Bab II Konfigurasi Sistem Operasi Jaringan
Konfgurasi Sistem
Operasi Jaringan
BAB II
TUJUAN
Menjelaskan tujuan Cisco IOS.
Jelaskan cara mengakses dan menavigasi Cisco IOS untuk mengkonfgurasi
perangkat jaringan.
Jelaskan struktur komando perangkat lunak Cisco IOS.
Konfgurasi nama host pada perangkat Cisco IOS menggunakan CLI.
Gunakan Cisco IOS perintah untuk membatasi akses ke konfgurasi perangkat.
Gunakan Cisco IOS perintah untuk menyimpan menjalankan konfgurasi.
Jelaskan bagaimana perangkat berkomunikasi melalui jaringan media.
Mengkonfgurasi perangkat host dengan alamat IP.
Verifkasi konektivitas antara dua end host.
Cisco IOS
Operating Systems
Semua peralatan jaringan tergantung pada sistem operasi:
•
End devices(PC, laptop, smart phone, tablet)
•
switches
•
router
•
Titik akses nirkabel
•
frewall
Cisco Internetwork Operating System (IOS)
Koleksi sistem operasi jaringan yang digunakan pada perangkat Cisco
Cisco IOS
Operating Systems
Cisco IOS
Purpose of OS
Sistem operasi PC (Windows 8, Linux & OS X) melakukan fungsi teknis yang
memungkinkan
Penggunaan perangkat input dan output
Mengelola proses dan program
Mengelola fle sistem, keamanan, perangkat keras, dll
Switch atau router IOS menyediakan opsi untuk
Fungsi yang sama seperti sistem operasi host
Konfgurasi interface
Aktifkan routing dan beralih fungsi
Semua perangkat jaringan datang dengan default IOS (switch, router, frewall)
Kemungkinan untuk meng-upgrade iOS versi atau ftur set
Cisco IOS
Location of the Cisco IOS
IOS tersimpan dalam fash
penyimpanan Non-volatile - tidak hilang bila daya hilang
Dapat diubah atau ditimpa sesuai kebutuhan
Dapat digunakan untuk menyimpan beberapa versi IOS
IOS disalin dari fash ke RAM stabil ketika boot
Jumlah fash dan memori RAM menentukan IOS yang dapat digunakan
Cisco IOS
IOS Functions
Major functions performed or enabled by Cisco routers and switches
include:
Router/Switch Bootup Process (more in later course)
8
9
Bootup Process
running-config
IOS (running)
startup-config
IOS
Bootup program
ios (partial)
Where is the permanent configuration file stored used during boot-up?
NVRAM (B)
Where is the diagnostics software stored executed by hardware modules?
Where is the backup (partial) copy of the IOS stored?
ROM (D)
ROM (D)
Where is IOS permanently stored before it is copied into RAM?
FLASH (C)
Where are all changes to the configuration immediately stored?
RAM (A)
A
running-config
IOS (running)
B
startup-config
C
IOS
D
Bootup program
ios (partial)
11
?
?
12
?
?
?
?
?
running-config
IOS (running)
startup-config
IOS
Bootup program
ios (partial)
startup-config
IOS
C
A
running-config
IOS (running)
B
running-config
ios (partial)
B
startup-config
A
D
C
IOS
Bootup program
IOS (running)
A
D
Bootup program
ios (partial)
D
13
Cisco IOS
CCO Account Benefts and IOS
Files
This video introduces Cisco Connection Online (CCO). CCO has a wealth of
information available regarding Cisco products and services.
14
Accessing a Cisco IOS Device
Console Access Method
Most common methods to access the Command Line Interface
Console
Telnet or SSH
AUX port
15
Accessing a Cisco IOS Device
Console Access Method
Console port
Device is accessible even if no networking
services have been confgured (out-of-band)
Need a special console cable (aka rollover
cable)
Allows confguration commands to be entered
Should be confgured with passwords to prevent
unauthorized access
Device should be located in a secure room so
console port can not be easily accessed
16
Port Console
Perangkat dapat diakses bahkan jika tidak ada layanan jaringan telah
dikonfgurasi (out-of-band)
Butuh kabel konsol khusus (alias kabel rollover)
Memungkinkan konfgurasi perintah yang akan dimasukkan
Harus dikonfgurasi dengan password untuk mencegah akses yang
tidak sah
Perangkat harus ditempatkan di ruang yang aman sehingga port
konsol tidak dapat dengan mudah diakses
Establishing a HyperTerminal session (next
week)
Router
Console port
Rollover cable
Terminal or a
PC with
terminal
emulation
software
Com1 or Com2 serial port
Or USB port with USB-to-Serial adapter
Connect PC using the RJ-45/mini-USB to Serial/USB rollover cable.
Confgure the terminal or PC terminal emulation software for:
9600 baud
8 data bits
no parity
1 stop bit
no fow control
19
Terminal
(Serial)
Settings)
Confgure the terminal or PC terminal emulation software for:
9600 baud
8 data bits
no parity
1 stop bit
no fow control.
20
Establishing a Terminal/Serial/Console session
•
•
•
•
•
•
PuTTY
Tera Term
SecureCRT
HyperTerminal
OS X Terminal
Zoc
Important: A console connection is not
the same as a network connection!
Dumb Terminal
=
21
Accessing a Cisco IOS Device
Telnet, SSH, and AUX Access
Methods
Telnet
Method for remotely accessing the CLI over a network
Require active networking services and one active interface
that is confgured
Secure Shell (SSH) – Preferred over Telnet
Remote login similar to Telnet but utilizes more security
Stronger password authentication
Uses encryption when transporting data
Aux Port (not used too much)
Out-of-band connection
Uses telephone line
Can be used like console port
22
23
C:\> ping
C:\> ssh
Ethernet Connection
Network connection needed
NIC
When can you use a network connection to
connect to the router? When there is a network
What
What
connection to the router (telnet).
software/command do you need? TCP/IP, Terminal prompt (DOS),
Tera Term, etc.
cable and ports do you use? PC & Router: Ethernet NIC
Ethernet straight-through cable
When should you not use a network
connection to configure the router?
When the change may
disconnect the telnet connection.
Accessing a Cisco IOS Device
Terminal Emulation Programs
Software available for
connecting to a networking
device (usually same as
terminal/serial/console
connection):
PuTTY
Tera Term
SecureCRT
HyperTerminal
OS X Terminal
Zoc
24
Navigating the IOS
Cisco IOS Modes of Operation
25
Navigating the IOS
Cisco IOS Modes of Operation
26
enable
configure terminal
interface < >
router < >
line < >
Navigating the IOS
Primary Modes
enable
enable
27
Navigating the IOS
Global Confguration Mode and
Submodes
Global configuration mode and interface configuration modes can
only be reached from the privileged EXEC mode.
28
Navigating the IOS
Navigating between IOS Modes
Similar IOS commands for switches and routers
29
Navigating the IOS
Navigating between IOS Modes
(cont.)
Switch>
user mode
Switch> enable
go to privilege mode
Switch# configure terminal
go to global configuration mode
Switch(config)# interface vlan 1
go to interface mode
Switch(config-if)# exit
Switch(config)# exit
Switch# config t
Shortened commands and parameters
Switch(config)# vlan 1
go to VLAN configuration mode
Switch(config-vlan)# end
go to privilege-EXEC mode
Switch# disable
Switch> enable
Switch# config t
Switch(config)# line vty 0 4
go to interface (line) mode
Switch(config-line)# exit
Switch(config)#
30
31
Switch>
user mode
Switch#
privilege mode
Common
Commands for Switches and Routers
Switch> enable
Switch# configure terminal
Switch(config)# exit
Switch# config t
Switch(config)# hostname name
Switch(config)# enable secret password privilege password
Switch(config)# line console 0
console password
Switch(config-line)# password password
Switch(config-line)# login
Switch(config)# line vty 0 4
telnet password
Switch(config-line)# password password
Switch(config-line)# login
Switch(config)# banner motd # message # banner
Switch(config)# interface type number
Switch(config-if)# description description
configure interface
32
Making your life easier!
Switch# enable
Switch(config)# line console 0
Console port
Switch(config-line)# logging synchronous
IOS will not
Switch(config-line)# exec-timeout 0 0
password
Switch(config)# no ip domain-lookup password
Switch(config-line)# login
Switch(config)# banner motd # message # banner
Switch(config)# interface type number
Switch(config-if)# description description
configure interface
Navigating the IOS
Navigating between IOS Modes
33
The Command Structure
IOS Command Structure
34
The Command Structure
Cisco IOS Command Reference
IOS Command Conventions
The general syntax for a command is the command followed by any
appropriate keywords (defned) and arguments (undefned).
An argument is generally not a predefned word.
An argument is a value or variable defned by the user.
Switch(config-if)# description string
Boldface text indicates commands and keywords that are typed as
shown
Italic text indicates an argument for which you supply the value. For
the description command, the argument is a string value.
The string value can be any text string of up to 80 characters.
Example:
Switch(config-if)# description MainHQ Office Switch
35
The Command Structure
Cisco IOS Command Reference
For the ping command:
Switch> ping IP-address
Switch> ping 10.10.10.5
The command is ping and the user defned argument is the 10.10.10.5.
Similarly, the syntax for entering the traceroute command is:
Switch> traceroute IP-address
Switch> traceroute 192.168.254.254
The command is traceroute and the user defned argument is the
192.168.254.254.
36
The Command Structure
Context Sensitive Help
37
The Command Structure
Command Syntax Check
38
The Command Structure
Command Syntax Check
39
The Command Structure
Command Syntax Check
40
The Command Structure
Hot Keys and Shortcuts
Tab - Completes the remainder of a partially typed command or
keyword
Ctrl-R - Redisplays a line
Ctrl-A – Moves cursor to the beginning of the line
Ctrl-Z - Exits confguration mode and returns to user EXEC
Down Arrow - Allows the user to scroll forward through former
commands
Up Arrow - Allows the user to scroll backward through former
commands
Ctrl-Shift-6 - Allows the user to interrupt an IOS process such
as ping or traceroute.
Ctrl-C - Aborts the current command and exits the confguration
mode
41
The Command Structure
IOS Examination Commands
42
The Command Structure
The show version Command
43
The Command Structure
Navigating the IOS
44
Hostnames
Why the Switch
Let’s focus on
Creating a two PC network connected via a switch
Setting a name for the switch
Limiting access to the device confguration
Confguring banner messages
Saving the confguration
45
Hostnames
Device Names
Hostnames allow devices to be identifed by network
administrators over a network or the Internet.
Some guidelines for naming conventions are that names should:
Start with a letter
Contain no spaces
End with a letter or digit
Use only letters, digits, and dashes
Be less than 64 characters in length
Without names, network
devices are difficult to
identify for configuration
purposes.
46
Hostnames
Confguring Hostnames
Switch(config)# hostname Sw-Floor-3
Sw-Floor3(config)#
Switch(config)# hostname Sw-Floor-2
Sw-Floor2(config)#
Switch(config)# hostname Sw-Floor-1
Sw-Floor1(config)#
47
Limiting Access to Device
Confgurations
Securing Device Access
The passwords introduced here are:
Enable password - Limits access to the privileged EXEC mode
Enable secret - Encrypted, limits access to the privileged EXEC mode
Console password - Limits device access using the console connection
VTY password - Limits device access over Telnet
Note: In most of the labs in this course, we will be using simple
passwords such as cisco or class.
48
Limiting Access to Device Confgurations
Securing Privileged EXEC Access
49
class
use the enable secret command, not the older enable
password command
enable secret provides greater security because the password
is encrypted
Limiting Access to Device Confgurations
Securing User EXEC Access
Console port must be secured
• reduces the chance of unauthorized personnel physically
plugging a cable into the device and gaining device
access
vty lines allow access to a Cisco device via Telnet
• number of vty lines supported varies with the type of
device and the IOS version
50
Limiting Access to Device Confgurations
Encrypting Password Display
service
passwordencryption
prevents
passwords from
showing up as
plain text when
viewing the
confguration
purpose of this
command is to
keep unauthorized
individuals from
viewing
passwords in the
confguration fle
once applied,
removing the
encryption service
does not reverse
the encryption
51
Limiting Access to Device Confgurations
Banner Messages
Switch(config)# banner motd # This is a secure system Authorized
Access Only!!! #
Sw-Floor3(config)#
Important part of the legal process in the event that someone is
prosecuted for breaking into a device
Wording that implies that a login is "welcome" or "invited" is not
appropriate
52
Saving Confgurations
Confguration Files
Switch# show running-config
Switch# copy running-config startup-config
Switch# delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch# erase startup-config
Switch# reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
53
Saving Confgurations
Capturing Text
54
Saving Confgurations
Capturing Text
55
Ports and Addresses
IP Addressing in the Large
Each end device on a
network must be
confgured with an IP
address
Structure of an IPv4
address is called
dotted decimal
IP address displayed in
decimal notation, with
four decimal
numbers between 0
and 255
With the IP address, a
subnet mask is also
necessary
IP addresses can be
assigned to both
physical ports and
virtual interfaces
IPv4 and IPv6
addresses will be
discussed in more
detail later
56
Ports and Addresses
Interfaces and Ports
Terms are used interchangeably
Some interfaces can be can be confgured with an IP address such
as:
NIC (Ethernet interface) on a host/computer
Router’s Ethernet or Serial interfaces
Switches have ports (interfaces) but do not typically have IP addresses
assigned to them
Used to connect devices on LANs that do have IP addresses such as
hosts, routers, printers.
57
Confguring a Switch Virtual
Interface
Allows the network administrator to communicate (SSH, telnet, ping) with the
switch.
It is OPTIONAL
“Layer 2” switches do NOT need an IP address to forward Ethernet frames.
IP address - together with subnet mask, uniquely identifes end device on
internetwork (more later)
Subnet mask - determines which part of a larger network is used by an IP
address interface VLAN 1 - interface confguration mode
ip address 192.168.10.2 255.255.255.0 - confgures the IP address and
subnet mask for the switch
no shutdown - administratively enables the interface
Switch still needs to have physical ports confgured and VTY lines to enable
remote management
58
Addressing Devices
Manual IP Address Confguration for End Devices
59
More later!
Addressing Devices
Automatic IP Address Confguration for End Devices
60
More later!
Addressing Devices
IP Address Conficts
61
More later!
In Class Lab
62
Verifying Connectivity
Test the Loopback Address on an End Device
C:\> ping 127.0.0.1
Reply from 127.0.0.1:
Reply from 127.0.0.1:
Reply from 127.0.0.1:
Reply from 127.0.0.1:
bytes=32
bytes=32
bytes=32
bytes=32
time
Operasi Jaringan
BAB II
TUJUAN
Menjelaskan tujuan Cisco IOS.
Jelaskan cara mengakses dan menavigasi Cisco IOS untuk mengkonfgurasi
perangkat jaringan.
Jelaskan struktur komando perangkat lunak Cisco IOS.
Konfgurasi nama host pada perangkat Cisco IOS menggunakan CLI.
Gunakan Cisco IOS perintah untuk membatasi akses ke konfgurasi perangkat.
Gunakan Cisco IOS perintah untuk menyimpan menjalankan konfgurasi.
Jelaskan bagaimana perangkat berkomunikasi melalui jaringan media.
Mengkonfgurasi perangkat host dengan alamat IP.
Verifkasi konektivitas antara dua end host.
Cisco IOS
Operating Systems
Semua peralatan jaringan tergantung pada sistem operasi:
•
End devices(PC, laptop, smart phone, tablet)
•
switches
•
router
•
Titik akses nirkabel
•
frewall
Cisco Internetwork Operating System (IOS)
Koleksi sistem operasi jaringan yang digunakan pada perangkat Cisco
Cisco IOS
Operating Systems
Cisco IOS
Purpose of OS
Sistem operasi PC (Windows 8, Linux & OS X) melakukan fungsi teknis yang
memungkinkan
Penggunaan perangkat input dan output
Mengelola proses dan program
Mengelola fle sistem, keamanan, perangkat keras, dll
Switch atau router IOS menyediakan opsi untuk
Fungsi yang sama seperti sistem operasi host
Konfgurasi interface
Aktifkan routing dan beralih fungsi
Semua perangkat jaringan datang dengan default IOS (switch, router, frewall)
Kemungkinan untuk meng-upgrade iOS versi atau ftur set
Cisco IOS
Location of the Cisco IOS
IOS tersimpan dalam fash
penyimpanan Non-volatile - tidak hilang bila daya hilang
Dapat diubah atau ditimpa sesuai kebutuhan
Dapat digunakan untuk menyimpan beberapa versi IOS
IOS disalin dari fash ke RAM stabil ketika boot
Jumlah fash dan memori RAM menentukan IOS yang dapat digunakan
Cisco IOS
IOS Functions
Major functions performed or enabled by Cisco routers and switches
include:
Router/Switch Bootup Process (more in later course)
8
9
Bootup Process
running-config
IOS (running)
startup-config
IOS
Bootup program
ios (partial)
Where is the permanent configuration file stored used during boot-up?
NVRAM (B)
Where is the diagnostics software stored executed by hardware modules?
Where is the backup (partial) copy of the IOS stored?
ROM (D)
ROM (D)
Where is IOS permanently stored before it is copied into RAM?
FLASH (C)
Where are all changes to the configuration immediately stored?
RAM (A)
A
running-config
IOS (running)
B
startup-config
C
IOS
D
Bootup program
ios (partial)
11
?
?
12
?
?
?
?
?
running-config
IOS (running)
startup-config
IOS
Bootup program
ios (partial)
startup-config
IOS
C
A
running-config
IOS (running)
B
running-config
ios (partial)
B
startup-config
A
D
C
IOS
Bootup program
IOS (running)
A
D
Bootup program
ios (partial)
D
13
Cisco IOS
CCO Account Benefts and IOS
Files
This video introduces Cisco Connection Online (CCO). CCO has a wealth of
information available regarding Cisco products and services.
14
Accessing a Cisco IOS Device
Console Access Method
Most common methods to access the Command Line Interface
Console
Telnet or SSH
AUX port
15
Accessing a Cisco IOS Device
Console Access Method
Console port
Device is accessible even if no networking
services have been confgured (out-of-band)
Need a special console cable (aka rollover
cable)
Allows confguration commands to be entered
Should be confgured with passwords to prevent
unauthorized access
Device should be located in a secure room so
console port can not be easily accessed
16
Port Console
Perangkat dapat diakses bahkan jika tidak ada layanan jaringan telah
dikonfgurasi (out-of-band)
Butuh kabel konsol khusus (alias kabel rollover)
Memungkinkan konfgurasi perintah yang akan dimasukkan
Harus dikonfgurasi dengan password untuk mencegah akses yang
tidak sah
Perangkat harus ditempatkan di ruang yang aman sehingga port
konsol tidak dapat dengan mudah diakses
Establishing a HyperTerminal session (next
week)
Router
Console port
Rollover cable
Terminal or a
PC with
terminal
emulation
software
Com1 or Com2 serial port
Or USB port with USB-to-Serial adapter
Connect PC using the RJ-45/mini-USB to Serial/USB rollover cable.
Confgure the terminal or PC terminal emulation software for:
9600 baud
8 data bits
no parity
1 stop bit
no fow control
19
Terminal
(Serial)
Settings)
Confgure the terminal or PC terminal emulation software for:
9600 baud
8 data bits
no parity
1 stop bit
no fow control.
20
Establishing a Terminal/Serial/Console session
•
•
•
•
•
•
PuTTY
Tera Term
SecureCRT
HyperTerminal
OS X Terminal
Zoc
Important: A console connection is not
the same as a network connection!
Dumb Terminal
=
21
Accessing a Cisco IOS Device
Telnet, SSH, and AUX Access
Methods
Telnet
Method for remotely accessing the CLI over a network
Require active networking services and one active interface
that is confgured
Secure Shell (SSH) – Preferred over Telnet
Remote login similar to Telnet but utilizes more security
Stronger password authentication
Uses encryption when transporting data
Aux Port (not used too much)
Out-of-band connection
Uses telephone line
Can be used like console port
22
23
C:\> ping
C:\> ssh
Ethernet Connection
Network connection needed
NIC
When can you use a network connection to
connect to the router? When there is a network
What
What
connection to the router (telnet).
software/command do you need? TCP/IP, Terminal prompt (DOS),
Tera Term, etc.
cable and ports do you use? PC & Router: Ethernet NIC
Ethernet straight-through cable
When should you not use a network
connection to configure the router?
When the change may
disconnect the telnet connection.
Accessing a Cisco IOS Device
Terminal Emulation Programs
Software available for
connecting to a networking
device (usually same as
terminal/serial/console
connection):
PuTTY
Tera Term
SecureCRT
HyperTerminal
OS X Terminal
Zoc
24
Navigating the IOS
Cisco IOS Modes of Operation
25
Navigating the IOS
Cisco IOS Modes of Operation
26
enable
configure terminal
interface < >
router < >
line < >
Navigating the IOS
Primary Modes
enable
enable
27
Navigating the IOS
Global Confguration Mode and
Submodes
Global configuration mode and interface configuration modes can
only be reached from the privileged EXEC mode.
28
Navigating the IOS
Navigating between IOS Modes
Similar IOS commands for switches and routers
29
Navigating the IOS
Navigating between IOS Modes
(cont.)
Switch>
user mode
Switch> enable
go to privilege mode
Switch# configure terminal
go to global configuration mode
Switch(config)# interface vlan 1
go to interface mode
Switch(config-if)# exit
Switch(config)# exit
Switch# config t
Shortened commands and parameters
Switch(config)# vlan 1
go to VLAN configuration mode
Switch(config-vlan)# end
go to privilege-EXEC mode
Switch# disable
Switch> enable
Switch# config t
Switch(config)# line vty 0 4
go to interface (line) mode
Switch(config-line)# exit
Switch(config)#
30
31
Switch>
user mode
Switch#
privilege mode
Common
Commands for Switches and Routers
Switch> enable
Switch# configure terminal
Switch(config)# exit
Switch# config t
Switch(config)# hostname name
Switch(config)# enable secret password privilege password
Switch(config)# line console 0
console password
Switch(config-line)# password password
Switch(config-line)# login
Switch(config)# line vty 0 4
telnet password
Switch(config-line)# password password
Switch(config-line)# login
Switch(config)# banner motd # message # banner
Switch(config)# interface type number
Switch(config-if)# description description
configure interface
32
Making your life easier!
Switch# enable
Switch(config)# line console 0
Console port
Switch(config-line)# logging synchronous
IOS will not
Switch(config-line)# exec-timeout 0 0
password
Switch(config)# no ip domain-lookup password
Switch(config-line)# login
Switch(config)# banner motd # message # banner
Switch(config)# interface type number
Switch(config-if)# description description
configure interface
Navigating the IOS
Navigating between IOS Modes
33
The Command Structure
IOS Command Structure
34
The Command Structure
Cisco IOS Command Reference
IOS Command Conventions
The general syntax for a command is the command followed by any
appropriate keywords (defned) and arguments (undefned).
An argument is generally not a predefned word.
An argument is a value or variable defned by the user.
Switch(config-if)# description string
Boldface text indicates commands and keywords that are typed as
shown
Italic text indicates an argument for which you supply the value. For
the description command, the argument is a string value.
The string value can be any text string of up to 80 characters.
Example:
Switch(config-if)# description MainHQ Office Switch
35
The Command Structure
Cisco IOS Command Reference
For the ping command:
Switch> ping IP-address
Switch> ping 10.10.10.5
The command is ping and the user defned argument is the 10.10.10.5.
Similarly, the syntax for entering the traceroute command is:
Switch> traceroute IP-address
Switch> traceroute 192.168.254.254
The command is traceroute and the user defned argument is the
192.168.254.254.
36
The Command Structure
Context Sensitive Help
37
The Command Structure
Command Syntax Check
38
The Command Structure
Command Syntax Check
39
The Command Structure
Command Syntax Check
40
The Command Structure
Hot Keys and Shortcuts
Tab - Completes the remainder of a partially typed command or
keyword
Ctrl-R - Redisplays a line
Ctrl-A – Moves cursor to the beginning of the line
Ctrl-Z - Exits confguration mode and returns to user EXEC
Down Arrow - Allows the user to scroll forward through former
commands
Up Arrow - Allows the user to scroll backward through former
commands
Ctrl-Shift-6 - Allows the user to interrupt an IOS process such
as ping or traceroute.
Ctrl-C - Aborts the current command and exits the confguration
mode
41
The Command Structure
IOS Examination Commands
42
The Command Structure
The show version Command
43
The Command Structure
Navigating the IOS
44
Hostnames
Why the Switch
Let’s focus on
Creating a two PC network connected via a switch
Setting a name for the switch
Limiting access to the device confguration
Confguring banner messages
Saving the confguration
45
Hostnames
Device Names
Hostnames allow devices to be identifed by network
administrators over a network or the Internet.
Some guidelines for naming conventions are that names should:
Start with a letter
Contain no spaces
End with a letter or digit
Use only letters, digits, and dashes
Be less than 64 characters in length
Without names, network
devices are difficult to
identify for configuration
purposes.
46
Hostnames
Confguring Hostnames
Switch(config)# hostname Sw-Floor-3
Sw-Floor3(config)#
Switch(config)# hostname Sw-Floor-2
Sw-Floor2(config)#
Switch(config)# hostname Sw-Floor-1
Sw-Floor1(config)#
47
Limiting Access to Device
Confgurations
Securing Device Access
The passwords introduced here are:
Enable password - Limits access to the privileged EXEC mode
Enable secret - Encrypted, limits access to the privileged EXEC mode
Console password - Limits device access using the console connection
VTY password - Limits device access over Telnet
Note: In most of the labs in this course, we will be using simple
passwords such as cisco or class.
48
Limiting Access to Device Confgurations
Securing Privileged EXEC Access
49
class
use the enable secret command, not the older enable
password command
enable secret provides greater security because the password
is encrypted
Limiting Access to Device Confgurations
Securing User EXEC Access
Console port must be secured
• reduces the chance of unauthorized personnel physically
plugging a cable into the device and gaining device
access
vty lines allow access to a Cisco device via Telnet
• number of vty lines supported varies with the type of
device and the IOS version
50
Limiting Access to Device Confgurations
Encrypting Password Display
service
passwordencryption
prevents
passwords from
showing up as
plain text when
viewing the
confguration
purpose of this
command is to
keep unauthorized
individuals from
viewing
passwords in the
confguration fle
once applied,
removing the
encryption service
does not reverse
the encryption
51
Limiting Access to Device Confgurations
Banner Messages
Switch(config)# banner motd # This is a secure system Authorized
Access Only!!! #
Sw-Floor3(config)#
Important part of the legal process in the event that someone is
prosecuted for breaking into a device
Wording that implies that a login is "welcome" or "invited" is not
appropriate
52
Saving Confgurations
Confguration Files
Switch# show running-config
Switch# copy running-config startup-config
Switch# delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch# erase startup-config
Switch# reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
53
Saving Confgurations
Capturing Text
54
Saving Confgurations
Capturing Text
55
Ports and Addresses
IP Addressing in the Large
Each end device on a
network must be
confgured with an IP
address
Structure of an IPv4
address is called
dotted decimal
IP address displayed in
decimal notation, with
four decimal
numbers between 0
and 255
With the IP address, a
subnet mask is also
necessary
IP addresses can be
assigned to both
physical ports and
virtual interfaces
IPv4 and IPv6
addresses will be
discussed in more
detail later
56
Ports and Addresses
Interfaces and Ports
Terms are used interchangeably
Some interfaces can be can be confgured with an IP address such
as:
NIC (Ethernet interface) on a host/computer
Router’s Ethernet or Serial interfaces
Switches have ports (interfaces) but do not typically have IP addresses
assigned to them
Used to connect devices on LANs that do have IP addresses such as
hosts, routers, printers.
57
Confguring a Switch Virtual
Interface
Allows the network administrator to communicate (SSH, telnet, ping) with the
switch.
It is OPTIONAL
“Layer 2” switches do NOT need an IP address to forward Ethernet frames.
IP address - together with subnet mask, uniquely identifes end device on
internetwork (more later)
Subnet mask - determines which part of a larger network is used by an IP
address interface VLAN 1 - interface confguration mode
ip address 192.168.10.2 255.255.255.0 - confgures the IP address and
subnet mask for the switch
no shutdown - administratively enables the interface
Switch still needs to have physical ports confgured and VTY lines to enable
remote management
58
Addressing Devices
Manual IP Address Confguration for End Devices
59
More later!
Addressing Devices
Automatic IP Address Confguration for End Devices
60
More later!
Addressing Devices
IP Address Conficts
61
More later!
In Class Lab
62
Verifying Connectivity
Test the Loopback Address on an End Device
C:\> ping 127.0.0.1
Reply from 127.0.0.1:
Reply from 127.0.0.1:
Reply from 127.0.0.1:
Reply from 127.0.0.1:
bytes=32
bytes=32
bytes=32
bytes=32
time