Scribd
Upload
1K views

Network Device and Configuration

This document provides an overview of network devices and basic configuration. It discusses switches, routers, and how to access the Cisco IOS CLI through the console, Telnet, or SSH. Global configuration mode is described as allowing network-wide configuration changes. Router and switch administrative configurations covered include setting hostnames, banners for messages, passwords, and interface descriptions. The document is presented by Baessa K. of Mettu University for B.Sc in Information Technology students.

Uploaded by

betsega shifera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

Network Device and Configuration

This document provides an overview of network devices and basic configuration. It discusses switches, routers, and how to access the Cisco IOS CLI through the console, Telnet, or SSH. Global configuration mode is described as allowing network-wide configuration changes. Router and switch administrative configurations covered include setting hostnames, banners for messages, passwords, and interface descriptions. The document is presented by Baessa K. of Mettu University for B.Sc in Information Technology students.

Uploaded by

betsega shifera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 53

Network device and configuration

02 : Operating Network Devices

Baessa K.

Mettu University
Faculty of Engineering and Technology
Department of Information Technology

Target Group — B.Sc in Information Technology Students

April 28, 2021


Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 1 / 49
Lecture Topics : #

1 Overview of Network Devices

2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 2 / 49


Overview of Network Devices

Outline

1 Overview of Network Devices

2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 3 / 49


Overview of Network Devices

Overview

• LAN switches may be the most common networking device found in


the Enterprise today.
• Switches provide a connection point for the Ethernet devices
• . . . so that the devices on the LAN can communicate with each other
and
• . . . with the rest of an Enterprise network or with the Internet.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 4 / 49


Overview of Network Devices

Accessing the Cisco IOS CLI

• The CLI is a text-based interface in which the user, typically a


network engineer, enters a text command and presses Enter.
• The Cisco IOS CLI allows the user to use a terminal emulation
program, which accepts text entered by the user.
• When the user presses Enter, the terminal emulator sends that text to
the switch.
• The switch processes the text as if it is a command, does what the
command says, and sends text back to the terminal emulator.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 5 / 49


Overview of Network Devices

Accessing the Cisco IOS CLI . . .


• The switch CLI can be accessed through three popular methods
• the console, Telnet, and Secure Shell (SSH).
• Two of these methods (Telnet and SSH) use the IP network in which
the switch resides to reach the switch.
• The console is a physical port built specifically to allow access to the
CLI.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 6 / 49


Basic Configuration

Outline

1 Overview of Network Devices

2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 7 / 49


Basic Configuration Configuring Cisco IOS Software

Outline

1 Overview of Network Devices

2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 8 / 49


Basic Configuration Configuring Cisco IOS Software

Global Configuration Mode

• Configuration mode is another mode for the Cisco CLI, similar to user
mode and privileged mode.
• User mode lets you issue non-disruptive commands and displays some
information.
• Privileged mode supports a superset of commands compared to user
mode, including commands that might harm the switch.
• However, none of the commands in user or privileged mode changes
the switch’s configuration.
• Configuration mode accepts configuration commands
• . . . commands that tell the switch the details of what to do, and how to
do it.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 9 / 49


Basic Configuration Configuring Cisco IOS Software

Global Configuration Mode . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 10 / 49


Basic Configuration Configuring Cisco IOS Software

Global Configuration Mode . . .

• To configure network devices from a CLI, you can make global


changes to the router/switch by typing configure terminal (or config t
for short),
• which puts you in global configuration mode and changes what’s
known as the running config.
• A global command (a command run from global config) is set only
once and affects the entire router.
• You can type config from the privileged-mode prompt and then just
press Enter to take the default of terminal, as seen here:

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 11 / 49


Basic Configuration Router and Switch Administrative Configurations

Outline

1 Overview of Network Devices

2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 12 / 49


Basic Configuration Router and Switch Administrative Configurations

Router and Switch Administrative Configurations

• The administrative functions that you can configure on a router and


switch are as follows:
• Hostnames
• Banners
• Passwords
• Interface descriptions

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 13 / 49


Basic Configuration Router and Switch Administrative Configurations

Hostnames

• Hostnames allow devices to be identified by network administrators


over a network or the Internet.
• Without names, network devices are difficult to identify for
configuration purposes.
• Some guidelines for naming conventions are that names should:
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 14 / 49


Basic Configuration Router and Switch Administrative Configurations

Hostnames

• Hostnames allow devices to be identified by network administrators


over a network or the Internet.
• Without names, network devices are difficult to identify for
configuration purposes.
• Some guidelines for naming conventions are that names should:
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 14 / 49


Basic Configuration Router and Switch Administrative Configurations

Hostnames . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 15 / 49


Basic Configuration Router and Switch Administrative Configurations

Banners

• Provides legal notification of unauthorized access.


• You can create a banner to give anyone who shows up on the router
exactly the information you want them to have.
• Three available banner types:
1 Message of the Day (MOTD)
• Shown before the login prompt.
• For temporary messages that may change from time to time, such as
”Router1 down for maintenance at midnight”.
2 Login
• Shown before the login prompt but after the MOTD banner.
• For permanent messages such as ”Unauthorized Access Prohibited.”
3 Exec
• Shown after the login prompt.
• Used to supply information that should be hidden from unauthorized
users.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 16 / 49


Basic Configuration Router and Switch Administrative Configurations

Banners . . .

• Message of the day (MOTD) is the most extensively used banner.


• It gives a message to every person dialing into or connecting to the
router via Telnet or an auxiliary port, or even through a console port
as seen here:
1 Todd ( config ) # banner motd # Unauthorized access prohibited !
#

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 17 / 49


Basic Configuration Router and Switch Administrative Configurations

Banners . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 18 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Passwords

• Five passwords are used to secure your Cisco routers


1 Console password
• Limits device access using the console connection
2 VTY password
• Limits device access over Telnet
3 Enable password
• Limits access to the privileged EXEC mode
4 Enable secret
• Encrypted, limits access to the privileged EXEC mode
• This will prompt a user for a password when the enable command is
used.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Passwords

• Five passwords are used to secure your Cisco routers


1 Console password
• Limits device access using the console connection
2 VTY password
• Limits device access over Telnet
3 Enable password
• Limits access to the privileged EXEC mode
4 Enable secret
• Encrypted, limits access to the privileged EXEC mode
• This will prompt a user for a password when the enable command is
used.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Passwords

• Five passwords are used to secure your Cisco routers


1 Console password
• Limits device access using the console connection
2 VTY password
• Limits device access over Telnet
3 Enable password
• Limits access to the privileged EXEC mode
4 Enable secret
• Encrypted, limits access to the privileged EXEC mode
• This will prompt a user for a password when the enable command is
used.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Passwords

• Five passwords are used to secure your Cisco routers


1 Console password
• Limits device access using the console connection
2 VTY password
• Limits device access over Telnet
3 Enable password
• Limits access to the privileged EXEC mode
4 Enable secret
• Encrypted, limits access to the privileged EXEC mode
• This will prompt a user for a password when the enable command is
used.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49


Basic Configuration Router and Switch Administrative Configurations

Securing User EXEC Access

• To set the console password, use the line console 0 command.


• This port must be secured
• reduces the chance of unauthorized personnel physically plugging a
cable into the device and gaining device access

• Since there’s only one console port, I can only choose line console 0.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 20 / 49


Basic Configuration Router and Switch Administrative Configurations

Securing User EXEC Access . . .

• There are a few other important commands to know for the console
port.
• the exec-timeout 0 0 command sets the time-out for the console EXEC
session to zero, which basically means to never time out.
• The default time-out is 10 minutes

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 21 / 49


Basic Configuration Router and Switch Administrative Configurations

Securing Privileged EXEC Access

• You set the enable passwords from global configuration mode like this:

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 22 / 49


Basic Configuration Router and Switch Administrative Configurations

Securing Privileged EXEC Access . . .

• Enable password parameters:


1 password
• Sets the enable password on older systems, and isn’t ever used if an
enable secret is set.
• defines the password required when using the enable EXEC command.
• This password is listed as clear text in the configuration file by default.
2 secret
• This is the newer, encrypted password that overrides the enable
password if it’s set.
• it defines the password required when using the enable EXEC
command.
• This password is listed as a hidden MD5 hash value in the
configuration file.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 23 / 49


Basic Configuration Router and Switch Administrative Configurations

Securing Privileged EXEC Access . . .


enable secret vs enable password
• use the enable secret command, not the older enable password
command
• enable secret provides greater security because the password is
encrypted
• If both commands are used, the password set in the enable secret
command defines which password is required.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 24 / 49


Basic Configuration Router and Switch Administrative Configurations

Telnet Password

• Telnet, part of the TCP/IP protocol suite, is a virtual terminal


protocol that allows you to make connections to remote devices.
• You run the Telnet program by typing telnet from any command
prompt (DOS or Cisco).
1 Corp # telnet 10.2.2.2
2 Trying 10.2.2.2 ... Open
3 Password required , but none set
4 [ Connection to 10.2.2.2 closed by foreign host ]
5 Corp #

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 25 / 49


Basic Configuration Router and Switch Administrative Configurations

Telnet Password . . .

• You need to have VTY passwords set on the routers for this to work.
• To set the user-mode password for Telnet access into the router, use
the line vty command.
• vty lines allow access to a Cisco device via Telnet
• number of vty lines supported varies with the type of device and the
IOS version
• Routers that aren’t running the Enterprise edition of the Cisco IOS
default to five VTY lines, 0 through 4.
• But if you have the Enterprise edition, you’ll have significantly more.
• The best way to find out how many lines you have is to use that
question mark:

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 26 / 49


Basic Configuration Router and Switch Administrative Configurations

Telnet Password . . .

1 R1 # config t
2 Enter configuration commands , one per line .
3 R1 ( config ) # line vty 0 ?
4 <1 -15 > Last Line number
5 <cr >
6 R1 ( config ) # line vty 0 4
7 R1 ( config - line ) # password telnet
8 R1 ( config - line ) # login
9 R1 ( config - line ) #^ Z
10 R1 ( config ) #

• Now let’s try this again.


1 Corp # telnet 10.2.2.2
2 Trying 10.2.2.2 ... Open
3 User Access Verification
4 Password :
5 R1 >

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 27 / 49


Basic Configuration Router and Switch Administrative Configurations

Telnet Password . . .

• Remember that the VTY password is the user-mode password, not


the enable-mode password.
• Watch what happens when I try to go into privileged mode after
telnetting into router R1:
1 R1 > en
2 % No password set
3 R1 >

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 28 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) I

• Instead of Telnet, you can use Secure Shell, which creates a more
secure session than the Telnet application that uses an unencrypted
data stream.
• Secure Shell (SSH) is a protocol that provides a secure (encrypted)
command-line based connection to a remote device
• SSH is commonly used in UNIX-based systems
• Cisco IOS also supports SSH
• A version of the IOS software including cryptographic (encrypted)
features an capabilities is required in order to enable SSH on Catalyst
2960 switches
• Because its strong encryption features, SSH should replace Telnet for
management connections
• SSH uses TCP port 22 by default. Telnet uses TCP port 23

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 29 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) II

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 30 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) III

• SSh Operation
1 Set your hostname:
1 Router ( config ) # hostname R1

2 Set the domain name (both the hostname and domain name are
required for the encryption keys to be generated):
3 Set your hostname:

1 R1 ( config ) # ip domain - name cisco . com

4 Generate the encryption keys for securing the session:


1 R1 ( config ) # crypto key generate rsa general - keys
modulus ?
2 <360 -2048 > size of the key modulus [360 -2048]
3 R1 ( config ) # crypto key generate rsa general - keys
modulus 1024

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 31 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) IV

5 Set the SSH version


1 R1 ( config ) # ip ssh version 2

6 Set the max idle timer for a SSH session:


1 R1 ( config ) # ip ssh time - out ?
2 <1 -120 > SSH time - out interval ( secs )
3 R1 ( config ) # ip ssh time - out 60

7 Set the max failed attempts for an SSH connection:


1 R1 ( config ) # ip ssh authentication - retries ?
2 <0 -5 > Number of authentication retries
3 R1 ( config ) # ip ssh authentication - retries 2

8 Connect to the vty lines of the router:


1 R1 ( config ) # line vty 0 4

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 32 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) V

9 Last, configure SSH and then Telnet as access protocols:


1 R1 ( config - line ) # transport input ssh
2 R1 ( config - line ) # login local
3 R1 ( config - line ) # exit
4 R1 ( config ) # username admin password ccna

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 33 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) VI

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 34 / 49


Basic Configuration Router and Switch Administrative Configurations

Setting Up Secure Shell (SSH) VII


• Verifying SSH

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 35 / 49


Basic Configuration Router and Switch Administrative Configurations

Encrypting Password Display

• service password-encryption
• prevents passwords from showing up as plain text when viewing the
configuration
• purpose of this command is to keep unauthorized individuals from
viewing passwords in the configuration file
• once applied, removing the encryption service does not reverse the
encryption

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 36 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Outline

1 Overview of Network Devices

2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 37 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Configuration Files I

running-config vs startup-config
• You can manually save the file from DRAM to NVRAM by using the
copy running-config startup-config command (you can use the
shortcut copy run start also):
1 R1 # copy running - config startup - config

• Also, when the command asked for the destination filename, the
default answer was startup-config.
• You can view the files by typing show running-config or show
startup-config from privileged mode.
• The sh run command, which is a a shortcut for show running-config,
tells us that we are viewing the current configuration:
1 S1 # show running - config

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 38 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Configuration Files II

running-config vs startup-config . . .
• show startup-config command
• shows us the configuration that will be used the next time the router is
reloaded.
• It also tells us how much NVRAM is being used to store the
startup-config file
1 S1 # show startup - config

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 39 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Configuration Files III

1 Switch # reload
2 System configuration has been modified . Save ?[ yes / no ]: n
3 Proceed with reload ? [ confirm ]

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 40 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Deleting the Configuration and Reloading the Router I

erase startup-config vs reload


• Startup configuration is removed by using the erase startup-config :
1 Switch # erase startup - config
2 Erasing the nvram filesystem will remove all
configuration files !
3 Continue ? [ confirm ][ enter ]
4 [ OK ]
5 Erase of nvram : complete
6 Switch #
7 * Feb 28 23:51:21.179: % SYS -7 - NV_BLOCK_INIT : Initialized
the geometry of nvram
8 Switch # sh startup - config
9 startup - config is not present

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 41 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Deleting the Configuration and Reloading the Router II

• On a switch you must also issue the delete vlan.dat


1 Sitch # reload
2 Proceed with reload ? [ confirm ] System configuration
has been modified .
3 Save ? [ yes / no ]: n
4 Switch # delete vlan . dat
5 Delete filename [ vlan . dat ]?
6 Delete flash : vlan . dat ? [ confirm ]

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 42 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying Your Configuration I

Active Configuration
• show running-config
• show startup-config

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 43 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying Your Configuration II

Verifying with the show interface Command


• The show interfaces command displays the configurable parameters
and statistics of all interfaces on a router.
1 Router # sh int ?

1 Router # sh int f0 /0
2 FastEthernet0 /0 is up , line protocol is up
3 Hardware is MV96340 Ethernet , address is 001 a .2 f55 . c9e8
( bia 001 a .2 f55 . c9e8 )
4 Internet address is 192.168.1.33/27
5 MTU 1500 bytes , BW 100000 Kbit , DLY 100 usec ,
reliability 255/255 , txload 1/255 , rxload 1/255
6 .....
7 Router #

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 44 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying Your Configuration III

• It reveals to us the hardware address, logical address, and


encapsulation method as well as statistics on collisions

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 45 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying Your Configuration IV

Using the show controllers Command


• The show controllers command displays information about the
physical interface itself
• It’ll also give you the type of serial cable plugged into a serial port.
• Usually, this will only be a DTE cable that plugs into a type of data
service unit (DSU).
1 Router # sh controllers serial 0/0
2 HD unit 0 , idb = 0 x1229E4 , driver structure at 0 x127E70
3 buffer size 1524 HD unit 0 , V .35 DTE cable
4 cpb = 0 xE2 , eda = 0 x4140 , cda = 0 x4000
5 Router # sh controllers serial 0/1
6 HD unit 1 , idb = 0 x12C174 , driver structure at 0 x131600
7 buffer size 1524 HD unit 1 , V .35 DCE cable
8 cpb = 0 xE3 , eda = 0 x2940 , cda = 0 x2800

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 46 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying Your Configuration V

• Notice that serial 0/0 has a DTE cable, whereas the serial 0/1
connection has a DCE cable.
• Serial 0/1 would have to provide clocking with the clock rate
command.
• Serial 0/0 would get its clocking from the DSU.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 47 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying with the show ip interface Command I


• The show ip interface command will provide you with information
regarding the layer 3 configurations of a router’s interfaces:
1 Router # sh ip interface
2 FastEthernet0 /0 is up , line protocol is up
3 Internet address is 1.1.1.1/24
4 Broadcast address is 255.255.255.255
5 Address determined by setup command
6 MTU is 1500 bytes
7 Helper address is not set
8
9 ....
10 Router #

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 48 / 49


Basic Configuration Viewing, Saving, and Erasing Configurations

Verifying with the show ip interface Command II

• Using the show ip interface brief Command


• The show ip interface brief command is probably one of the most
helpful commands that you can ever use on a Cisco router.
• This command provides a quick overview of the router’s interfaces,
including the logical address and status:

1 Router # sh ip int brief


2 Interface IP - Address OK ? Method Status Protocol
3 ... ... ... ... ... ...

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 49 / 49

You might also like