CIS 81 Fundamentals of Networking Chapter 2: Configuring a Network Operating System Rick Graziani Cabrillo College Fall 2013

Chapter 2 - Objectives Explain the purpose of Cisco IOS. Explain how to access and navigate Cisco IOS to configure network devices. Describe the command structure of Cisco IOS software. Configure hostnames on a Cisco IOS device using the CLI. Use Cisco IOS commands to limit access to device configurations. Use Cisco IOS commands to save the running configuration. Explain how devices communicate across network media. Configure a host device with an IP address. Verify connectivity between two end devices. 2

Cisco IOS Operating Systems All networking equipment depend on operating systems: End users (PCs, laptops, smart phones, tablets) Switches Routers Wireless access points Firewalls Cisco Internetwork Operating System (IOS) Collection of network operating systems used on Cisco devices 3

Cisco IOS Operating Systems 4

Cisco IOS Purpose of OS PC operating systems (Windows 8, Linux & OS X) perform technical functions that enable Use of a input and output devices Manage processes and programs Manage file systems, security, hardware, etc. Switch or router IOS provides options to Same functions as host operating systems Configure interfaces Enable routing and switching functions All networking devices come with a default IOS (switches, routers, firewalls) Possible to upgrade the IOS version or feature set 5

Cisco IOS Location of the Cisco IOS IOS stored in Flash Non-volatile storage – not lost when power is lost Can be changed or overwritten as needed Can be used to store multiple versions of IOS IOS copied from flash to volatile RAM when booted Quantity of flash and RAM memory determines IOS that can be used 6

Cisco IOS IOS Functions Major functions performed or enabled by Cisco routers and switches include: 7

8 Router/Switch Bootup Process (more in later course)

9 Bootup Process running-config IOS (running) startup-configIOS ios (partial) Bootup program

10 running-config IOS (running) startup-configIOS ios (partial) Bootup program Where is the permanent configuration file stored used during boot-up?NVRAM (B) Where is the diagnostics software stored executed by hardware modules?ROM (D) Where is the backup (partial) copy of the IOS stored?ROM (D) Where is IOS permanently stored before it is copied into RAM? FLASH (C) Where are all changes to the configuration immediately stored?RAM (A) AB C D

11 running-config IOS (running) startup-configIOS ios (partial) Bootup program ? ? ? ? ? ? ?

12 running-config IOS (running) startup-config IOS ios (partial) Bootup program startup-config IOS Bootup program ios (partial) running-config IOS (running) AB C D BAD CD A

Cisco IOS CCO Account Benefits and IOS Files This video introduces Cisco Connection Online (CCO). CCO has a wealth of information available regarding Cisco products and services. 13

Accessing a Cisco IOS Device Console Access Method Most common methods to access the Command Line Interface Console Telnet or SSH AUX port 14

Accessing a Cisco IOS Device Console Access Method Console port Device is accessible even if no networking services have been configured (out-of-band) Need a special console cable (aka rollover cable) Allows configuration commands to be entered Should be configured with passwords to prevent unauthorized access Device should be located in a secure room so console port can not be easily accessed 15

16 Establishing a HyperTerminal session (next week) Connect PC using the RJ-45/mini-USB to Serial/USB rollover cable. Configure the terminal or PC terminal emulation software for:  9600 baud  8 data bits  no parity  1 stop bit  no flow control Rollover cable Console port Com1 or Com2 serial port Or USB port with USB-to-Serial adapter Terminal or a PC with terminal emulation software Router

17 Terminal (Serial) Settings) Configure the terminal or PC terminal emulation software for:  9600 baud  8 data bits  no parity  1 stop bit  no flow control.

18 Establishing a Terminal/Serial/Console session Important: A console connection is not the same as a network connection! = PuTTY Tera Term SecureCRT HyperTerminal OS X Terminal Zoc Dumb Terminal

Accessing a Cisco IOS Device Telnet, SSH, and AUX Access Methods Telnet Method for remotely accessing the CLI over a network Require active networking services and one active interface that is configured Secure Shell (SSH) – Preferred over Telnet Remote login similar to Telnet but utilizes more security Stronger password authentication Uses encryption when transporting data Aux Port (not used too much) Out-of-band connection Uses telephone line Can be used like console port 19

20 C:\> ssh C:\> ping Ethernet Connection Network connection needed When can you use a network connection to connect to the router? What software/command do you need? What cable and ports do you use? When should you not use a network connection to configure the router? When there is a network connection to the router (telnet). TCP/IP, Terminal prompt (DOS), Tera Term, etc. PC & Router: Ethernet NIC Ethernet straight-through cable When the change may disconnect the telnet connection. NIC

Accessing a Cisco IOS Device Terminal Emulation Programs Software available for connecting to a networking device (usually same as terminal/serial/console connection): PuTTY Tera Term SecureCRT HyperTerminal OS X Terminal Zoc 21

Navigating the IOS Cisco IOS Modes of Operation 22

Navigating the IOS Cisco IOS Modes of Operation enable configure terminal interface router line 23

Navigating the IOS Primary Modes enable 24

Navigating the IOS Global Configuration Mode and Submodes Global configuration mode and interface configuration modes can only be reached from the privileged EXEC mode. 25

Navigating the IOS Navigating between IOS Modes Similar IOS commands for switches and routers 26

Navigating the IOS Navigating between IOS Modes (cont.) Switch> user mode Switch> enable go to privilege mode Switch# configure terminal go to global configuration mode Switch(config)# interface vlan 1 go to interface mode Switch(config-if)# exit Switch(config)# exit Switch# config t Shortened commands and parameters Switch(config)# vlan 1 go to VLAN configuration mode Switch(config-vlan)# end go to privilege-EXEC mode Switch# disable Switch> enable Switch# config t Switch(config)# line vty 0 4 go to interface (line) mode Switch(config-line)# exit Switch(config)# 27

28 Common Commands for Switches and Routers Switch>user mode Switch> enable Switch#privilege mode Switch# configure terminal Switch(config)# exit Switch# config t Switch(config)# hostname name Switch(config)# enable secret passwordprivilege password Switch(config)# line console 0console password Switch(config-line)# password password Switch(config-line)# login Switch(config)# line vty 0 4telnet password Switch(config-line)# password password Switch(config-line)# login Switch(config)# banner motd # message #banner Switch(config)# interface type numberconfigure interface Switch(config-if)# description description

29 Making your life easier! Switch# enable Switch(config)# line console 0Console port Switch(config-line)# logging synchronous IOS will not Switch(config-line)# exec-timeout 0 0password Switch(config)# no ip domain-lookup password Switch(config-line)# login Switch(config)# banner motd # message #banner Switch(config)# interface type numberconfigure interface Switch(config-if)# description description

Navigating the IOS Navigating between IOS Modes 30

The Command Structure IOS Command Structure 31

The Command Structure Cisco IOS Command Reference IOS Command Conventions The general syntax for a command is the command followed by any appropriate keywords (defined) and arguments (undefined). An argument is generally not a predefined word. An argument is a value or variable defined by the user. Switch(config-if)# description string Boldface text indicates commands and keywords that are typed as shown Italic text indicates an argument for which you supply the value. For the description command, the argument is a string value. The string value can be any text string of up to 80 characters. Example: Switch(config-if)# description MainHQ Office Switch 32

The Command Structure Cisco IOS Command Reference For the ping command: Switch> ping IP-address Switch> ping  The command is ping and the user defined argument is the Similarly, the syntax for entering the traceroute command is: Switch> traceroute IP-address Switch> traceroute  The command is traceroute and the user defined argument is the

The Command Structure Context Sensitive Help 34

The Command Structure Command Syntax Check 35

The Command Structure Command Syntax Check 36

The Command Structure Command Syntax Check 37

The Command Structure Hot Keys and Shortcuts Tab - Completes the remainder of a partially typed command or keyword Ctrl-R - Redisplays a line Ctrl-A – Moves cursor to the beginning of the line Ctrl-Z - Exits configuration mode and returns to user EXEC Down Arrow - Allows the user to scroll forward through former commands Up Arrow - Allows the user to scroll backward through former commands Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping or traceroute. Ctrl-C - Aborts the current command and exits the configuration mode 38

The Command Structure IOS Examination Commands 39

The Command Structure The show version Command 40

The Command Structure Navigating the IOS 41

Hostnames Why the Switch Let’s focus on Creating a two PC network connected via a switch Setting a name for the switch Limiting access to the device configuration Configuring banner messages Saving the configuration 42

Hostnames Device Names Hostnames allow devices to be identified by network administrators over a network or the Internet. Some guidelines for naming conventions are that names should: Start with a letter Contain no spaces End with a letter or digit Use only letters, digits, and dashes Be less than 64 characters in length Without names, network devices are difficult to identify for configuration purposes. 43

Hostnames Configuring Hostnames Switch(config)# hostname Sw-Floor-3 Sw-Floor3(config)# Switch(config)# hostname Sw-Floor-2 Sw-Floor2(config)# Switch(config)# hostname Sw-Floor-1 Sw-Floor1(config)# 44

Limiting Access to Device Configurations Securing Device Access The passwords introduced here are:  Enable password - Limits access to the privileged EXEC mode  Enable secret - Encrypted, limits access to the privileged EXEC mode  Console password - Limits device access using the console connection  VTY password - Limits device access over Telnet Note: In most of the labs in this course, we will be using simple passwords such as cisco or class. 45

Limiting Access to Device Configurations Securing Privileged EXEC Access use the enable secret command, not the older enable password command enable secret provides greater security because the password is encrypted class 46

Limiting Access to Device Configurations Securing User EXEC Access  Console port must be secured reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access  vty lines allow access to a Cisco device via Telnet number of vty lines supported varies with the type of device and the IOS version 47

Limiting Access to Device Configurations Encrypting Password Display service password- encryption prevents passwords from showing up as plain text when viewing the configuration purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file once applied, removing the encryption service does not reverse the encryption 48

Limiting Access to Device Configurations Banner Messages Important part of the legal process in the event that someone is prosecuted for breaking into a device Wording that implies that a login is "welcome" or "invited" is not appropriate Switch(config)# banner motd # This is a secure system Authorized Access Only!!! # Sw-Floor3(config)# 49

Saving Configurations Configuration Files Switch# show running-config Switch# copy running-config startup-config Switch# delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm] Switch# erase startup-config Switch# reload System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm] 50

Saving Configurations Capturing Text 51

Saving Configurations Capturing Text 52

Ports and Addresses IP Addressing in the Large Each end device on a network must be configured with an IP address Structure of an IPv4 address is called dotted decimal IP address displayed in decimal notation, with four decimal numbers between 0 and 255 With the IP address, a subnet mask is also necessary IP addresses can be assigned to both physical ports and virtual interfaces IPv4 and IPv6 addresses will be discussed in more detail later 53

Ports and Addresses Interfaces and Ports Terms are used interchangeably Some interfaces can be can be configured with an IP address such as:  NIC (Ethernet interface) on a host/computer  Router’s Ethernet or Serial interfaces Switches have ports (interfaces) but do not typically have IP addresses assigned to them Used to connect devices on LANs that do have IP addresses such as hosts, routers, printers. 54

Addressing Devices Configuring a Switch Virtual Interface Allows the network administrator to communicate (SSH, telnet, ping) with the switch. It is OPTIONAL “Layer 2” switches do NOT need an IP address to forward Ethernet frames. IP address - together with subnet mask, uniquely identifies end device on internetwork (more later) Subnet mask - determines which part of a larger network is used by an IP address interface VLAN 1 - interface configuration mode ip address configures the IP address and subnet mask for the switch no shutdown - administratively enables the interface Switch still needs to have physical ports configured and VTY lines to enable remote management 55

Addressing Devices Manual IP Address Configuration for End Devices 56 More later!

Addressing Devices Automatic IP Address Configuration for End Devices 57 More later!

Addressing Devices IP Address Conflicts 58 More later!

In Class Lab 59

Verifying Connectivity Test the Loopback Address on an End Device C:\> ping Reply from : bytes=32 time<1ms TTL=128 60

Verifying Connectivity Testing the Interface Assignment 61

Verifying Connectivity Testing End-to-End Connectivity 62

Configuring a Network Operating System Chapter 2 Summary Services provided by the Cisco IOS accessed using a command-line interface (CLI) accessed by either the console port, the AUX port, or through telnet or SSH can make configuration changes to Cisco IOS devices a network technician must navigate through various hierarchical modes of the IOS Cisco IOS routers and switches support a similar operating system Introduced the initial settings of a Cisco IOS switch device setting a name limiting access to the device configuration configuring banner messages saving the configuration 63

64 DEMO

65 In Class Lab

CIS 81 Fundamentals of Networking Chapter 2: Configuring a Network Operating System Rick Graziani Cabrillo College Fall 2013