CAPITULO 2: CONFIGURE NETWORK OPERATING SYSTEM

2.1. Cisco IOS

1. Variations of Cisco IOS:
1. IOS for switches, routers, and other Cisco networking devices
2. IOS numbered versions for a given Cisco networking devices
3. All devices come with a default IOS and feature set, possible to upgrade the IOS version or feature set.
2. IOS can be downloaded from cisco.com, Cisco Connection Online (CCO) account is required.

2.1.2. Cisco IOS Access

2.1.2.1. Access Methods

1. Console port: Out-of-band serial port for management purposes such as the initial configuration of the router.
2. Secure Shell (SSH): Inband interface remotely and securely establishing a CLI session over a network.
User authentication, passwords, and commands sent over the network are encrypted.
As a best practice, use SSH instead of Telnet whenever possible.
3. Telnet: Inband interface remotely establish CLI session through a virtual interface over a network.
User authentication, passwords, and commands are sent over the network in plaintext.
4. Aux port: older method of establishing a CLI session remotely via a telephone dialup connection using modem.

2.1.2.2. Cisco IOS Modes of Operation

1. Cisco IOS modes use a hierarchical command structure.
2. Each mode has distinctive prompt and used to accomplish particular tasks with specific set of commands.

2.1.2.2.1 Primary Command Modes

1. USER EXEC: allows only a limited number of basic monitoring commands, “view-only” mode.
No authentication required to access the user EXEC mode but it should be secured.
2. PRIVILEGED EXEC: allows the execution of configuration and management commands.
“enable mode” because it requires the enable user EXEC command.
No authentication required to access the user EXEC mode but it should be secured.

2.1.2.2.2. Configuration Command Modes

1. Primary configuration mode is called global configuration or simply, global config.
2. Use the configure terminal command to access.
3. Specific sub configuration modes can be accessed from global configuration mode.
1. Interface mode: configure one of the network interfaces.
2. Line mode: configure the console, AUX, Telnet, or SSH access.

2.1.2.3. Navigate Between IOS Modes

1. To move from user EXEC mode to privileged EXEC mode, use the enable command.
2. Use return to user EXEC mode, use the disable command.
3. Various methods can be used to exit / quit configuration modes:
1. exit: used to move from specific mode to the previous more general mode,
2. end: used to exit out of global configuration mode regardless of which configuration mode
3. ^z: Works the same as end.

2.1.2.4. Command Structure

1. The syntax for a command is the command followed by any appropriate keywords and arguments:
1. Keyword: a specific parameter defined in the operating system (ip protocols)
2. Argument: not predefined; a value or variable defined by the user (192.168.10.5)
.
2.1.2.5. IOS Help Features
1. IOS Context-Sensitive Help:
1. Provides list of commands and arguments associated with those commands within the context of current mode.
2. Enter a question mark ?, at any prompt.
2. IOS Command Syntax Check:
1. Checks an entered command from left to right to determine what action is being requested.
2. If the interpreter understands the command, the requested action is executed and the CLI returns to the
appropriate prompt.
3. If the interpreter discovers an error, the IOS generally provides feedback such as “Ambiguous command”,
“Incomplete command”, or “Incorrect command”.
2.1.2.6. Hot Keys and Shortcuts
1. Commands and keywords can be shortened to the minimum number of characters that identify a unique selection.
2. Configure command can be shortened to conf because configure is the only command that begins with conf.
3. Shorter version of con not work because more than one command begins with con, Keywords can be shortened.
4. The IOS CLI support the following hotkeys:
1. Down Arrow: Allows the user to scroll through command history.
2. Up Arrow: Allows the user to scroll backward through commands.
3. Tab: Completes the remainder of a partially entered command.
4. Ctrl-A: Moves to the beginning of the line.
5. Ctrl-E: Moves to the end of the line.
6. Ctrl-R: Redisplays a line.
7. Ctrl-Z: Exits the configuration mode and returns to user EXEC.
8. Ctrl-C: Exits the configuration mode or aborts the current command.
9. Ctrl-Shift-6: Allows the user to interrupt an IOS process (e.g., ping).

2.2. Basic Device Configuration

2.2.1. Hostnames: Device Names

1. First step when configuring a switch is to assign it a unique device name, or hostname.
2. Hostnames appear in CLI prompts, used in various authentication processes between devices,
3. Should be used on topology diagrams.
4. The hostname name global configuration command is used to assign a name.

2.2.2. Limit Access to Device Configurations

2.2.2.1. Secure Device Access

1. Secure network devices to physically limit access by placing them in wiring closets and locked racks.
2. Enforce secure passwords as passwords, primary defense against unauthorized access to network devices.

2.2.2.2. Configure Passwords

1. Secure privileged EXEC access : enable secret password global config command.
2. Secure user EXEC access by configuring the line console as follows:
1. (config)# line console 0
2. (config-line)# password password
3. (config-line)# login
3. Secure remote Telnet or SSH access by configuring the Virtual terminal (VTY) lines as follows:
1. (config)# line vty 0 15
2. (config-line)# password password
3. (config-line)# login

2.2.2.3. Encrypt Passwords

1. startup-config and running-config files display most passwords in plaintext.
2. Security threat because anyone can see the passwords if they have access to these files.
3. Use service password-encryption global config command to encrypt all passwords.
4. Command applies weak encryption to all unencrypted passwords, it does stop “shoulder surfing”.

2.2.2.4. Banner Messages

1. Banners are messages that are displayed when someone attempts to gain access to a device.
2. Banners are part of the legal process when someone is prosecuted for breaking into a device.
3. Configure: banner motd delimiter message delimiter command from global configuration mode.
4. Delimiting character can be any character as long as it is unique and does not occur in the message (e.g., #$%^&*)

2.2.2.5. Syntax Checker: Limiting Access to a Switch

1. Encrypt all passwords: service password-encryption
2. Secure the privileged EXEC access: enable secret password
3. Secure the console line:
1. (config)# line console 0
2. (config-line)# password password
3. (config-line)# login
4. Secure the first 16 VTY lines:
1. (config)# line vty 0 15
2. (config-line)# password password
3. (config-line)# login
2.2.3. Save Configurations

2.2.3.1. Save the Running Configuration File

1. Cisco use a running configuration file and a startup configuration file.
2. Running configuration: File is stored in RAM and contains the current configuration on a Cisco IOS.
Configuration changes are stored in this file.
If power is interrupted, the running config is lost.

3. Startup config: file stored in NVRAM and contains the configuration that will be used by the device upon reboot.
running config is saved as the startup config.
If power is interrupted, it is not lost or erased.
4. Use the show running-config command to display contents.
5. Use the copy running-config startup-config command to save the running configuration.

2.2.3.2. Alter the Running Configuration

1. Configuration changes can be removed by reboot to last saved configuration using the reload privileged EXEC.
2. Reload restores the startup-config.
3. A prompt will appear to ask whether to save the changes. To discard the changes, enter n or no.
4. If undesired changes were saved to the startup configuration, it may be necessary to clear all the configurations
using the erase startup-config privileged EXEC mode command.

2.2.3.3. Capture Configuration to a Text File

1. Configuration files can also be saved and archived to a text document for editing or reuse later

2.3. Address Schemes

2.3.1.1. IP Addresses
1. Each end device requires an IP configuration consisting of:
1. IP address
2. Subnet mask
3. Default gateway (optional for some devices)

2.3.1.2. Interfaces and Ports

1. Layer 2 switches have physical ports for devices to connect, these ports do not support Layer 3 IP addresses.
2. To remotely connect to and manage a Layer 2 switch, it must be configured with one or more switch virtual
Interfaces (SVIs).
3. Each switch has a default VLAN 1 SVI.
4. Layer 2 switch does not need an IP address to operate. SVI IP address is only used to remotely manage a switch.

2.3.2. Configure IP Addressing

1. Configure the VLAN 1 switch virtual interface (SVI):
1. IP address: Uniquely identifies the switch on the network
2. Subnet mask: Identifies the network and host portion in the IP address
3. Enabled: Using the no shutdown command.