These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

Slides:



Advertisements
Similar presentations
© 2003, Cisco Systems, Inc. All rights reserved..
Advertisements

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)
Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Implementing a Highly Available Network
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
Introduction to the Cisco IOS
Chapter 9 Managing a Cisco Internetwork Cisco Router Components Bootstrap - Brings up the router during initialization POST - Checks basic functionality;
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Sybex CCNA Chapter 7: Managing a Cisco Internetwork Instructor & Todd Lammle.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
Module 7: Configuring TCP/IP Addressing and Name Resolution.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.
NMS Labs Mikko Suomi LAB1 Choose SNMP device managment software Features: –Gives Nice overview of network –Bandwith monitoring –Multible.
2010 Cisco Configuration Elements APRICOT 2010 Kuala Lumpur, Malaysia.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
Ch.4 – Learning About Other Devices (CDP and Telnet) CCNA 1 version 3.0 Rick Graziani Cabrillo College.
CCNA2 v3 Module 4 v3 CCNA 2 Module 4 JEOPARDY K. Martin.
Chapter 10 Networking and the Internet ITSC 1458.
CLI modes Accessing the configuration Basic configuration (hostname and DNS) Authentication and authorization (AAA) Log collection Time Synchronization.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public TSHOOT v6 Chapter 1 1 Chapter 1: Planning Maintenance for Complex Networks CCNP TSHOOT:
IPv6 Network Assessor 111 © 2005 Cisco Systems, Inc. All rights reserved. Susan Shareshian Solutions Manager, Cisco Systems, Inc.
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
CCNA Journal Sample. Index Basic Ethernet Serial Router Rip.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Configuring DNS and DHCP Chapter 20 powered by DJ 1.
Cisco Routers Objectives –How to log into a Cisco router and determine basic settings. Contents –Differences in available methods of access. –Different.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008 Cisco configuration elelements.
Cisco Configuration Elements Network Monitoring and Management Tutorial.
User Access to Router Securing Access.
Slide 1 SNMPv3, SSH & Cisco Matthew G. Marsh Chief Scientist of the NEbraskaCERT.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 7 – Secure Network Architecture and Management.
Cisco Discovery Protocol. CDP and Router Boot Up When a Cisco device boots up, CDP starts up automatically and allows the device to detect neighbor devices.
NetPro-ITI Ethernet LANs
Chapter 5 Managing a Cisco Internetwork
Jose Luis Flores / Amel Walkinshaw
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
Carlos Armas Roundtrip Networks Hervey Allen NSRC.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Understanding Switch Security.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
 Router Configurations part1 2 nd semester
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
Windows Vista Configuration MCTS : Advanced Networking.
Cisco LAN Switches.
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
CISCO CONFIGURATION ELEMENTS 1. Overview Basic things that we need to make sure are configured on a Cisco router (and switch) to do proper network management.
Cisco configuration elelements
Understanding Switch Security
CCNA Routing and Switching Routing and Switching Essentials v6.0
Cisco Switching Basics
Chapter 10: Device Discovery, Management, and Maintenance
Cisco configuration elements
CCNA Routing and Switching Routing and Switching Essentials v6.0
IST 202 Chapter 4.
Basic switch and router configuration
Understanding Switch Security
Chapter 10: Device Discovery, Management, and Maintenance
Understanding Cisco Router Security
Configuring a Router Module 3 Semester 2.
Chapter 8: Monitoring the Network
Presentation transcript:

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license ( as part of the ICANN, ISOC and NSRC Registry Operations Curriculum. Cisco/HP Configuration Elements Advanced Registry Operations Curriculum

Overview Basic things that we need to make sure are configured on a Cisco routers, Cisco switches and HP switches to do proper network management These apply to other network equipment manufacturers of course, and to servers and workstations

Hostname:Hostname of the device SSH:Enable Secure SHell DNS:Domain Name Lookup NTP:Time synchronization (Network Time Protocol) Syslog:System log messages SNMP:SNMP configuration SNMP traps:Where to send traps CDP:Cisco Discovery Protocol Elements

Cisco equipment

Accessing the device 1.ssh 2.You are in “user mode” rtr> 3.If you’re user has the privileges, go to “privileged mode” rtr>enable (class password) rtr#conf t rtr(config)# 4.Type in configuration commands. 5.Exit and save/build your new configuration rtr(config)#exit rtr#wr mem

Preferably we use the FQDN (Fully Qualified Domain Name). In config mode on the router something like this: rtr(config)#hostname TLDX-RTR.TLDX Hostname

In config mode on the router: ip domain-name tldX ip name-server Replace the “X” in “.tldX” with the number of your network. DNS configuration

In config mode: ntp server (*) clock timezone XXXX 3 If needed: clock summer-time XXXX recurring \ last Sun Mar 2:00 last Sun Oct \ 3:00 Replace “XXXX” with the timezone abbreviation for the location of your router. Manually doing this can often backfire as “fixed” dates may change. Verify: rtr>show clock (*) Alternate is “pool.ntp.org” NTP + time configuration

Only crypto version of IOS/CatOS have support for SSH – there are export restrictions... In config mode: rtr# aa new-model rtr# crypto key generate rsa rtr# username tldadmin secret 0 \ tldadmin! …above is required to be allowed to enable SSH. Verify creation with: sh crypto key mypubkey rsa Use at least 768 bits - OpenSSH requires it SSH (Note: already enabled here)

Enforce ssh (disabling telnet) on vty lines rtr#conf t rtr(config)#line vty 0 4 rtr(config)#transport input ssh rtr(config)#^Z (“exit” completely) rtr#wr mem SSH is now enabled Telnet is disabled if there’s only one (ssh) configured: transport input ssh SSH (continued)

In config mode, enable logging to your NOC machine (X is your network) rtr(config)#logging X.30 rtr(config)#logging facility local5 rtr(config)#logging trap debugging Syslog

In config mode: # snmp-server community xxxxxxxxx RO # snmp-server location XX – Replace xxxxxxxx with the private community string chosen in class. – For traps/alarms the usage of syslog is recommended – To restrict the clients allowed to query the router an access-list can be configured SNMP

Cisco Discovery Protocol Enabled by default nowadays in current IOS versions. Otherwise, enable with ”cdp enable” or ”cdp run” in configure mode on your router. tcpdump and tools like cdpr will show you CDP announcements Enable it only if it’s required by any tool check neighbor announcement with: rtr>show cdp neighbors CDP

HP switches

Accessing Using telnet or ssh (telnet by default) By default, no user, only a password: Password: ****** SW1 – HP 2510-G# Menu mode: not all options available! Shell mode: similar to Cisco IOS shell –i.e.: spanning-tree not enabled by default, and cannot be enabled via the menu: SW1 - HP 2510-G# conf t SW1 - HP 2510-G(config)# spanning-tree Accessing

Hostname Like Cisco, but specify FQDN: SW1# conf t SW1 (config)# hostname sw1.mgmt SW1 (config)# ^Z SW1#

DNS HP layer 2 switches don't support DNS resolution

NTP SW1# conf t SW1 (config)# sntp server SW1 (config)# sntp server unicast SW1 (config)# ^Z SW1# NTP

SSH SW1 (config)# crypto key generate ssh Installing new RSA key. If the key/ entropy cache is depleted, this could take up to a minute. SW1 (config)# ip ssh SW1 (config)# no telnet-server SW1 (config)# ^Z SW1# write mem SW1# SSH is now enabled – by default the user you log in as is ignored, only the password matters. TELNET IS DISABLED!

Syslog SW1 (config)# logging X.30 SW1 (config)# logging facility local5 SW1 (config)# ^Z SW1# write mem

SNMP SW1 (config)# snmp-server community xxx SW1 (config)# ^Z SW1# write mem By default, community is RO (read only)

CDP and LLDP/802.1ab HP eqpt. supports both Cisco's discovery protocol (CDP) as well as the open standard 802.1ab (LLDP – Link Layer Discovery Protocol) By default, CDP is enabled SW1 (config)# cdp run SW1 (config)# cdp enable 1-24 SW1 (config)# ^Z SW1# write mem CDP and LLDP/802.1ab

? Questions?