Anda di halaman 1dari 92

Module 1

Explore the Network

Mr. Vineet Singh


Assistant Professor
Department of Computer Science and Engineering
Amity School Engineering and Technology
Amity University
Networking Today
Networking Today
Networks in Our Daily Lives
• Welcome to a world where we are more powerful together, than we
ever could be apart.
• Welcome to the human network.
Networking Today
Technology Then and Now
• We live in a world we barely imagined 20 years ago.
• What wouldn’t we have without the Internet?
• What will be possible in the future using the network as the
platform?
Networking Today
No Boundaries
• Advancements in networking technologies are helping create a world without boundaries.
• The immediate nature of communications over the Internet encourages global communities.
• Cisco refers to the impact of the Internet and networks on people the “human network”.
Networking Today
Networks Support the Way We Learn
• Do you remember sitting in a classroom, like this?
• You don't have to be in school anymore to take a class. You don't have to be in
a classroom to have a teacher.
Networking Today
Networks Support the Way We Work
• The globalization of the Internet has empowered individuals to create information
that can be accessed globally.
• Forms of communication:
• Texting
• Social Media
• Collaboration Tools
• Blogs
• Wikis
• Podcasting
Networking Today
Networks Support the Way We Work
• Data networks have evolved into helping support the way we work.
• Online learning opportunities decrease costly and time consuming travel.
• Employee training is becoming more cost effective.
Networking Today
Networks Support the Way We Play
• We listen to music, watch movies, read books, and download material for
future offline access.
• Networks allow online gaming in ways that were not possible 20 years ago.
• Offline activities have also been enhanced by networks including global
communities for a wide range of hobbies and interests.
• How do you play on the Internet?
Providing Resources in a Network
Networks of Many Sizes
• Small Home Networks – connect a few
computers to each other and the Internet
• Small Office/Home Office – enables computer
within a home or remote office to connect to
a corporate network
• Medium to Large Networks – many locations
with hundreds or thousands of interconnected
computers
• World Wide Networks – connects hundreds of
millions of computers world-wide – such as
the Internet
Providing Resources in a Network
Clients and Servers
• Every computer connected to a network is
called a host or end device.
• Servers are computers that provide information
to end devices on the network. For example,
email servers, web servers, or file server
• Clients are computers that send requests to the
servers to retrieve information such as a web
page from a web server or email from an email
server.
Providing Resources in a Network
Peer-to-Peer

• Client and server software usually run on separate computers.


• However, in small businesses or homes, it is typical for a client to also function as the server. These
networks are called peer-to-peer networks.
• Peer-to-peer networking advantages: easy to set up, less complex, and lower cost.
• Disadvantages: no centralized administration, not as secure, not scalable, and slower performance.
LAN, WAN & Internet
Network Components
Overview of Network Components
• A network can be as simple as a single
cable connecting two computers or as
complex as a collection of networks
that span the globe.
• Network infrastructure contains three
broad categories of network
components:
• Devices
• Media
• Services
LANs, WANs, and the Internet
Network Components
• End Devices
• An end device is where a
message originates from
or where it is received.
• Data originates with an
end device, flows through
the network, and arrives
at an end device
Network Components
Intermediary Network Devices
• An intermediary device interconnects end devices in a network. Examples
include: switches, wireless access points, routers, and firewalls.
• The management of data as it flows through a network is also the role of
an intermediary device including:
• Regenerate and retransmit data signals.
• Maintain information about what pathways exist through the network and
internetwork.
• Notify other devices of errors and communication failures.
Network Components
Network Media
• Communication across a
network is carried through a
medium which allows a
message to travel from source
to destination.
• Networks typically use three
types of media:
• Metallic wires within cables,
such as copper
• Glass, such as fiber optic cables
• Wireless transmission
Network Components
Network Representations
• Network diagrams, often called
topology diagrams, use symbols
to represent devices within the
network.
• In addition to the device
representations on the right, it is
important to remember and
understand the following terms:
• Network Interface Card (NIC)
• Physical Port
• Interface
Network Components
Topology Diagrams
• Note the key differences between the two topology diagrams (physical location of
devices vs. ports and network addressing schemes)
LANs and WANs
Types of Networks
• Two most common types of
networks:
• Local Area Network (LAN) – spans a
small geographic area owned or
operated by an individual or IT
department.
• Wide Area Network (WAN) – spans
a large geographic area typically
involving a telecommunications
service provider.
• Other types of networks:
• Metropolitan Area Network (MAN)
• Wireless LAN (WLAN)
• Storage Area Network (SAN)
LANs and WANs
Local Area Networks
• Three characteristics of
LANs:
• Spans a small geographic
area such as a home, school,
office building, or campus.
• Usually administered by a
single organization or
individual.
• Provides high speed
bandwidth to end and
intermediary devices within
the network.
LANs and WANs
Wide Area Networks

• Three characteristics of WANs:


• WANs interconnect LANs over wide geographical areas such as between cities, states,
or countries.
• Usually administered by multiple service providers.
• WANs typically provide slower speed links between LANs.
The Internet, Intranets, and Extranets
The Internet
• The Internet is a worldwide
collection of interconnected LANs
and WANs.
• LANs are connected to each other
using WANs.
• WANs are then connected to
each other using copper wires,
fiber optic cables, and wireless
transmissions.
• The Internet is not owned by any
individual or group, however, the
following groups were developed
to help maintain structure:
• IETF
• ICANN
• IAB
The Internet, Intranets, and Extranets
Intranets and Extranets
• Unlike the Internet, an intranet is a
private collection of LANs and
WANs internal to an organization
that is meant to be accessible only
to the organizations members or
others with authorization.
• An organization might use an
extranet to provide secure access
to their network for individuals
who work for a different
organization that need access to
their data on their network.
Internet Connections
Internet Access Technologies• There are many ways to connect
users and organizations to the
Internet:
• Popular services for home users and
small offices include broadband
cable, broadband digital subscriber
line (DSL), wireless WANs, and
mobile services.
• Organizations need faster
connections to support IP phones,
video conferencing and data center
storage.
• Business-class interconnections are
usually provided by service providers
(SP) and may include: business DSL,
leased lines, and Metro Ethernet.
Internet Connections
Home and Small Office Internet Connections
• Cable – high bandwidth, always
on, Internet connection offered
by cable television service
providers.
• DSL – high bandwidth, always on,
Internet connection that runs
over a telephone line.
• Cellular – uses a cell phone
network to connect to the
Internet; only available where
you can get a cellular signal.
• Satellite – major benefit to rural
areas without Internet Service
Providers.
• Dial-up telephone – an
inexpensive, low bandwidth
option using a modem.
Internet Connections
Businesses Internet Connections
• Corporate business connections
may require higher bandwidth,
dedicated connections, or
managed services. Typical
connection options for businesses:
• Dedicated Leased Line – reserved
circuits within the service provider’s
network that connect distant offices
with private voice and/or data
networking.
• Ethernet WAN – extends LAN access
technology into the WAN.
• DSL – Business DSL is available in
various formats including Symmetric
Digital Subscriber Lines (SDSL).
• Satellite – can provide a connection
when a wired solution is not
available.
Internet Connections
Packet Tracer – Help and
Navigation Tips
• Overview of the Packet
Tracer Program
• Packet Tracer is a fun
software program which
will help you with your
CCNA studies by allowing
you to experiment with
network behavior, build
networks, and find the
answers to your “what if”
questions.
Internet Connections
Packet Tracer – Network
Representation
• This activity will allow you
to explore how Packet
Tracer serves as a
modeling tool for network
representations.
• The network model in this
activity incorporates
many of the technologies
you will need to master in
your CCNA studies.
The Network as a Platform
Converged Networks
Traditional Separate Networks
• An example of multiple
networks might be a school
30 years ago. Some
classrooms were cabled for
data networks. Those same
classrooms were cabled for
telephone networks, and also
cabled separately for video.
• Each of these networks used
different technologies to
carry the communication
signals using a different set of
rules and standards.
Converged Networks
The Converging Network
• Converged data networks carry
multiple services on one link
including data, voice, and video.
• Unlike dedicated networks,
converged networks can deliver
data, voice, and video between
different types of devices over
the same network
infrastructure.
• The network infrastructure uses
the same set of rules and
standards.
Reliable Network
Network Architecture
• Network Architecture refers to the
technologies that support the
infrastructure that moves data
across the network.
• There are four basic characteristics
that the underlying architectures
need to address to meet user
expectations:
• Fault Tolerance
• Scalability
• Quality of Service (QoS)
• Security
Reliable Network
Fault Tolerance • A fault tolerant network limits
the impact of a failure by
limiting the number of affected
devices.
• Multiple paths are required for
fault tolerance.
• Reliable networks provide
redundancy by implementing a
packet switched network.
Packet switching splits traffic
into packets that are routed
over a network. Each packet
could theoretically take a
different path to the
destination.
• This is not possible with circuit-
switched networks which
establish dedicated circuits.
Reliable Network
Scalability
• A scalable network can expand
quickly and easily to support
new users and applications
without impacting the
performance of services to
existing users.
• Network designers follow
accepted standards and
protocols in order to make the
networks scalable.
Reliable Network
Quality of Service • Voice and live video
transmissions require higher
expectations for those services
being delivered.
• Have you ever watched a live
video with constant breaks and
pauses? This is caused when
there is a higher demand for
bandwidth than available – and
QoS isn’t configured.
• Quality of Service (QoS) is the
primary mechanism used to
ensure reliable delivery of
content for all users.
• With a QoS policy in place, the
router can more easily manage
the flow of data and voice
traffic.
Reliable Network • There are two main types of
Security network security that must be
addressed:
• Network infrastructure security
• Physical security of network
devices
• Preventing unauthorized access to
the management software on
those devices
• Information Security
• Protection of the information or
data transmitted over the
network
• Three goals of network
security:
• Confidentiality – only intended
recipients can read the data
• Integrity – assurance that the
data has not be altered with
during transmission
• Availability – assurance of timely
and reliable access to data for
authorized users
The Changing Network
Environment
Network Trends
New Trends
• The role of the network must adjust and continually transform in order
to be able to keep up with new technologies and end user devices as
they constantly come to the market.
• Several new networking trends that effect organizations and consumers:
• Bring Your Own Device (BYOD)
• Online collaboration
• Video communications
• Cloud computing
Network Trends
Bring Your Own Device

• Bring Your Own Device (BYOD) is a major global trend that allows users to
use their own devices giving them more opportunities and greater
flexibility.
• BYOD allows end users to have the freedom to use personal tools to access
information and communicate using their:
• Laptops
• Netbooks
• Tablets
• Smartphones
• E-readers
Network Trends
Online Collaboration
• Individuals want to collaborate and work with others over the network on
joint projects.
• Collaboration tools including Cisco WebEx (shown in the figure) gives users a
way to instantly connect, interact and achieve their objectives.
• Collaboration is a very high priority for businesses and in education.
Network Trends
Video Communication
• Cisco TelePresence powers the new way of working where everyone,
everywhere, can be more productive through face to face collaboration.
• Around the world each day, we transform organizations by transforming our
customer experiences.
Network Trends
Cloud Computing
• Cloud computing is a global trend that allows us to store personal files or
backup our data on servers over the Internet.
• Applications such as word processing and photo editing can also be
accessed using the Cloud.
• Cloud computing also allows businesses to extend their capabilities on
demand and delivered automatically to any device anywhere in the world.
• Cloud computing is made possible by data centers. Smaller companies that
can’t afford their own data centers, lease server and storage services from
larger data center organizations in the Cloud.
Network Trends
Cloud Computing (Cont.)
• Four types of Clouds:
• Public Clouds
• Services and applications are made available to the general public through a pay-per-use model
or for free.
• Private Clouds
• Applications and services are intended for a specific organization or entity such as the
government.
• Hybrid Clouds
• Made up of two or more Cloud types – for example, part custom and part public. Each part
remains a distinctive object but both are connected using the same architecture.
• Custom Clouds
Network Trends
Technology Trends in the Home
• Smart home technology is a
growing trend that allows
technology to be integrated into
every-day appliances which allows
them to interconnect with other
devices.
• Ovens might know what time to
cook a meal for you by
communicating with your calendar
on what time you are scheduled to
be home.
Network Trends
Powerline Networking
• Powerline networking can allow
devices to connect to a LAN
where data network cables or
wireless communications are not
a viable option.
• Using a standard powerline
adapter, devices can connect to
the LAN wherever there is an
electrical outlet by sending data
on certain frequencies.
Network Trends
• In addition to DSL and cable,
Wireless wireless is another option used
to connect homes and small
Broadband businesses to the Internet.
• More commonly found in rural
environments, a Wireless
Internet Service Provider (WISP)
is an ISP that connects
subscribers to designated access
points or hotspots.
• Wireless broadband is another
solution for the home and small
businesses.
• Uses the same cellular technology
used by a smart phone.
• An antenna is installed outside the
house providing wireless or wired
connectivity for devices in the
home.
Network Security
Security Threats
• Network security is an integral
part of networking regardless of
the size of the network.
• The network security that is
implemented must take into
account the environment while
securing the data, but still
allowing for quality of service
that is expected of the network.
• Securing a network involves
many protocols, technologies,
devices, tools, and techniques in
order to secure data and
mitigate threats.
• Threat vectors might be external
or internal.
Network Security
Security Threats • External threats:
(Cont.) • Viruses, worms, and Trojan horses
• Spyware and adware
• Zero-day attacks, also called zero-
hour attacks
• Hacker attacks
• Denial of Service attacks
• Data interception and theft
• Identify Theft

• Internal threats:
• Whether intentional or not, many
studies show that the internal
users of the network cause the
most security breaches.
• With BYOD strategies, corporate
data is more vulnerable.
Network Security
Security Solutions
• Security must be implemented in
multiple layers using more than
one security solution.
• Network security components for
home or small office network:
• Antivirus and antispyware software
should be installed on end devices.
• Firewall filtering used to block
unauthorized access to the network.
Network Security
Security Solutions
• Larger networks have
(Cont.) additional security
requirements:
• Dedicated firewall system to
provide more advanced firewall
capabilities.
• Access control lists (ACL) – used
to further filter access and
traffic forwarding.
• Intrusion prevention systems
(IPS) – used to identify fast-
spreading threats such as zero-
day attacks.
• Virtual private networks (VPN) –
used to provide secure access
for remote workers.
Introduction to CISCO IOS
Cisco devices use the Cisco Internetwork Operating System (IOS).
• Although used by Apple, iOS is a registered trademark of Cisco in the U.S. and other
Cisco IOS countries and is used by Apple under license.

Operating System
• All electronic devices require an operating system.
• Windows, Mac, and Linux for PCs and laptops
OS Shell
• Apple iOS and Android for smart phones and tablets
• The OS shell is•either
Cisco IOS for network
a command-line devices
interface (CLI) or a graphical(e.g.,
user switches, routers, wireless AP, firewall, …).
interface (GUI) and enables a user to interface with applications.

OS Kernel
• The OS kernel communicates directly with the hardware and manages how
hardware resources are used to meet software requirements.

Hardware
• The physical part of a computer including underlying electronics.
Cisco IOS
Purpose of OS
• Using a GUI enables a user to:
• Use a mouse to make selections and run programs
• Enter text and text-based commands

• Using a CLI on a Cisco IOS switch or router enables a network technician to:
• Use a keyboard to run CLI-based network programs
• Use a keyboard to enter text and text-based commands

• There are many distinct variations of Cisco IOS:


• IOS for switches, routers, and other Cisco networking devices
• IOS numbered versions for a given Cisco networking devices
Cisco IOS
Purpose of OS (Cont.)
• All devices come with a default
IOS and feature set. It is possible
to upgrade the IOS version or
feature set.
• An IOS can be downloaded from
cisco.com. However, a Cisco
Connection Online (CCO) account
is required.
Note: The focus of this course will
be on Cisco IOS Release 15.x.
Accessing a CISCO IOS Device
Cisco IOS Access
Access Methods
• The three most common ways to access the IOS are:
• Console port – Out-of-band serial port used primarily for management
purposes such as the initial configuration of the router.
• Secure Shell (SSH) - Inband method for remotely and securely establishing a
CLI session over a network. User authentication, passwords, and commands
sent over the network are encrypted. As a best practice, use SSH instead of
Telnet whenever possible.
• Telnet – Inband interfaces remotely establishing a CLI session through a
virtual interface, over a network. User authentication, passwords, and
commands are sent over the network in plaintext.
Note: The AUX port is an on older method of establishing a CLI session remotely via a telephone
dialup connection using a modem.
Cisco IOS Access
Terminal Emulation Program
• Regardless of access method, a terminal emulation program will be
required. Popular terminal emulation programs include PuTTY, Tera
Term, SecureCRT, and OS X Terminal.
Tera Term
Navigating the IOS
Navigate the IOS
Cisco IOS Modes of Operation
• The Cisco IOS modes use a hierarchical command structure.
• Each mode has a distinctive prompt and is used to accomplish
particular tasks with a specific set of commands that are available only
to that mode.
• video demonstration of how to establish a console connection with a
switch.
Navigate the IOS
Primary Command Modes
• The user EXEC mode allows only a limited number of basic monitoring commands.
• Often referred to as “view-only” mode.
• By default, there is no authentication required to access the user EXEC mode but it should be
secured.

• The privileged EXEC mode allows the execution of configuration and management
commands.
• Often referred to as “enable mode” because it requires the enable user EXEC command.
• By default, there is no authentication required to access the user EXEC mode but it should be
secured.
Navigate the IOS
Configuration Command Modes
• The primary configuration mode is called global configuration or simply, global
config.
• Use the configure terminal command to access.
• Changes made affect the operation of the device.

• Specific sub configuration modes can be accessed from global configuration


mode. Each of these modes allows the configuration of a particular part or
function of the IOS device.
• Interface mode - to configure one of the network interfaces.
• Line mode - to configure the console, AUX, Telnet, or SSH access.
Navigate the IOS
Navigate Between IOS Modes
• Various commands are used to move in and out of command prompts:
• To move from user EXEC mode to privileged EXEC mode, use the enable command.
• Use return to user EXEC mode, use the disable command.

• Various methods can be used to exit / quit configuration modes:


• exit - Used to move from a specific mode to the previous more general mode, such as
from interface mode to global config.
• end - Can be used to exit out of global configuration mode regardless of which
configuration mode you are in.
• ^z - Works the same as end.
• Navigating between IOS modes
Navigate the IOS
Navigate Between IOS Modes (Cont.)
• The following provides an example of navigating between IOS modes:
• Enter privileged EXEC mode using the enable command.
• Enter global config mode using the configure terminal command.
• Enter interface sub-config mode using the interface fa0/1 command.
• Exit out of each mode using the exit command.
• The remainder of the configuration illustrates how you can exit a sub-config mode and
return to privileged EXEC mode using either the end or ^Z key combination.
The Command Structure
The Command Structure
Basic IOS Command Structure
• A Cisco IOS device supports
many commands. Each IOS
command has a specific format
or syntax and can only be
executed at the appropriate
mode.

 The syntax for a command is the command followed by any appropriate keywords and arguments.
• Keyword - a specific parameter defined in the operating system (in the figure, ip protocols)
• Argument - not predefined; a value or variable defined by the user (in the figure, 192.168.10.5)
 After entering each complete command, including any keywords and arguments, press the Enter key to
submit the command to the command interpreter.
The Command Structure
IOS Command Syntax
• To determine the keywords and arguments required for a command, refer
to the command syntax
• Refer to the following table when looking at command syntax.

• Examples:
• description string - The command is used to add a description to an interface. The
string argument is text entered by the administrator such as description Connects to
the main headquarter office switch.
• ping ip-address - The command is ping and the user-defined argument is the ip-
address of the destination device such as in ping 10.10.10.5
The Command Structure
IOS Help Features
• IOS Context-Sensitive Help:
• Context-sensitive help provides a list of commands and the arguments
associated with those commands
within the context of the current mode.
• To access context-sensitive help, enter a question mark ?, at any prompt.
The Command Structure
IOS Help Features (Cont.)
• IOS Command Syntax Check:
• The command line interpreter checks an entered command from left to right to determine
what action is being requested.
• If the interpreter understands the command, the requested action is executed and the CLI
returns to the appropriate prompt.
• If the interpreter discovers an error, the IOS generally provides feedback such as “Ambiguous
command”, “Incomplete command”, or “Incorrect command”.
The Command Structure
Hot Keys and Shortcuts
• Commands and keywords can be shortened to the minimum number of
characters that identify a unique selection.

• For example, the configure command can be shortened to conf because


configure is the only command that begins with conf.
• An even shorter version of con will not work because more than one command begins
with con.
• Keywords can also be shortened.
The Command Structure
Hotkeys and Shortcuts
The IOS CLI support the following hotkeys:
• Down Arrow – Allows the user to scroll through command history.
• Up Arrow - Allows the user to scroll backward through commands.
• Tab - Completes the remainder of a partially entered command.
• Ctrl-A - Moves to the beginning of the line.
• Ctrl-E – Moves to the end of the line.
• Ctrl-R – Redisplays a line.
• Ctrl-Z – Exits the configuration mode and returns to user EXEC.
• Ctrl-C – Exits the configuration mode or aborts the current command.
• Ctrl-Shift-6 – Allows the user to interrupt an IOS process (e.g., ping).
Saving Configuration
Hostnames
Device Names
• The first step when configuring a switch is to assign it a unique device
name, or hostname.
• Hostnames appear in CLI prompts, can be used in various authentication
processes between devices, and should be used on topology diagrams.
• Without a hostname, network devices are difficult to identify for
configuration purposes.

Hostnames enables an
administrator to name a
device making it easier to
identify in a network.
Hostnames
Configure Hostnames
• Once the naming convention has been identified, the next step is to apply the names to the devices using the CLI.

• The hostname name global configuration command is used to assign a name.

Switch>
Switch> enable
Switch#
Switch# configure terminal
Switch(config)# hostname Sw-Floor-1
Sw-Floor-1(config)#
Limit Access to Device Configurations
Limiting Device Access
• Step 1 - Secure network devices to physically limit access by placing
them in wiring closets and locked racks.
• Step 2 - Enforce secure passwords as passwords are the primary
defense against unauthorized access to network devices.
 Use strong password as suggested.
 Limit administrative access as follows.
Limit Access to Device Configurations
Configure Passwords
• Secure privileged EXEC access using the enable secret password
global config command.
• Secure
Securing user
User EXEC
EXEC access by configuring
Mode the line console as follows:
Description
Switch(config)# line console 0 Command enters line console configuration mode.

Switch(config-line)# password password Command specifies the line console password.

Switch(config-line)# login Command makes the switch require the password.

Securing Remote Access Description


Cisco switches typically support up to 16 incoming VTY lines numbered 0
• Secure remote Telnet or SSH access by configuring the Virtual
Switch(config)# line vty 0 15
to 15.
terminal (VTY)password
Switch(config-line)# lines as follows: Command specifies the VTY line password.
password

Switch(config-line)# login Command makes the switch require the password.


Limit Access to Device Configurations
Configure Passwords (Cont.)

Secure Privileged EXEC Sw-Floor-1(config)# enable secret class


Sw-Floor-1(config)# exit
Sw-Floor-1#
Sw-Floor-1# disable
Sw-Floor-1> enable
Password:
Sw-Floor-1#

Securing User EXEC Sw-Floor-1(config)# line console 0


Sw-Floor-1(config-line)# password cisco
Sw-Floor-1(config-line)# login
Sw-Floor-1(config-line)# exit
Sw-Floor-1(config)#

Securing Remote Access Sw-Floor-1(config)# line vty 0 15


Sw-Floor-1(config-line)# password cisco
Sw-Floor-1(config-line)# login
Sw-Floor-1(config-line)#
Limit Access to Device Configurations
Encrypt Passwords
• The startup-config and running-config
files display most passwords in plaintext.
This is a security threat because anyone Sw-Floor-1(config)# service password-encryption
S1(config)# exit
can see the passwords if they have access S1# show running-config
<output omitted>
to these files. service password-encryption
!
hostname S1
!
 Use the service password-encryption enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
!
global config command to encrypt all <Output omitted>
line con 0
passwords. password 7 0822455D0A16
login
• The command applies weak encryption to all !
unencrypted passwords. line vty 0 4
password 7 0822455D0A16
• However, it does stop “shoulder surfing”. login
line vty 5 15
password 7 0822455D0A16
login!
Limit Access to Device Configurations
Banner Messages
• Banners are messages that are displayed when someone attempts to gain
access to a device. Banners are an important part of the legal process in the
event that someone is prosecuted for breaking into a device.

 Configured using the banner motd delimiter message


delimiter command from global configuration mode. The
delimiting character can be any character as long as it
isunique and does not occur in the message (e.g., #$%^&*)
Limit Access to Device Configurations
Syntax Checker – Limiting Access to a Switch
Encrypt all passwords.
Sw-Floor-1(config)# service password-encryption
Sw-Floor-1(config)#

Secure the privileged EXEC access with the password Cla55.


Sw-Floor-1(config)# enable secret Cla55
Sw-Floor-1(config)#

Secure the console line. Use the password Cisc0 and allow login.
Sw-Floor-1(config)# line console 0
Sw-Floor-1(config-line)# password Cisc0
Sw-Floor-1(config-line)# login
SW-Floor-1(config-line)# exit
Sw-Floor-1(config)#

Secure the first 16 VTY lines. Use the password Cisc0 and allow login.
Sw-Floor-1(config)# line vty 0 15
Sw-Floor-1(config-line)# password Cisc0
Sw-Floor-1(config-line)# login
Sw-Floor-1(config-line)# end
Sw-Floor-1#
Save Configurations
Save the Running Configuration File
• Cisco devices use a running configuration file and a startup
configuration file.
 The running configuration file is stored in RAM and contains the
current configuration on a Cisco IOS device.
• Configuration changes are stored in this file.
• If power is interrupted, the running config is lost.
• Use the show startup-config command to display contents.

 The startup config file is stored in NVRAM and contains the


configuration that will be used by the device upon reboot.
• Typically the running config is saved as the startup config.
• If power is interrupted, it is not lost or erased.
• Use the show running-config command to display contents.

 Use the copy running-config startup-config command to save the running configuration.
Save Configurations
Alter the Running Configuration
• If configuration changes do not have the desired effect, they can be
removed individually or the device can be rebooted to the last saved
configuration using the reload privileged EXEC mode command.
• The command restores the startup-config.
• A prompt will appear to ask whether to save the changes. To discard the
changes, enter n or no.

• Alternatively, if undesired changes were saved to the startup


configuration, it may be necessary to clear all the configurations using
the erase startup-config privileged EXEC mode command.
Save Configurations
Capture Configuration to a Text File
• Configuration files can also be saved and archived to a text document for editing or reuse later. For
example, assume a switch has been configured and the running config has been saved.

Connect to the switch using PuTTY Enable logging and assign a name Generate text to be captured as Disable logging in the terminal
or Tera Term. and file location to save the log text displayed in the terminal software by choosing None in the
file. window will also be placed into Session logging option.
the chosen file.

Execute the show running-


config or show startup-config
command at the privileged
EXEC prompt.
Save Configurations
Capture Configuration to a Text File (Cont.)
• The text file created can be used as a record of how the device is currently
implemented and be used to restore a configuration. The file would require
editing before being used to restore a saved configuration to a device.

• To restore a configuration file to a device:


• Enter global configuration mode on the device.
• Copy and paste the text file into the terminal window connected to the switch.

• The text in the file will be applied as commands in the CLI and become the
running configuration on the device.
Addressing Device
Ports and Addresses
IP Addressing Overview
• Each end device on a network (e.g., PCs, laptops,
servers, printers, VoIP phones, security cameras,
…) require an IP configuration consisting of:
• IP address
• Subnet mask
• Default gateway (optional for some devices)
 IPv4 addresses are displayed in dotted decimal format
consisting of:
• 4 decimal numbers 0 and 255
• Separated by decimal points (dots)
• E.g., 192.168.1.10, 255.255.255.0, 192.168.1.1
Ports and Addresses
Interfaces and Ports
• Cisco IOS Layer 2 switches have physical ports for devices to connect.
However, these ports do not support Layer 3 IP addresses.

• To remotely connect to and manage a Layer 2 switch, it must be


configured with one or more switch virtual interfaces (SVIs).

• Each switch has a default VLAN 1 SVI.

Note: A Layer 2 switch does not need an IP address to operate. The SVI
IP address is only used to remotely manage a switch.
Configure IP Addressing
Manual IP Address Configuration for End Devices
• To manually configure an IP address on a Windows host:
Open the Control Panel > Network Sharing Center > Change adapter settings and click on the Configure the IPv4 address and subnet mask
adapter. information, and default gateway and then
click OK.

Right-click on the adapter and select Properties to display the Local Area
Connection Properties window.

Highlight Internet Protocol Version 4 (TCP/IPv4) and click Properties to open the
Internet Protocol Version 4 (TCP/IPv4) Properties window

Click Use the following IP address to manually configure the IPv4 address
configuration.
Configure IP Addressing
Automatic IP Address Configuration for End
Devices
Open the Control Panel > Network Sharing Center > Change adapter Click Obtain an IP address automatically and click on OK.
• To assign the IP configuration using a Dynamic Host Configuration
settings and click on the adapter.

Protocol (DHCP) server:


Right-click on the adapter and select Properties
to display the Local Area Connection Properties
window.

Highlight Internet Protocol Version 4 (TCP/IPv4)


and click Properties to open the Internet
Protocol Version 4 (TCP/IPv4) Properties
window

Use the ipconfig Windows Command prompt command to verify a host IP address.
Configure IP Addressing
Switch Virtual Interface
• To remotely manage a switch, it must also be configured with an IP
configuration:
• However, a switch does not have a physical Ethernet interface that can be
configured.
• Instead, you must configure the VLAN 1 switch virtual interface (SVI).

 The VLAN 1 SVI must be configured with:


• IP address - Uniquely identifies the switch on the
network
• Subnet mask - Identifies the network and host portion
in the IP address
• Enabled - Using the no shutdown command.

Use the show ip interface brief privileged EXEC command to verify.


Verifying Connectivity
Interface Addressing Verification
• The IP configuration on a Windows
host is verified using the ipconfig
command.
• To verify the interfaces and address
settings of intermediary devices like
switches and routers, use the show ip
interface brief privileged EXEC
command.
Verifying Connectivity
End-to-End Connectivity Test
• The ping command can be used to test connectivity to another device on
the network or a website on the Internet.