reference
help forms
context-sensitive
command syntax
hotkeys and shortcuts
context-sensitive - provides a list of commands within the current context -> ?
command syntax check
-parse left to right
-generally only provides negative feedback
3 types of error
-ambiguous command
-incomplete command
-incorrect command
Hotkeys and shortcuts
ctrl+shift+6 ->break sequence
tab -> finish command
ctrl+C -> interrupts entry and exits config mode
commands
show - display various information
show version - display version info, system uptime, restart info
Getting Basic
Hostnames
switch requires no configuration to function
hostname - unique device name
-provide info about network setup
-remove ambiguouity
-should be used in network documentation
-create naming convention
-apply using CLI
Limiting access to a device
physical limitations - behind closed doors, in a rack
device passwords
enable password - limit access to priviledged exec mode
enable secret - same as enable password, but encrypts the password
console password - limit device access using password
VTY password - limit access via telnet
(config)# enable secret password
console security
#line console 0
#password ***
#login <- apply="" div="" login="" password="" the="" to="" used="">
VTY security
-most switches have 16 VTY lines number 0 through 15
#line vty 0 15
#password ***
#login <- div="" login="" on="" password="" require="">
->
#service password encryption
-applies weak encryption to all passwords when viewing configuration files
-removing command doesn't remove encryption
banner configuration
-should never show "welcome" type message, or encourage access
motd - message of the day
#banner motd # message goes in here #
-The # symbols are message start, end characters
-delimiting characters
-can be any character
-can't be in the message presented
-motd showed when anyone accesses the system
saving configurations
-running config reflects current operational configuration
-unsaved changes removed at reboot
#copy running-config start-config
#reload ->reboot system and restore to startup-config
eliminating startup-config
#erase startup-config
#erase NVRAM:startup-config
must also delete vlan file to return to factory out of box status
#delete vlan.dat
Backup configuration with text capture
#show running-config
copy/paste into a text file. Have to clean up file before importing back into a system
Address Schemes
Ports & Addresses
IPv4 (Internet Protocol, version 4) uses dotted decimal notation
-4 numbers between 0 and 255
-subnet mask also required
IP Addresses assigned to physical ports and virtual interfaces
-virtual interface - no physical hardware associated with the interface.
Addressing Devices
Remote access requires IP address and subnet mask
#interface vlan 1
#ip address XXX.XXX.XXX SubnetMask
ex... #ip address 10.75.20.254 255.255.255.0
#no shutdown <- and="" disable.="" div="" enabled="" ever="" port="" set="" t="" to="" won="">
->
Addressing End Devices
depends on device
-must have IP address,
subnet mask
default gateway
-default gateway is IP address of the way out of the network
-DNS server (domain name system)
translate IP addresses to web addresses
-IP addresses can either be configured manually or automatically using DHCP
Dynamic Host Configuration Protocol
Show IP info in windows using
ipconfig
ipconfig /all
testing the loopback
loopback adderss is 127.0.0.1 <-reserved address="" div="" ip="">
->
ping failure indicates problem with system
-drivers
-NIC
-TCP/IP implementation
Verifying connectivity
#show ip interface brief
use ping to verify end to end connectivity
-reserved>
No comments:
Post a Comment