COMPUTER NETWORK AND DESIGN CSCI 3385K

Operating System

Operating System All end devices and network devices require an operating system (OS). Kernel is the portion of the OS that interacts directly with the computer hardware. Shell is the portion that interfaces with applications and the user. The user can interact with the shell using a command line interface (CLI) or a graphical user interface (GUI). Command Line Interface (CLI) User interacts directly with the system in a text-based environment by entering commands on the keyboard at a command prompt. The system executes the command, often providing textual output. CLI requires very little overhead to operate. However, it does require that the user have knowledge of the underlying structure that controls the system.

Operating System Graphical User Interface (GUI) Allows the user to interact with the system using an environment of graphical icons, menus and windows. More user friendly and requires less knowledge of the underlying command structure that controls the system. GUI’s may not always be able to provide all of the features available at the CLI, may also fail, crash, or simply not operate as specified. For these reasons, network devices are typically accessed through a CLI. CLI is less resource intensive and very stable when compared to a GUI

Operating System Network Operating System Cisco devices uses a Internetwork Operating System (IOS). Cisco IOS is used for most Cisco Devices regardless of the type or size of the device. Operating System for Home network devices (routers) is called a firmware and it is usually configure by using a web-browser-based GUI.

Purpose of OS PC operating system enable a user to: Use a mouse to make selections and run programs. Enter text and text-based command View output on a monitor Cisco IOS enable a network technician to: Use a keyboard to run CLI-based network programs. Use a keyboard to enter text and text-based commands. View output on a monitor. All networking devices come with a default IOS. It is possible to upgrade the IOS version or feature set.

Access Methods The most common methods are: Console: a physical management port that provides out-of-band access (access via a dedicated channel) to a Cisco device for maintenance purposes only. Secure Shell (SSH): for remotely establishing a secure CLI connection through a virtual interface over the network. Unlike, console connection SSH require active networking services on the device including an active interface configured with an address. Telnet: is an unsecure method of remotely establishing a CLI session through a virtual interface over the network. Unlike SSH, telnet does not provide a secure encrypted connection. User authentication and passwords are sent over the network in plaintext Auxiliary: out-of-band port is used to establish a CLI session remotely using a modem.

Terminal Emulation Programs Program that emulates a video terminal within some other display architecture. There are number of excellent terminal emulation programs available for connecting to a networking device either by a serial connection over a console port or by a SSH/Telnet connection. These programs allow you to enhance your productivity by adjusting windows sizes, changing the font sizes, and changing color schemes. Some of these include: PuTTY Tera Term SecureCRT OS X Terminal

Terminal Emulation Programs

Terminal Emulation Programs

Cisco IOS Modes of Operation Console connection must be established before initial configuration of a Cisco device. Cisco IOS modes use a hierarchical structure and are quite similar for both router and switches.

Primary Command Modes As a security feature, the Cisco IOS software separates management access into the following two command modes: User EXEC Mode: This mode has limited capabilities but is useful for basic operations. It allows only a limited number of basic monitoring commands but does not allow the execution of any commands that might change the configuration of the device. Is identified by the CLI prompt that ends with the > symbol. Privileged EXEC Mode: To execute configuration commands, a network administrator must access privileged EXEC mode. Higher configuration modes like global configuration mode can only be reached from privileged EXEC mode. Privileged EXEC mode is identified by the CLI # symbol

Configuration Command Modes Global configuration mode To configure the device must enter this mode with configure terminal command. example: Switch(conf)# CLI configuration changes are made that affect the operation of the device as a whole. From this mode, the user can enter different sub-configuration modes. Line Configuration Mode and Interface Configuration Mode

Configuration Command Modes Line Configuration Mode: used to configure console, SSH, and telnet example: Switch(conf-line) Interface Configuration Mode: used to configure a switch port or router network interface. Example: Switch(config-if) To move from any sub-configuration mode to the privileged EXEC mode, enter the end command or enter the key combination Ctrl+Z. Also you can move from one sub-configuration mode to another.

Navigating between ISO Modes

Navigating between ISO Modes – cont.

Basic IOS Command Structure Keyword: a specific parameter defined in the operating system Argument: not predefined, a value or variable defined by the user After entering each complete command (including keywords or arguments) press the enter key to submit the command and be recognized by the interpreter. Example:

IOS Command Syntax Examples: Switch1>ping ip-address the command is ping and the user-defined argument is ip-address of the destination device (Switch1>ping 10.10.15.2) Switch1>traceroute ip-address The command is traceroute and the user-defined argument is ip-address of the destination device (Switch1>traceroute 192.168.254.254)

IOS Help Features Keyword: a specific parameter defined in the operating system Argument: not predefined, a value or variable defined by the user After entering each complete command (including keywords or arguments) press the enter key to submit the command and be recognized by the interpreter. Example:

IOS Help Features The IOS has two form of help available: Context-Sensitive Help: Enables you to quickly find which commands are available in each command mode, which commands start with specific characters or group of characters, and which arguments and keywords are available to particular commands. To access context-sensitive help, simply type ? at the CLI Command Syntax Check Verifies that a valid command was entered by the user Command line interpreter evaluates the command from left to right, if interpreter understand the command, then it is executed, otherwise, it will provide feedback describing what is wrong with the command.

IOS Help Features Context-Sensitive Help Command Syntax Check

Hotkeys and Shortcuts IOS CLI provides hotkeys and shortcuts that make configuring, monitoring, and troubleshooting easier. Tab: Completes the remainder of a partially typed command or keyword Ctrl-A: Moves cursor to the beginning of the line Ctrl-R: Redisplays a line Ctrl-Z: Exits configuration mode and return to user EXEC Down Arrow: Allows the user to scroll forward through former commands Up Arrow: Allows the user to scroll backward through former commands Ctrl-Shift-6: Allows the user to interrupt an IOS process such as ping or traceroute Ctrl-C: Aborts the current command and exits the configuration mode

Basic Device Configuration – Device Names Hostname: allows devices to be identified over the network or the Internet guidelines: Start with a letter Contains no spaces End with a letter or digit Use only letter, digits and dashes Must be less than 64 characters in length To remove the configured hostname use: Switch1#no hostname

Basic Device Configuration – Securing Access Securing Administrative Access: Secure privileged EXEC access with a password Secure user EXEC access with a password Secure remote Telnet access with a password Encrypt all passwords Provide legal notification When Choosing Passwords: Use password that are more than 8 characters in length. Use combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences. Avoid using the same password for all devices. Don’t use common words because these are easily guessed.

Basic Device Configuration – Securing Access Use the enable secret command, not the older enable password command The enable secret command provides greater security because the password is encrypted.

Basic Device Configuration – Securing Access Console port must be secured (reduces the change of unauthorized personnel physically plugging a cable into the device and gaining device access. VTY lines allows access to Cisco device via Telnet. Number of VTY lines supported varies with the type of device and the IOS version

Basic Device Configuration – Encryption Prevents password from showing up as plain text when viewing the configuration. Purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file. After this command is applied, removing the encryption service does not revert the encryption

Basic Device Configuration – Banner Messages These are an important part of the legal process in the event that someone is prosecuted for breaking into a device. Wording that implies that a login is “welcome” or “invited” is not appropriate. Often used for legal notification because it is displayed to all connected terminals.

Save the Running Configuration File Startup configuration: File stored in NVRAM that contains all of the commands that will be used upon startup or reboot. NVRAM does not lose its content when the power device is power off. Running configuration: File stored in RAM that reflects the current configuration, modifying affects the operation of a Cisco device immediately. RAM loses all of its content when the device is powered off or restarted

Alter the Running Configuration Restore the device to its previous configuration by removing the changed command individually. Copy the startup configuration file to the running configuration with the Switch1>copy startup-config running-config privileged EXEC mode command. Reload the device with the reload command from the privileged EXEC mode. Switch1>reload System configuration has been modified. Save? [yes/no]: n Proceed with reload?[confirm]

Capture Configuration to a Text File Using PuTTY to capture console session All session output will be captured to the file specified, MySwitchLogs. Execute the show running-conf or show startup-conf command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.

Interfaces and Ports Cisco IOS switches have physical ports for devices to connect to, but they also have one or more switch virtual interfaces (SVIs). No Physical hardware on the device is associated with it. It is created in software. SVI provides a means to remotely manage a switch over the network.

Switch Virtual Interface Configuration IP address: together with subnet mask, uniquely identifies end device on internetwork. Subnet mask: determines which part of a larger network is used by an IP address. interface VLAN 1: Interface configuration mode ip address 192.168.10.2 255.255.255.0: configures the IP address and subnet mask for the switch no shutdown: administratively enables the interface. Switch still needs to have physical ports configured and VTY lines to enable remote management

Verifying Connectivity