1. NETWORK ENVIRONMENT MANAGEMENT
Discovering Neighbors on the Network

2. CISCO DISCOVERY PROTOCOL
Note: CDP is sent using multicast frames with the MAC address ccc.cccc.

3. CDP continue
Cisco Discovery Protocol is a proprietary utility that provides a summary of directly connected switches, routers, and other Cisco devices.
Cisco Discovery Protocol discovers neighboring devices, regardless of which protocol suite they are running
Physical media must support the SNAP encapsulation.

4. DISCOVERING NEIGHBORS WITH CISCO DISCOVERY PROTOCOL
Cisco Discovery Protocol runs on Cisco IOS devices.
Summary information includes:
Device identifiers
Address list
Port identifier
Capabilities list
Platform
Emphasize: CDP is media- and protocol-independent and runs on all Cisco-manufactured equipment including routers, access servers, switches, and some managed hubs. With CDP, network management applications can retrieve the device type and SNMP agent address of neighboring devices. This capability enables applications to send SNMP queries to neighboring devices.
CDP allows network management applications to dynamically discover Cisco devices that are neighbors. CDP runs on all media that support the Subnetwork Access Protocol, including LAN and Frame Relay. CDP runs over the data link layer only, not the network layer. Therefore, two systems that support different network-layer protocols can learn about each other.
Cached CDP information is available to network management applications. Cisco devices never forward a CDP packet. When new information is received, old information is discarded. The holdtime determines how long to keep existing information from a neighbor.

5. USING CISCO DISCOVERY PROTOCOL
RouterA#show cdp ?
entry Information for specific neighbor entry
interface CDP interface status and configuration
neighbors CDP neighbors entries
traffic CDP statistics
<cr>
RouterA(config)#no cdp run
RouterA(config)#interface serial0/0/0
RouterA(config-if)#no cdp enable
Note: Some of the CDP commands are not available on the Catalyst 1900 switch, like cdp run, show cdp traffic, and show cdp entry.

6. USING CISCO DISCOVERY PROTOCOL
RouterA# show cdp ?
entry Information for specific neighbor entry
interface CDP interface status and configuration
neighbors CDP neighbor entries
traffic CDP statistics …
RouterA(config)# no cdp run
! Disable CDP Globally
RouterA(config)# interface serial0/0/0
RouterA(config-if)# no cdp enable
! Disable CDP on just this interface
Note: Some of the CDP commands are not available on the Catalyst 1900 switch, like cdp run, show cdp traffic, and show cdp entry.

7. USING THE SHOW CDP NEIGHBORS COMMAND
RouterA# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
SwitchA fa0/ S I WS-C2960- fa0/2
RouterB s0/0/ R S I s0/0/1
Emphasize: This graphic shows the show cdp neighbors command initiated from a router, which displays a summary of the capabilities and access details for the CDP neighbors. The show cdp neighbors detail command shows detailed information about the same devices.
Note: If the neighbor is a Catalyst 1900 switch, the switch MAC address is also displayed. If the switch is a 2900xl, its MAC address is not displayed.

8. USING THE SHOW CDP ENTRY COMMAND
Device ID: RouterB
Entry address(es):
IP address:
Platform: Cisco 2811, Capabilities: Router Switch IGMP
Interface: Serial0/0/0, Port ID (outgoing port): Serial0/0/1
Holdtime : 155 sec
Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
Emphasize: The example shows what information can be obtained about RouterA’s neighbor. CDP is one way to learn about other Cisco devices on the network.

9. ADDITIONAL CISCO DISCOVERY PROTOCOL COMMANDS
RouterA# show cdp traffic
CDP counters :
Total packets output: 8680, Input: 8678
Hdr syntax: 0, Chksum error: 0, Encaps failed: 5
No memory: 0, Invalid packet: 0, Fragmented: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 8680, Input: 8678
RouterA# show cdp interface s0/0/0
Serial0/0/0 is up, line protocol is up
Encapsulation PPP
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Note: The holdtime indicates how long the neighbor information will be kept in the local CDP table.

10. CREATING A NETWORK MAP

11. SUMMARY
Cisco Discovery Protocol is an information-gathering tool used by network administrators to obtain information about directly connected devices.
Cisco Discovery Protocol exchanges hardware and software device information with its directly connected Cisco Discovery Protocol neighbors.
Cisco Discovery Protocol on a router can be enabled or disabled as a whole or on a port-by-port basis.
Purpose: This slide discuss the initial configurations on the routers and switches.
Note: There is no setup mode on the Catalyst 1900 switch.

12. Summary cont.
The show cdp neighbors command displays information about the Cisco Discovery Protocol neighbors of a router.
The show cdp entry, show cdp traffic, and show cdp interface commands display detailed Cisco Discovery Protocol information on a Cisco device.
Using the information obtained from the show cdp command output, a network topology map can be created to aid troubleshooting.

13. MANAGING ROUTER STARTUP AND CONFIGURATION

14. ROUTER POWER-ON BOOT SEQUENCE
Perform power-on self-test (POST).
Load and run bootstrap code.
Find the Cisco IOS Software.
Load the Cisco IOS Software.
Find the configuration.
Load the configuration.
Run the configured Cisco IOS Software.
Emphasize: In a later slide, there is a very detailed flowchart of the router startup process.

15. ROUTER INTERNAL COMPONENTS
Note:
RAM—Packet buffers, running configurations, running Cisco IOS
ROM—POST, ROM monitor, baby Cisco IOS (Rxboot)
NVRAM—Backup configurations, config register
Flash—Cisco IOS
Flash memory is nonvolatile. It behaves like a file system. It is more expensive than NVRAM. It is readable and writeable. The 2500 routers run from Flash. If it is running Cisco IOS from Flash, then the Flash is in the readable state. Use the boot system command to boot Cisco IOS from a TFTP server so the 2500 can run from RAM if you need to write or erase Flash online.

16. Contains microcode for basic functions
ROM FUNCTIONS
Note: Mini Cisco IOS is the Rxboot mode.
One use of the ROM monitor is for password recovery. From ROM monitor, you can set the config register to 0x2142 so the NVRAM will be ignored during startup.
Contains microcode for basic functions

17. FINDING THE CISCO IOS IMAGE
Order of search:
1. Checks configuration register
2. Parses configuration for boot system command
3. Defaults to first file in flash memory
4. Attempts to boot from network server
5. Boot helper image
6. ROMMON
Note: There is a detailed flowchart of the router startup process on the next slide.

18. LOADING THE CISCO IOS IMAGE FROM FLASH MEMORY
Note: The 2500 series routers do not operate this way. The 2500 series routers normally run Cisco IOS from Flash. The Cisco IOS in Flash is not compressed but it is relocatable. Relocatable means the Cisco IOS image can be run from Flash or from RAM.
The 2500 can run from RAM if you use the boot system tftp command to boot the Cisco IOS image.
The Rxboot mode is also run from RAM on the 2500 routers.
The flash memory file is loaded into RAM.

19. LOADING THE CONFIGURATION
Emphasize: Using the default config register value (0x2102), the router will load the config from NVRAM at startup.
Load and execute the configuration from NVRAM
If no configuration is present in NVRAM, enter setup mode

20. SHOW RUNNING-CONFIG AND SHOW STARTUP-CONFIG COMMANDS
Purpose: This slide is a repeated slide from Chapter 4, “Operating and Configuring a Cisco IOS Device.”
Displays the current and saved configuration

21. DETERMINING THE CURRENT CONFIGURATION REGISTER VALUE
Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(5a), RELEASE SOFTWARE (fc3)
Technical Support:
Copyright (c) by Cisco Systems, Inc.
Compiled Sat 14-Jan-06 03:19 by alnguyen
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
RouterX uptime is 1 week, 5 days, 21 hours, 30 minutes
System returned to ROM by reload at 23:04:40 UTC Tue Mar
System image file is "flash:c2800nm-ipbase-mz.124-5a.bin"
Cisco 2811 (revision 53.51) with K/10240K bytes of memory.
Processor board ID FTX1013A1DJ
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Emphasize: Use the show version command to display the value of the config register setting. When you change the config register, you will see the change from the show version output:
Configuration register is 0x2102 (will be 0x2142 at next reload).
The new config register value will be used at the next reload.

22. CONFIGURATION REGISTER VALUES
Layer 4 of 4
Emphasize: Layer 4—Finishes with the third case, a boot field setting in the range of 0x2 to 0xF. The entry of a configuration register value in the 0x2 to 0xF range is significant. When the router attempts to boot from the net (Netboot), the bootstrap program generates a Cisco IOS filename based on the value of the boot field. For example, with the setting 0x2, the default Cisco IOS filename generated will be cisco2-xxxx, where xxxx refers to a processor name (for example, 2500). Again, refer students to the IMCR course for details.
You use the config-register command to change the value.
Notice that the bottom lines of the show version output indicates what value the config register will be on the next reload.
Configuration register bits 3, 2, 1, and 0 set boot option
Check the configuration register value with the show version command

23. SHOW VERSION COMMAND
Cisco IOS Software, 2800 Software (C2800NM-IPBASE-M), Version 12.4(5a), RELEASE SOFTWARE (fc3)
Technical Support:
Copyright (c) by Cisco Systems, Inc.
Compiled Sat 14-Jan-06 03:19 by alnguyen
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
RouterX uptime is 1 week, 5 days, 21 hours, 30 minutes
System returned to ROM by reload at 23:04:40 UTC Tue Mar
System image file is "flash:c2800nm-ipbase-mz.124-5a.bin"
Cisco 2811 (revision 53.51) with K/10240K bytes of memory.
Processor board ID FTX1013A1DJ
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102 (will be 2104 at next reload)
Note: The current state of the Flash memory is in read-only mode. It is running Cisco IOS from Flash.
This router has a total of 16 MB of Flash memory. The Flash contains one Cisco IOS image and there is 6.69 MB of available space left in Flash.

24. SHOW FLASH COMMAND RouterX#sh flash
-#- --length date/time path
Feb :38:56 +00:00 c2800nm-ipbase-mz.124-5a.bin
Dec :24:54 +00:00 sdmconfig-2811.cfg
Dec :25:24 +00:00 sdm.tar
Dec :25:38 +00:00 es.tar
Dec :25:54 +00:00 common.tar
Dec :26:08 +00:00 home.shtml
Dec :26:22 +00:00 home.tar
Dec :26:40 +00:00 128MB.sdf
bytes available ( bytes used)
Note: The current state of the Flash memory is in read-only mode. It is running Cisco IOS from Flash.
This router has a total of 16 MB of Flash memory. The Flash contains one Cisco IOS image and there is 6.69 MB of available space left in Flash.

25. SUMMARY
When a router boots, it performs tests, finds, and loads software, finds and loads configurations, and finally runs the software.
The major internal components of a router include RAM, ROM, flash memory, NVRAM, and the configuration register.
When a router boots, it searches for the Cisco IOS Software image in a specific sequence: location specified in the configuration register, flash memory, a TFTP server, and ROM.
The configuration register includes boot information specifying where to locate the Cisco IOS Software image. The register can be examined with a show command and change the register value with the config-register global configuration command.
Purpose: This slide discuss the initial configurations on the routers and switches.
Note: There is no setup mode on the Catalyst 1900 switch.

26. MANAGING CISCO DEVICES

27. CISCO IOS FILE SYSTEM AND DEVICES
Emphasize: In Cisco IOS Release 12.0, there are new copy commands. These new commands treat the RAM, Flash, NVRAM, TFTP, FTP, and so on as a file system. Since this class was developed when the most common Cisco IOS in the field is pre-12.0, these 12.0 commands are not covered in detail in this class.

28. MANAGING CISCO IOS IMAGES
Emphasize: This section introduces topics on managing your configuration file and Cisco IOS image.

29. VERIFYING MEMORY AND DECIPHERING IMAGE FILENAMES
RouterX# sh flash
-#- --length date/time path
Feb :38:56 +00:00 c2800nm-ipbase-mz.124-5a.bin
Dec :24:54 +00:00 sdmconfig-2811.cfg
Dec :25:24 +00:00 sdm.tar
Dec :25:38 +00:00 es.tar
Dec :25:54 +00:00 common.tar
Dec :26:08 +00:00 home.shtml
Dec :26:22 +00:00 home.tar
Dec :26:40 +00:00 128MB.sdf
bytes available ( bytes used)
Emphasize: The show flash command is an important tool to use to gather information about your router memory and image file. Caution students that they must know that they are loading the correct and appropriate image. The name for the Cisco IOS image file contains multiple parts, each with a specific meaning:
The first part of the image name contains the platform on which the image runs. In this example, the platform is C2500.
The second part of the name identifies the special capabilities of the image file. A letter or series of letters identifies the feature sets supported in that image. In this example, the “j” indicates this is an enterprise image, and the “s” indicates it contains extended capabilities.
The third part of the name specifies where the image runs and if the file is compressed. In this example, “l” indicates the file is relocatable and not compressed. Relocatable means the Cisco IOS can be run from Flash or from RAM. You should be careful in reading the Cisco IOS image filename. Some fonts display the lowercase letter “l” and the number 1 as the same character. How you enter the characters will impact the ability of the router to load the files correctly.
The fourth part of the name indicates the version number. In this example, the version number is 12.0 (3).
The final part of the name is the file extension. The .bin extension indicates this file is a binary executable file.
The Cisco IOS software naming conventions, name part field meaning, image content, and other details are subject to change. Refer to Cisco Connection Online (CCO) for updated details.
Verify that flash memory has room for the Cisco IOS image.

30. CREATING A SOFTWARE IMAGE BACKUP
RouterX# copy flash tftp:
Source filename []? c2800nm-ipbase-mz.124-5a.binAddress or name of remote host []?
Destination filename [c2800nm-ipbase-mz.124-5a.bin]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<output omitted>
bytes copied in secs ( bytes/sec)
RouterX#
Purpose: This slide discusses how to create a backup version of a Cisco IOS software image to a TFTP server.
Emphasize: Routers by default come with Flash memory that has a preloaded copy of the Cisco IOS software. Although Flash is extremely reliable—good for 65 years and 100,000 rewrites—it is a good idea to make a backup copy of the Cisco IOS software if you have a TFTP server available. If you have to replace Flash memory for some reason, you will have a backup copy at the revision level currently running on your network.
The copy command screen output varies depending on the Cisco IOS software level.
Determine the platform type of your TFTP server prior to beginning the backup procedure. The TFTP server may be running Windows, UNIX, Mac, or other OS. Filename and directory access procedures may vary depending on the TFTP server platform and platform version.
Back up current files prior to updating flash memory.

31. UPGRADING THE IMAGE FROM THE NETWORK
RouterX#copy tftp flash:
Address or name of remote host [ ]?
Source filename []? c2800nm-ipbase-mz.124-5a.bin
Destination filename [c2800nm-ipbase-mz.124-5a.bin]
Accessing tftp:// /c2600-js-mz a.bin...
Erase flash: before copying? [confirm]
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeee (output omitted) ...erased
Erase of flash: complete
Loading c2800nm-ipbase-mz.124-5a.bin from (via Ethernet0/0): !!!!!!!!!!!!!!!
(output omited)
[OK bytes]
Verifying checksum... OK (0x45E2)
bytes copied in secs ( bytes/sec)
RouterX
Purpose: This slide describes how to load a backup version of a Cisco IOS software image from a TFTP server to the router.
Emphasize: If you need more Flash space to load a copy of the Cisco IOS software, you must first erase the Flash memory. You cannot erase a single image—you must erase all copies of Cisco IOS software from Flash. However, if Flash memory on the router is partitioned, you can erase one or more of the parts.
After the TFTP transfer is completed, use the show flash command to view the file size to compare its size with that of the original on the server.
If the Cisco IOS is running from Flash, then the Flash is in the read-only state. To change the Flash to a writeable state, you can use the boot system TFTP command to boot a Cisco IOS from a TFTP server and the Cisco IOS will be run from RAM, or you can go to the Rxboot mode to perform the copy.

32. DEVICE CONFIGURATION FILES

33. CISCO IOS COPY COMMAND NVRAM Terminal TFTP server Erase start
Layer 4 of 4
NVRAM
Terminal
TFTP server
Erase start

34. CISCO IOS COPY COMMAND EXAMPLE
Note: Cisco IOS Release 12.0 supports a new syntax for the copy command.

35. COPY RUN TFTP AND COPY TFTP RUN COMMANDS
RouterX#copy running-config: tftp:
Address or name of remote host []?
Destination filename [running-config]? wgroa.cfg
.!!
1684 bytes copied in secs (129 bytes/sec)
RouterX#copy tftp: running-config:
Source filename []? wgroa.cfg
Destination filename [running-config]?
Accessing tftp:// /wgroa.cfg...
Loading wgroa.cfg from (via Ethernet0): !
[OK /3072 bytes]
1684 bytes copied in secs (99 bytes/sec)
Note: Cisco IOS Release 12.0 supports a new syntax for the copy command.

36. SHOW AND DEBUG COMMANDS

37. CONSIDERATIONS WHEN USING DEBUG COMMANDS
May generate output in a variety of formats that may not identify the problem
Require high overhead, possibly disrupting network device operation
Useful for obtaining information about network traffic and router status

38. COMMANDS RELATED TO DEBUG
RouteX(config)#
service timestamps debug datetime msec
Adds a time stamp to a debug or log message
RouteX#
show processes
Displays the CPU utilization for each process
RouteX#
no debug all
Disables all debug commands
RouteX#
terminal monitor
Displays debug output on your current vty session

39. SUMMARY
The Cisco IFS feature provides a single interface to all the file systems (NVRAM, RAM, TFTP, flash) that a router uses.
As a network grows, storage of the Cisco IOS Software and configuration files on a central server enables control of the number and revision level of software images and configuration files that must be maintained.
Having proper backup of the current device configuration stored in a TFTP server can help reduce device downtime.
Purpose: This slide discuss the initial configurations on the routers and switches.
Note: There is no setup mode on the Catalyst 1900 switch.

40. SUMMARY (CONT.)
The Cisco IOS Software copy commands can be used to move configurations from one component or device to another, such as RAM, NVRAM, or a file server.
The show and debug commands are built-in tools for troubleshooting. The show command is used to display static information, while the debug command is used to display dynamic data.

41. SECURING THE NETWORK

42. Attacks from inside the network remain a threat.
CLOSED NETWORKS
Attacks from inside the network remain a threat.

43. OPEN NETWORKS

44. THREAT CAPABILITIES— MORE DANGEROUS AND EASIER TO USE

45. E-BUSINESS CHALLENGE

46. ADVERSARIES, ADVERSARY MOTIVATIONS, AND CLASSES OF ATTACK
Nation-states
Terrorists
Criminals
Hackers
Crackers
Competitors
“Script kiddies”
Disgruntled employees
Government
Intelligence
Theft
DoS
Embarrassment
Challenge
Passive
Active
Close-in
Insider
Distributed

47. COMMON THREATS Physical installations Hardware threats
Environmental threats
Electrical threats
Maintenance threats
Reconnaissance attacks—Learning information about a target network by using readily available information and applications
Access attacks—Attacks on networks or systems for these reasons:
Retrieve data
Gain access
Escalate their access privileges
Password attacks—Tools used by hackers to compromise passwords

48. PASSWORD ATTACK THREAT MITIGATION
Here are password attack threat-mitigation techniques:
Do not allow users to use the same password on multiple systems.
Disable accounts after a certain number of unsuccessful login attempts.
Do not use cleartext passwords.
Use “strong” passwords; for example, “mY8!Rthd8y” rather than “mybirthday.”

49. SUMMARY
Sophisticated attack tools and open networks continue to generate an increased need for network security policies and infrastructure to protect organizations from internally and externally based attacks.
Organizations must balance network security needs against e-business processes, legal issues, and government policies. Establishing a network security policy is the first step in changing a network over to a secure infrastructure.
Network adversaries come in many shapes and sizes and with multiple motivations.

50. SUMMARY (CONT.)
It is very important to provide physical installation security for enterprise network devices.
Password attack threats can be mitigated.
Restrict password use.
Disable accounts after unsuccessful logins.
Do not use cleartext passwords; use strong passwords.

51. Managing the Configuration Register
You can change the configuration register value to modify how the router boots and runs.
These are the main reasons you would want to change the configuration register:
To force the system into the ROM monitor mode
To select a boot source and default boot filename
To enable or disable the Break function
To control broadcast addresses
To set the console terminal baud rate
To load operating software from ROM
To enable booting from a Trivial File Transfer Protocol (TFTP) server

52. Configuration Register16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
0x0
0x1 1
0x2102
0x3
0x4
0x5
0x6
0x7
0x8
0x9
0xA

53. Boot Field Configuration Register Bit Descriptions
0000 (0x0)
At the next power cycle or reload, the router boots to the ROM monitor (bootstrap program). To use the ROM monitor, you must use a terminal or PC that is connected to the router console port. For information about connecting the router to a PC or terminal, see the hardware installation guide for your router. In ROM monitor mode, you must manually boot the system image or any other image by using the boot ROM monitor command.
0001 (0x01)
Boots the first image in flash memory as a system image
0010 – 1111 (0x0 – 0xF)
At the next power cycle or reload, the router sequentially processes each boot system command in global configuration mode that is stored in the configuration file until the system boots successfully. If no boot system commands are stored in the configuration file, or if executing those commands is unsuccessful, then the router attempts to boot the first image file in flash memory.

54. Boot fields of the Configuration Resister
0–3 0x0000–0x000F Boot field (see Table 5.4).
6 0x0040 Ignore NVRAM contents.
7 0x0080 OEM bit enabled.
8 0x101 Break disabled.
10 0x0400 IP broadcast with all zeros.
5, 11–12 0x0800–0x1000 Console line speed.
13 0x2000 Boot default ROM software if network boot fails.
14 0x4000 IP broadcasts do not have net numbers.
15 0x8000 Enable diagnostic messages and ignore NVRAM contents.

55. Password Recovery
Boot the router and interrupt the boot sequence by performing a break, which will take the router into ROM monitor mode.
Change the configuration register by turning on bit 6 (with the value 0x2142).
Reload the router.
Enter privileged mode.

56. Password Recovery (cont)
Copy the startup-config file to running-config.
Change the password.
Reset the configuration register to the default value.
Save the router configuration.
Reload the router (optional).

57. END
Questions