Chapter 2.2: Configuring a Network Operating System: Getting Basic

Question 1

How are switches and routers similar?

2.2.1.1

Answer 1

• They support similar modal operating system,
• They support similar command structures,
• They support many of the same commands
• They have identical initial configuration steps when implementing them into a network

Question 2

What are characteristics of a switch?

Answer 2

• It is one of the simplest devices that can be configured on a network.
• There is no configurations that are prior to the device function.
• Can be plugged in with no configuration but still switch data between connected devices
• One of the fundamental devices used in the creation of a small network.

Question 3

What will happen if two pcs are connected via a switch?

Answer 3

The two pc’s will have instant connectivity with one another.

Question 4

What are initial settings on a switch (4 steps)?

Answer 4

• setting a name for the switch
  Limiting access to the device configuration
  Configuring banner messages
  Saving the configuration

Question 5

What is the first step when configuring a network device?

2.2.1.2

Answer 5

Configuring a unique device name (hostname) which allows devices to be identified by network administrators over a network or the Internet

Question 6

What happens on the CLI when a device has a configured hostname?

Answer 6

The hostname appears in the CLI prompts.

Question 7

When can hostnames be used and where else should hostnames used?

Answer 7

(Hostnames can be used on network devices)

Hostnames can be used in various authentication processes between devices and should be used on topology diagrams.

Question 8

What is a device default name on Cisco IOS?

Answer 8

For switch it is Switch.

Question 9

When can Hostnames be configured?

Answer 9

Hostnames are configured on active networking devices.

Question 10

Why is assigning hostnames important?

Answer 10

If there is more than one switch, someone accessing the device remotely it will be difficult to know which host they are configuring or maintaining because the command prompt will show Switch> on the command line for all the switches.

Question 11

What is a naming convention with regard to naming hosts?

Answer 11

Naming devices in a consistent and useful way. It should span the company or location.

Question 12

When should you create a naming convention?

Answer 12

You should create a naming convention at the same time as an addressing scheme to allow for continuity within an organization.

Question 13

What are the guidelines for naming conventions?

Answer 13

Names should:

• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Question 14

How does IOS treat capitalization and lowercase letters in hostnames?

Answer 14

Cisco IOS preserve capitalization and lowercase in the hostname.

Question 15

What should you consider when creating a naming convention for switches?
2.2.1.3

Answer 15

The location of the devices
The purpose of the devices

For example, in the figure we have named the three switches as Sw-Floor-1, Sw-Floor-2, and Sw-Floor-3.

Question 16

Where do you include the naming conventions?

Answer 16

Network documentation: This should include the names, the reasons for choosing the names.

This helps ensure continuity in the naming convention as devices are added.

Question 17

How do you configure an IOS hostname?

2.2.1.4

Answer 17

(practice @2.2.1.4)
From the privileged EXEC mode, access the global configuration mode by entering the configure terminal command:

Switch# configure terminal

After the command is executed, the prompt will change to:

Switch(config)#

As shown in the figure, in the global configuration mode, enter the hostname:

Switch(config)# hostname Sw-Floor-1

After the command is executed, the prompt will change to:

Sw-Floor-1 (config)#

Question 18

What must you do each time a device is added or modified?

Answer 18

Always make sure that your documentation is updated each time a device is added or modified. Identify devices in the documentation by their location, purpose, and address.

Question 19

How do you remove a hostname?

Answer 19

use the “no hostname” command in the global configuration setting. The prompt will revert to the default hostname.

Sw-Floor-1 (config)# no hostname

Switch(config)#

Question 20

What are four ways to limit device access?

2.2.2.1

Answer 20

Secure privileged EXEC access
Secure user Exec access
Secure Telnet access
Encrypt all passwords

Question 21

How do you limit access to privileged EXEC mode?

Answer 21

Enable password

Enable secret

Question 22

How do you limit device access using the console connection?

Answer 22

Console password

Question 23

How do you limit access via telnet?

Answer 23

VTY password

Question 24

How do you encrypt password? (may need more info)

Answer 24

enable secret

Question 25

What is the primary devense against unauthorized access to network devices?

Answer 25

Passwords

Question 26

Aside from passwords, what is another good practice to limit access to network devices

Answer 26

Physically limiting access by placing them in closets and locked racks.

Question 27

What is a good practice regarding passwords and level access?

Answer 27

use different STRONG authentication passwords for each level of access to protect the network infrastructure from unauthorized access.

Question 28

What are some keypoints when choosing passwords?

Answer 28

• Use passwords that are more than 8 characters in length
• Use a combination of upper and lowercase letters, numbers, special characters and/or number sequences in passwords
• Avoid using the same password for all devices
• Avoid using common words such as password or administrator because these are easily guessed.

Question 29

How do you secure privileged EXEC access?

Answer 29

Type “enable secret” followed by a password

Ex
Switch(config)# enable secret supersecretpassword

Question 30

What are the differences between “enable password” and “enable secret”?

Answer 30

Enable secret is encrypted and therefore more secure.

Question 31

At minimum, what must be secured on network devices.

2.2.2.3

Answer 31

The console port must be secured because it reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access.

Question 32

What are the commands in global configuration mode to set a password for the console line?

Answer 32

Switch(config)# line console 0

Switch(config-line)# password cisco

Switch(config-line)# login

Question 33

What does the command “line console 0” in the following section refer to?

Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login

Answer 33

It is used to enter line configuration mode for the console. The zero is used to represent the first (and most cases the only) console interface.

Question 34

What does the command “password cisco” in the following section refer to?

Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login

Answer 34

This specifies a password for the console line.

Question 35

What does the command “login” in the following section refer to?

Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login

Answer 35

The login command requires authentication upon login (when login is enabled and a password is set).

Question 36

The IOS includes the login command for what lines?

Answer 36

VTY.

Question 37

What does the login command on the VTY lines do?

Answer 37

they prevent Telnet access to the device without authentication.

Question 38

What would happen if the login command on the VTY lines were removed?

Answer 38

It would remove the requirement for authentication and unauthorized persons could connect across the network to the line using Telnet. This would be a major security risk

Question 39

What is the command that prevents passwords from showing up as plain text when viewing the configuration files?
2.2.2.4

Answer 39

service password-encryption (practice 2.2.2.4)

Question 40

What does service password-encryption do?

Answer 40

It causes the encryption of its passwords to occur when a password is configured.
It applies weak encryption to all unencrypted.
passwords.
The encryption applies only to passwords in the configuration file, not to passwords as they are sent over media.

Question 41

What is the purpose of service password-encryption? give an example

Answer 41

This prevents unauthorized individuals from viewing passwords in the configuration file.

If you execute the show running-config or show startup-config command prior to the service password-encryption command being executed, the unencrypted passwords are visible in the configuration output. The service password-encryption can then be executed and the encryption will be applied to the passwords. Once the encryption has been applied, removing the encryption service does not reverse the encryption.

Question 42

What is the method to declare that only authorized personnel should attempt to gain entry into the device.
2.2.2.5

Answer 42

Add a banner message

Question 43

How are banners useful as a part of the legal process?

Answer 43

Some legal systems do not allow prosecution or even monitoring of users unless a notification is visible. The banner serves as this notification.

Question 44

What are some examples of information to be included in a banner?

Answer 44

A banner should only detail that only authorized personnel are allowed to access the device and can include scheduled system shutdowns and other information that affects all network users.

“Use of the device is specifically for authorized personnel.”
“Activity may be monitored.”
“Legal action will be pursued for any unauthorized use.”
Exact wording may depend on local laws and corporate policy.

Question 45

What type of wording should be avoided in a banner and why?

Answer 45

“Welcome” or “Invited” because if a person disrupts the network after gaining unauthorized entry, proving liability will be difficult if there is the appearance of an invitation.

Question 46

What is a common type of banner for the IOS?

Answer 46

Message of the day (MOTD)

Question 47

What is MOTD?

Answer 47

Message of the day

Question 48

What is MOTD often used for?

Answer 48

Legal notification because it is displayed to all connected terminals

Question 49

What is the command for MOTD?

Answer 49

banner motd
To use type “banner motd” followed by a space and a delimiting character. Then one or more lines of text and a second occurrence of the delimiting character to denote the end of the message. Delimiting characters are not included in the message.

Switch(config)# banner motd # This is the message of the day #

Question 50

What can be used a a delimiting character?

Answer 50

Any character that is not used in the message. It is usually the # symbol.

Question 51

What happens once the command “banner motd” is used?

Answer 51

The banner will be displayed on all subsequent attempts to access the device until the banner is moved.

Question 52

What is the running configuration file?

2.2.3.1

Answer 52

The running configuration file reflects the current configuration applied to a Cisco IOS device.

It contains the commands used to determine how the device operates on the network

Question 53

What does modifying a running configuration do?

Answer 53

It affects the operation of a Cisco device immediately.

Question 54

Where is the running configuration file stored and what does that mean?

Answer 54

It is stored on the working memory of the device, or random access memory (RAM).
This means that the running configuration file is temporarily active while the Cisco device is running (powered on) . If the power to the device is lost or the device is restarted, all configuration changes will be lost unless they have been saved.

Question 55

What are your options after making changes to a running configuration file?

Answer 55

• Return the device to its original configuration
• Remove all configurations from the device
• Make the changed configuration the new startup configuration

Question 56

What is the startup configuration file

Answer 56

It reflects the configuration that will be used by the device upon reboot.

Question 57

Where is the startup configuration file stored

Answer 57

NVRAM

Question 58

What prevents changes from being lost due to power failure or deliberate restart?

Answer 58

saving running configuration modifications to the start up configuration file.

Question 59

What should you do before commiting to changes on the running configuration

Answer 59

You can use the show running-config command to see the running configuration file and verify them to be correct.

Question 60

How do you save changes from the running configuration file to the start up configuration file?

Answer 60

use the copy running-config startup-config command at the privileged EXEC mode prompt
(practice 2.2.3.1 figure 2)

copy running-config startup-config

Question 61

Which mode do you save running configuration file to the start up configuration file

Answer 61

privileged EXEC mode

Question 62

how do you replace the running configuration mode with the startup configuration mode?

Answer 62

restart the device by using the “reload” command at the privileged EXEC mode prompt.

When initiating a reload, the IOS will detect that the running config has changes that were not saved to startup configuration. A prompt will appear to ask whether to save the changes made. To discard the changes, enter n or no.

An additional prompt will appear to confirm the reload. To confirm, press Enter. Pressing any other key will abort the process.

Question 63

How do you clear up undesired changes saved to the start up configuration?

Answer 63

Erasing the startup configuration using the “erase startup-config” command at the privileged EXEC mode, confirming by pressing enter (cancel by pressing any other key), and restarting the device “reload” (practice on 2.2.3.1 figure 2)

erase startup-config

Question 64

Why must you use the erase command judiciously?

Answer 64

the command can erase any file on the device including the IOS itself or other critical files.

Question 65

In order to return a device to its default “out of the box” configuration (like a factory reset) what must you also aside from erasing the startup configuration file?

Answer 65

you must erase the vlan.dat file with the “delete vlan.dat” command in the privileged EXEC mode. (practice 2.2.3.1)

Question 66

Why should you save configuration files to a text document?

2.2.3.2

Answer 66

This ensures that a working copy of the configuration files is available for editing or reuse later.

Question 67

What is used to save and archive configuration files to a text document?

Answer 67

Tera Term

Question 68

What are the steps to save a configuration file into a text document

Answer 68

On the File menu, click Log.
Choose the location. Tera Term will begin capturing text.
After capture has been started, execute the show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.
When the capture is complete, select Close in the Tera Term: Log window.
View the output to verify that it was not corrupted.

Question 69

What should you modify before copying a configuration file from storage to a device?

Answer 69

• Change encrypted passwords to plain text and remove parameter (either number 5 or 7)
• Remove non-command text such as more and IOS messages.

Question 70

Using Tera Term, what are the steps for copying a configuration file from storage to device?

Answer 70

Enter global configuration mode.

Edit text to remove non commands and save.
On file menu click send file
Locate the file to be copied into the device and click open
(Tera Term will paste the file into the device

Question 71

What happens when a saved configuration in a file are pasted into a device as text?

Answer 71

The text is applied as commands and it becomes the running configuration on the device.

Question 72

Labs

Answer 72

Practice:2.2.1.4, 2.2.2.4, 2.2.3.1
Labs: 2.2.3.3