chapter 11- configuring and testing your network modified by profs. chen and cappellino
TRANSCRIPT
Chapter 11- Configuring and Testing Your Network
Modified by Profs. Chen and Cappellino
Objectives Learning Objectives
Upon completion of this chapter, you will be able to:
Define the role of the Internetwork Operating System (IOS).
Define the purpose of a configuration file.
Identify several classes of devices that have the IOS embedded.
Identify the factors contributing to the set of IOS commands available to a device.
Identify the IOS modes of operation. Identify the basic IOS commands. Compare and contrast the basic
show commands.
Cisco IOS Routers, switches and other Cisco devices cannot function
without an operating system. The Cisco Internetwork Operating System (______) is the
________________________________________Provides the following services:
The IOS operates differently depending on different devices, the device's purpose and _________________
The IOS file itself is several megabytes in size and is stored in a memory area called _________________.
____________ of flash memory are _______________________________ Using flash memory _____________________________________ to newer
versions or to have new features added. The _____________________________________________ and
runs from RAM when the device is operating. The services provided by the Cisco IOS are accessed using
a command line interface (_____________).
Cisco IOS Access Methods: Console
The CLI can be accessed through a __________ __________, also known as the ____________
Console uses a low speed _______________ to directly connect computer to console port on the router or switch.
The ________________________________ that provides _______________ to a router.
The console port ________________________ ________________________ on the device.
Console port used for the following: The __________________ of the network device__________________________ and when remote
access is not possible_________________________ procedures
The console should be ___________________ _____________________ to prevent unauthorized device access.
3 ways to access the CLI: –Console
–Telnet or SSH
–AUX port
Console cont… Initial startup of Cisco routers
Take the following steps to connect a terminal to the console port on the router: • Connect the terminal using a rollover cable with an RJ-45 to DB-9 adapter. • Configure the terminal or PC terminal emulation software for 9600 baud, 8 data
bits, no parity, 1 stop bit, and no flow control.
Rollover cable
Console port
Com1 or Com2 serial port
Terminal or a PC with terminal emulation software
Router
Console cont… Initial startup of Cisco routers
Note: A console connection is not the same as a network connection!
=
Cisco IOS Access Methods: Telnet and SSH Telnet is a method for _____________
______________________________Telnet sessions _____________________ and at
least _______________________ configured with a Layer 3 address
Host with a telnet client can access the ________ sessions on the Cisco device.
The IOS _____________________ that the Telnet session use a _____________________
Secure Shell (________) protocol is a _____________ method for __________ ______________________
Remote login ______________ but more secureProvides ____________________________ than
Telnet and uses ______________________ when transporting session data.
Most newer versions of the IOS contain an SSH server.
Unfortunately, SSH client software is by default, not provided on client computer operating systems
Cisco IOS Access Methods: AUX A way to establish a CLI session
__________________________ connection using a modem connected to the router's ____________________
This method also does ________________ ___________________________ to be configured or available on the device.
AUX port can also be used locally, like the console port, with a direct connection to a computer running a terminal emulation program.
Only used locally when there are problems using the console port
The console port is required for the configuration of the router and is the preferred port for troubleshooting
Not all routers have an auxiliary port.
Configuration Files Network devices depend on ___________________ for their
operation: __________________ and ________________ The operating system facilitates the ___________________________
__________________________________Configuration files contain the ______________________________
_____________________________________________ A Cisco network device contains ______ configuration files:
The ___________________________ - used during the __________ ____________________________________
________________________, it is used to operate the device. _____________ to the running configuration will ___________________________
of the Cisco device. After making any changes, those changes should be saved back to the startup-
config file so that they will be available next time the device restarts. The running configuration is _____________________________
The ______________________ - used as the ________ configuration and is ________________________________________
_____________________ so it remains intact when the device is powered down __________________ each time the router is started or reloaded. ________________ into RAM, the startup config is ________________________
configuration.
Graphic: Relationship between NVRAM and RAM
Cisco IOS Modes The Cisco IOS is an operating system which uses
_______________, each mode having its own particular operation.
The CLI uses a hierarchical structure for the modes. In order from top to bottom, the major modes are:
____________________ mode________________________ mode______________________________ mode_____________________ specific configuration modes
Each mode accomplishes particular tasks and has specific commands that are available in that mode.
Each mode uses a ________________________For example, to configure a router interface, the user must
enter interface configuration mode. All configurations that are entered in interface configuration mode
apply only to that interface. Different authentication can be required for each
hierarchal mode.
Cisco IOS Modes cont…
Cisco IOS Modes: Command Prompts When using the CLI, the mode is
_______________________ ________ that is unique to that mode.
The word prompt is used because the system is prompting you to make an entry.
By default, every prompt ______ with the _______________
Following the name, the remainder of the prompt indicates the mode.
For example, the default prompt for the global configuration mode on a router would be:
Router(config)# As commands are used and
modes are changed, the ______ __________________________ context.
1
Cisco IOS Modes: Primary Modes Cisco IOS software separates the
EXEC sessions into two access modes.
___________ Mode Switch__ or Router__
This mode is the first entrance into the CLI of the router.
The user EXEC mode allows only a _________ _______________________
Often referred to as ____________________ since ___________ to the configuration are _________
Identified by the > symbol at the end of the prompt By default, there is no authentication required but
for security sake should be used
IOS Modes: Primary Modes cont. Privileged EXEC Mode Switch____
or Router_____
Also called “_____________” Allows more commands to be executed. Allows the ___________________________
____________________________ ______________________________ in this mode
The privileged EXEC mode can be identified by the prompt ending with the # symbol.
By default, does not require authentication but it should be configured and used.
Global configuration mode and all other more specific configuration modes can only be reached from the privileged EXEC mode.
Moving between the User EXEC and Privileged EXEC Modes
The _________________ commands are used to _____________________ mode and ______________ mode.
In order to access privileged EXEC mode, use enable command.
Router>enableOnce <Enter> is pressed, the router prompt changes to:
Router# The # at the end of the prompt indicates that the router is
now in privileged EXEC mode. If password authentication has been configured for the
privileged EXEC mode, the IOS prompts for one: Router>enable Password: Router#
The disable command is used to return from the privileged EXEC to the user EXEC mode.
For example: Router#disable Router>
Basic IOS Command Structure Each IOS ______________________
___________________ and is executed at the appropriate prompt.
The commands are _________________. Following the command are one or more
keywords and arguments. For example:
Switch#show running-config The command show is followed by the keyword
running-config which displays the running-configuration as output
Switch(config-if)#description GCC Campus Switch
The command is: description. The user defined argument is GCC Campus Switch
Pressing the <Enter> key submits the command
Note the command convention used by Cisco…
Using CLI Help: Context-Sensitive Help The context-sensitive ________
_________________________ and the arguments associated with those commands within the context of the current mode.
To access, enter a question mark, __, at any prompt.
No need to strike the <Enter> key. Uses:
When unsure of the name for a command or want to see a __________________________
Display a list of commands ________ _________________________
Determine which options, arguments etc are matched with a specific command
The IOS has several forms of help available:
–Context-sensitive help
–Command Syntax Check
–Hot Keys and Shortcuts
Using CLI Help cont : Command Syntax Check When a command is submitted by
pressing the <Enter> key, the command line interpreter parses the command from left to right to determine what action is being requested.
If the interpreter understands the command, the requested action is executed.
if the interpreter cannot understand the command being entered, it will provide feedback describing what is wrong with the command.
There are ________ different types of _____________________:
___________ command Not enough characters to recognize the command
___________ command Good start on the command, but needs more
argument__________ command
Part or the whole command is wrong
Using CLI Help cont : Hot Keys and Shortcuts
The CLI offers a number of hot keys and shortcuts make configuring, monitoring faster and easier.
There are a bunch listed in the curriculumYou should be aware of
them- you’ll find you have some favorites…
IOS “Examination” Commands Verify and troubleshoot network operation using
a variation of the examination command: show How would you output a list of available show
commands?
IOS “Examination” Commands cont..
show interfaces_____________________________ on the device. To view the statistics for a specific interface, enter the show interfaces command followed by the specific interface slot/port number.
Router#show interfaces serial 0/1 show version
Displays ___________________________________ ______________, along with hardware information.
Software Version - IOS software version (stored in flash) Bootstrap Version - Bootstrap version (stored in Boot ROM) Software image name - IOS filename stored in flash Router Type and Processor type - Model number and processor type Hardware Interfaces - Interfaces available on router Configuration Register - Sets bootup specifications, console speed
setting, and related parameters. ETC..
IOS “Examination” Commands cont.. show arp - Displays the ________ of the device. show mac-address-table - (_______ only)
Displays the __________________ show startup-config - Displays the ________
______________ located in ____________. show running-config - Displays the contents of
the ____________________ file or the configuration for a specific interface, or map class information.
show ip interfaces - Displays _____________ ________________ on a router.
show ip interface brief - This is useful to get a quick summary of the interfaces and their operational state.
Commonly used
IOS Configuration Modes Global Configuration Mode
AKA ___________ modeChanges made in this mode _____ _____________________________________________________
Use the following command to get from privileged EXEC mode to the global configuration mode:
Router#_______ __________Once the command is executed, the prompt changes to show that the router is in global configuration mode.
Router(config)#
IOS Configuration Modes cont… Specific Configuration Modes
There are many different configuration modes each of which configures a particular function.
To exit a specific configuration mode and return to global configuration mode, enter ______ at a prompt.
To leave a specific configuration mode and _________________________, enter _____ or ___________
Best practice After a change has been made, save to the
running-config to startup-config to prevent loss of changes
Router#copy running-config startup-config
Devices Need Names The hostname is seen in CLI prompt of each router
or switch Router’s factory-assigned default hostname "Router." Switch’s factory-assigned default hostname, "Switch."
So as to avoid confusion, __________________ ______________________ to each device following company’s naming conventions such as:
Start with a letterEnd with a letter or digitHave characters of only letters, digits, and dashes
Hostnames ______________________
Applying Names Once the naming convention has been
identified, the next step is to apply the names to the router using the CLI.
Router#configure terminalRouter(config)#Router(config)#hostname AtlantaHQAtlantaHQ(config)#
Notice that the hostname appears in the prompt.
To negate the effects of a command, ________________________________________________________
Example, to remove the hostname of a device, use:
AtlantaHQ(config)# no hostname Router(config)#
Default hostname is back…
Limiting Device Access – using Passwords Passwords are the primary defense against unauthorized access to
network devices.The passwords which can be used are:____________________ - limits access using the console connection_____________________ - limits access to the ________________ mode______________________ - ______________________, limits access to
the _______________________ mode______________________ - limits device access using Telnet
As good practice, use ______________________________ for each of these levels of access.
The use of easily guessed passwords is a security issue. Consider these key points when choosing ___________________________ passwords:
Use passwords that are more than 8 characters in length.Use a combination of upper and lowercase and/or numeric sequences in
passwords.Avoid using the same password for all devices.Avoid using common words which are easily guessed.
Note: In most of the labs, we will be using simple passwords such as cisco or class.
These weak passwords can be easily guessed and should not be used in a production environment.
Limiting Device Access – Console Password The console port of a device must be
secured with a strong password. The following are used to set a
password:Switch(config)#line console 0
The zero is used to represent the first (and in most cases only) console interface for a router.
Switch(config-line)#password password password password specifies a password.
Switch(config-line)#__________ The login command configures the router
_______________________________ When login is enabled and a password set, there
will be a prompt to enter a password. Once these three commands are executed, a
password prompt will appear each time a user attempts to gain access to the console port.
For security, when prompted for a password, the ______________________________ ___________________________________
Limiting Device Access – Enable and Enable Secret Passwords
To provide additional security, use enable password or _____________ command to establish authentication before accessing __________________ (enable) mode.
Best to use the enable secret command as it uses encryption for more robust security
“enable password” command is older and is not encrypted
The following commands are used to set the passwords:
Router(config)#enable password passwordRouter(config)#enable secret password
If no enable password or enable secret password is set, the _____________________ _____________________________________
Without an enable password having been set, attempting to use a Telnet session would trigger the following message:
% No password set
Enable and Enable Secret Password example:
Limiting Device Access – VTY Password The vty lines allow access to a router
via Telnet. By default, Cisco devices generally support
______________________________A password needs to be set ____________. The same password _________ be set for
all connections or unique passwords can be set for some or all lines
The following commands are used to set a password:
Router(config)#line vty 0 4Router(config-line)#password passwordRouter(config-line)#_____________
By default, the IOS includes the “_____” command on the VTY lines which prevents Telnet access to the device without first requiring authentication.
Encrypting Password Display Another useful command
________________________________________________________________________________
This is the __________________ ________________ command.
This command causes the encryption of passwords to occur when a password is configured.
When viewing the configuration file, all passwords will then be encrypted
Once the encryption has been applied, removing the encryption service does not reverse the encryption.
Limiting Device Access – _______ Messages Provides _______________________________
___________________________________________________ into that device
Banners can be an important part of the legal process in the event that someone is prosecuted for breaking into a device.
Some examples information to include in a banner:
"Use of the device is specifically for authorized personnel."
"Legal action will be pursued for any unauthorized use."
The IOS provides multiple types of banners. One common banner is the message of the day (__________________).
Configured in _________________Requires the use of delimiters at the beginning and
end of the message to identify the content of the banner message.
Lines of text are entered to represent the banner message.
Switch(config)#banner motd # message #
Note needed spaces between message and delimiting character
Managing Configuration Files After making changes to a
configuration, consider 3 options: 1. Make the Changed Configuration the New Startup Configuration
Where is the running configuration stored?
Saving the ____________________ ______________________________________________________ as the new startup configuration.
Be sure to verify changes before savingSwitch# copy _____________ _______________________
Saves the changes to the config file
Managing Configuration Files cont..2. Return the Device to Its Original Configuration
If changes made to the running configuration do not have the desired effect, it is necessary to restore the previous configuration.
Assuming that we have not overwritten the startup configuration with the changes, we can replace the running configuration with the startup configuration
_________________________________________ command.
When initiating a reload, a prompt will appear to ask whether to save the changes made. To ___________________________
Router#reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
*Apr 13 01:34:15.758: %SYS-5-RELOAD: Reload requested by console. Reload Reason:
3. Removing All ConfigurationsIf undesired changes were saved to the ______________, this requires _____________ configuration and _______________________Router# erase startup-config Reloads the device to remove the current running configuration file and blanks the router
Backing Up Configurations Offline Configuration files should be stored as
backup files in the event of a problem. Configuration files can be stored in a safe
place on a Trivial File Transfer Protocol (___________) server, a _____ memory stick etc.
A configuration file should also be ___________________________
Backup Configuration on TFTP ServerUse either the copy running-config tftp or
copy startup-config tftp command and follow these steps:
1. Enter the copy running-config tftp command. 2. Enter the IP address of the host where the
configuration file will be stored. 3. Enter the name to assign to the configuration
file. 4. Answer yes to confirm each choice
Backup Configurations with Text Capture (HyperTerminal)
Configuration files can be ____________ __________________ for later use.
When using _______________, follow these steps:
1. On the Transfer menu, click Capture Text.2. Choose the location. 3. Click Start to begin capturing text. 4. Once capture has been started, execute the
show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.
5. Stop the capture process6. View the output to verify that it was not
corrupted.
Restoring Text Configurations A configuration file can be copied from storage
to a device. When copied into the terminal, the IOS executes each line of the configuration text as a command.
_________________________________ to ensure that encrypted passwords are in plain text and that non-command text such as "--More--" and IOS messages are removed.
At the CLI, the device must be set at the global configuration mode to receive the commands from the text file being copied.
When using HyperTerminal, the steps are:1. Locate the file to be copied into the device and
open the text document.2. Copy all of the text.3. On the Edit menu, click paste to host.
The text in the file will be applied as commands in the CLI and become the running configuration on the device. Remove
Configuring Interfaces on a router Interface configuration is ____________________
So far commands have been generic Each interface on a router has its own unique IPv4
address.The address assigned to each interface exists in a separate network devoted to the interconnection of routers.
Configuring Interfaces: Ethernet Interfaces
Router ____________________________ ___________________________________ directly connected to the router.
Each Ethernet interface must have an ______________________ to route IP packets.
To configure an Ethernet interface follow these steps:
Router#config t Router(config)#interface FastEthernet 0/0 Router(config-if)#ip address ip_address
subnetmaskRouter(config-if)#no shutdown
The “____________________” command enables the Interface
By default, interfaces are disabled. If an interface needs to be disabled for
maintenance or troubleshooting, use the shutdown command.
Configuring Interfaces: Serial Interfaces _____________________________________
_____________________________Each connected serial interface must have an
__________________________________ to route IP packets.
Configure the IP address with the commands:Router#config t Router(config)#interface Serial 0/0 Router(config-if)#ip address ip_address
subnetmask Serial interfaces ____________________ to
control the timing of the communications. In most environments, a DCE device such as a
CSU/DSU will provide the clock. By default, ________________________, but
they can be configured as DCE devices. On serial links that are directly interconnected,
as in our lab environment, one side must ________________________________ signal:
Router(config-if)#clock rate 56000 Router(config-if)#no shutdown
Done on router’s side with DCE cable
* 56000 is clock rate value used in lab*
Configuring Interfaces: Description of an Interface A ___________________________________
______________________ should be part of the configuration of each interface.
The interface description will appear in the output of these commands: show startup-config, show running-config, and show interfaces.
Example- description listing locations connected to int. Interface F0/0 is connected to the mail switch in the admin building
To create- use the command _______________ ___________________ and the description detail
HQ-switch1# configure terminal HQ-switch1(config)#interface fa0/1 HQ-switch1(config-if)#description Connects to main switch in Building A
Configuring a Switch Interface A LAN switch is an _____________ where
the ___________________ _____________ _________________________________
________________________________________________________________________.
Switch interfaces (ports) are enabled by default
Descriptions can be assigned To be able to _____________________, an
________________________________Switch then acts like a host device Address for a switch is assigned to a Virtual
LAN interface (VLAN)- usually __________ Enable this interface with no shutdown
command. Like any other host, the ________________
__________________________ to communicate outside of the local network.
Assign the gateway with the ip default-gateway command.
1
Only needed for the management traffic, but not for the regular data frame forwarding.
Test The Stack: The Ping Command Recall: What does Ping do? Ping is used to _________________________________
When troubleshooting, use an _______________________ starting with the ________________________ and then ________to the _________ and, finally, to __________________
By using the ping command in this ordered sequence, problems can be isolated.
IOS Ping IndicatorsA ping from the IOS will yield to one of several indications for each
ICMP echo that was sent. The most common indicators are: _____- indicates receipt of an ICMP echo reply- _____________ _ - indicates a _______ while waiting for a reply- issues/security block ____ - an ICMP ___________ message was received
Testing the Loopback- recall- What is the loopback?As a first step to verify the IP configuration on the local host. C:\>ping 127.0.0.1
Test The Router Interface Assignment
Verifying the Router InterfacesOne of the most used commands is show ip interface brief
Provides a summary of the key information for all the interfaces including the IP address, if any, assigned to each interface and the operational status of the interface.
We will see an example on the following slide….notice… The _____ in the ______ column shows it is __________________ The ______________________________ shows that the _______
______________________________
Testing Router ConnectivityConnectivity of a router can also be tested with the ping and traceroute commands.
Test The Router Interface graphic…
Test The Switch Interface Assignment Verifying the Switch Interfaces
____________________ brief used to verify the switch interfaces as well as router’s
Recall: the IP address for the switch is applied to a VLAN interface and it’s status will also show
A ____________________________________________ to the interface or the network interface of the devices that is connected is not operational.
An interface is considered _________________________________ ____________________________________
Testing Switch ConnectivityLike other hosts, the switch can test its Layer 3 connectivity with the ping and traceroute commands.
Note the following important facts… An ___________________________ for a switch to perform its job
of frame forwarding and The ___________________ to communicate outside its local
network.
Test The Switch Interface graphic…
Test The Interface Assignment So far we have talked about how
to test the router and the switch The next step in the testing
sequence is to ______________ ____________________________________________ and that the NIC is ready to transmit signals across the media.
Ping the IP address of the host device itself
If this test ______, it is likely that there are __________________ ___________________________ and may require reinstallation of either or both.
Testing hosts on the Local Network Successfully pinging remote hosts
verifies that __________________ ______________________________ (* May not work in XP *)
Possible failure messages include: Destination Unreachable, . Request Timed Out.- indicating that no
response was made to the ping attempt
Extended Ping (Entered at router prompt)
Allows ping to be customized with more options for use in troubleshooting
Example: Assigning longer timeout periods would
indicate a possible latency issue
Testing Gateway and Remote Connectivity The next step in the testing sequence is
to use the ping command to _______ ________________________ address.
Recall: the ______________________ ____________________ so communication with the gateway is important
To discover the gateway IP address use the ipconfig command at the command prompt
If the gateway test fails, _______________________ ensure that
the proper address is being tested. If all devices are configured properly, check
the _______________ to ensure that it is secure and properly connected.
Testing Gateway and Remote Connectivity Once verification of the local LAN and gateway is
complete, testing can proceed to ____________. As seen in the graphic, verification tests should
begin within the local network and progress outward to the remote devices.
First, the ___________________ of the local network gateway router.
Then, ___________________________________Last, test the communication to the remote network
by _____________________________________ ______________________
If you cannot ping at any point, first _________ _________________ using the show ip route command
If there is no route to reach this network, you will need to identify why the route does not exist- check for configuration issues.
NOTE: ping will not always help identify the cause of a problem but can give direction in the troubleshooting process.
Recall- ping can be blocked at any point along the way
1. 2.3.
4.
#1-4 indicate ping process…
Tracing and Interpreting Trace Results The next step in the testing is to
____________________returns a list of hops as a packet is routed through a network.
When performing the trace from ______________, use ___________.
When performing the trace from __________ CLI, use ____________.
A trace command can show the path of the last successful communication and help isolate the problem
Example-- C:\>tracert 10.1.0.2 from the Windows cmd prompt
Example-- RouterA#traceroute 10.1.0.2 from the router’s CLI
Network Baselines One of the most effective tools for monitoring and
troubleshooting network performance is to establish a ____________________________
The ________________________________________ __________________________________
Consists of an _______________________________________ _____________________________
Measuring performance at varying times and loads will assist in creating a better picture of overall network performance.
Baseline reports can consist of _______________ _____________________________________
To obtain a list of MAC to IP address mapping, use arp To see a mapping of hosts on a switch, use the command: #show mac-address-table
Network Baselines cont…
Run the _________________ _________ and save the data each time.
An examination of the files will begin to reveal ______________ in network performance and provide the baseline for future troubleshooting. Note issues such as reoccurring error messages, response
times from host to host etc
Data generated using either the computer prompt or the router prompt can contribute to the baseline.
_____________________ is vitally important and key!!