02_Basic Switch and End Device Configuration Flashcards
Operating Systems
he portion of the OS that interacts directly with computer hardware is known as the kernel. The portion that interfaces with applications and the user is known as the shell. The user can interact with the shell using a command-line interface (CLI) or a graphical user interface (GUI).
shell
the user interface that allows users to request specific tasks from the computer. These requests can be made either through the CLI or GUI interfaces
kernel
communicates between the hardware and software of a computer and manages how hardware resources are used to meet software requirements
hardware
physical part of a computer including underlying electronics
GUI
A GUI such as Windows, macOS, Linux KDE, Apple iOS, or Android allows the user to interact with the system using an environment of graphical icons, menus, and windows. The GUI example in the figure is more user-friendly and requires less knowledge of the underlying command structure that controls the system. For this reason, most users rely on GUI environments.
Purpose of an OS
Network operating systems are similar to a PC operating system. Through a GUI, a PC operating system enables a user to do the following:
- Use a mouse to make selections and run programs
- Enter text and text-based commands
- View output on a monitor
A CLI-based network operating system (e.g., the Cisco IOS on a switch or router) enables a network technician to do the following:
- Use a keyboard to run CLI-based network programs
- Use a keyboard to enter text and text-based commands
- View output on a monitor
Console
This is a physical management port that provides out-of-band access to a Cisco device. Out-of-band access refers to access via a dedicated management channel that is used for device maintenance purposes only. The advantage of using a console port is that the device is accessible even if no networking services are configured, such as performing the initial configuration. A computer running terminal emulation software and a special console cable to connect to the device are required for a console connection.
Secure Shell (SSH)
SSH is an in-band and recommended method for remotely establishing a secure CLI connection, through a virtual interface, over a network. Unlike a console connection, SSH connections require active networking services on the device, including an active interface configured with an address. Most versions of Cisco IOS include an SSH server and an SSH client that can be used to establish SSH sessions with other devices.
Telnet
Telnet is an insecure, in-band method of remotely establishing a CLI session, through a virtual interface, over a network. Unlike SSH, Telnet does not provide a secure, encrypted connection and should only be used in a lab environment. User authentication, passwords, and commands are sent over the network in plaintext. The best practice is to use SSH instead of Telnet. Cisco IOS includes both a Telnet server and Telnet client.
Which access method would be most appropriate if you were in the equipment room with a new switch that needs to be configured?
Console
Which access method would be most appropriate if your manager gave you a special cable and told you to use it to configure the switch?
Console
Which access method would be the most appropriate in-band access to the IOS over a network connection?
Telnet/SSH
Which access method would be the most appropriate if you call your manager to tell him you cannot access your router in another city over the internet and he provides you with the information to access the router through a telephone connection?
Aux
User EXEC Mode
- Mode allows access to only a limited number of basic monitoring commands.
- It is often referred to as “view-only” mode.
Switch>
Router>
Privileged EXEC Mode
- Mode allows access to all commands and features.
- The user can use any monitoring commands and execute configuration and management commands.
Switch#
Router#
Various commands are used to move in and out of command prompts. To move from user EXEC mode to privileged EXEC mode, use the enable command. Use the disable privileged EXEC mode command to return to user EXEC mode.
Note: Privileged EXEC mode is sometimes called enable mode.
global config mode
To configure the device, the user must enter global configuration mode, which is commonly called global config mode.
From global config mode, CLI configuration changes are made that affect the operation of the device as a whole. Global configuration mode is identified by a prompt that ends with (config)# after the device name, such as Switch(config)#.
Global configuration mode is accessed before other specific configuration modes. From global config mode, the user can enter different subconfiguration modes.
configure terminal
Line Configuration Mode
Used to configure console, SSH, Telnet, or AUX access.
Interface Configuration Mode
Used to configure a switch port or router network interface.
To move from any subconfiguration mode of the global configuration mode to the mode one step above it in the hierarchy of modes…
…enter the exit command.
To move from any subconfiguration mode to the privileged EXEC mode…
…enter the end command or enter the key combination Ctrl+Z.
enable command
Privileged EXEC Mode
line console 0
- subconfiguration mode
- management interface for the console port
line vty 0 15
virtual terminal management
remote access
end command
exit out all of subconfiguration modes and return to privileged exec mode
Which IOS mode allows access to all commands and features?
privileged EXEC mode
Which IOS mode are you in if the Switch(config)# prompt is displayed?
global configuration mode
Which IOS mode are you in if the Switch> prompt is displayed?
user EXEC mode
Which two commands would return you to the privileged EXEC prompt regardless of the configuration mode you are in? (Choose two.)
- CTRL+Z
- end
Keyword
This is a specific parameter defined in the operating system (in the figure, ip protocols).
Argument
This is not predefined; it is a value or variable defined by the user (in the figure, 192.168.10.5).
boldface
Boldface text indicates commands and keywords that you enter literally as shown.
italics
Italic text indicates arguments for which you supply values.
[x]
Square brackets indicate an optional element (keyword or argument).
{x}
Braces indicate a required element (keyword or argument).
[x {y | z }]
Braces and vertical lines within square brackets indicate a required choice within an optional element. Spaces are used to clearly delineate parts of the command.
table lists keystrokes to enhance command line editing
Keystroke Description
Tab Completes a partial command name entry.
Backspace Erases the character to the left of the cursor.
Ctrl+D Erases the character at the cursor.
Ctrl+K Erases all characters from the cursor to the end of the command line.
Esc D Erases all characters from the cursor to the end of the word.
Ctrl+U or Ctrl+X Erases all characters from the cursor back to the beginning of the command line.
Ctrl+W Erases the word to the left of the cursor.
Ctrl+A Moves the cursor to the beginning of the line.
Left Arrow or Ctrl+B Moves the cursor one character to the left.
Esc B Moves the cursor back one word to the left.
Esc F Moves the cursor forward one word to the right.
Right Arrow or Ctrl+F Moves the cursor one character to the right.
Ctrl+E Moves the cursor to the end of command line.
Up Arrow or Ctrl+P Recalls the previous command in the history buffer, beginning with the most recent command.
Down Arrow or Ctrl+N Goes to the next line in the the history buffer.
Ctrl+R or Ctrl+I or Ctrl+L Redisplays the system prompt and command line after a console message is received.
Enter Key Displays the next line.
Space Bar Displays the next screen.
Any other key * Ends the display string, returning to previous prompt.
* Except “y”, which answers “yes” to the –More– prompt, and acts like the Space bar
Ctrl-C When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode. When in setup mode, aborts back to the command prompt.
Ctrl-Z When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode.
Ctrl-Shift-6 All-purpose break sequence used to abort DNS lookups, traceroutes, pings, etc.
key points to consider when choosing passwords:
- Use passwords that are more than eight characters in length.
- Use a combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences.
- Avoid using the same password for all devices.
- Do not use common words because they are easily guessed.
Configure Passwords
To secure user EXEC mode access, enter line console configuration mode using the line console 0 global configuration command, as shown in the example. The zero is used to represent the first (and in most cases the only) console interface. Next, specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the login command.
To have administrator access to all IOS commands including configuring a device, you must gain privileged EXEC mode access. It is the most important access method because it provides complete access to the device.
To secure privileged EXEC access, use the enable secret password global config command, as shown in the example.
To secure VTY lines, enter line VTY mode using the line vty 0 15 global config command. Next, specify the VTY password using the password password command. Lastly, enable VTY access using the login command.
An example of securing the VTY lines on a switch is shown.
Encrypt Passwords
To encrypt all plaintext passwords, use the service password-encryption global config command as shown in the example.
The command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the configuration file, not to passwords as they are sent over the network. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file.
Use the show running-config command to verify that passwords are now encrypted.
Banner Messages
To create a banner message of the day on a network device, use the banner motd # the message of the day # global config command. The “#” in the command syntax is called the delimiting character. It is entered before and after the message. The delimiting character can be any character as long as it does not occur in the message. For this reason, symbols such as the “#” are often used. After the command is executed, the banner will be displayed on all subsequent attempts to access the device until the banner is removed.
What is the command to assign the name “Sw-Floor-2” to a switch?
hostname _____
How is the privileged EXEC mode access secured on a switch?
enable secret class
Which command enables password authentication for user EXEC mode access on a switch?
login
Which command encrypts all plaintext passwords access on a switch?
service password-encryption
Which is the command to configure a banner to be displayed when connecting to a switch?
banner motd $ Keep out $
two system files that store the device configuration:
- startup-config - This is the saved configuration file that is stored in NVRAM. It contains all the commands that will be used by the device upon startup or reboot. Flash does not lose its contents when the device is powered off.
- running-config - This is stored in Random Access Memory (RAM). It reflects the current configuration. Modifying a running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its content when the device is powered off or restarted.
reload
If changes made to the running config do not have the desired effect and the running-config has not yet been saved, you can restore the device to its previous configuration. Remove the changed commands individually, or reload the device using the reload privileged EXEC mode command to restore the startup-config.
The downside to using the reload command to remove an unsaved running config is the brief amount of time the device will be offline, causing network downtime.
erase startup-config
if undesired changes were saved to the startup config, it may be necessary to clear all the configurations. This requires erasing the startup config and restarting the device. The startup config is removed by using the erase startup-config privileged EXEC mode command. After the command is issued, the switch will prompt you for confirmation. Press Enter to accept.
startup-config
This is the saved configuration file that is stored in NVRAM. It contains all the commands that will be used by the device upon startup or reboot. Flash does not lose its contents when the device is powered off.
running-config
This is stored in Random Access Memory (RAM). It reflects the current configuration. Modifying a running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its content when the device is powered off or restarted.
show running-config
privileged EXEC mode command is used to view the running config.
copy running-config startup-config
To save changes made to the running configuration to the startup configuration file, use the copy running-config startup-config privileged EXEC mode command.
Capture Configuration to a Text File
Step 1. Open terminal emulation software, such as PuTTY or Tera Term, that is already connected to a switch.
Step 2. Enable logging in the terminal software and assign a name and file location to save the log file. The figure displays that All session output will be captured to the file specified (i.e., MySwitchLogs).
Step 3. Execute the show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.
Step 4. Disable logging in the terminal software. The figure shows how to disable logging by choosing the None session logging option.
To restore a configuration file to a device:
Step 1. Enter global configuration mode on the device.
Step 2. Copy and paste the text file into the terminal window connected to the switch.
IP
IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and is replacing the more common IPv4.
The structure of an IPv4 address is called dotted decimal notation and is represented by four decimal numbers between 0 and 255. IPv4 addresses are assigned to individual devices connected to a network.
Examples of end devices
- Computers (work stations, laptops, file servers, web servers)
- Network printers
- VoIP phones
- Security cameras
- Smart phones
- Mobile handheld devices (such as wireless barcode scanners)
Types of network media
twisted-pair copper cables, fiber-optic cables, coaxial cables, or wireless
What is the structure of an IPv4 address called?
dotted-decimal format
How is an IPv4 address represented?
four decimal numbers between 0 and 255 separated by periods
What type of interface has no physical port associated with it?
switch virtual interface (SVI)
To manually configure an IPv4 address on a Windows host
open the Control Panel > Network Sharing Center > Change adapter settings and choose the adapter. Next right-click and select Properties to display the Local Area Connection Properties
DHCP
End devices typically default to using DHCP for automatic IPv4 address configuration. DHCP is a technology that is used in almost every network. The best way to understand why DHCP is so popular is by considering all the extra work that would have to take place without it.
In a network, DHCP enables automatic IPv4 address configuration for every end device that is DHCP-enabled. Imagine the amount of time it would take if every time you connected to the network, you had to manually enter the IPv4 address, the subnet mask, the default gateway, and the DNS server. Multiply that by every user and every device in an organization and you see the problem. Manual configuration also increases the chance of misconfiguration by duplicating another device’s IPv4 address.
to configure DHCP on a Windows PC
you only need to select Obtain an IP address automatically and Obtain DNS server address automatically
ipconfig
display the IP configuration settings on a Windows PC by using the ipconfig command at the command prompt. The output will show the IPv4 address, subnet mask, and gateway information received from the DHCP server.
interface vlan 1
o configure an SVI on a switch, use the interface vlan 1 global configuration command. Vlan 1 is not an actual physical interface but a virtual one. Next assign an IPv4 address using the ip address ip-address subnet-mask interface configuration command. Finally, enable the virtual interface using the no shutdown interface configuration command.
ip default-gateway ip-address
Similar to a Windows hosts, switches configured with an IPv4 address will typically also need to have a default gateway assigned. This can be done using the ip default-gateway ip-address global configuration command. The ip-address parameter would be the IPv4 address of the local router on the network, as shown in the example. However, in this module you will only be configuring a network with switches and hosts. Routers will be introduced later.
ping
- When the IP addressing configuration is complete, you will use various show commands to verify configurations and use the ping command to verify basic connectivity between devices.
- ping command can be used to test connectivity to another device on the network or a website on the internet
show ip interface brief
command is useful for verifying the condition of the switch interfaces
Which statement is true about the running configuration file in a Cisco IOS device?
It affects the operation of the device immediately when modified
Which two statements are true regarding the user EXEC mode?
- only some aspects of the router configuration can be viewed
- deice prompt for this mode ends with the “>” symbol
Which type of access is secured on a Cisco router or switch with the enable secret command?
privileged EXEC
What is the default SVI on a Cisco switch?
VLAN1
When a hostname is configured through the Cisco CLI, which three naming conventions are part of the guidelines?
- hostname should begin with a letter
- hostname should be fewer than 64 characters later
- hostname should contain no spaces
What is the function of the shell in an OS?
It interfaces between the users and the kernel
A router with a valid operating system contains a configuration file stored in NVRAM. The configuration file has an enable secret password but no console password. When the router boots up, which mode will display?
user EXEC mode
An administrator has just changed the IP address of an interface on an IOS device. What else must be done in order to apply those changes to the device?
Nothing must be done. Changes to the configuration on an IOS device take effect as soon as the command is typed correctly and the Enter key has been pressed
Which memory location on a Cisco router or switch will lose all content when the device is restarted?
RAM
Why would a technician enter the command copy startup-config running-config?
to copy an existing configuration into RAM
Which functionality is provided by DHCP?
automatic assignment of an IP address to each host
Which two functions are provided to users by the context-sensitive help feature of the Cisco IOS CLI?
- determining which option, keyword, or argument is available for the entered command
- displaying a list of all available commands within the current mode
Which memory location on a Cisco router or switch stores the startup configuration file?
NVRAM
To what subnet does the IP address 10.1.100.50 belong if a subnet mask of 255.255.0.0 is used?
10.1.0.0
