EDTECH
552
(SP11)

 Susan
Ferdon
 


Notes – Odom, Chapter 8 Flashcards Set: http://www.flashcardmachine.com/1294907/6eq8

CLI

SSH

Enable Mode

User Mode

Configuration Mode startup-config file

running-config file Telnet

Command Line Interface An interface that enables the user to interact with the operating system by entering commands and optional arguments. Secure Shell A TCP/IP application layer protocol that supports terminal emulation between a client and server, using dynamic key exchange and encryption to keep the communications private. A part of the Cisco IOS CLI in which the user can use the most powerful and potentially disruptive commands on a router or switch, including the ability to then reach configuration mode and reconfigure the router. A mode of the user interface to a router or switch in which the user can type only nondisruptive EXEC commands, generally just to look at the current status, but not to change any operational settings. A part of the Cisco IOS Software CLI in which the user can type configuration commands that are then added to the device’s currently used configuration file (running-config). In Cisco IOS switches and routers, the name of the file that resides in NVRAM memory, holding the device’s configuration that will be loaded into RAM as the running-config file when the device is next reloaded or powered on. In Cisco IOS switches and routers, the name of the file that resides in RAM memory, holding the device’s currently used configuration. The standard terminal-emulation application layer protocol in the TCP/IP protocol stack. Telnet is used for remote terminal connection, enabling users to log in to remote systems and use resources as if they were connected to a local system. Telnet is defined in

IOS

Console line vty

RFC 854. Internetwork Operating System Cisco operating system software that provides the majority of a router’s or switch’s features, with the hardware providing the remaining features. Cisco switches refer to the console as the console line – specifically console line 0. Virtual Terminal Line Switches support 16 concurrent Telnet sessions which are called virtual terminal (vty) line. The term vty refers to the old name for terminal emulators. This includes Telnet and SSH access.

Chapter 8 Configuration Commands Command

Mode and Purpose

line console 0

interface type portnumber

Global command that changes the context to console configuration mode. Global command that changes the context to vty configuration mode for the range of vty lines listed in the command. Line (console and vty) configuration mode. Tells IOS to prompt for a password (no username). Line (console and vty) configuration mode. Lists the password required if the login command (with no other parameters) is configured. Global command that changes the context to interface mode—for example, interface Fastethernet 0/1.

shutdown no shutdown

Interface subcommand that disables or enables the interface, respectively.

hostname name

Global command that sets this switch’s hostname, which is also used as the first part of the switch’s command prompt. Global command that sets the automatically encrypted enable secret password. The password is used for any user to reach enable mode. Global command that sets the clear-text enable password, which is used only when the enable secret password is not configured. Moves back to the next higher mode in configuration mode.

line vty 1st-vty 2ndvty login password passvalue

enable secret passvalue enable password pass-value exit end Ctrl-Z

Exits configuration mode and goes back to enable mode from any of the configuration sub modes. This is not a command, but rather a two-key combination (the Ctrl key and the letter z) that together do the same thing as the end command.

Chapter 8 EXEC Commands Command

Purpose

no debug all undebug all

Enable mode EXEC command to disable all currently enabled debugs.

show process

EXEC command that lists statistics about CPU utilization.

terminal monitor

EXEC command that tells Cisco IOS to send a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command. Enable mode EXEC command that reboots the switch or router. Enable mode EXEC command that copies files from one file location to another. Locations include the startupconfig and running-config files, files on TFTP and RPC servers, and flash memory. Enable mode EXEC command that saves the active config, replacing the startup-config file used when the switch initializes.

reload copy from-location to-location

copy runningconfig startupconfig copy startupconfig runningconfig

Enable mode EXEC command that merges the startup config file with the currently active config file in RAM.

show runningconfig write erase erase startupconfig erase nvram:

Lists the contents of the running-config file.

setup

Enable mode EXEC command that places the user in setup mode, in which Cisco IOS asks the user for input on simple switch configurations. EXEC command that disconnects the user from the CLI session. Same as the show running-config command.

quit show system:runningconfig

All three enable mode EXEC commands erase the startupconfig file.

show startupconfig show nvram:startupconfig show nvram:

Lists the contents of the startup-config (initial config) file.

enable

Moves the user from user mode to enable (privileged) mode and prompts for an enable password if configured.

Same as the show startup-config command.

disable

Moves the user from enable mode to user mode.

configure terminal

Enable mode command that moves the user into configuration mode.

Network engineers connect to a switch’s user interface in order to check on the switch’s status, look at information about what the switch is doing, and possibly configure specific features of the switch. Engineers will also want to enable security features that allow them to securely access the switches without being vulnerable to malicious people breaking into the switches. Cisco has two major brands of LAN of switching products: Catalyst and Linksys. Catalyst was designed with Enterprises (companies, governments, and so on) and Linksys is for home use. Both brands provide the same basic features. The CCNA exams focus on how to implement LANs using Cisco Catalyst switches, so this chapter explains how to gain access to a Cisco Catalyst switch to monitor, configure, and troubleshoot problems. For this chapter, all references to “Cisco switch” refer to Cisco Catalyst switches, not Linksys switches.

Accessing the Cisco Catalyst 2960 Switch CLI Cisco uses the same concept of a command-line interface (CLI) with its router products and most of its Catalyst LAN switch products. The CLI is a text-based interface in which the user, typically a network engineer, enters a text command and presses Enter. Pressing Enter sends the command to the switch, which tells the device to do something. The switch does what the command says, and in some cases, the switch replies with some messages stating the results of the command.

Cisco Catalyst Switches and the 2960 Switch (p. 201)

 Within the Cisco Catalyst brand of LAN switches, Cisco produces a wide variety of switch series or families. Each switch series includes several specific models of switches that have similar features, similar priceversus-performance trade-offs, and similar internal components.  Cisco positions the 2960 series (family) of switches as full-featured, lowcost wiring closet switches for Enterprises. That means that you would expect to use 2960 switches as access switches.  Access switches provide the connection point for end-user devices, with cabling running from desks to the switch in a nearby wiring closet. 2960 access switches would also connect to the rest of the Enterprise network using a couple of uplinks, often connecting to distribution layer switches.  The distribution layer switches are often from a different Cisco switch family, typically a more powerful and more expensive product family.

 A switch’s physical connectors are called interfaces or ports. Each interface has a number in the style x/y, where x and y are two different numbers.  On a 2960, the number before the / is always 0. The first 10/100 interface on a 2960 is numbered starting at 0/1, the second is 0/2, and so on.  The interfaces also have names; for example, “interface FastEthernet 0/1” is the first of the 10/100 interfaces. Any Gigabit-capable interfaces would be called “GigabitEthernet” interfaces - “interface gigabitethernet 0/1.”  There are two major operating systems for Cisco switches: IOS and Cat OS. Most switches run only on IOS, but for historical reasons some high-end switches support both. If you see "IOS-based switch" you know it only runs Cisco IOS, not Cat OS.  Cisco's more popular core switch is the 6500 series and it can run either IOS and Cat OS. Hybrid refers to switches that use Cat OS, and native refers to 6500 switches that use IOS.

Switch Status from LEDs (p. 202)  To examine how a switch is working, verify current status, and troubleshoot problems, a network engineer spends vast majority of time using commands from IOS CLI.  There are LEDs that provide some status and troubleshooting info.  SYST LED status: o Off: The switch is not powered on o On (green): Powered on and operational (IOS loaded) o On (amber): Power-On Self Test (POST) process failed, Cisco IOS did not load  Port LEDs mean something different depending on which of the three port LED modes is currently used on the switch. Switches have a mode button – push it to cycle through three modes: STAT, DUPLEX, and SPEED, indicated by LED

Accessing the Cisco IOS CLI  IOS controls switch performance and behavior and defines human interface called CLI.  CLI allows user to use terminal emulation program to send text which is processed as a command. Switch processes the command, does what the command says, and sends text back to the terminal emulator.  Three popular methods to access switch CLI: the console, Telnet, and Secure Shell (SSH). Telnet and SSH use IP network, console uses a physical port.  You can also use a web browser to configure a switch but that’s not CLI interface. It is Cisco Device Manager (CDM) or Cisco Security Device Manager (SDM)  Console Connection: o Uses rollover cable (http://pinouts.ru/NetworkCables/rj45_rollover_pinout.shtml); connects switch RJ-45 port to PC serial port (also RJ-45). Rollover cable is 12345678 on one end and 87654321 on the other. [Review of cables: http://www.petri.co.il/csc_the_basics_of_ethernet_cabling.htm). o Connect to switch CLI even if switch is not connected to the network yet. o When physically connected, terminal emulation software must be installed and configured on the PC.

o The figure shows the window created by the emulator software. Note that the first highlighted portion shows the text Emma#show mac address-table dynamic.  The Emma# part is the command prompt, which typically shows the hostname of the switch (Emma in this case).  The prompt is text created by the switch and sent to the emulator.  The show mac address-table dynamic part is the command that the user entered.  The text 208 shown beneath the command is the output generated by the switch and sent to the emulator.  Finally, the lower highlighted text Emma# shows the command prompt again, as sent to the emulator by the switch.  Telnet Connection: o The TCP/IP Telnet application allows a terminal emulator to communicate with a device. Telnet uses an IP network to send and receive the data, rather than a specialized cable and physical port on the device. o The Telnet application protocols call the terminal emulator a Telnet client and the device that listens for commands and replies to them a Telnet server. o Telnet is a TCP-based application layer protocol that uses wellknown port 23.

o User must install a Telnet client software package on his or her PC. The switch runs Telnet server software by default but needs an IP address configured to send and receive IP packets. o Network must be set up between PC and switch so they can exchange IP packets. o Pro - Remote access. o Con – Sends all data (including user names and passwords) as clear text which is a potential security risk.  SSH: o Uses terminal emulator and has ability to send data using IP. Uses TCP and well-known port 22. o Key difference between Telnet and SSH is that SSH encrypts all communication so it is private and more secure.  Password Security o By default, the switch allows only console access. o It is recommended to password-protect console access, as well as Telnet and SSH. o Once configured, the switch supplies a password prompt (as a result of login command) and expects to user to enter the password listed in the password command. o Configuring SSH passwords requires more effort than console and Telnet because it uses public key cryptography to exchange a shared session key which is used for encryption. o Whereas Telnet requires a password, SSH requires at least a password and username.

User and Enabled (Privileged) Mode  EXEC mode, sometimes called user mode, allows you to look around but not break anything. User mode allows your to issue nondisruptive commands.  In EXEC mode, when you enter a command, the switch executes the command and then displays messages that describe the command’s results.  More powerful EXEC mode is enable mode, also know as privileged mode or privileged EXEC mode – the enable command is used to reach it. Allows more powerful commands, like rebooting the switch. Privileged mode allows commands that might harm the switch.  By default, enable mode can only be reached by a console user.  If command prompt lists hostname followed by a “>” your are in user mode; if the hostname is followed by “#”, the user is in enable mode.  Commands that can be used in either user (EXEC) mode or enable (EXEC) mode are called EXEC Commands.

When you unpack a new switch it will work, but you should at least connect to the switch console port and configure passwords for the console, Telnet, SSH, and the secret password.

CLI Help Features There are command-recall help options available at the CLI.  command represents any command.  parm represents a command’s parameters  When you enter ?, the Cisco IOS CLI reacts immediately; there is no need to press the Enter key.  Information supplied depends on the CLI mode. For example, in user mode you would get the commands allowed in user mode, but commands available only in enable more are not displayed.  Cisco IOS stores up to 10 commands in the history buffer. Commands can be edited before reissuing.  Table 8-5 (p. 312) lists keyboard shortcuts for recently used commands.

The debug and show Commands  By far, the most popular Cisco IOS command is the show command. It has a variety of options that enable you to find the status of almost every feature of Cisco IOS. The show command lists the currently known facts about the switch’s operational status.  The debug command commands asks the switch to monitor different processes in the switch. The switch sends ongoing messages to the user when different events occur.  The show command is like a photograph, where the debug command is like a movie. The debug command requires more effort and more CPU cycles but lets you watch what is happening.  Messages created when a user issues a debug command are log messages and can be viewed by any remote user who asks, by using the terminal monitor command.  The show command lists a set of messages only for that user.  Options enabled by a debug command are not disabled until the user takes action or the switch is reloaded. A reload command disables all currently enabled debug options. No debug all allows you to be more discriminating about what you debug. To debug a single option, put no in front of the original debug command.  Beware! Debug can create so many messages that it can crash your Cisco IOS. Paragraph 4, on page 214, describes a process for debugging when can keep your switch from crashing.

Configuring Cisco IOS Software

Configuration mode is another mode for Cisco CLI. None of the commands in user and privileged mode changes the switch’s configuration. Configuration mode accepts configuration commands—commands that tell the switch the details of what to do, and how to do it. These commands update the active configuration file and changes occur immediately each time you press the Enter key at the end of a command.

Configuration Submodes and Contexts  Configuration mode contains a multitude of subcommand modes.  The text inside parenthesis identifies the configuration mode.  Both the Ctrl-z key sequence and the end command exit the user from any part of configuration mode and go back to privileged EXEC mode. Alternatively, the exit command backs you out of configuration mode one subconfiguration mode at a time.

Storing Swtich Configuration Files  RAM: Sometimes called DRAM for Dynamic Random-Access Memory, RAM is used by the switch just as it is used by any other computer: for working storage. The running (active) configuration file is stored here.  ROM: Read-Only Memory (ROM) stores a bootstrap (or boothelper) program that is loaded when the switch first powers on. This bootstrap program then finds the full Cisco IOS image and manages the process of loading Cisco IOS into RAM, at which point Cisco IOS takes over operation of the switch.  Flash memory: Either a chip inside the switch or a removable memory card, Flash memory stores fully functional Cisco IOS images and is the default location where the switch gets its Cisco IOS at boot time. Flash memory also can be used to store any other files, including backup

copies of configuration files.  NVRAM: Nonvolatile RAM (NVRAM) stores the initial or startup configuration file that is used when the switch is first powered on and when the switch is reloaded.  Cisco IOS stores the collection of configuration commands in a configuration file. In fact, switches use multiple configuration files—one file for the initial configuration used when powering on, and another configuration file for the active, currently used running configuration as stored in RAM.

 When you are in configuration mode, you change only the runningconfig file (in RAM). However, if the switch loses power, that configuration would be lost. If you want to keep that configuration, you have to copy the running-config file into NVRAM, overwriting the old startup-config file.

Copying and Erasing Configuration Files  The most basic method for moving configuration files in and out of a switch is to use the copy command to copy files between RAM or NVRAM on a switch and a TFTP server. The files can be copied between any pair.  The commands for copying Cisco IOS configurations can be summarized as follows: copy {tftp | running-config | startup-config} {tftp | running-config | startup-config} The first set of parameters enclosed in braces ({}) is the “from” location; the next set of parameters is the “to” location.  Typically, issuing a copy command will make the new file replace the old one – the original destination file is erased. However, when a configuration file is copied, the new file is merged with the old one. If you want to revert, the files might not match. The only way to guarantee they will match is to issue the reload command, which erases RAM and copies the startup-config from NVRAM into RAM as part

of the reload process.  Three different commands can erase the contents of NVRAM. The write erase and erase startup-config are older, whereas the erase nvram: command is more recent and recommended. All three simply erase the NVRAM file.  Cisco does not have a command that erases the contents of the running-config file. Simply erase the file then reload the switch.  Making a copy of all current switch and router configurations should be part of any network’s overall security strategy, mainly so that you can replace a device’s configuration if an attack changes the configuration.

Initial Configureation (Setup Mode)  Cisco IOS Software supports two primary methods of giving a switch an initial basic configuration—configuration mode and setup mode.  Set up mode is often used by new users. Switch administrators answer a series of questions which lead to a basic switch configuration.  Most configuration tasks require the use of configuration mode.

“Do I Know This Already” Quiz, Chapter 8 - pp. 198-199 TOPIC Accessing the Cisco Catalyst 2960 Switch CLI

Configuring Cisco IOS Software

Q#

1st Try

1

A, B

2 3

B B

4

A

5 6 7

F D A, C

2nd Try

Answer

B, C

Q: A switch user is currently in console line configuration mode. Which of the following would place the user in enable mode? a. Using the exit command once b. Using the exit command twice in a row c. Pressing the Ctrl-z key sequence d. Using the quit command Answer: B and C Explanation: Exit command takes you to the next highest level. I thought enable mode was one higher that console line configuration mode, but it is two: line  global  privileged/enable. Exit command once gets you from line to global. Exit command again gets you from global configuration to enable mode. See diagram on next page.

Additional information about Catalyst Switch Configuration: http://www.google.com/url?sa=t&source=web&cd=10&ved=0CFcQFjAJ&url=h ttp%3A%2F%2Fdocstore.mik.ua%2Fcisco%2Fpdf%2Frouting%2FCisco%2520 Field%2520Manual%2520%2520Catalyst%2520Switch%2520Configuration.pdf&rct=j&q=cisco%20switc h%20moving%20between%20configuration%20modes&ei=N2gTeCWOeaF0QGPw9j_BA&usg=AFQjCNEUZOfhq2yKdzhqK9qkYiQ7qBFQuQ&si g2=th1BYU6YEk0ioZe2ZgNXgQ&cad=rja

Source: http://www.cisco.com/ELearning/bulk/public/tac/cim/cib/using_cisco_ios_software/02_cisco_ios_hiera rchy.htm