CCENT Study Guide

Chapter 6
Cisco’s Internetworking
Operating System (IOS)
 Chapter 6 Objectives
The CCENT Topics Covered in this chapter include:
• 2.0 LAN Switching Technologies
• 2.3 Troubleshoot interface and cable issues
• (collisions, errors, duplex, speed).
• 5.0 Infrastructure Management
• 5.3 Configure and verify initial device configuration.
• 5.4 Configure, verify, and troubleshoot basic device
• hardening.
• 5.4.a Local authentication
• 5.4.b Secure password
• 5.4.c Access to device
• 5.4.c. (i) Voice
• 5.4.c. (ii) Video
• 5.4.c. (iii) Data
• 5.4.d Source address Telnet/SSH
• 5.4.e Login banner
• 5.6 Use Cisco IOS tools to troubleshoot and resolve
• problems.
• 5.6.a Ping and traceroute with extended option
• 5.6.b Terminal monitor
• 5.6.c Log events

2
Cisco 2960 switch and 1900
series router
 Bringing Up a Switch

When you first bring up a Cisco IOS device, it will run a

power-on self-test—a POST. Upon passing that, the machine
will look for and then load the Cisco IOS from flash memory
if an IOS file is present, then expand it into RAM.
As you probably know, flash memory is electronically
erasable programmable read-only memory—an EEPROM.
The next step is for the IOS to locate and load a valid
configuration known as the startup-config that will be stored
in nonvolatile RAM (NVRAM).
Once the IOS is loaded and up and running, the startup-
config will be copied from NVRAM into RAM and from then
on referred to as the running-config.
But if a valid IOS isn’t found in NVRAM, your switch
will enter setup mode, giving you a step-by-step dialog to
help configure some basic parameters on it.
 Command-Line Interface
(CLI)
After the interface status messages appear and you press Enter,
the Switch> prompt will pop up. This is called user exec mode, or
user mode for short, and although it’s mostly used to view
statistics, it is also a stepping stone along the way to logging in to
privileged exec mode, called privileged mode for short.
You can view and change the configuration of a Cisco router
only while in privileged mode, and you enter it via the enable
command like this:
Switch>enable
Switch#
 Defining Router Terms

Table 6.1 defines some of the terms I’ve used so far.

Table 6.1: Router terms

Mode Definition

User exec mode Limited to basic monitoring commands

Privileged exec mode Provides access to all other router commands

Global configuration mode Commands that affect the entire system [AU: Includes
commands that affect…? Also in the next one? Doesn’t
seem like the mode is commands.]leavee

Specific configuration modes Commands that affect interfaces/processes only

Setup mode Interactive configuration dialog

Table 6.2: Enhanced editing
commands
Table 6.2 lists the enhanced editing commands available on a
Cisco router.

Table 6.2: Enhanced editing commands

Command Meaning
Ctrl+A Moves your cursor to the beginning of the line
Ctrl+E Moves your cursor to the end of the line
Esc+B Moves back one word
Ctrl+B Moves back one character
Ctrl+F Moves forward one character
Esc+F Moves forward one word
Ctrl+D Deletes a single character
Backspace Deletes a single character
Ctrl+R Redisplays a line
Ctrl+U Erases a line
Ctrl+W Erases a word
Ctrl+Z Ends configuration mode and returns to EXEC
Tab Finishes typing a command for you
 Table 6.3: Router-command
history
You can review the router-command history with the
commands shown in Table 6.3.

Table 6.3: Router-command history

Command Meaning

Ctrl+P or up arrow Shows last command entered

Ctrl+N or down arrow Shows previous commands entered

show history Shows last 20 commands entered by default

show terminal Shows terminal configurations and history buffer size

terminal history size Changes buffer size (max 256)

 Administrative Functions
You can configure the following
administrative functions on a router
and switch:
• Hostnames
• Banners
• Passwords
• Interface descriptions
 Hostnames/Banner
We use the hostname command to set the identity of the router.
This is only locally significant, meaning it doesn’t affect how the
router performs name lookups or how the device actually works
on the internetwork.
Switch#config t
Switch(config)#hostname Todd

Message of the day (MOTD) banners are the most widely used
banners because they give a message to anyone connecting to
the router via Telnet or an auxiliary port or even through a
console port as seen here:
Todd(config)#banner motd ?
LINE c banner-text c, where ‘c’ is a delimiting character
Todd(config)#banner motd #
Enter TEXT message. End with the character ‘#’.
$ Acme.com network, then you must disconnect immediately.
#
Todd(config)#^Z (Press the control key + z keys to return to privileged mode)
 Passwords
Enable password/enable secret
Todd(config)#enable secret todd
Todd(config)#enable password todd
The enable password you have chosen is the
same as your enable secret. This is not
recommended. Re-enter the enable password.
• You wont use the older enable
password in today’s networks.
 Console/VTY passwords
User-mode passwords are assigned via the
line command like this:
Todd(config)#line ?
<0-16> First Line number
console Primary terminal line
vty Virtual terminal
 SSH
1. Set your hostname:

Router(config)#hostname Todd

2. Set the domain name—both the hostname and domain name are required for the
encryption keys to be generated:

Todd(config)#ip domain-name Lammle.com

3. Set the username to allow SSH client access:

Todd(config)#username Todd password Lammle

4. Generate the encryption keys for securing the session:
Todd(config)#crypto key generate rsa

5. Enable SSH version 2 on the router—not mandatory, but strongly suggested:

Todd(config)#ip ssh version 2

6. Connect to the VTY lines of the switch:

Todd(config)#line vty 0 15

7. Configure your access protocols:

Todd(config-line)#transport input ?
all All protocols
none No protocols
ssh TCP/IP SSH protocol
telnet TCP/IP Telnet protocol

Todd(config-line)#transport input ssh ?

telnet TCP/IP Telnet protocol
<cr>
But if you want to go with Telnet, here’s how you do that:
Todd(config-line)#transport input ssh telnet
 Encrypting Your Passwords

To manually encrypt your

passwords, use the service
password-encryption
command. Here’s how:
Todd#config t
Todd(config)#service password-encryption
Todd(config)#exit
Todd#show run
Building configuration...
!
!
enable secret 4
ykw.3/tgsOuy9.6qmgG/EeYOYgBvfX4v.S8UNA9Rddg
enable password 7 1506040800
 Descriptions
Setting descriptions on an interface is
another administratively helpful thing, and like
the hostname, it’s also only locally significant.
Todd#config t
Todd(config)#int fa0/1
Todd(config-if)#description Sales VLAN Trunk
Link
Todd(config-if)#^Z
Todd#
And on a router serial WAN:
Router#config t
Router(config)#int s0/0/0
Router(config-if)#description WAN to Miami
Router(config-if)#^Z
 Verifying interfaces
Todd#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.255.8 YES DHCP up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset up up
FastEthernet0/6 unassigned YES unset up up
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
 Bringing Up an Interface
If an interface is shut down, it’ll display as administratively down
when you use the show interfaces command (sh int for
short):
Router#sh int f0/0
FastEthernet0/1 is administratively down, line protocol is
down
[output cut]

You can bring up the router interface with the no shutdown command
(no shut for short):
Router(config)#int f0/0
Router(config-if)#no shutdown
*August 21 13:45:08.455: %LINK-3-UPDOWN: Interface
FastEthernet0/0,
changed state to up
Router(config-if)#do show int f0/0
FastEthernet0/0 is up, line protocol is up
[output cut]
 Serial Interface Commands

Figure 6.3: A typical WAN connection. Clocking is typically provided

by a DCE network to routers. In nonproduction environments, a DCE
network is not always present.
Figure 6.4: Providing clocking
on a nonproduction network
 Viewing, Saving, and Erasing
Configurations
You can manually save the file from DRAM, which is usually just called
RAM, to NVRAM by using the copy running-config startup-config
command. You can use the shortcut copy run start as well:

Todd#copy running-config startup-config

Destination filename [startup-config]? [press enter]
Building configuration...
[OK]
Todd#
Building configuration...

When you see a question with an answer in [], it means that if you just
press Enter, you’re choosing the default answer.
 Show running-config
You can view the files by typing show running-config or
show startup-config from privileged mode. The sh run
command, which is a shortcut for show running-config,
tells us that we’re viewing the current configuration:

Todd#sh run
Building configuration...

Current configuration : 855 bytes

!
! Last configuration change at 23:20:06 UTC Mon Mar
1 1993
!
version 15.0
[output cut]

NOTE: You can see the version of IOS with the

show running-config command.
 Show startup-config
The sh start command—one of the shortcuts for the show startup-
config command—shows us the configuration that will be used the
next time the router is reloaded. It also tells us how much NVRAM
is being used to store the startup-config file.

Todd#sh start
Using 855 out of 524288 bytes
!
! Last configuration change at 23:20:06 UTC Mon Mar 1 1993
!
version 15.0
[output cut]
But beware—if you try and view the configuration and see
Todd#sh start
startup-config is not present
you have not saved your running-config to NVRAM, or you’ve
deleted the backup configuration! Let me talk about just how you
N would do that now.
O
T
Written Labs and Review
Questions
– Read through the Exam Essentials section
together in class.
– Open your books and go through all the
written labs and the review questions.
– Review the answers in class.

23