Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 2: CONFIGURING A NETWORK OPERATING SYSTEM - Coggle Diagram
CHAPTER 2: CONFIGURING A NETWORK OPERATING SYSTEM
Operating Systems
All networking equipment dependent on operating systems
Routers
Wireless access points
Switches
Firewalls
End users (PCs, laptops, smart phones, tablets)
Cisco Internetwork Operating System (IOS)
Collection of network operating systems used on Cisco devices
Purposes of OS
Switch or router IOS provides options to
Enable routing and switching functions
Configure interfaces
All networking devices come with a default IOS
PC operating systems (Windows 8 & OS X) perform technical
functions that enable
View output
Enter text
Use of a mouse
Possible to upgrade the IOS version or feature set
Location of the Cisco IOS
IOS stored in Flash
Can be used to store multiple versions of IOS
IOS copied from flash to volatile RAM
Can be changed or overwritten as needed
Quantity of flash and RAM memory determines IOS that can be used
Non-volatile storage – not lost when power is lost
IOS Functions
Major functions performed or enabled by Cisco routers and
switches include:
QoS
Addressing
Routing
Managing Resources
Security
Interface
Console Access Method
Most common methods to access the Command Line Interface
Telnet or SSH
Telnet
Method for remotely accessing the CLI over a network
Require active networking services and one active interface that is configured
Secure Shell (SSH)
Stronger password authentication
Uses encryption when transporting data
Remote login similar to Telnet but utilizes more security
AUX port
Uses telephone line
Can be used like console port
Out-of-band connection
Console
Allows configuration commands to be entered
Should be configured with passwords to prevent unauthorized access
Need a special console cable
Device should be located in a secure room so console port can not be easily accessed
Device is accessible even if no networking services have been
configured (out-of-band)
Terminal Emulation Programs
Software available for
connecting to a networking device
SecureCRT
HyperTerminal
Tera Term
OS X Terminal
PuTTY
Primary Modes
The
User EXEC
mode allows only a limited number of basic monitoring commands and is often referred to as view-only-mode
Switch> , Router>
The
Privileged EXEC
mode, by default, allows all monitoring commands, as well as execution of configuration and management commands
switch#, Router#
Global Configuration Mode and Submodes
Global Configuration Mode commands
Switch(config)# , Router(config)#
Other Configuration Modes
, Specific service or interface configuration Switch(config-mode)#, Router(config-mode)#
IOS Command Structure
Switch>/ping/ /192.168.0.5
Prompt/Command/Space/Keyword or argument
Switch>/show/ / ip protocols
Why the Switch
Limiting access to the device configuration
Configuring banner messages
Setting a name for the switch
Saving the configuration
Creating a two PC network connected via a switch
Device Names
Some guidelines for naming conventions are that names should
End with a letter or digit
Use only letters, digits, and dashes
Contain no spaces
Start with a letter
Be less than 64 characters in length
Without names, network devices are difficult to identify for configuration purposes.
Hostnames
Hostnames allow devices to be identified by network administrators over a network or the Internet
Securing Device Access
Enable secret
- Encrypted, limits access to the
privileged EXEC mode
Console password
- Limits device access using the
console connection
Enable password
- Limits access to the privileged
EXEC mode
VTY password
- Limits device access over Telnet
Securing Privileged EXEC Access
enable secret
provides greater security because the password is encrypted
use the
enable secret
command, not the older enable password command
Securing User EXEC Access
Console port must be secured
reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access
vty lines allow access to a Cisco device via Telnet
number of vty lines supported varies with the type of device and the IOS version
Encryption Password Display
Service password-encryption
purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration life
once applied, removing the encryption service does not reverse the encryption
prevents passwords from showing up as plain text when viewing the configuration
Configuration Files
Startup configuration is removed by using the erase startup-config Switch# erase startup-config
On a switch you must also issue the delete vlan.dat Switch# delete vlan.dat Delete filename [vlan.dat]? Delete flash:vlan.dat? [confirm]
Switch# reload
System configuration has been modified. Save? [yes/no]: n Proceed with reload? [confirm]
IP Addressing in the Large
IP address displayed in decimal notation, with four decimal numbers between 0 and 255
With the IP address, a subnet mask is also necessary
Structure of an IPv4 address is called dotted decimal
IP addresses can be assigned to both physical ports and virtual
interfaces
Each end device on a network must be configured with an IP
address
Interfaces and Ports
Ethernet is the most common local area network (LAN) technology
Ethernet ports are found on end user devices, switch devices, and other networking devices
Different types of network media have different features and benefits
SVI provides a means to remotely manage a switch over a network
Types of network media include twisted-pair copper cables, fiberoptic cables, coaxial cables, or wireless
Cisco IOS switches have physical ports for devices to connect to, but also have one or more switch virtual interfaces (SVIs - no physical hardware on the device associated with it; created in software)
Network communications depend on end user device interfaces, networking device interfaces, and the cables that connect them
Configuring a Switch Virtual Interface
interface VLAN 1
- interface configuration mode
ip address 192.168.10.2 255.255.255.0
- configures the IP address and subnet mask for the switch
Subnet mask
- determines which part of a larger network is used by an IP address
no shutdown
- administratively enables the interface
IP address
- together with subnet mask, uniquely identifies end device on internetwork
Switch still needs to have physical ports configured and VTY lines to enable remote management