Chapter 2.2: Configuring a Network Operating System: Getting Basic Flashcards
How are switches and routers similar?
2.2.1.1
- They support similar modal operating system,
- They support similar command structures,
- They support many of the same commands
- They have identical initial configuration steps when implementing them into a network
What are characteristics of a switch?
- It is one of the simplest devices that can be configured on a network.
- There is no configurations that are prior to the device function.
- Can be plugged in with no configuration but still switch data between connected devices
- One of the fundamental devices used in the creation of a small network.
What will happen if two pcs are connected via a switch?
The two pc’s will have instant connectivity with one another.
What are initial settings on a switch (4 steps)?
- setting a name for the switch
Limiting access to the device configuration
Configuring banner messages
Saving the configuration
What is the first step when configuring a network device?
2.2.1.2
Configuring a unique device name (hostname) which allows devices to be identified by network administrators over a network or the Internet
What happens on the CLI when a device has a configured hostname?
The hostname appears in the CLI prompts.
When can hostnames be used and where else should hostnames used?
(Hostnames can be used on network devices)
Hostnames can be used in various authentication processes between devices and should be used on topology diagrams.
What is a device default name on Cisco IOS?
For switch it is Switch.
When can Hostnames be configured?
Hostnames are configured on active networking devices.
Why is assigning hostnames important?
If there is more than one switch, someone accessing the device remotely it will be difficult to know which host they are configuring or maintaining because the command prompt will show Switch> on the command line for all the switches.
What is a naming convention with regard to naming hosts?
Naming devices in a consistent and useful way. It should span the company or location.
When should you create a naming convention?
You should create a naming convention at the same time as an addressing scheme to allow for continuity within an organization.
What are the guidelines for naming conventions?
Names should:
- Start with a letter
- Contain no spaces
- End with a letter or digit
- Use only letters, digits, and dashes
- Be less than 64 characters in length
How does IOS treat capitalization and lowercase letters in hostnames?
Cisco IOS preserve capitalization and lowercase in the hostname.
What should you consider when creating a naming convention for switches?
2.2.1.3
The location of the devices
The purpose of the devices
For example, in the figure we have named the three switches as Sw-Floor-1, Sw-Floor-2, and Sw-Floor-3.
Where do you include the naming conventions?
Network documentation: This should include the names, the reasons for choosing the names.
This helps ensure continuity in the naming convention as devices are added.
How do you configure an IOS hostname?
2.2.1.4
(practice @2.2.1.4)
From the privileged EXEC mode, access the global configuration mode by entering the configure terminal command:
Switch# configure terminal
After the command is executed, the prompt will change to:
Switch(config)#
As shown in the figure, in the global configuration mode, enter the hostname:
Switch(config)# hostname Sw-Floor-1
After the command is executed, the prompt will change to:
Sw-Floor-1 (config)#
What must you do each time a device is added or modified?
Always make sure that your documentation is updated each time a device is added or modified. Identify devices in the documentation by their location, purpose, and address.
How do you remove a hostname?
use the “no hostname” command in the global configuration setting. The prompt will revert to the default hostname.
Sw-Floor-1 (config)# no hostname
Switch(config)#
What are four ways to limit device access?
2.2.2.1
Secure privileged EXEC access
Secure user Exec access
Secure Telnet access
Encrypt all passwords
How do you limit access to privileged EXEC mode?
Enable password
Enable secret
How do you limit device access using the console connection?
Console password
How do you limit access via telnet?
VTY password
How do you encrypt password? (may need more info)
enable secret
What is the primary devense against unauthorized access to network devices?
Passwords
Aside from passwords, what is another good practice to limit access to network devices
Physically limiting access by placing them in closets and locked racks.
What is a good practice regarding passwords and level access?
use different STRONG authentication passwords for each level of access to protect the network infrastructure from unauthorized access.
What are some keypoints when choosing passwords?
- Use passwords that are more than 8 characters in length
- Use a combination of upper and lowercase letters, numbers, special characters and/or number sequences in passwords
- Avoid using the same password for all devices
- Avoid using common words such as password or administrator because these are easily guessed.
How do you secure privileged EXEC access?
Type “enable secret” followed by a password
Ex Switch(config)# enable secret supersecretpassword
What are the differences between “enable password” and “enable secret”?
Enable secret is encrypted and therefore more secure.
At minimum, what must be secured on network devices.
2.2.2.3
The console port must be secured because it reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access.
What are the commands in global configuration mode to set a password for the console line?
Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login
What does the command “line console 0” in the following section refer to?
Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login
It is used to enter line configuration mode for the console. The zero is used to represent the first (and most cases the only) console interface.
What does the command “password cisco” in the following section refer to?
Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login
This specifies a password for the console line.
What does the command “login” in the following section refer to?
Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login
The login command requires authentication upon login (when login is enabled and a password is set).
The IOS includes the login command for what lines?
VTY.
What does the login command on the VTY lines do?
they prevent Telnet access to the device without authentication.
What would happen if the login command on the VTY lines were removed?
It would remove the requirement for authentication and unauthorized persons could connect across the network to the line using Telnet. This would be a major security risk
What is the command that prevents passwords from showing up as plain text when viewing the configuration files?
2.2.2.4
service password-encryption (practice 2.2.2.4)
What does service password-encryption do?
It causes the encryption of its passwords to occur when a password is configured.
It applies weak encryption to all unencrypted.
passwords.
The encryption applies only to passwords in the configuration file, not to passwords as they are sent over media.
What is the purpose of service password-encryption? give an example
This prevents unauthorized individuals from viewing passwords in the configuration file.
If you execute the show running-config or show startup-config command prior to the service password-encryption command being executed, the unencrypted passwords are visible in the configuration output. The service password-encryption can then be executed and the encryption will be applied to the passwords. Once the encryption has been applied, removing the encryption service does not reverse the encryption.
What is the method to declare that only authorized personnel should attempt to gain entry into the device.
2.2.2.5
Add a banner message
How are banners useful as a part of the legal process?
Some legal systems do not allow prosecution or even monitoring of users unless a notification is visible. The banner serves as this notification.
What are some examples of information to be included in a banner?
A banner should only detail that only authorized personnel are allowed to access the device and can include scheduled system shutdowns and other information that affects all network users.
“Use of the device is specifically for authorized personnel.”
“Activity may be monitored.”
“Legal action will be pursued for any unauthorized use.”
Exact wording may depend on local laws and corporate policy.
What type of wording should be avoided in a banner and why?
“Welcome” or “Invited” because if a person disrupts the network after gaining unauthorized entry, proving liability will be difficult if there is the appearance of an invitation.
What is a common type of banner for the IOS?
Message of the day (MOTD)
What is MOTD?
Message of the day
What is MOTD often used for?
Legal notification because it is displayed to all connected terminals
What is the command for MOTD?
banner motd
To use type “banner motd” followed by a space and a delimiting character. Then one or more lines of text and a second occurrence of the delimiting character to denote the end of the message. Delimiting characters are not included in the message.
Switch(config)# banner motd # This is the message of the day #
What can be used a a delimiting character?
Any character that is not used in the message. It is usually the # symbol.
What happens once the command “banner motd” is used?
The banner will be displayed on all subsequent attempts to access the device until the banner is moved.
What is the running configuration file?
2.2.3.1
The running configuration file reflects the current configuration applied to a Cisco IOS device.
It contains the commands used to determine how the device operates on the network
What does modifying a running configuration do?
It affects the operation of a Cisco device immediately.
Where is the running configuration file stored and what does that mean?
It is stored on the working memory of the device, or random access memory (RAM).
This means that the running configuration file is temporarily active while the Cisco device is running (powered on) . If the power to the device is lost or the device is restarted, all configuration changes will be lost unless they have been saved.
What are your options after making changes to a running configuration file?
- Return the device to its original configuration
- Remove all configurations from the device
- Make the changed configuration the new startup configuration
What is the startup configuration file
It reflects the configuration that will be used by the device upon reboot.
Where is the startup configuration file stored
NVRAM
What prevents changes from being lost due to power failure or deliberate restart?
saving running configuration modifications to the start up configuration file.
What should you do before commiting to changes on the running configuration
You can use the show running-config command to see the running configuration file and verify them to be correct.
How do you save changes from the running configuration file to the start up configuration file?
use the copy running-config startup-config command at the privileged EXEC mode prompt
(practice 2.2.3.1 figure 2)
copy running-config startup-config
Which mode do you save running configuration file to the start up configuration file
privileged EXEC mode
how do you replace the running configuration mode with the startup configuration mode?
restart the device by using the “reload” command at the privileged EXEC mode prompt.
When initiating a reload, the IOS will detect that the running config has changes that were not saved to startup configuration. A prompt will appear to ask whether to save the changes made. To discard the changes, enter n or no.
An additional prompt will appear to confirm the reload. To confirm, press Enter. Pressing any other key will abort the process.
How do you clear up undesired changes saved to the start up configuration?
Erasing the startup configuration using the “erase startup-config” command at the privileged EXEC mode, confirming by pressing enter (cancel by pressing any other key), and restarting the device “reload” (practice on 2.2.3.1 figure 2)
erase startup-config
Why must you use the erase command judiciously?
the command can erase any file on the device including the IOS itself or other critical files.
In order to return a device to its default “out of the box” configuration (like a factory reset) what must you also aside from erasing the startup configuration file?
you must erase the vlan.dat file with the “delete vlan.dat” command in the privileged EXEC mode. (practice 2.2.3.1)
Why should you save configuration files to a text document?
2.2.3.2
This ensures that a working copy of the configuration files is available for editing or reuse later.
What is used to save and archive configuration files to a text document?
Tera Term
What are the steps to save a configuration file into a text document
On the File menu, click Log.
Choose the location. Tera Term will begin capturing text.
After capture has been started, execute the show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.
When the capture is complete, select Close in the Tera Term: Log window.
View the output to verify that it was not corrupted.
What should you modify before copying a configuration file from storage to a device?
- Change encrypted passwords to plain text and remove parameter (either number 5 or 7)
- Remove non-command text such as more and IOS messages.
Using Tera Term, what are the steps for copying a configuration file from storage to device?
Enter global configuration mode.
Edit text to remove non commands and save.
On file menu click send file
Locate the file to be copied into the device and click open
(Tera Term will paste the file into the device
What happens when a saved configuration in a file are pasted into a device as text?
The text is applied as commands and it becomes the running configuration on the device.
Labs
Practice:2.2.1.4, 2.2.2.4, 2.2.3.1
Labs: 2.2.3.3
