Presentation is loading. Please wait.

Presentation is loading. Please wait.

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

Published byRosemary Bradford Modified over 9 years ago

Similar presentations

Presentation on theme: "These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)"— Presentation transcript:

1 These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) as part of the ICANN, ISOC and NSRC Registry Operations Curriculum. Cisco/HP Configuration Elements Advanced Registry Operations Curriculum

2 Overview Basic things that we need to make sure are configured on a Cisco routers, Cisco switches and HP switches to do proper network management These apply to other network equipment manufacturers of course, and to servers and workstations

3 Hostname:Hostname of the device SSH:Enable Secure SHell DNS:Domain Name Lookup NTP:Time synchronization (Network Time Protocol) Syslog:System log messages SNMP:SNMP configuration SNMP traps:Where to send traps CDP:Cisco Discovery Protocol Elements

4 Cisco equipment

5 Accessing the device 1.ssh tldadmin@192.168.10X.1 2.You are in “user mode” rtr> 3.If you’re user has the privileges, go to “privileged mode” rtr>enable (class password) rtr#conf t rtr(config)# 4.Type in configuration commands. 5.Exit and save/build your new configuration rtr(config)#exit rtr#wr mem

6 Preferably we use the FQDN (Fully Qualified Domain Name). In config mode on the router something like this: rtr(config)#hostname TLDX-RTR.TLDX Hostname

7 In config mode on the router: ip domain-name tldX ip name-server 192.168.80.10 Replace the “X” in “.tldX” with the number of your network. DNS configuration

8 In config mode: ntp server 192.168.80.5 (*) clock timezone XXXX 3 If needed: clock summer-time XXXX recurring \ last Sun Mar 2:00 last Sun Oct \ 3:00 Replace “XXXX” with the timezone abbreviation for the location of your router. Manually doing this can often backfire as “fixed” dates may change. Verify: rtr>show clock (*) Alternate is “pool.ntp.org” NTP + time configuration

9 Only crypto version of IOS/CatOS have support for SSH – there are export restrictions... In config mode: rtr# aa new-model rtr# crypto key generate rsa rtr# username tldadmin secret 0 \ tldadmin! …above is required to be allowed to enable SSH. Verify creation with: sh crypto key mypubkey rsa Use at least 768 bits - OpenSSH requires it SSH (Note: already enabled here)

10 Enforce ssh (disabling telnet) on vty lines rtr#conf t rtr(config)#line vty 0 4 rtr(config)#transport input ssh rtr(config)#^Z (“exit” completely) rtr#wr mem SSH is now enabled Telnet is disabled if there’s only one (ssh) configured: transport input ssh SSH (continued)

11 In config mode, enable logging to your NOC machine (X is your network) rtr(config)#logging 192.168.10X.30 rtr(config)#logging facility local5 rtr(config)#logging trap debugging Syslog

12 In config mode: # snmp-server community xxxxxxxxx RO # snmp-server location XX – Replace xxxxxxxx with the private community string chosen in class. – For traps/alarms the usage of syslog is recommended – To restrict the clients allowed to query the router an access-list can be configured SNMP

13 Cisco Discovery Protocol Enabled by default nowadays in current IOS versions. Otherwise, enable with ”cdp enable” or ”cdp run” in configure mode on your router. tcpdump and tools like cdpr will show you CDP announcements Enable it only if it’s required by any tool check neighbor announcement with: rtr>show cdp neighbors CDP

14 HP switches

15 Accessing Using telnet or ssh (telnet by default) By default, no user, only a password: Password: ****** SW1 – HP 2510-G# Menu mode: not all options available! Shell mode: similar to Cisco IOS shell –i.e.: spanning-tree not enabled by default, and cannot be enabled via the menu: SW1 - HP 2510-G# conf t SW1 - HP 2510-G(config)# spanning-tree Accessing

16 Hostname Like Cisco, but specify FQDN: SW1# conf t SW1 (config)# hostname sw1.mgmt SW1 (config)# ^Z SW1#

17 DNS HP layer 2 switches don't support DNS resolution

18 NTP SW1# conf t SW1 (config)# sntp server 192.168.80.5 SW1 (config)# sntp server unicast SW1 (config)# ^Z SW1# NTP

19 SSH SW1 (config)# crypto key generate ssh Installing new RSA key. If the key/ entropy cache is depleted, this could take up to a minute. SW1 (config)# ip ssh SW1 (config)# no telnet-server SW1 (config)# ^Z SW1# write mem SW1# SSH is now enabled – by default the user you log in as is ignored, only the password matters. TELNET IS DISABLED!

20 Syslog SW1 (config)# logging 192.168.10X.30 SW1 (config)# logging facility local5 SW1 (config)# ^Z SW1# write mem

21 SNMP SW1 (config)# snmp-server community xxx SW1 (config)# ^Z SW1# write mem By default, community is RO (read only)

22 CDP and LLDP/802.1ab HP eqpt. supports both Cisco's discovery protocol (CDP) as well as the open standard 802.1ab (LLDP – Link Layer Discovery Protocol) By default, CDP is enabled SW1 (config)# cdp run SW1 (config)# cdp enable 1-24 SW1 (config)# ^Z SW1# write mem CDP and LLDP/802.1ab

23 ? Questions?

Download ppt "These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)"

Similar presentations

© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)

CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)
Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.

Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.
Implementing a Highly Available Network

Implementing a Highly Available Network
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.

1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
Introduction to the Cisco IOS

Introduction to the Cisco IOS
Chapter 9 Managing a Cisco Internetwork Cisco Router Components Bootstrap - Brings up the router during initialization POST - Checks basic functionality;

Chapter 9 Managing a Cisco Internetwork Cisco Router Components Bootstrap - Brings up the router during initialization POST - Checks basic functionality;
© 2015 Mohamed Samir YouTube channel All rights reserved. www.mohamedsamir.comMohamed Samir CCNP-SWITCHING 300-115 Mohamed Samir YouTube channel Double.

© 2015 Mohamed Samir YouTube channel All rights reserved. Samir CCNP-SWITCHING Mohamed Samir YouTube channel Double.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Securing Network Services.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Sybex CCNA 640-802 Chapter 7: Managing a Cisco Internetwork Instructor & Todd Lammle.

Sybex CCNA Chapter 7: Managing a Cisco Internetwork Instructor & Todd Lammle.
Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.

Router Hardening Nancy Grover, CISSP ISC2/ISSA Security Conference November 2004.
These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (
Module 7: Configuring TCP/IP Addressing and Name Resolution.

Module 7: Configuring TCP/IP Addressing and Name Resolution.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 6 Configuring a Router/ Learning About Other Devices/ Managing Cisco IOS Software.

Similar presentations

Ads by Google