11.0 It's a Network
11.0.1 Introduction >11.0.1.1 Introduction
Upon the completion of this chapter you will be able to:
- Identify the devices and protocols used in a small network.
- Explain how a small network serves as the basis of larger networks.
- Describe the need for basic security measures on network devices.
- Identify security vulnerabilities and general mitigation techniques.
- Configure network devices with device hardening features to mitigate security threats.
- Use the output of the
ping
and tracert
commands to establish relative network performance.
- Use basic
show
commands to verify the configuration and status of a device interface.
- Use basic host and IOS commands to acquire information about the devices in a network.
- Explain file systems on routers and switches
- Apply the commands to back up and restore an IOS configuration file.
11.0.1 Introduction >10.0.1.2 Activity- Application Investigation
The figure on this page shows the following two networks:
Network A consisting of:
- PC16, connected to Router6
- Router6, connected to Router7
- Router7, connected to Server4
- Server4
Network B consisting of:
- PC15, connected to Switch6
- Switch6, connected to Router3
- Router3, connected to Router4 via serial connection. Router3 is also connected to Router5
- Router4, connected to Server3
- Router5, connected to Wireless Router1
- Wireless Router1, connected to Tablet PC0
Objectives
Explain how a small network of directly connected segments is created, configured, and verified.
In this activity, the learner is asked to note how networks differ, both in size and in function. The learner is asked to identify how networks provide different networking solutions based upon their cost, speed, ports, expandability, and manageability, related to the needs of small-to-medium-sized business.
11.1 Create and Grow
11.1.1 Devices in a Small Network >11.1.1.1 Small Network Topologies
The figure on this page shows two workers connected to a switch. Another PC, an IP phone and a server are also connected to the switch. The switch is then connected to a router labeled LAN. The router connects to a cloud with a serial connection labeled WAN.
11.1.1 Devices in a Small Network >11.1.1.2 Device Selection for a Small Network
The figure on this page consists of the following five imagess. Each is a consideration when designing a network:
- Image1 shows money and is labelled "Cost".
- Image 2 shows a wiring closet with many wires connected to switches and is labeled "Ports".
- Image 3 shows a runner and is labeled "Speed".
- Image 4 shows modular routers and is labeled "Expandable/Modular".
- Image 5 shows a woman working on a laptop that is attached to a network equipment rack and is labeled "Manageable".
11.1.1 Devices in a Small Network >11.1.1.3 IP Addressing for a Small Network
The interactive activity on this page demonstrates that you can organize devices by function, location, or type. The figure shows the following two groups of network devices:
West Office consisting of:
- 2 servers
- 1 printer
- 2 laptops labelled "Sales"
- 1 PC labelled "HR"
- 1 PC labelled "Legal"
East Office consisting of:
- 2 servers
- 1 printer
- 1 PC labelled "HR"
- 1 PC labelled "Legal"
- 1 PC labelled "Admin"
- 1 laptop labelled "Sales"
The figure also has the following buttons which, when activated, highlight the relevant devices :
- Location (activated by default), highlights all the devices with one colour for the West Office and another colour for the East office.
The following three buttons are under the heading "Department":
- Sales, Highlights the two Sales laptops in the West Office and also the Sales laptop and the first server in the East Office.
- HR, Highlights the HR PC in the West Office and also the HR PC and the second server in the East Office.
- Legal, Highlights the Legal PC and the second server in the West Office and also the Legal PC in the East Office.
The following three buttons are under the heading "Device":
- Printer, Highlights the printer in the West Office and also the printer in the East Office.
- Server, Highlights the two servers in the West Office and also the two servers in the East Office.
- Computer, Highlights the two Sales laptops, the HR PC, and the Legal PC in the West Office and also the HR PC, the Legal PC, the Admin laptop, and the Sales laptop in the East Office.
11.1.1 Devices in a Small Network >11.1.1.4 Redundancy in a Small Network
The interactive activity on this page shows two routers, each connected to a switch. There are 3 servers, each connected to both switches. The switches are also connected. This diagram is demonstrating a redundant server farm. When you click a device, a callout displays the following functions and roles of each type of device:
Device Type | Function and Role |
Server | Router redundancy can help to ensure that application transactions received from external traffic can be handled in the event of a router or route failure. |
Switch | Redundant switches are present to avoid a switching failure. |
Router | Router redundancy can help to ensure that application transactions received from external traffic can be handled in the event of a router or route failure. |
11.1.1 Devices in a Small Network >11.1.1.5 Design Considerations for a Small Network
The figure on this page shows a router that has been sectioned into the following different types of traffic, the figure has a heading of "Prioritizing Traffic":
Traffic | Priority |
Voice | High Priority |
SMTP | Medium Priority |
Instant Messaging | Normal Priority |
FTP | Low Priority |
To the left of the router is an arrow pointiong to the router with the following text, "Traffic sent to router without any priority.
To the right of the router is a cloud labelled "Backbone network". Text above the cloud says, "Traffic sent to backbon in order of priority.".
The description given for this figure is "Priority queuing ha four queues. The high-priority queue is always emptied first.".
11.1.1 Devices in a Small Network >11.1.1.6 Identifying Network Planning and Design Factors
The interactive activity on this page allows the learner to match a planning and design factor with its corresponding focus area. Each focus area can have 2 planning and design factors.
Implementing a small network focuses on planning and design. The learner is asked to match each planning and design factor with its corresponding major focus area.
The focus areas are:
- Ports
- Speed
- Scalable
- Manageable
- Cost
The planning and design factors are:
- Types of interfaces required
- Bandwidth required
- Number of interfaces needed
- NIC capacity of devices
- Initial, basic cost of network devices
- Prioritization of data traffic
- Upgrades to network devices
- Types of cable runs
- Varying cable connection types
- IP addressing scheme
The figure also has the following 2 buttons:
11.1.2 Protocols in a Small Network >11.1.2.1 Common Applications in a Small Network
The image on this page is the Windows Task Manager showing the applications running on a computer.
11.1.2 Protocols in a Small Network >11.1.2.2 Common Protocols in a Small Network
The interactive activity shows six servers connected to a switch, which is connected to a router. Click ing each server shows the following descriptions of what the server does:
Server | Description |
Domain Name System (DNS) | Service that provides the IP address of a web site or domain name so a host can connect to it |
Telnet | Service that provides the IP address of a web site or domain name so a host can connect to it |
Email Server | * Uses Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP3), or Internet Message Access Protocol (IMAP) * Used to send email messages from clients to servers over the Internet * Recipients are specified using the user@xyz format |
Dynamic Host Configuration Protocol (DHCP) Server | Service that assigns the IP address, subnet mask, default gateway, and other information to clients |
Web Server | * Hypertext Transfer Protocol (HTTP) * Used to transfer information between web clients and web servers * Most web pages are accessed using HTTP |
Files Transfer Protocol (FTP) Server | Service that allows for the download and upload of files between a client and server |
11.1.2 Protocols in a Small Network >11.1.2.3 Real-Time Applications for a Small Network
Figure 1 on this page shows three pictures of people working at their computers.
Figure 2 on this page shows three pictures of the following network equipment:
- Cable and switch
- IP phones
- Cisco Unified Communications 500 Series appliance
11.1.3 Growing to Larger Networks >11.1.3.1 Scaling a Small Network
The 3 images on this page show the following elements required for scaling a network:
- Image 1, a man drawing a network topology. This represents Network documentation.
- Image 2, a tablet and a mobile phone. This represents device inventory.
- Image 3, money. This represents budget.
11.1.3 Growing to Larger Networks >11.1.3.2 Protocol Analysis of a Small Network
The image on this page shows the Windows protocol analyzer.
11.1.3 Growing to Larger Networks >11.1.3.3 Evolving Protocol Requirements
The figure on this page shows the Processes tab in Windows task manager and examples of processes running in the windows operating system. Processes are individual software programs running concurrently.
The figure also has the following 4 buttons:
- Applications: highlights running applications such as "EXCEL.EXE"
- Services: highlights running services such as "alg.exe"
- System operations: highlights running system operations such as "WLTRYSVC.EXE"
- One program may be running several times, each in its own process, highlights the different instances of the same process such as "svchost.exe"
The description given for this figure is "Examples of processes running in the Windows operating system.".
11.2 Keeping the Network Safe
11.2.1 Network Device Security Measures >11.2.1.1 Categories of Threats to Network Security
The interactive activity on this page shows the following four images:
- Image 1, an open folder. The image is labelled, "Information Theft".
- Image 2, a hammer floating over the internal components of a hard drive. The image is labelled, "Data Loss and Manipulation".
- Image 3, a cheque book and a credit card. The image is labelled, "Identity Theft".
- Image 4, a computer with a bug on the screen and a 4.0.4. error "Page not found". The image is labelled, "Disruption of Service".
Clicking on each image shows the following information:
Image | Label | Information |
1 | Information Theft | Breaking into a computer to obtain confidential information. Information can be used or sold for various purposes. Example: stealing an organization's proprietary information, such as research and development information. |
2 | Data Loss and Manipulation | Breaking into a computer to destroy or alter data records. Examples of data loss: sending a virus that reformats a computer's hard drive. Examples of data manipulation: breaking into a records system to change information, such as the price of an item. |
3 | Identity Theft | A form of information theft where personal information is stolen for the purpose of taking over someone's identity. Using this information, an individual can obtain legal documents, apply for credit, and make unauthorized online purchases. Identity theft is a growing problem costing billions of dollars per year. |
4 | Disruption of Service | Preventing legitimate users from accessing services to which they should be entitled. Examples: Denial of Service (DoS) attacks on servers, network devices, or network communications links |
11.2.1 Network Device Security Measures >11.2.1.2 Physical Security
The figure on this page shows a diagram of a physical layout for a network closet. This diagram shows the following network equipment:
The equipment is in a locked room only accessible via a card reader. Outside the room is a help desk.
Plan physical security to limit damage to the equipment |
* Lock up equipment and prevent unauthorized access from the doors, ceiling, raised floor, windows, ducts, and vents. * Monitor and control closet entry with electronic logs. * Use security cameras. |
11.2.1 Network Device Security Measures >11.2.1.3 Types of Security Vulnerabilities
Figure 1 on this page lists the following network security weaknesses:
TCP/IP protocol weaknesses:
- Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Internet Control Message Protocol (ICMP) are inherently insecure.
- Simple Network Management Protocol (SNMP) and Simple Mail Transfer Protocol (SMTP) are related to the inherently insecure structure upon which TCP was designed
Operating system weaknesses:
- Each operating system has security problems that must be addressed
- UNIX, Linux, Mac OS X, Windows Server 2012, windows 7, Windows 8
- They are documented in the Computer Emergency Response Team (CERT) archives at http://www.cert.org.
Network equipment weaknesses:
Various types of network equipment, such as routers, firewalls, and switches have security weaknesses that must be recognised and protected against. Their weaknesses include password protection, lack of authentication, routing protocols, and firewall holes.
Figure 2 on this page lists the following configuration weaknesses and how each weakness can be exploited:
Configuration Weakness | How the weakness is exploited |
Unsecured user accounts | User account information may be transmitted insecurely across the network, exposing usernames and passwords to snoopers. |
System accounts with easily guessed passwords | This common problem is the result of poorly selected and easily guessed user passwords |
Misconfigured Internet services | A common problem is to turn on JavaScript in Web browsers, enabling attacks by way of hostile JavaScript when accessing untrusted sites. IIS, FTP, and Terminal Services also pose problems. |
Unsecured default settings within products | Many products have default settings that enable security holes. |
Misconfigured network equipment | Misconfigurations of the equipment itself can cause significant security problems. For example, misconfigured access lists, routing protocols, or SNMP community strings, can open up large security holes. |
Figure 3 on this page lists the following policy weaknesses and how each weakness can be exploited:
Policy Weakness | How the weakness is exploited |
Lack of written security policy | An unwritten policy cannot be consistently applied or enforced. |
Politics | Political battles and turf wars can make it difficult to implement a consistent security policy. |
Lack of authentication continuity | Poorly chosen, easily cracked, or default passwords can allow unauthorised access to the network. |
Logical access controls not applied | Inadequate monitoring and auditing allow attacks and unauthorised use to continue, wasting company resources. This could result in legal action or termination against IT technicians, IT management, or even company leadership that allows these unsafe conditions to persist. |
Software and hardware installation and changes do not follow policy | Unauthorised changes to the network topology or installation of unapproved applications create security holes. |
Disaster recovery plan is nonexistent | The lack of a disaster recovery plan allows chaos, panic, and confusion to occur when someone attacks the enterprise. |
11.2.1 Network Device Security Measures >11.2.1.4 Activity - Security Threats and Vulnerabilities
Figure 1 on this page is an interactive activity that allows the learner to match security threats and vulnerability scenarios with the appropriate type of threat. Each type of threat can have two vulnerability scenarios.
The security threats are:
- Information Theft
- Identity Theft
- Data Loss/Manipulation
- Disruption of Service
The vulnerability scenarios are:
- Sending a virus to reformat a hard drive
- Preventing legal users from accessing data services
- Stealing a companies user database
- Making illegal online purchases
- Altering data records
- Stealing scientific research reports
- Overloading a network to keep users out
- Impersonating someone to obtain credit
The figure also has the following 2 buttons:
Figure 2 on this page is an interactive activity that allows the learner to match security management practices with their management type.
The management types are:
- Hardware
- Environmental
- Electrical
- Maintenance
The security management practices are:
- Label critical cables and components
- Control access to console ports
- Create positive air flow
- Install UPS systems
- Control temperature and humidity
- Use security cameras
- Install redundant power supplies
- Lock up devices - prevent unauthorised access
The figure also has the following 2 buttons:
11.2.2 Vulnerabilities and Network Attacks >11.2.2.1 Viruses, Worms, and Trojan Horses
The flash animation on this page shows two PCs. Each PC is connected to a router and the routers are connected. There is an attacker working on one of the computers. The attacker is sending malicious code to the other PC in the form of worms, viruses, and a Trojan horse.
The first router has a callout saying, "The primary vulnerabilities for end-user workstations are worm, virus, and trojan horse attacks.".
As the worm passes through the network a callout states that,"A worm executes arbitrary code and installs copies of itself in the infected computer's memory, which infects other hosts.".
As the virus passes through the network a callout states that, "A virus is malicious software that is attached to another program to execute a particular unwanted function on a user's workstation.
As the trojan horse passes through the network a callout states that, "A Trojan horse is different only in that the entire application was written to look like something else, when. in fact, it is an attack tool.
11.2.2 Vulnerabilities and Network Attacks >11.2.2.2 Reconnaissance Attacks
The figure on this page shows the following four buttons representing different methods of reconnaissance attacks. Each button has an image and a text label.:
Text Label | Button Image |
Internet queries | Open book |
Ping sweeps | Submarine |
Port Scans | three bladed fan |
Packet sniffers | Magnifying glass |
The figure also shows an animation of an attacker's computer connected to a network consisting of two PCs and two servers. As each button is selected an example is shown of each reconnaissance attack.
Button | Example |
Internet queries | Shows results of a Whois.net search |
Ping sweeps | Shows results of an nmap ping sweep |
Port Scans | Shows results of an nmap port scan |
Packet sniffers | Shows results of a Wireshark analysis |
11.2.2 Vulnerabilities and Network Attacks >11.2.2.3 Access Attacks
Figure 1 on this page is an example of a password attack. The user authentication dialog box is shown.
Attackers can implement password attacks using several different methods:
- Brute-force attacks
- Trojan horse programs
- Packet sniffers
Figure 2 on this page is an animation showing how a trust exploitation works. The figure shows a network consisting of System A and System B both connected to a Cisco PIX (Private Internet eXchange) IP firewall and NAT appliance which is connected to a cloud. The figure also shows an attacker.
- System A trusts System B
- System B trusts everyone
- An attacker wants to gain access to System A
- The attacker has a callout saying, "I can't get access to System A but System B is open.".
- System B compromised by attacker
- The attacker has a callout saying, "I own System B but System B and now have access to System A.".
Network OS | Trust Models |
Windows | Domains Active Directory (AD) |
Linux and UNIX | Network File System (NFS) Network Information Service Plus (NIS+) |
An attacker on a host cannot get access to system A, but can get access to system B. Since system B can access system A, the attacker can now access system A.
Figure 3 on this page shows a complex network consisting of two PCs and two servers connected to a layer 3 switch. The layer 3 switch is connected to a Cisco PIX (Private Internet eXchange) IP firewall and NAT appliance which is connected to a router. Compromised Host A is also connected to IP firewall appliance. The first router is connected to a second router in a cloud which in turn is connected to a third router which is connected to a fourth router in another cloud. An attacker is connected to the fourth router.
Source: Attacker
Destination: A
Port: 22
Source: A
Destination: B
Port: 22
Source: Attacker
Destination: B
Port: 23
Port redirection is a type of trust-exploitation attack that uses a compromised host to pass traffic through a firewall that would otherwise be dropped. It is mitigated primarily through the use of proper trust models. Antivirus software and host-based IDS can help detect and prevent an attacker installing port redirecting utilities on the host.
Figure 4 on this page is an example of a man-in-the-middle attack.
The figure shows a network consisting of a laptop connected to switch S1 which is connected to router R1. Router R1 is connected to router R2 which is connected to a cloud. The figure also shows an attacker with laptop and also shows a server.
The attacker convinces the laptop to forward all traffic to his computer. The attacker forwards the traffic correctly and returns it to the laptop. However, as a result, the attacker can inspect all packets to and from the laptop.
11.2.2 Vulnerabilities and Network Attacks >11.2.2.4 DoS Attacks
Figure 1 on this page shows different Denial of Service attacks and shows how the resource overload affects the data.
Resource overloads | Malformed data |
Disk space, bandwidth, buffers | Oversized packets such as ping of death |
Ping floods such as smurf | overlapping packet such as winuke |
Packet storms such as UDP bombs and fraggle | Unhandled data such as teardrop |
The description given for this figure is, "DoS attacks prevent authorised people from using a service by using up system resources.".
Figure 2 on this page shows an attacker sending a ping of death packet to a host. The malformed or very large ping packet overloads the host and renders the host unresponsive.
Figure 3 on this page demonstrates a SYN flood attack. In this figure the attacker is sending multiple Syn packets to a web server. The attacker does not complete the transaction and when a valid user sends a SYN request, the server is unavailable.
- Attacker sends multiple SYN requests to a web server
- Web server sense SYN-ACK replies
- Web server waits to complete three-way handshake
- Valid user sends SYN request
- Web server is unavailable
Figure 4 on this page shows an attacker connected to four handlers which are connected to eight zombies or agents for a denial of service attack. The agents launch the attack on a single host and render it unavailable. This is an example of a DDos attack.
The description given for this figure is, "Attacker uses many intermediate hosts, called zombies, to launch the attack.".
Figure 5 on this page shows an attacker connected to a router acting as a smurf amplifier. The amplifier tells many zombie computers to send an ICMP reply, such as "ICMP REPLY D=209.165.200.225 S=172.18.1.2", to a single host. This overwhelms the destination.
11.2.2 Vulnerabilities and Network Attacks >11.2.2.5 Activity - Types of Attack
The 3 interactive activities on this page allow the learner to match the type of attack with the appropriate scenario.
Determine the types of security attacks described. Match each security attack type to its scenario.
The security attack scenarios shown in figure 1 are:
- Eli opened an email sent to him by a friend. Later in the day, Eli received telephone calls from his friends saying they received emails from him that he did not knowingly send.
- Sharron works for the finance department in her company. Her network administrator has given the finance department employees public IP addresses to access the Internet bank account. After an hour of work, the finance department members are told that the company bank account has been compromised.
The security attack scenarios shown in figure 2 are:
- Jeremiah downloaded some software from the Internet. He opened the file and his hard drive crashed immediately. He lost all information on his computer.
- Angela receives email with a link to her favourite online store, which is having a sale. She uses the link provided and is directed to a site that looks like her favourite online store. She orders from the web page using her credit card. Later, Angela discovers that her credit card has been used to pay for additional merchandise that she did not order.
The security attack scenarios shown in figure 3 are:
- Arianna was working on the Internet - a popup appeared stating that she needed to update her operating system by clicking on the link. When she clicked on the link, unknown to Arianna, a program was installed on her computer.
Each figure shows the following types of security attacks:
- Worms
- Denial of Service (DoS)
- Viruses
- Access
- Reconnaissance
- Trojan Horses
The figure also has the following 2 buttons:
11.2.2 Vulnerabilities and Network Attacks >11.2.2.6 Lab - Researching Network Security Threats
See Lab Descriptions.
11.2.3 Mitigating Network Attacks >11.2.3.1 Backup, Upgrade, Update, and Patch
The figure on this page shows an image of a computer performing a Windows update with Internet Explorer.
11.2.3 Mitigating Network Attacks >11.2.3.2 Authentication, Authorisation, and Accounting
The figure on this page shows a credit card statement.
The credit limit is highlighted and has a callout saying, "Authorisation. How much can you spend?". The list of transactions is highlighted and has a callout saying, "Accounting. What did you spend it on?". A credit card is also shown with the name and card number highlighted and a callout saying, "Authentication. Who are you?". These are part of the triple A or AAA concept.
11.2.3 Mitigating Network Attacks >11.2.3.3 Firewalls
The figure on this page shows images of the following different firewall devices with their descriptions as you select each image:
Firewall Device | Description |
Cisco security appliances | Dedicated firewall devices are specialized computers that do not have peripherals or hard drives. Appliance-based firewalls can inspect traffic faster and are less prone to failure. |
Server-Based Firewall | Firewall applications that generally provide a solution that combines an SPI firewall and access control based on IP address or application. Server-based firewalls can be less secure than dedicated, appliance-based firewalls because of the security weaknesses of the general purpose OS. |
Linksys Wireless Router with integrated Firewall | Most home integrated routers have built-in basic firewall capabilities that support packet, application, and web site filtering. Higher-end routers that run special operating systems like Cisco Internetwork Operating System (IOS) also have firewall capabilities that can be configured. |
Personal Firewall | Client-side firewalls that typically filter using SPI. The user may be prompted to allow certain applications to connect or may define a list of automatic exceptions. Personal firewalls are often used when a host device is connected directly to an ISP modem. It may interfere with Internet access if not properly configured. It is not recommended to use more than one personal firewall at a time since they can conflict with one another. |
11.2.3 Mitigating Network Attacks >11.2.3.4 Endpoint Security
The figure on this page shows images of many different end devices, such as:
- Smart phones
- Tablets
- Laptops
11.2.4 Securing Devices >11.2.4.1 Introduction to Securing Devices
The figure on this page shows a PC connected to a network with three routers; R1, R2, and R3. R2 has a laptop, labelled "System Administrator", connected to it with a console cable. The laptop has a callout saying, "System administrator locks down R2".
11.2.4 Securing Devices >11.2.4.2 Passwords
The figure on this page shows two tables.
The first table contains weak passwords and the reasons why they are weak:
Weak Password | Why it is weak |
secret | Sinple dictionary password |
smith | Mother's maiden name |
toyota | Make of a car |
bob1967 | Name and birthday of a user |
Blueleaf23 | Simple words and numbers |
The second table contains strong passwords and the reasons why they are strong:
Strong Password | Why it is strong |
b67n42d39c | Combines alphanumeric characters |
12^h u4@1p7 | Combines alphanumeric characters, symbols, and also includes a space |
11.2.4 Securing Devices >11.2.4.3 Basic Security Practices
The figure on this page shows router output for configuring encrypted line passwords and setting restrictions on password length or failed attempts.
Router(config)#service password-encryption
Router(config)#security password min-length 8
Router(config)#login block-for 120 attempts 3 within 60
Router(config)#line vty 0 4
Router(config-line)#exec-timeout 10
Router(config-line)#end
Router(config)#show running-config
- more -
!
line vty 0 4
password 7 03095A0F034F38435B49150A1819
exec-timeout 10
login
11.2.4 Securing Devices >11.2.4.4 Enable SSH
The figure on this page shows router output for configuring a router to accept SSH as an alternative to telnet for remote access. The steps are:
- Step 1: Configure the IP domain name.
- Step 2: Generate one-way secret keys.
- Step 3: Verify or create a local database entry.
- Step 4: Enable VTY inbound SSH sessions.
R1#conf t
R1(config)#ip domain-name span.com
R1(config)#crypto key generate rsa general-keys modulus 1024
The name for the keys will be: R1.span.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#
*Dec 13 16:19:12.079: %SSH-5-ENABLE: SSH 1.99 has been enabled
R1(config)#username Bob secret cisco
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#transport input ssh''
R1(config-line)#exit
11.2.4 Securing Devices >11.2.4.5 Lab - Accessing Network Devices with SSH
See Lab Descriptions.
11.2.4 Securing Devices >11.2.4.6 Lab - Securing Network Devices
See Lab Descriptions.
11.3 Basic Network Performance
11.3.1 Ping >11.3.1.1 Interpreting Ping Results
The figure on this page shows the Windows Local Area Connection Settings dialog box. The Internet Protocol TCP/IP item is highlighted.
Pinging the local host confirms that TCP/IP is installed and working on the local network adaptor.
The figure also shows a laptop pinging itself. Pinging 127.0.0.1 causes a device to ping itself.
11.3.1 Ping >11.3.1.2 Extended Ping
The figure on this page shows two connected LANs. Each LAN consists of Two PCs, two switches, and a router.
11.3.1 Ping >11.3.1.3 Network Baseline
Figure 1 to 3 on this page show two ping tests run from one of the PCs on different dates.
FEB 8, 2013 08:14:43
C:\>ping 10.66.254.159
Pinging 10.66.254.159 with 32 bytes of data:
Reply from 10.66.254.159: bytes=32 time<1ms TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms TTL=128
Ping statistics for 10.66.254.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
MAR 17, 2013 14:41:06
C:\>ping 10.66.254.159
Pinging 10.66.254.159 with 32 bytes of data:
Reply from 10.66.254.159: bytes=32 time<6ms TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms TTL=128
Ping statistics for 10.66.254.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 6ms, Average = 6ms
Figure 1 highlights the ping commands. Figure 2 highlights the dates. Figure 3 highlights the response times.
Figure 4 on this page shows a picture of a hyper terminal with the Capture Text feature being used to make a copy of the output from the ping test. The steps are:
- Start the text capture process.
- Issue a
ping <ip address>
command.
- Stop the capture process.
- Save the text file.
11.3.2 Tracert >11.3.2.1 Interpreting Tracert Messages
Figure 1 on this page shows two connected LANs. Each LAN consists of Two PCs, two switches, and a router. The LANs are connected via two other routers.
One of the PCs in the first LAN , Host 1, has a callout saying, ""Trace from a host, @@C:\>tracert 10.1.0.2".
The router from the first LAN, Router A, has a calout saying, "Trace from a router, @@RouterA#traceroute 10.1.0.2".
Figure 2 on this page shows a picture of a hyper terminal with the Capture Text feature being used to make a copy of the output from the ping test. The steps are:
- Start the text capture process.
- Issue a
traceroute <ip address>
command.
- Stop the capture process.
- Save the text file.
11.3.2 Tracert >11.3.2.2 Packet Tracer - Test Connectivity with Traceroute
Objectives:
Part 1: Test End-to-End Connectivity with the tracert Command
Part 2: Compare to the traceroute Command on a Router
11.3.2 Tracert >11.3.2.3 Lab - Testing Network Latency with Ping and Traceroute
See Lab Descriptions.
11.3.3 Show Commands >11.3.3.1 Common show Commands Revisited
Figure 1 on this page shows the output from a show running-config
command on a router.
R1#show running-config
<Output omitted>
Building configuration...
Current configuration : 1063 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
enable secret 5 $1$i6w9$dvdpVM6zV10E6tSyLdkR5/
no ip domain lookup
!
interface FastEthernet0/0
description LAN 192.168.1.0 default gateway
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface serial10/0/0
description WAN link to R2
ip address 192.168.2.1 255.255.255.0
encapsulation ppp
clock rate 64000
no fair-queue
!
interface Serial10/0/1
no ip address
shutdown
!
interface Vlan1
no ip address
!
router rip
version2
network 192.168.1.0
network 192.168.2.0
!
banner motd ^CUnauthorised Access Prohibited^C
!
ip http server
!
line con 0
password cisco
login
line aux 0
line vty 0 4
password cisco
login
Figure 2 on this page shows the output from a show interfaces
command on a router.
R1#show interfaces
<Output omitted>
FastEthernet0/0 is up, line protocol is up
hardware is Gt96k FE, address is 001b.5325.256e
(bia 001b.5325.256e)
internet address is 192.168.1.1/24
MTU 1500 bytes, BW 100000 kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:17, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes);
Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/secv, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
196 packets input, 31850 bytes
Received 181 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
392 packets output, 35239 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is administratively down,
line protocol is down.
Serial10/0/0 is up, line protocol is up
hardware is Gt96k Serial
internet address is 192.168.2.1/24
MTU 1500 bytes, BW 1544 kbit, DLY 2000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Listen, loopback not set
Keepalive set (10 sec)
Last input 00:00:02, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:51:52
Input queue: 0/75/0/0 (size/max/drops/flushes);
Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/secv, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
401 packets input, 27437 bytes, 0 no buffer
Received 293 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
389 packets output, 26940 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
6 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Serial10/0/1 is administratively down, line protocol is down
Figure 3 on this page shows the output from a show arp
command on a router.
R1#show arp
Protocol | Address | Age (min) | Hardware Addr | Type | Interface | |
Interent FastEthernet0/0 | 172.17.0.1 | - | 001b.5325.256e | ARPA | |
Interent FastEthernet0/0 | 172.17.0.2 | 12 | 000b.db04.a5cd | ARPA | |
Figure 4 on this page shows the output from a show ip route
command on a router.
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, b - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level 2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0
C 192.168.2.0/24 is directly connected, Serial0/0/0
R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:24, Serial0/0/0
Figure 5 on this page shows the output from a show protocols
command on a router.
R1#show protocols
Global values:
Internet Protocol routing is enabled
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.1/24
FastEthernet 0/1 is administratively down, line protocol is down
FastEthernet0/1/0 is up, line protocol is down
FastEthernet0/1/1 is up, line protocol is down
FastEthernet0/1/2 is up, line protocol is down
FastEthernet0/1/3 is up, line protocol is down
Serial10/0/0 is up, line protocol is up
Internet address is 192.168.2.1/24
Serial10/0/1 is administratively down, line protocol is down
Vlan1 is up, line protocol is down
Figure 6 on this page shows the output from a show version
command on a router.
R1#show version
<Outpit omitted>
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M) ,
Version 12.4 (10b) ,
RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 19-Jan-07 15:15 by prod_rel_team
ROM: Sytem Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
R1 uptime is 43 minutes
SYStem returned to ROM by reload at 22:05:12 UTC Sat Jan 5 2008
System image file is "flash:c1841-advipservicesk9-mz.124-10b.bin"
Cisco 1841 (revision 6.0) with 174080K/22528K bytes of memory.
Processor board ID FTX1111W0QF
6 FastEthernet interfaces
2 Serial (sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
11.3.3 Show Commands >11.3.3.2 Viewing Router Settings with the show version Command
The animation on this page displays the output from a "show version" command on a router. As the animation plays, different sections are highlighted as follows:
IOS Version:
I->OS (tm)2500 Software (C2500-I-L),Version
12.0(17a),RELEASE SOFTWARE (fc1)
Bootstrap version:
ROM:system Bootstrap,Version
11.0(10c),SOFTWARE
BOOTFLASH :3000 Bootstrap Software (IGS -
BOOT-R),Version 11.0(10c),RELEASE
SOFTWARE (fc1)
IOS Image File:
System image file is "flash:c2500-1-
1.120-17a.bin"
Model and CPU:
cisco 2500 (68030 processor (revision N)
Amount of RAM:
With 2048K/2048K bytes of memory.
Number and type of interfaces:
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
Amount of NVRAM:
32K bytes of non-volatile Configuration
memory.
Amount of flash:
8192K bytes of processor board system
flash (Read ONLY)
11.3.3 Show Commands >11.3.3.3 Viewing Switch Settings with the show version Command
The figure on this page shows the output from a "show version" command on a router.
Switch#show version
Cisco IOS Software C2960 Software (C2960-LANBASE-M), Version
12.2 (25)SEE2, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 04:33 by yenanh
Image text-base: 0x00003000, data-base: 0x00AA2F34
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960_HBOOT-M) Version 12.2(25r)SEE1,
RELEASE SOFTWARE (fc1)
Switch uptime is 2 minutes
System returned to ROM by power-on
System image file is "flash:c2960-lanbase-mz.122-25.SEE2/c2960-
lanbase-mz.122-25.SEE2.bin"
cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with
61440K/4088K bytes of memory.
Processor board ID FOC1107Z9ZN
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address | : | 00:1B:53:03:17:00 |
Motherboard assembly number | : | 73-10390-03 |
Power supply part number | : | 341-0097-02 |
Motherboard serial number | : | FOC11071TTJ |
Power supply serial number | : | AZS110605RU |
Model revision number | : | B0 |
Motherboard revision number | : | C0 |
Model number | : | WS-C2960-24TT-L |
System serial number | : | FOC1107Z9ZN |
Top assembly Part Numebr | : | 800-27221-02 |
Top Assembly Revision Number | : | C0 |
Version ID | : | V02 |
CLEI Code Number | : | COM3L00BRA |
Hardware Board Revision Number | : | 0x01 |
Switch | Ports | Model | SW Version | SW Image |
* 1 | 26 | WS-C2960-24TT-L | 12.2(25)SEE2 | C2960-LANBASE-M |
Configuration register is 0xF
Switch#
11.3.3 Show Commands >11.3.3.4 Packet Tracer - Using show Commands
Objectives:
Part 1: Analyse Show Command Output
Part 2: Reflection Questions
11.3.4 Host and IOS Commands >11.3.4.1 ipconfig Command Options
Figure 1 on this page shows the output of the ipconfig
command on a PC. The IP address, the subnet mask, and the default gateway are highlighted in different colours.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix.:
IP Address | : | 192.168.1.2 |
Subnet Mask | : | 255.255.255.0 |
Default Gateway | : | 192.168.1.254 |
The description given for this figure is, "Sample ipconfig
output showing default gateway address.".
Figure 2 on this page shows the output of the ipconfig/all
command on a PC. The physical address is highlighted.
C:\>ipconfig/all
Ethernet adapter Network Connection:
Connection-specific DNS Suffix | : | example.com |
Description | : | Intel (R) |
PRO/Wireless 3945ABG Network Connection |
Physical Address | : | 00-18-DE-C7-F3-FB |
Dhcp Enabled | : | Yes |
Autoconfiguration Enabled | : | Yes |
IP Address | : | 10.2.3.4 |
Subnet Mask | : | 255.255.255.0 |
Default Gateway | : | 10.2.3.254 |
DHCP Server | : | 10.2.3.69 |
DNS Servers | : | 192.168.226.120 |
Lease Obtained | : | Thursday, May 03, 2007 3:47:51 PM |
Lease Expires | : | Friday, May 04, 2007 6:57:11 AM` |
C:\>
11.3.4 Host and IOS Commands >11.3.4.2 arp Command Options
The figure on this page shows a switch connected to the following five PCs. and a router.
Device | Network Address |
PC1 | 10.0.0.5/24 |
PC2 | 10.0.0.4/24 |
PC3 | 10.0.0.3/24 |
PC4 | 10.0.0.2/24 |
PC5 | 10.0.0.1/24 |
Router | 10.0.0.254/24 |
The output of the arp -a
command on a PC is displayed. The IP address and MAC address pair of the router are highlighted.
c:\>arp -a
Internet Address | Physical Address | Type |
10.0.0.2 | 00-08-a3-b6-ce-04 | dynamic |
10.0.0.3 | 00-0d-56-09-fb-d1 | dynamic |
10.0.0.4 | 00-12-3f-d4-6d-1b | dynamic |
10.0.0.254 | 00-10-7b-e7-fa-ef | dynamic |
11.3.4 Host and IOS Commands >11.3.4.3 show cdp neighbors Command Options
Figure 1 on this page shows the output of the show c.d.p. neighbors command and show cdp neighbors detail command of a router.
R3#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - host, I - IGMP,
r - Repeater, P - Phone
Device ID | Local Intrfce | Holdtme | Capability | Platform | Port ID |
S3 | Fas 0/0 | 151 | S I | WS-C2950 | Fas 0/6 |
R2 | Ser 0/0/1 | 125 | R | 1841 | Ser 0/0/1 |
R3#show cdp neighbors detail
Service ID: R2
Entry address(es):
IP address : 192.168.1.2
Platform: Cisco 1841, Capabilities: Router Switch IGMP
Interface: Serial0/0/1, Port ID (outgoing port): Serial10/0/1
Holdtime : 161 sec
Version :
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M),
Version 12.4(10b), RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 19-Jan-07 15:15 by prod_rel_team
advertisement versions: 2
VTP Management Domain: ''
- - - - - - - - - - - - - - - - - - - - - - - - -
Device ID: S3
Entry address(es)
Platform: cisco WS-C2950-24, Capabilities: Switch IGMP
Interface: FastEthernet0/0, Port ID (outgoing port):
FastEthernet0/11
Holdtime: 148 sec
Version:
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(9)EA1,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Wed 24-Apr-02 06:57 by antonino
Advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload
len=27, value=00000000FFFFFFFF0
10231FF000000000000000AB769F6C0FF0000
VTP Management Domain: 'CCNA3'
Duplex: full
R3#
Figure 2 on this page shows the network topology used throughout the curriculum. This topology has three routers connected with serial connections. R1 connects to R2, and R2 connects to R3. Each Router has a LAN with a switch and a PC.
11.3.4 Host and IOS Commands >11.3.4.4 Using the show ip interface brief Command
Figure 1 on this page shows a network consisting of a P.C. connected to a switch, which is connected to a router, which is connected to a cloud.
Figure 2 on this page shows the output of the show ip interface brief
command, the output of a ping
command, and the output of a traceroute
command.
The figure has the following 2 buttons:
- R1: shows output from a router
- S1: shows output from a switch
R1 output
R1#show ip interface brief
Interface | IP-Address | OK? | Method | Status | Protocol |
FastEthernet0/0 | 192.168.254.254 | YES | NVRAM | up | up |
FastEthernet0/1 | unassigned | YES | unset | down | down |
Serial0/0/0 | 172.16.0.254 | YES | NVRAM | up | up |
Serial0/0/1 | unassigned | YES | unset | administratively down | down |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
R1#ping 192.168.254.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
R1#traceroute 192.168.0.1
Type escape sequence to abort.
Tracing the route to 192.168.0.1
1 172.16.0.253 8 msec 4 msec 8 msec
2 10.0.0.254 16 msec 16 msec 8 msec
3 192.168.0.1 16 msec * 20 msec
S1 output:
S1#show ip interface brief
Interface | IP-Address | OK? | Method | Status | Protocol |
Vlan1 | 192.168.254.250 | YES | manual | up | up |
FastEthernet0/1 | unassigned | YES | unset | down | down |
FastEthernet0/0/2 | unassigned | YES | unset | up | up |
FastEthernet0/0/3 | unassigned | YES | unset | up | up |
<Output omitted>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
S1#ping 192.168.254.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
S1#traceroute 192.168.0.1
Type escape sequence to abort.
Tracing the route to 192.168.0.1
1 192.168.254.254 4 msec 2 msec 3 msec
2 172.16.0.253 8 msec 4 msec 8 msec
3 10.0.0.254 16 msec 16 msec 8 msec
4 192.168.0.1 16 msec * 20 msec
11.3.4 Host and IOS Commands >11.3.4.5 Activity - Show Commands
The interactive activity on this page allows the learner to match the common show commands with an appropriate scenario.
The show commands are:
- show version
- show startup-config
- show ip protocols
- show ip route
- show arp
- show ip int brief
The scenarios are:
- You suspect there is a problem with the current switch configuration. You want to see the saved configuration so that you can compare it to what is currently running.
- You are on a call with the Cisco technical assistance personnel. They ask you for the switch IOS name, RAM, NVRAM, and flash available. They also asl for the hexadecimal boot location.
- You are running the EIGRP routing protocol and need to know the update intervals and what active interfaces and networks are being advertised by your router.
- You cannot get to the Internet. You need to find out if your router has a path to the Internet and which protocols are being used to provide the paths.
- Your network documentation really needs to be updated. A quick listing of the IP addresses of your routers in relation to their MAC addresses would help finish the task for recording purposes.
- A switch is the closest intermediate device to you. It has 24 ports. You want to see a simple list of the ports being used, their status, and the VLAN IP address of the switch.
The figure also has the following 2 buttons:
11.3.4 Host and IOS Commands >11.3.4.6 Lab - Using the CLI to gather Network Device Information
See Lab Descriptions.
11.4 Managing IOS Configuration Files
11.4.1 Router and Switch File Systems >11.4.1.1 Router File Systems
Figure 1 on this page shows the output of the show file systems
command on a router.
Router#show file systems
File Systems:
Size(b) | Free(b) | Type | Flags | Prefixes |
- | - | opaque | rw | archive: |
- | - | opaque | rw | system: |
- | - | opaque | rw | tmpsys: |
- | - | opaque | rw | null: |
- | - | network | rw | tftp: |
* 256243568 | 183456987 | disk | rw | flash0: flash# |
- | - | disk | rw | flash1: |
262136 | 254779 | nvram | rw | nvram: |
- | - | opaque | wo | syslog: |
- | - | opaque | rw | xmodem: |
- | - | opaque | rw | ymodem: |
- | - | network | rw | rcp: |
- | - | network | rw | http: |
- | - | network | rw | ftp: |
- | - | network | rw | scp: |
- | - | opaque | ro | tar: |
- | - | network | rw | https: |
- | - | opaque | ro | cns: |
Figure 2 on this page shows the output of the dir
command on a router. The output displays the contents of flash.
Router#dir
Directory of flash0:/
1 | -rw- | 2903 | Sep 7 2012 | 06:58:26 | +00:00 | cpconfig- 19xx.cfg |
2 | -rw- | 3000320 | Sep 7 2012 | 06:58:40 | +00:00 | cpeexpress.tar |
3 | -rw- | 1038 | Sep 7 2012 | 06:58:52 | +00:00 | home.shtml |
4 | -rw- | 122880 | Sep 7 2012 | 06:59:02 | +00:00 | home.tar |
5 | -rw- | 1697952 | Sep 7 2012 | 06:59:20 | +00:00 | securedesktop- ios-3.1.1.45-k9.pkg |
6 | -rw- | 415956 | Sep 7 2012 | 06:59:34 | +00:00 | sslclient-win- 1.1.4.176.pkg |
7 | -rw- | 67998028 | Sep 26 2012 | 17:32:14 | +00:00 | c1900 universalk9- mz.SPA.152-4.M1.bin |
256445668 bytes total (183234560 bytes free)
Figure 3 on this page shows the output of cd nvram
command followed by the pwd
command.
Router#cd nvram:
Router#pwd
nvram:/
Router#dir
Directory of nvram:/
253 | -rw- | 1156 | <no date> | startup-config |
254 | ---- | 5 | <no date> | private-config |
255 | -rw- | 1156 | <no date> | underlying-config |
1 | -rw- | 2945 | <no date> | cwmp-inventory |
4 | ---- | 58 | <no date> | persistent-data |
5 | ---- | 17 | <no date> | ecfm_ieee_mib |
6 | -rw- | 559 | <no date> | IOS-Self-Sig#1.cer |
262136 bytes total (254779 bytes free)
11.4.1 Router and Switch File Systems >11.4.1.2 Switch File Systems
The figure on this page shows the output of show file systems command on a router.
Switch#show file systems
File Systems:
Size(b) | Free(b) | Type | Flags | Prefixes |
* 32514048 | 20887552 | flash | rw | flash: |
- | - | opaque | rw | vb: |
- | - | opaque | ro | bs: |
- | - | opaque | rw | system: |
- | - | opaque | rw | tmpsys: |
65536 | 48897 | nvram | rw | nvram: |
- | - | opaque | ro | xmodem: |
- | - | opaque | ro | ymodem: |
- | - | opaque | rw | null: |
- | - | opaque | ro | tar: |
- | - | opaque | rw | tftp: |
- | - | network | rw | rcp: |
- | - | network | rw | http: |
- | - | network | rw | ftp: |
- | - | network | rw | scp: |
- | - | network | rw | https: |
- | - | opaque | ro | cns: |
11.4.2 Back up and restore Configuration files >11.4.2.1 Backing up and Restoring using Text Files
The figure on this page shows the process to back up and restore configuration files using Tera Term as described in the page notes.
11.4.2 Back up and restore Configuration files >11.4.2.2 Backing up and Restoring using Text Files
The figure on this page shows the output of the copy running-config tftp
command on a router. This will allow the user to make a backup of the current configuration to a tftp server on the network as described in the page notes.
Router#copy running-config tftp
Remote host []? 131.108.2.155
Name of the configuration file to write [tokyo-config]?tokyo.2
Write file Tokyo.2 to 131.108.2.155?[confirm]
Writing Tokyo.2 !!!!! [OK]
11.4.2 Back up and restore Configuration files >11.4.2.3 Using USB ports on a Cisco Router
The image on this page shows the back of a Cisco 1941 router. The USB ports are highlighted.
11.4.2 Back up and restore Configuration files >11.4.2.4 Backing up and Restoring using a USB
Figure 1 on this page shows the output of the show file systems
command on a router. The u.s.b. flash 0. file system is highlighted.
11.4.2.4 Backing Up and Restoring using a USB
Router#show file systems
File systems:
Size(b) | Free(b) | Type | Flags | Prefixes |
- | - | opaque | rw | archive: |
- | - | opaque | rw | system: |
- | - | opaque | rw | tmpsys: |
- | - | opaque | rw | null: |
* 256487424 | 184819712 | disk | rw | flash0: flaash#: |
- | - | disk | rw | flash1: |
262136 | 249270 | nvram | rw | nvram: |
- | - | opaque | wo | syslog: |
- | - | opaque | rw | xmodem: |
- | - | opaque | rw | ymodem: |
- | - | network | rw | rcp: |
- | - | network | rw | http: |
- | - | network | rw | ftp: |
- | - | network | rw | scp: |
- | - | opaque | ro | tar: |
- | - | network | rw | https: |
- | - | opaque | ro | cns: |
4050042880 | 3774152704 | usbflash | rw | usbflash0: |
Figure 2 on this page shows two outputs of the copy running-config usbflash0:
command. Once when the destination file does not exist and once when it does. If the destination file already exists the user is prompted to overwrite it.
R1#copy running-config usbflash0:
Destination filename [running-config]? R1-config
5024 bytes copied in 0.736 secs (6826 bytes/sec)
The description given for this figure is, "Copying to USB flash drive, and no file pre-exists.".
R1#copy running-config usbflash0:
Destination filename [running-config]? R1-config
%Warning :There is a file already existing with this name
Do you want to overwrite? [confirm]
5024 bytes copied in 1.796 secs (2797 bytes/sec)
The description given for this figure is, "Copying to USB flash drive, and the same configuration file already exists on the drive.".
Figure 3 on this page shows the output of the dir usbflash0:
command. It also shows the output of the more usbflash0:/R1-config
command.
R1#dir usnflash0:/
Directory of usbflash0:/
1 | drw- | 0 | Oct 15 2012 | 16:28:26 | +00:00 | Cisco |
16 | -rw- | 5024 | Jan 7 2013 | 20:26:50 | +00:00 | R1-config |
2564405668 bytes total (1833234560 bytes free)
R1#more usbflash0: /R1-Config
!
! Last configuration change at 20:19:54 UTC Mon Jan 7 2013 by
admin version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
Hostname R1
!
Boot-start-marker
Boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
11.4.2 Back up and restore Configuration files >11.4.2.5 Packet Tracer – Backing Up Configuration Files
Objectives:
Part 1: Establish Connectivity to TFTP Server
Part 2: Transfer Configuration from TFTP Server
Part 3: Backup Configuration and IOS to TFTP Server
11.4.2 Back up and restore Configuration files >11.4.2.6 Lab - Managing Router Configuration Files with Tera Term
See Lab Descriptions.
11.4.2 Back up and restore Configuration files >11.4.2.7 Lab – Managing Device Configuration Files using TFTP, Flash and USB
See Lab Descriptions.
11.4.2 Back up and restore Configuration files >11.4.2.8 Lab – Researching Password Recovery Procedures
See Lab Descriptions.
11.5 Integrated Routing Services
11.5.1 Integrated Router >11.5.1.1 Multi-Function Device
Figure 1 on this page is an animation that shows a Linksys model WRT 300 N-2 wireless router that opens up and exposes three services that the integrated services device provides. These services are:
- Access Point
- Switch
- Router
Figure 2 on this page illustrates the advantages of wireless.
The figure shows a wireless access point connecting to a DSL or cable modem which is connected to the Internet.
The following devices have a wireless connection to the access point:
- Printer
- PC
- Smart TV
- Laptop
- Smart Phone
The benefits of wireless LAN technology include the following items:
- Mobility - allows for easy connection of both stationary and mobile clients.
- Scalability - can be easily expanded to allow more users to connect and to increase the coverage area.
- Flexibility - provides anytime, anywhere connectivity.
- Cost Savings - equipment costs continue to fall as the technology matures.
- Reduced installation time - installation of a single piece of equipment can provide connectivity for a large number of people.
- Reliability in harsh environments - easy to install in emergency and hostile environments.
Figure 3 on this page illustrates the limitations of wirelesss.
The figure shows three users working on computers all connected to a wireless access point.
Limitations of wireless LAN technology include the following:
- Interference - Wireless technology is susceptible to interference from other devices that produce electromagnetic energies. This includes cordless phones, microwaves, televisions, and other wireless LAN implementations.
- Network and Data security - Wireless LAN technology is designed to provide access to the data being transmitted, not security of the data. Additionally, it can provide an unprotected entrance into the wired network.
- Technology - Wireless LAN technology does not currently provide the speed or reliability of wired LANs.
11.5.1 Integrated Router >11.5.1.2 Types of Integrated Routers
The figure on this page shows a close-up view of both the front and the back of the Linksys integrated router model WRT 300 N-2.
The figure has the following 2 buttons:
When the Front button is activated the following information is displayed:
Front View:
- This Linksys is a simplified, low-cost device that carries out the functionality of multiple network devices, such (switch, router, wireless access point).
- Light emitting diodes (LEDs) indicate the connection status of each port:
- Power LED - indicates the presence of power to the device; Solid green LED.
- WLAN LED - indicates status of wireless connections.
- 1 - 4 LEDs - indicates status of the wired Ethernet connections.
- Internet LED - indicates status of the Internet connection
When the Rear button is activated the following information is displayed:
Rear View:
- When connecting a local network using a multifunction device it is important that all local devices are connected to the switch ports.
- A single port that is connected to the router portion of the multifunction device. This is used to connect the device to another network, such as the Internet. The router portion of a multifunction device maintains routing tables. There is an internal connection from the routing portion of the multifunction device to the switch portion. The Internet port is connected to a different network than the Ethernet ports.
- Multiple ports that are connected to the internal switch portion of the multifunction device. These are usually labeled "Ethernet". All devices connected to the switch ports are on the same local network. There is also an internal connection from the switch port to the router port (Internet port).
11.5.1 Integrated Router >11.5.1.3 Wireless Capability
The figure on this page shows the configuration interface of the Linksys integrated router model WRT 300 N-2. This interface is web based and accessed through a web browser.
From the Wireless menu select the Basic Wireless Settings. The main settings are as follows:
- Network Mode: determines the type of technology that must be supported. For example, 802.11b, 802.11g, 802.11n or Mixed mode.
- SSID: used to identify the WLAN. All devices that wish to participate in the WLAN must have the same SSID.
- Standard Channel: specifies the channel over which communication will occur. By default, this is set to Auto to allow the AP to determine the optimum channel to use.
- SSID Broadcast: determines the SSID will be broadcast to all devices within the range. By default set to Enabled.
11.5.1 Integrated Router >11.5.1.4 Basic Security of Wireless
Figure 1 on this page shows three houses, each using wireless communications inside the home. There is a car parked on the street in front of the three houses. Inside the car is a person using a laptop computer.
This figure is used to show security concerns of wireless technology and lists the following steps that should be implemented to mitigate such threats:
Basic Security:
- Change default values
- Disable SSID broadcasting
- Enable encryption
Wardriving, walking, chalking
- Wardriving is the process of driving around an area searching for wireless LANs. Once discovered, the location of the WLAN is logged and shared. The goal of wardriving is to bring attention to the fact that most wireless networks are insecure and to show the widespread acceptance and use of wireless LAN technology.
- A similar process to wardriving is known as warwalking or warchaulking where the person walks around an area to discover wireless access. Once access is discovered a chalk mark is placed in front of the location to indicate the status of the wireless connection.
Figure 2 on this page is an animation showing the encryption process between a wireless access point and a wireless client. The access point has a callout saying, "Hosts need the right key.". The router sends data to the client PC using the pre-configured keys and the PC uses the key to decrypt the data.
11.5.2 Configuring the Integrated Router >11.5.2.1 Configuring the Integrated Router
The figure on this page shows a Linksys wireless router connected to a computer with a network cable. This configuration is used to initially connect to and configure the access point.
11.5.2 Configuring the Integrated Router >11.5.2.2 Enabling Wireless
The figure on this page shows the configuration interface of the Linksys integrated router model WRT 300 N-2 and is highlighting the network mode option. The dropdown list is used to select which 802.11 modes to support. The options are:
- Mixed
- BG mixed
- Wireless G only
- Wireless B only
- Wireless N only
- Disabled.
11.5.2 Configuring the Integrated Router >11.5.2.3 Configure a Wireless Client
The figure on this page shows the configuration window for a Linksys wireless network interface card. This is a GUI that the user can use to configure connections to wireless networks. This works in place of the operating system’s configuration tool.
11.5.2 Configuring the Integrated Router >11.5.2.4 Packet Tracer – Configuring a Linksys Router
Objectives:
Part 1: Connect to Linksys router
Part 2: Enable Wireless Connectivity
Part 3: Configure and Verify Wireless Client Access
11.6 Summary
11.6.1 Summary >11.6.1.1 Capstone Project – Design and Build a small Business network
The figure on this page shows a collage of four pictures, a network patch panel with dozens of network connections, a track runner jumping over a hurdle, a woman working on a server rack, and a stack of four Cisco routers.
When planning any network consider...
- Cost
- Ports
- Speed
- Expandability
- Manageability
11.6.1.2 Packet Tracer – Skills Integration Challenge
11.6.1.3 Summary
The figure on this page shows a switch connected to three computers, a server, an IP phone, and a router. The router then connects to a WAN, that connects to the Internet. This graphic is an example of a typical small business network.
End of Chapter 11: Its a Network.
This is the end of the CCNA Introduction to Networks course chapter descriptions.