Network Device Config Guide

Network device and configuration
02 : Operating Network Devices
Baessa K.
Mettu University
Faculty of Engineering and Technology
Department of Information Technology
Target Group — B.Sc in Information Technology Students
April 28, 2021

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 1 / 49
Lecture Topics : #
1 Overview of Network Devices
2 Basic Configuration
Configuring Cisco IOS Software
Router and Switch Administrative Configurations
Viewing, Saving, and Erasing Configurations

Overview of Network Devices
Outline

Overview
• LAN switches may be the most common networking device found in

the Enterprise today.
• Switches provide a connection point for the Ethernet devices
• . . . so that the devices on the LAN can communicate with each other
and
• . . . with the rest of an Enterprise network or with the Internet.

Accessing the Cisco IOS CLI
• The CLI is a text-based interface in which the user, typically a

network engineer, enters a text command and presses Enter.
• The Cisco IOS CLI allows the user to use a terminal emulation
program, which accepts text entered by the user.
• When the user presses Enter, the terminal emulator sends that text to
the switch.
• The switch processes the text as if it is a command, does what the
command says, and sends text back to the terminal emulator.

Accessing the Cisco IOS CLI . . .

• The switch CLI can be accessed through three popular methods
• the console, Telnet, and Secure Shell (SSH).
• Two of these methods (Telnet and SSH) use the IP network in which
the switch resides to reach the switch.
• The console is a physical port built specifically to allow access to the
CLI.

Basic Configuration
Outline

Basic Configuration Configuring Cisco IOS Software
Outline

Global Configuration Mode
• Configuration mode is another mode for the Cisco CLI, similar to user
mode and privileged mode.
• User mode lets you issue non-disruptive commands and displays some
information.
• Privileged mode supports a superset of commands compared to user
mode, including commands that might harm the switch.
• However, none of the commands in user or privileged mode changes
the switch’s configuration.
• Configuration mode accepts configuration commands
• . . . commands that tell the switch the details of what to do, and how to
do it.

Global Configuration Mode . . .

Global Configuration Mode . . .
• To configure network devices from a CLI, you can make global

changes to the router/switch by typing configure terminal (or config t
for short),
• which puts you in global configuration mode and changes what’s
known as the running config.
• A global command (a command run from global config) is set only
once and affects the entire router.
• You can type config from the privileged-mode prompt and then just
press Enter to take the default of terminal, as seen here:

Basic Configuration Router and Switch Administrative Configurations
Outline

• The administrative functions that you can configure on a router and

switch are as follows:
• Hostnames
• Banners
• Passwords
• Interface descriptions

Hostnames
• Hostnames allow devices to be identified by network administrators

over a network or the Internet.
• Without names, network devices are difficult to identify for
configuration purposes.
• Some guidelines for naming conventions are that names should:
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Hostnames
• Hostnames allow devices to be identified by network administrators

over a network or the Internet.
• Without names, network devices are difficult to identify for
configuration purposes.
• Some guidelines for naming conventions are that names should:
• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Hostnames . . .

Banners
• Provides legal notification of unauthorized access.

• You can create a banner to give anyone who shows up on the router
exactly the information you want them to have.
• Three available banner types:
1 Message of the Day (MOTD)
• Shown before the login prompt.
• For temporary messages that may change from time to time, such as
”Router1 down for maintenance at midnight”.
2 Login
• Shown before the login prompt but after the MOTD banner.
• For permanent messages such as ”Unauthorized Access Prohibited.”
3 Exec
• Shown after the login prompt.
• Used to supply information that should be hidden from unauthorized
users.

Banners . . .
• Message of the day (MOTD) is the most extensively used banner.

• It gives a message to every person dialing into or connecting to the
router via Telnet or an auxiliary port, or even through a console port
as seen here:
1 Todd ( config ) # banner motd # Unauthorized access prohibited !
#

Banners . . .

Setting Passwords
• Five passwords are used to secure your Cisco routers

1 Console password
• Limits device access using the console connection
2 VTY password
• Limits device access over Telnet
3 Enable password
• Limits access to the privileged EXEC mode
4 Enable secret
• Encrypted, limits access to the privileged EXEC mode
• This will prompt a user for a password when the enable command is
used.

Setting Passwords

1 Console password
2 VTY password
3 Enable password
4 Enable secret
used.

Setting Passwords

1 Console password
2 VTY password
3 Enable password
4 Enable secret
used.

Setting Passwords

1 Console password
2 VTY password
3 Enable password
4 Enable secret
used.

Securing User EXEC Access
• To set the console password, use the line console 0 command.

• This port must be secured
• reduces the chance of unauthorized personnel physically plugging a
cable into the device and gaining device access
• Since there’s only one console port, I can only choose line console 0.

Securing User EXEC Access . . .
• There are a few other important commands to know for the console
port.
• the exec-timeout 0 0 command sets the time-out for the console EXEC
session to zero, which basically means to never time out.
• The default time-out is 10 minutes

Securing Privileged EXEC Access
• You set the enable passwords from global configuration mode like this:

Securing Privileged EXEC Access . . .
• Enable password parameters:

1 password
• Sets the enable password on older systems, and isn’t ever used if an
enable secret is set.
• defines the password required when using the enable EXEC command.
• This password is listed as clear text in the configuration file by default.
2 secret
• This is the newer, encrypted password that overrides the enable
password if it’s set.
• it defines the password required when using the enable EXEC
command.
• This password is listed as a hidden MD5 hash value in the
configuration file.

Securing Privileged EXEC Access . . .

enable secret vs enable password
• use the enable secret command, not the older enable password
command
• enable secret provides greater security because the password is
encrypted
• If both commands are used, the password set in the enable secret
command defines which password is required.

Telnet Password
• Telnet, part of the TCP/IP protocol suite, is a virtual terminal

protocol that allows you to make connections to remote devices.
• You run the Telnet program by typing telnet from any command
prompt (DOS or Cisco).
1 Corp # telnet 10.2.2.2
2 Trying 10.2.2.2 ... Open
3 Password required , but none set
4 [ Connection to 10.2.2.2 closed by foreign host ]
5 Corp #

Telnet Password . . .
• You need to have VTY passwords set on the routers for this to work.
• To set the user-mode password for Telnet access into the router, use
the line vty command.
• vty lines allow access to a Cisco device via Telnet
• number of vty lines supported varies with the type of device and the
IOS version
• Routers that aren’t running the Enterprise edition of the Cisco IOS
default to five VTY lines, 0 through 4.
• But if you have the Enterprise edition, you’ll have significantly more.
• The best way to find out how many lines you have is to use that
question mark:

1 R1 # config t
2 Enter configuration commands , one per line .
3 R1 ( config ) # line vty 0 ?
4 <1 -15 > Last Line number
5 <cr >
6 R1 ( config ) # line vty 0 4
7 R1 ( config - line ) # password telnet
8 R1 ( config - line ) # login
9 R1 ( config - line ) #^ Z
10 R1 ( config ) #
• Now let’s try this again.

1 Corp # telnet 10.2.2.2
2 Trying 10.2.2.2 ... Open
3 User Access Verification
4 Password :
5 R1 >

• Remember that the VTY password is the user-mode password, not

the enable-mode password.
• Watch what happens when I try to go into privileged mode after
telnetting into router R1:
1 R1 > en
2 % No password set
3 R1 >

Setting Up Secure Shell (SSH) I
• Instead of Telnet, you can use Secure Shell, which creates a more
secure session than the Telnet application that uses an unencrypted
data stream.
• Secure Shell (SSH) is a protocol that provides a secure (encrypted)
command-line based connection to a remote device
• SSH is commonly used in UNIX-based systems
• Cisco IOS also supports SSH
• A version of the IOS software including cryptographic (encrypted)
features an capabilities is required in order to enable SSH on Catalyst
2960 switches
• Because its strong encryption features, SSH should replace Telnet for
management connections
• SSH uses TCP port 22 by default. Telnet uses TCP port 23

Setting Up Secure Shell (SSH) II

Setting Up Secure Shell (SSH) III
• SSh Operation
1 Set your hostname:
1 Router ( config ) # hostname R1
2 Set the domain name (both the hostname and domain name are
required for the encryption keys to be generated):
3 Set your hostname:
1 R1 ( config ) # ip domain - name cisco . com
4 Generate the encryption keys for securing the session:

1 R1 ( config ) # crypto key generate rsa general - keys
modulus ?
2 <360 -2048 > size of the key modulus [360 -2048]
3 R1 ( config ) # crypto key generate rsa general - keys
modulus 1024

Setting Up Secure Shell (SSH) IV
5 Set the SSH version

1 R1 ( config ) # ip ssh version 2
6 Set the max idle timer for a SSH session:

1 R1 ( config ) # ip ssh time - out ?
2 <1 -120 > SSH time - out interval ( secs )
3 R1 ( config ) # ip ssh time - out 60
7 Set the max failed attempts for an SSH connection:

1 R1 ( config ) # ip ssh authentication - retries ?
2 <0 -5 > Number of authentication retries
3 R1 ( config ) # ip ssh authentication - retries 2
8 Connect to the vty lines of the router:

1 R1 ( config ) # line vty 0 4

Setting Up Secure Shell (SSH) V
9 Last, configure SSH and then Telnet as access protocols:

1 R1 ( config - line ) # transport input ssh
2 R1 ( config - line ) # login local
3 R1 ( config - line ) # exit
4 R1 ( config ) # username admin password ccna

Setting Up Secure Shell (SSH) VI

Setting Up Secure Shell (SSH) VII

• Verifying SSH

Encrypting Password Display
• service password-encryption
• prevents passwords from showing up as plain text when viewing the
configuration
• purpose of this command is to keep unauthorized individuals from
viewing passwords in the configuration file
• once applied, removing the encryption service does not reverse the
encryption

Basic Configuration Viewing, Saving, and Erasing Configurations
Outline

Configuration Files I
running-config vs startup-config
• You can manually save the file from DRAM to NVRAM by using the
copy running-config startup-config command (you can use the
shortcut copy run start also):
1 R1 # copy running - config startup - config
• Also, when the command asked for the destination filename, the
default answer was startup-config.
• You can view the files by typing show running-config or show
startup-config from privileged mode.
• The sh run command, which is a a shortcut for show running-config,
tells us that we are viewing the current configuration:
1 S1 # show running - config

Configuration Files II
running-config vs startup-config . . .
• show startup-config command
• shows us the configuration that will be used the next time the router is
reloaded.
• It also tells us how much NVRAM is being used to store the
startup-config file
1 S1 # show startup - config

Configuration Files III
1 Switch # reload
2 System configuration has been modified . Save ?[ yes / no ]: n
3 Proceed with reload ? [ confirm ]

Deleting the Configuration and Reloading the Router I
erase startup-config vs reload

• Startup configuration is removed by using the erase startup-config :
1 Switch # erase startup - config
2 Erasing the nvram filesystem will remove all
configuration files !
3 Continue ? [ confirm ][ enter ]
4 [ OK ]
5 Erase of nvram : complete
6 Switch #
7 * Feb 28 23:51:21.179: % SYS -7 - NV_BLOCK_INIT : Initialized
the geometry of nvram
8 Switch # sh startup - config
9 startup - config is not present

Deleting the Configuration and Reloading the Router II
• On a switch you must also issue the delete vlan.dat

1 Sitch # reload
2 Proceed with reload ? [ confirm ] System configuration
has been modified .
3 Save ? [ yes / no ]: n
4 Switch # delete vlan . dat
5 Delete filename [ vlan . dat ]?
6 Delete flash : vlan . dat ? [ confirm ]

Verifying Your Configuration I
Active Configuration
• show running-config
• show startup-config

Verifying Your Configuration II
Verifying with the show interface Command

• The show interfaces command displays the configurable parameters
and statistics of all interfaces on a router.
1 Router # sh int ?
1 Router # sh int f0 /0
2 FastEthernet0 /0 is up , line protocol is up
3 Hardware is MV96340 Ethernet , address is 001 a .2 f55 . c9e8
( bia 001 a .2 f55 . c9e8 )
4 Internet address is 192.168.1.33/27
5 MTU 1500 bytes , BW 100000 Kbit , DLY 100 usec ,
reliability 255/255 , txload 1/255 , rxload 1/255
6 .....
7 Router #

Verifying Your Configuration III
• It reveals to us the hardware address, logical address, and

encapsulation method as well as statistics on collisions

Verifying Your Configuration IV
Using the show controllers Command

• The show controllers command displays information about the
physical interface itself
• It’ll also give you the type of serial cable plugged into a serial port.
• Usually, this will only be a DTE cable that plugs into a type of data
service unit (DSU).
1 Router # sh controllers serial 0/0
2 HD unit 0 , idb = 0 x1229E4 , driver structure at 0 x127E70
3 buffer size 1524 HD unit 0 , V .35 DTE cable
4 cpb = 0 xE2 , eda = 0 x4140 , cda = 0 x4000
5 Router # sh controllers serial 0/1
6 HD unit 1 , idb = 0 x12C174 , driver structure at 0 x131600
7 buffer size 1524 HD unit 1 , V .35 DCE cable
8 cpb = 0 xE3 , eda = 0 x2940 , cda = 0 x2800

Verifying Your Configuration V
• Notice that serial 0/0 has a DTE cable, whereas the serial 0/1
connection has a DCE cable.
• Serial 0/1 would have to provide clocking with the clock rate
command.
• Serial 0/0 would get its clocking from the DSU.

Verifying with the show ip interface Command I

• The show ip interface command will provide you with information
regarding the layer 3 configurations of a router’s interfaces:
1 Router # sh ip interface
2 FastEthernet0 /0 is up , line protocol is up
3 Internet address is 1.1.1.1/24
4 Broadcast address is 255.255.255.255
5 Address determined by setup command
6 MTU is 1500 bytes
7 Helper address is not set
8
9 ....
10 Router #

Verifying with the show ip interface Command II
• Using the show ip interface brief Command

• The show ip interface brief command is probably one of the most
helpful commands that you can ever use on a Cisco router.
• This command provides a quick overview of the router’s interfaces,
including the logical address and status:
1 Router # sh ip int brief

2 Interface IP - Address OK ? Method Status Protocol
3 ... ... ... ... ... ...

Network Device Config Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Device Config Guide

Uploaded by

Copyright:

Available Formats

Network device and configuration

02 : Operating Network Devices

Target Group — B.Sc in Information Technology Students

April 28, 2021

1 Overview of Network Devices

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 2 / 49

1 Overview of Network Devices

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 3 / 49

• LAN switches may be the most common networking device found in

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 4 / 49

Accessing the Cisco IOS CLI

• The CLI is a text-based interface in which the user, typically a

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 5 / 49

Accessing the Cisco IOS CLI . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 6 / 49

1 Overview of Network Devices

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 7 / 49

1 Overview of Network Devices

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 8 / 49

Global Configuration Mode

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 9 / 49

Global Configuration Mode . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 10 / 49

Global Configuration Mode . . .

• To configure network devices from a CLI, you can make global

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 11 / 49

1 Overview of Network Devices

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 12 / 49

Router and Switch Administrative Configurations

• The administrative functions that you can configure on a router and

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 13 / 49

• Hostnames allow devices to be identified by network administrators

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 14 / 49

• Hostnames allow devices to be identified by network administrators

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 14 / 49

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 15 / 49

• Provides legal notification of unauthorized access.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 16 / 49

• Message of the day (MOTD) is the most extensively used banner.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 17 / 49

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 18 / 49

• Five passwords are used to secure your Cisco routers

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49

• Five passwords are used to secure your Cisco routers

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49

• Five passwords are used to secure your Cisco routers

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49

• Five passwords are used to secure your Cisco routers

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 19 / 49

Securing User EXEC Access

• To set the console password, use the line console 0 command.

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 20 / 49

Securing User EXEC Access . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 21 / 49

Securing Privileged EXEC Access

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 22 / 49

Securing Privileged EXEC Access . . .

• Enable password parameters:

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 23 / 49

Securing Privileged EXEC Access . . .

Baessa K. (Mettu University) 02 Operating Network Devices April 28, 2021 24 / 49

• Telnet, part of the TCP/IP protocol suite, is a virtual terminal