CCNA Chapter 11 Configuring & Testing Your Network

11.1.1

What is the system software in Cisco devices? The Cisco IOS provides devices with what network services? How is the IOS generally accessed? Where is the IOS stored? What type of memory is flash?

The Cisco Internetwork Operating System (IOS) Basic routing and switching functions Reliable and secure access to networked resources Network scalability By using a command line interface (CLI). In a semi-permanent memory area called flash. Flash memory provides non-volatile storage. This means that the contents of the memory are not lost when the device loses power. Console Telnet or SSH AUX port The console port is a management port that provides out-of-band access to a router. The console port is accessible even if no networking services have been configured on the device. The initial configuration of the network device Disaster recovery procedures and troubleshooting where remote access is not possible Password recovery procedures The device startup, debugging, and error messages. The console should be configured with passwords to prevent unauthorized device access. In the event that a password is lost, there is a special set of procedures for bypassing the password and accessing the device. The device should be located in a locked room or equipment rack to prevent physical access. Telnet A terminal emulation program SSH-establishes a secure channel between a local & a remote computer. Uses public-key cryptography for authentication. Telnet sessions require active networking services on the device. The network device must have at least one active interface configured with a Layer 3 address, such as an IPv4 address. Cisco IOS devices include a Telnet server process that launches when the device is started. The IOS also contains a Telnet client. For security reasons, the IOS requires that the Telnet session use a password, as a minimum authentication method. Operating system-facilitates the basic operation of the device's hardware components

What are several ways to access the CLI environment?

Describe the console port.

When would the console port be used?

By default, the console conveys what? Why type of security precautions be taken to protect the router?

What are 2 methods for remotely accessing the router? Describe them.

What are required for Telnet to work properly?

11.1.2

Network devices depend on what two types of software for their operation

John McHugh CCAI Community College of Vermont

Page 1

3/13/2013

A Cisco network device contains what two configuration files?

11.1.3

Where is the startup config file stored? Where is the running config located? What is a modal operating system? In the CLI what are, in order from top to bottom, the major modes? List some of the available commands for each.

What is a command prompt?

By default, with what does every prompt begin? In what mode does Router> indicate? In what mode does Router# indicate? In what mode does Router(config)# indicate? In what mode does Router(config-if)# indicate? What are the two primary modes of operation?

Configuration-contain the Cisco IOS software commands used to customize the functionality of a Cisco device The running configuration file - used during the current operation of the device The startup configuration file - used as the backup configuration and is loaded when the device is started In non-volatile RAM (NVRAM) In RAM A system where there are different modes of operation, each having its own domain of operation. User executive mode-ping, show commands, enable Privileged executive mode-all User EXEC commands, debug commands, reload, configure Global configuration mode-hostname, enable secret, ip route, interface Other specific configuration modes-these include interface configuration mode, router configuration mode The mode is identified by the command-line prompt that is unique to that mode. The prompt is composed of the words and symbols on the line to the left of the entry area. The device name User executive mode Privileged executive mode Global configuration mode Interface configuration mode User EXEC-used to monitor & view limited information Privileged EXEC-the administration mode; allows you to enter global config mode. The enable and disable commands

11.1.4

What commands are used to change the CLI between the user EXEC mode and the privileged EXEC mode? What is the syntax for entering the enable command? Once the command from the previous question is entered, how does the router prompt change? Each IOS command has specific format or syntax and is executed at the appropriate prompt. The general syntax for a command is what? Give an example. How do you submit a command? What are the IOS command conventions?

Router>enable It changes to: Router#

The command followed by any appropriate keywords and arguments show startup-config Press the <Enter> key Boldface text - indicates commands &

John McHugh CCAI Community College of Vermont

Page 2

3/13/2013

11.1.5

The IOS has several forms of help available. What are they?

What are the 3 different types of error messages given by the command syntax check?

What are some of the most commonly used hot keys & shortcuts?

11.1.6

In order to verify and troubleshoot network operation, we must examine the operation of the devices. What is the basic examination command? What are some of the more commonly used show commands; include their

keywords that are entered literally as shown Italics - indicates arguments where the user supplies the values [ ] - Sq. brackets enclose an option element | - A vertical line indicates a choice within an optl or required set of keywords or arguments [ x | y] - Sq. brackets enclosing keyword or arguments separated by a vertical line indicate an optional choice {x | y} Braces enclosing keywords or augments separated by a vertical line indicate a required choice. Context-sensitive help- provides a list of commands and the arguments associated with those commands within the context of the current mode. To access context-sensitive help, enter a question mark, ?, at any prompt. Command Syntax Check- if the interpreter cannot understand the command being entered; it will provide feedback describing what is wrong with the command. Hot Keys and Shortcuts- make configuring, monitoring, and troubleshooting easier. Ambiguous command-not enough characters entered for the command interpreter to recognize the command Incomplete command-indicates that required keywords or arguments were left off the end of the command Incorrect command-returns a ^ to indicate where the command interpreter cannot decipher the command Tab - Completes the remainder of the command or keyword Ctrl-R - Redisplays a line Ctrl-Z - Exits configuration mode and returns to the EXEC Down Arrow - Allows user to scroll forward through former commands Up Arrow - Allows user to scroll backward through former commands Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping or traceroute Ctrl-C - Aborts the current command and exits the configuration mode The show command

show arp - Displays the ARP table of the device.

John McHugh CCAI Community College of Vermont

Page 3

3/13/2013

output

11.1.7

What is the primary configuration mode, and what type of changes are made here? What CLI command is used to take the device from privileged EXEC mode to the global configuration mode and to allow entry of configuration commands from a terminal? Show the proper syntax. What are a few of the different configuration modes that can be reached from global config mode?

show mac-address-table - (switch only) Displays the MAC table of a switch. show startup-config - Displays the saved configuration located in NVRAM. show running-config - Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information. show ip interfaces - Displays IPv4 statistics for all interfaces on a router. To view the statistics for a specific interface, enter the show ip interfaces command followed by the specific interface slot/port number. Another important format of this command is show ip interface brief. This is useful to get a quick summary of the interfaces and their operational state. The primary configuration mode is called global configuration or global config. From global config, CLI configuration changes are made that affect the operation of the device as a whole. Router#configure terminal

Do the changes made in these individual config modes affect the entire device? How do you exit a specific configuration mode and return to global configuration mode? How do you leave configuration mode completely and return to privileged EXEC mode? How do you keep your changes from being lost due to a power failure or deliberate restart? What is the proper command syntax to do this? What is the factory-assigned default hostname for a router and a switch respectively? Why is it important to give each device a specific name?

Interface mode - to configure one of the network interfaces (Fa0/0, S0/0/0,..) Line mode - to configure one of the lines (physical or virtual) (console, AUX, VTY,..) Router mode - to configure the parameters for one of the routing protocols No, as configuration changes are made within an interface or process, the changes only affect that interface or process. Enter exit at a prompt

Enter end or use the key sequence Ctrl-Z.

11.2.1

Once a change has been made from the global mode, it is good practice to save it to the startup configuration file stored in NVRAM. Router#copy running-config startup-config Router, Switch

If an internetwork had several routers that were all named with the default name "Router." This would create considerable confusion during network configuration and maintenance. When accessing a

John McHugh CCAI Community College of Vermont

Page 4

3/13/2013

What are some guidelines for naming conventions?

What are the commands needed to assign the hostname of AtlantaHQ to a router?

remote device using Telnet or SSH, it is important to have confirmation that an attachment has been made to the proper device. If all devices were left with their default names, we could not identify that the proper device is connected. Start with a letter Not contain a space End with a letter or digit Have characters of only letters, digits, and dashes Be 63 characters or fewer From the privileged EXEC mode, access the global configuration mode by entering the configure terminal command: Router#configure terminal After the command is executed, the prompt will change to: Router(config)# In the global mode, enter the hostname: Router(config)#hostname AtlantaHQ After the command is executed, the prompt will change to: AtlantaHQ(config)# Notice that the hostname appears in the prompt. To exit global mode, use the exit command. Preface the command with the no keyword. AtlantaHQ(config)# no hostname Router(config)# A locally configured passwords to limit access. Console password - limits device access using the console connection Enable password - limits access to the privileged EXEC mode Enable secret password - encrypted, limits access to the privileged EXEC mode VTY password - limits device access using Telnet You should use different authentication passwords for each of these levels of access. Use passwords that are more than 8 characters in length. Use a combination of upper and lowercase and/or numeric sequences in passwords.

How do you negate the effects of a command? Remove the hostname from the previous question. 11.2.2 For security, what should every device have? What are the most common device passwords?

What is a good practice regarding passwords? What key points should be considered when choosing passwords?

John McHugh CCAI Community College of Vermont

Page 5

3/13/2013

What are the commands needed to assign a console password to a switch? Is this different in a router?

Avoid using the same password for all devices. Avoid using common words such as password or administrator, because these are easily guessed. Switch(config)#line console 0 Switch(config-line)#password password Switch(config-line)#login No. Use the enable password command or the enable secret command. Either of these commands can be used to establish authentication before accessing privileged EXEC (enable) mode. Always use the enable secret command, not the older enable password command, if possible. The enable secret command provides greater security because the password is encrypted. The enable password command can be used only if enable secret has not yet been set. The enable password command would be used if the device uses an older copy of the Cisco IOS software that does not recognize the enable secret command. Router(config)#enable password password Router(config)#enable secret password The IOS prevents privileged EXEC access from a Telnet session. They allow access to a router via Telnet. By default, many Cisco devices support five VTY lines that are numbered 0 to 4. Router(config)#line vty 0 4 Router(config-line)#password password Router(config-line)#login The service password-encryption command prevents passwords from showing up as plain text when viewing the configuration files. Add a banner to the device output.

What can you use to add additional security to your device?

Why should you use one over the other?

What are the commands to set these passwords? What can happen if neither of these passwords is set? What are vty lines? By default how many are there? What are the commands to set the vty line passwords? How can a non-encrypted password be encrypted? How can you provide a method for declaring that only authorized personnel should attempt to gain entry into the device? The IOS provides multiple types of banners. One common banner is the message of the day (MOTD). It is often used for legal notification because it is displayed to all connected terminals. What are the commands to configure this type of banner? What is the purpose of the reload command? Where can back-ups of configuration files be stored?

Switch(config)#banner motd # message #

11.2.3

It reloads the startup configuration. On a Trivial File Transfer Protocol (TFTP) server, a CD, a USB memory stick, or a floppy disk stored in a safe place. A configuration file should also be

John McHugh CCAI Community College of Vermont

Page 6

3/13/2013

What are the steps to saving a configuration file to a TFTP server?

included in the network documentation. 1.Enter the copy running-config tftp command. 2. Enter the IP address of the host where the configuration file will be stored. 3. Enter the name to assign to the configuration file. 4. Answer yes to confirm each choice. The startup configuration is removed by using the erase startup-config command. To erase the startup configuration file use erase NVRAM:startup-config or erase startup-config at the privileged EXEC mode prompt: Router#erase startup-config Once the command is issued, the router will prompt you for confirmation: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] Confirm is the default response. To confirm and erase the startup configuration file, press the Enter key. Pressing any other key will abort the process. With Text Capture such as HyperTerminal. When using HyperTerminal, follow these steps: 1. On the Transfer menu, click Capture Text. 2. Choose the location. 3. Click Start to begin capturing text. 4. Once capture has been started, execute the show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file. 5. View the output to verify that it was not corrupted. The file will require editing to ensure that encrypted passwords are in plain text and that non-command text such as "--More--" and IOS messages are removed. The device must be set at the global configuration. When using HyperTerminal, the steps are: 1. Locate the file to be copied into the device and open the text document. 2. Copy all of the text. 3. On the Edit menu, click paste to host. To configure an Ethernet interface follow these steps: 1. Enter global configuration mode. 2. Enter interface configuration mode. 3. Specify the interface address and subnet mask.

If undesired changes are saved to the startup configuration, it may be necessary to clear all the configurations. This requires erasing the startup configuration and restarting the device. How?

How can config files be saved to a text document?

How can you restore a config file to a device from a text capture?

11.2.4

What are the steps & commands needed to configure a routers Ethernet ports?

John McHugh CCAI Community College of Vermont

Page 7

3/13/2013

Why is the no shutdown command needed? What are the steps & commands needed to configure a routers serial ports?

What is the reason for adding a description to an interface?

What are the commands to add a description to an interface? Are the commands the same in a router as in a switch Do switch interfaces require IP addresses? Why or why not?

When would an IP address be assigned?

What is the default state for switch interfaces? What are the commands to configure a VLAN interface?

11.3.1

What is the purpose of the ping command?

What protocol does ping use? What are the most common Ping

4. Enable the interface. Router(config)#interface FastEthernet 0/0 Router(config-if)#ip address ip_address netmask Router(config-if)#no shutdown By default, interfaces are disabled. Without this command, no traffic can come in or out of the interface. To configure a serial interface follow these steps: 1. Enter global configuration mode. 2. Enter interface mode. 3. Specify the interface address and subnet mask. 4. Set the clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected. 5. Turn on the interface. Router(config)#interface Serial 0/0/0 Router(config-if)#ip address ip_address netmask Router(config-if)#clock rate 56000-if this is the DCE end Router(config-if)#no shutdown A description indicates the purpose of the interface. A description of what an interface does or where it is connected should be part of the configuration of each interface. This description can be useful for troubleshooting. Yes they are the same. Example: HQ-switch1#configure terminal HQ-switch1(config)#interface fa0/0 HQ-switch1(config-if)#description Connects to main switch in Building A A LAN switch is an intermediary device that interconnects segments within a network. Therefore, the physical interfaces on the switch do not have IP addresses. A physical interface on a switch connects devices within a network. In order to be able to manage a switch, we assign addresses to the device to it. With an IP address assigned to the switch, it acts like a host device. The address for a switch is assigned to a virtual interface represented as a Virtual LAN interface (VLAN). Switch interfaces are also enabled by default. However, VLAN interfaces must be enabled with the no shutdown command Switch(config)#interface vlan 1 Switch(config-if)# ip address ipaddress subnet mask Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip default-gateway ipaddress Using the ping command is an effective way to test connectivity. The test is often referred to as testing the protocol stack, because the ping command moves from Layer 3 of the OSI model to Layer 2 and then Layer 1. The ICMP protocol to check for connectivity. ! - Indicates receipt of an ICMP echo reply-

John McHugh CCAI Community College of Vermont

Page 8

3/13/2013

indicators?

What does pinging the loopback test? What is the command? What is the size of the test packets sent by the ping command? What is the TTL? What is the difference between the show ip interfaces & the show ip interface brief commands? In looking at the output from the show ip int bri command (abbreviated) what does the output of up & up under the Status & Protocols columns indicate? What are the possible outcomes for these 2 columns?

ping completed successfully and verifies Layer 3 connectivity. . - indicates a timed out while waiting for a reply- may indicate connectivity problem occurred somewhere along the path. May indicate a router along the path did not have a route to the destination and did not send an ICMP destination unreachable message. May indicate that ping was blocked by device security. U - An ICMP unreachable message was received- indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message. It is used to verify the internal IP configuration on the local host. C:\>ping 127.0.0.1 32 bytes Time to Live in milliseconds The show ip interface brief command provides a more abbreviated output than the show ip interface command. This provides a summary of the key information for all the interfaces. The up in the Status column shows that this interface is operational at Layer 1. The up in the Protocol column indicates that the Layer 2 protocol is operational. Status Protocol Up Up Up Down Down Down Because if the physical layer is down, all other layers are going to be down. By testing the interface assignment. Ping the IP address assigned to the NIC C:\ping ipaddress If this test fails, it is likely that there are issues with the NIC hardware and software driver that may require reinstallation of either or both. This test is conducted by pinging each host one by one on the LAN. This mode is entered by typing ping in privileged EXEC mode, at the CLI prompt without a destination IP address. A series of prompts are then presented. Router#ping Protocol [ip]: Target IP address:10.0.0.1 Repeat count [5]:

11.3.2

Why is the outcome for Status/Protocol never going to be Down/Up How do you verify that the NIC address is bound to the IPv4 address and that the NIC is ready to transmit signals across the media? If the test in the previous question fails, what is a possible reason? 11.3.3 How can you verify that both the local host (the router in this case) and the remote host are configured correctly? What are the extended ping commands & how do you enter this command?

John McHugh CCAI Community College of Vermont

Page 9

3/13/2013

11.3.4

How do you verify that a local host can connect with a gateway address> What is the gateway?

11.3.5

What command shows you the next hop in a destinations route? How do you test the connectivity of the next hop? How do you test connectivity to a remote host? What is the purpose of a trace, and what commands are used?

Datagram size [100]: Timeout in seconds [2]:5 Extended commands [n]: n Ping the ip address of the local gateway C:\ping ipaddress The gateway is the host's entry and exit to the wider network. It is usually the address of the Ethernet interface of the router to which the host is connected either directly or indirectly through a switch. The show ip route command. This shows you the routing table. Ping the ip address of the next hop router as indicated from the output of the routing table. Ping the ip address of the remote host. A trace returns a list of hops as a packet is routed through a network. The form of the command depends on where the command is issued. When performing the trace from a Windows computer, use tracert. When performing the trace from a router CLI, use traceroute. *** are shown to indicate Trace requests to the next hop timed out, meaning that the next hop did not respond. Test 1: Local Loopback-testing the stack Test 2: Local NIC-testing the interface assignment Test 3: Ping Local Gateway-testing local network Test 4: Ping Remote Host-testing gateway & remote connectivity Test 5: Traceroute-testing each hop in the path Establish a network baseline.

What is shown in the output of a trace that indicates a failure along the path? What are the steps in a testing sequence assuming that one test is successful and the testing should continue?

11.4.1

What is one of the most effective tools for monitoring and troubleshooting network performance? What is network baseline?

What is one method for starting a baseline?

What are the steps to capture output using HyperTerminal?

A process that involves monitoring network performance & behavior over a certain period of time allowing for a point of reference when wanting to monitor performance in the future. To copy and paste the results from an executed ping, trace, or other relevant command into a text file. These text files can be time stamped with the date and saved into an archive for later retrieval. When using HyperTerminal for access, the steps are: 1. On the Transfer menu, click Capture Text. 2. Choose Browse to locate or type the name of the saving the file. 3. Click Start to begin capturing text 4. Execute the ping command in the user EXEC mode or at the privileged EXEC prompt. The router will place the text displayed on the terminal in the location chosen.

John McHugh CCAI Community College of Vermont

Page 10 3/13/2013

11.4.3

How do you execute an ARP request from a host? What type of info can be found in the ARP cache?

How can this cache be cleared? How can you ensure that the ARP cache is populated? What is a ping sweep?

How can you determine a mapping of how hosts are connected to a switch?

5. View the output to verify that it was not corrupted. 6. On the Transfer menu, click Capture Text, and then click Stop Capture. These steps are the same for other output captures including traceroute. To execute an ARP command, at the command prompt of a host, enter: C:\host1>arp -a The IPv4 address, physical address, and the type of addressing (static/dynamic), for each device. The ARP cache is only populated with information from devices that have been recently accessed. It can be cleared by using the arp -d command. Ping a device so that it will have an entry in the ARP table. It is a scanning method for collecting MAC addresses that can be executed at the command line or by using network administration tools. Using a command line from a switch, enter the show command with the mac-address-table argument: Sw1-2950#show mac-address-table Several MAC addresses representing multiple nodes assigned to a single port.

What might be an indicator that a switch port is on a shared segment or is connected to another switch?

John McHugh CCAI Community College of Vermont

Page 11 3/13/2013