Konfgurasi Sistem

Operasi Jaringan

TUJUAN

 _{Menjelaskan tujuan Cisco IOS.}

 _{Jelaskan cara mengakses dan menavigasi Cisco IOS untuk mengkonfgurasi}

perangkat jaringan.

 _{Jelaskan struktur komando perangkat lunak Cisco IOS.}

 _{Konfgurasi nama host pada perangkat Cisco IOS menggunakan CLI.}

 _{Gunakan Cisco IOS perintah untuk membatasi akses ke konfgurasi perangkat.}  _{Gunakan Cisco IOS perintah untuk menyimpan menjalankan konfgurasi.}

 _{Jelaskan bagaimana perangkat berkomunikasi melalui jaringan media.}  _{Mengkonfgurasi perangkat host dengan alamat IP.}

Semua peralatan jaringan tergantung pada sistem operasi:

• _{End devices(PC, laptop, smart phone, tablet)}

• _switches • _router

• _{Titik akses nirkabel} • _frewall

Cisco Internetwork Operating System (IOS)

 _{Koleksi sistem operasi jaringan yang digunakan pada perangkat Cisco}

Cisco IOS

Cisco IOS

 _{Sistem operasi PC (Windows 8, Linux & OS X) melakukan fungsi teknis yang}

memungkinkan

 _{Penggunaan perangkat input dan output}  _{Mengelola proses dan program}

 _{Mengelola fle sistem, keamanan, perangkat keras, dll}

 _{Switch atau router IOS menyediakan opsi untuk}

 _{Fungsi yang sama seperti sistem operasi host}  _{Konfgurasi interface}

 _{Aktifkan routing dan beralih fungsi}

 _{Semua perangkat jaringan datang dengan default IOS (switch, router, frewall)}  _{Kemungkinan untuk meng-upgrade iOS versi atau ftur set}

Cisco IOS

 _{IOS tersimpan dalam fash}

 _{penyimpanan Non-volatile - tidak hilang bila daya hilang}  _{Dapat diubah atau ditimpa sesuai kebutuhan}

 _{Dapat digunakan untuk menyimpan beberapa versi IOS}  _{IOS disalin dari fash ke RAM stabil ketika boot}

 _{Jumlah fash dan memori RAM menentukan IOS yang dapat digunakan} Cisco IOS

Cisco IOS

IOS Functions

8

9

Bootup Process

running-config IOS (running)

startup-config IOS

ios (partial)

11

running-config IOS (running)

startup-config IOS

ios (partial)

Bootup program

Where is the permanent configuration file stored used during boot-up? NVRAM (B)

Where is the diagnostics software stored executed by hardware modules? ROM (D)

Where is the backup (partial) copy of the IOS stored? ROM (D)

Where is IOS permanently stored before it is copied into RAM? FLASH (C)

Where are all changes to the configuration immediately stored? RAM (A)

13 running-config IOS (running) startup-config IOS ios (partial) Bootup program startup-config IOS Bootup program ios (partial) running-config IOS (running)

A

B

C

D

B

A

D

Cisco IOS

CCO Account Benefts and IOS

Files

This video introduces Cisco Connection Online (CCO). CCO has a wealth of information available regarding Cisco products and services.

Accessing a Cisco IOS Device

Console Access Method

Most common methods to access the Command Line Interface  _Console

 _{Telnet or SSH}  _{AUX port}

Accessing a Cisco IOS Device

Console Access Method

Console port



Device is accessible even

if no networking

services

have been confgured (out-of-band)



Need a special console cable (aka

rollover

cable

)



Allows confguration commands to be entered



Should be confgured with

passwords

to prevent

unauthorized access



Device should be

located in a secure room

so

console port can not be easily accessed

 _{Port Console}

 _{Perangkat dapat diakses bahkan jika tidak ada layanan jaringan telah}

dikonfgurasi (out-of-band)

 _{Butuh kabel konsol khusus (alias kabel rollover)}

 _{Memungkinkan konfgurasi perintah yang akan dimasukkan}

 _{Harus dikonfgurasi dengan password untuk mencegah akses yang}

tidak sah

 _{Perangkat harus ditempatkan di ruang yang aman sehingga port}

19

Establishing a HyperTerminal session (next

week)

 _{Connect PC using the RJ-45/mini-USB to Serial/USB rollover cable.}  _{Confgure the terminal or PC terminal emulation software for:}

 _{9600 baud}  _{8 data bits}  _{no parity}  _{1 stop bit}

 _{no fow control}

Rollover cable

Console port

Com1 or Com2 serial port

Or USB port with USB-to-Serial adapter

Terminal or a

PC with

terminal

emulation

software

20

Terminal

(Serial)

Settings)

Confgure the terminal or PC terminal emulation software for:

 _{9600 baud}

 _{8 data bits}  _{no parity}  _{1 stop bit}

21

Establishing a Terminal/Serial/Console session

 _{Important: A console connection is not}

the same as a network connection!

=

• PuTTY

• Tera Term

• SecureCRT

• HyperTerminal

• OS X Terminal

• Zoc

Accessing a Cisco IOS Device

Telnet, SSH, and AUX Access

Methods

Telnet

 _{Method for remotely accessing the CLI over a network}

 _{Require active networking services and one active interface}

that is confgured

Secure Shell (SSH) – Preferred over Telnet

 _{Remote login similar to Telnet but utilizes more security}  _{Stronger password authentication}

 _{Uses encryption when transporting data}

Aux Port (not used too much)  _{Out-of-band connection}

 _{Uses telephone line}

 _{Can be used like console port}

23

C:\> ssh C:\> ping

Ethernet Connection

Network connection needed

When can you use a network connection to

connect to the router?

What software/command do you need?

What cable and ports do you use?

When should you not use a network

connection to configure the router?

When there is a network

connection to the router (telnet). TCP/IP, Terminal prompt (DOS), Tera Term, etc.

PC & Router: Ethernet NIC Ethernet straight-through cable

When the change may

disconnect the telnet connection.

Accessing a Cisco IOS Device

Terminal Emulation Programs

Software available for

connecting to a networking device (usually same as terminal/serial/console connection):

 PuTTY  _{Tera Term}  _SecureCRT  _{HyperTerminal}  _{OS X Terminal}  Zoc

Navigating the IOS

Navigating the IOS

Cisco IOS Modes of Operation

enable

configure terminal

interface < > router < > line < >

Navigating the IOS

Primary Modes

enable enable

Navigating the IOS

Global Confguration Mode and

Submodes

Global configuration mode and interface configuration modes can only be reached from the privileged EXEC mode.

Navigating the IOS

Navigating between IOS Modes

Similar IOS commands for switches and routers

Navigating the IOS

Navigating between IOS Modes

(cont.)

Switch> user mode

Switch> enable go to privilege mode

Switch# configure terminal go to global configuration mode

Switch(config)# interface vlan 1 go to interface mode

Switch(config-if)# exit

Switch(config)# exit

Switch# config t Shortened commands and parameters

Switch(config)# vlan 1 go to VLAN configuration mode

Switch(config-vlan)# end go to privilege-EXEC mode

Switch# disable

Switch> enable

Switch# config t

Switch(config)# line vty 0 4 go to interface (line) mode

Switch(config-line)# exit

Switch(config)#

31

Common Commands for Switches and Routers

Switch>_{Switch> enable}user mode

Switch# privilege mode

Switch# configure terminal

Switch(config)# exit

Switch# config t

Switch(config)# hostname name

Switch(config)# enable secret password privilege password

Switch(config)# line console 0 console password

Switch(config-line)# password password

Switch(config-line)# login

Switch(config)# line vty 0 4 telnet password

Switch(config-line)# password password

Switch(config-line)# login

Switch(config)# banner motd # message # banner

Switch(config)# interface type number configure interface

32

Making your life easier!

Switch# enable

Switch(config)# line console 0 Console port

Switch(config-line)# logging synchronous IOS will not

Switch(config-line)# exec-timeout 0 0 password

Switch(config)# no ip domain-lookup password

Switch(config-line)# login

Switch(config)# banner motd # message # banner

Switch(config)# interface type number configure interface

Navigating the IOS

Navigating between IOS Modes

The Command Structure

The Command Structure

Cisco IOS Command Reference

IOS Command Conventions

The general syntax for a command is the command followed by any appropriate keywords (defned) and arguments (undefned).

An argument is generally not a predefned word.

An argument is a value or variable defned by the user.

Switch(config-if)# description string

 Boldface text indicates commands and keywords that are typed as shown

 _{Italic text indicates an argument for which you supply the value. For} the description command, the argument is a string value.

 _{The string value can be any text string of up to 80 characters.}  Example:

Switch(config-if)# description MainHQ Office Switch

The Command Structure

Cisco IOS Command Reference

 For the ping command:

Switch> ping IP-address

Switch> ping 10.10.10.5

 _{The command is ping and the user defned argument is the 10.10.10.5.}

 _{Similarly, the syntax for entering the traceroute command is:}

Switch> traceroute IP-address

Switch> traceroute 192.168.254.254

 The command is traceroute and the user defned argument is the

192.168.254.254.

The Command Structure

Context Sensitive Help

The Command Structure

Command Syntax Check

The Command Structure

Command Syntax Check

The Command Structure

Command Syntax Check

The Command Structure

Hot Keys and Shortcuts

 _{Tab - Completes the remainder of a partially typed command or}

keyword

 _{Ctrl-R - Redisplays a line}

 _{Ctrl-A – Moves cursor to the beginning of the line}

 _{Ctrl-Z - Exits confguration mode and returns to user EXEC}

 _{Down Arrow - Allows the user to scroll forward through former}

commands

 _{Up Arrow - Allows the user to scroll backward through former}

commands

 _{Ctrl-Shift-6 - Allows the user to interrupt an IOS process such}

as ping or traceroute.

 _{Ctrl-C - Aborts the current command and exits the confguration}

mode

The Command Structure

IOS Examination Commands

The Command Structure

The show version Command

The Command Structure

Navigating the IOS

Hostnames

Why the Switch

Let’s focus on

_{Creating a two PC network connected via a switch} _{Setting a name for the switch}

_{Limiting access to the device confguration} _{Confguring banner messages}

_{Saving the confguration}

Hostnames

Device Names

Hostnames allow devices to be identifed by network administrators over a network or the Internet.

Some guidelines for naming conventions are that names should:  _{Start with a letter}

 _{Contain no spaces}

 End with a letter or digit

 _{Use only letters, digits, and dashes}  Be less than 64 characters in length

Without names, network devices are difficult to identify for configuration purposes.

Hostnames

Confguring

Hostnames

Switch(config)# hostname Sw-Floor-3

Sw-Floor3(config)#

Switch(config)# hostname Sw-Floor-2

Sw-Floor2(config)#

Switch(config)# hostname Sw-Floor-1

Sw-Floor1(config)#

Limiting Access to Device

Confgurations

Securing Device Access

The passwords introduced here are:



Enable password

- Limits access to the privileged EXEC mode



Enable secret

- Encrypted, limits access to the privileged EXEC mode



Console password

- Limits device access using the console connection



VTY password

- Limits device access over Telnet

Note: In most of the labs in this course, we will be using simple passwords such as cisco or class.

Limiting Access to Device Confgurations

Securing Privileged EXEC Access

 _{use the enable secret command, not the older enable}

password command

 _{enable secret  provides greater security because the password}

is encrypted class

Limiting Access to Device Confgurations

Securing User EXEC Access



Console port

must be secured

• reduces the chance of unauthorized personnel physically

plugging a cable into the device and gaining device

access



vty lines

allow access to a Cisco device via Telnet

• number of vty lines supported varies with the type of

device and the IOS version

Limiting Access to Device Confgurations

Encrypting Password Display

service password-encryption _prevents

passwords from showing up as plain text when viewing the

confguration 

_{purpose of this}

command is to

keep unauthorized individuals from

viewing

passwords in the confguration fle

_{once applied,}

removing the

encryption service does not reverse the encryption

Limiting Access to Device Confgurations

Banner Messages

 _{Important part of the legal process in the event that someone is}

prosecuted for breaking into a device

 _{Wording that implies that a login is "welcome" or "invited" is not}

appropriate

Switch(config)# banner motd # This is a secure system Authorized Access Only!!! #

Sw-Floor3(config)#

Saving Confgurations

Confguration Files

Switch# show running-config

Switch# copy running-config startup-config

<Changes made>

Switch# delete vlan.dat

Delete filename [vlan.dat]?

Delete flash:vlan.dat? [confirm] Switch# erase startup-config

Switch# reload

System configuration has been modified. Save? [yes/no]: n

Proceed with reload? [confirm]

Saving Confgurations

Capturing Text

Saving Confgurations

Capturing Text

Ports and Addresses

IP Addressing in the Large

 _{Each end device on a}

network must be

confgured with an IP address

 _{Structure of an IPv4}

address is called

dotted decimal

 _{IP address displayed in}

decimal notation, with

four decimal

numbers between 0 and 255

 _{With the IP address, a} subnet mask is also necessary

 _{IP addresses can be}

assigned to both

physical ports and virtual interfaces  _{IPv4 and IPv6}

addresses will be discussed in more detail later

Ports and Addresses

Interfaces and Ports

 _{Terms are used interchangeably}

 _{Some interfaces can be can be confgured with an IP address such}

as:

 _{NIC (Ethernet interface) on a host/computer}  _{Router’s Ethernet or Serial interfaces}



Switches have ports (interfaces) but do not typically have IP addresses

assigned to them



Used to connect devices on LANs that do have IP addresses such as

hosts, routers, printers.

Addressing Devices

Confguring a Switch Virtual

Interface

 _{Allows the network administrator to communicate (SSH, telnet, ping) with the}

switch.

 _{It is OPTIONAL}

 _{“Layer 2” switches do NOT need an IP address to forward Ethernet frames.}  _{IP address - together with subnet mask, uniquely identifes end device on}

internetwork (more later)

 _{Subnet mask - determines which part of a larger network is used by an IP}

address interface VLAN 1 - interface confguration mode

 _{ip address 192.168.10.2 255.255.255.0 - confgures the IP address and}

subnet mask for the switch

 _{no shutdown - administratively enables the interface}

 _{Switch still needs to have physical ports confgured and VTY lines to enable}

remote management

Addressing Devices

Manual IP Address Confguration for End Devices

59

Addressing Devices

Automatic IP Address Confguration for End Devices

60

Addressing Devices

IP Address Conficts

61

Verifying Connectivity

Test the Loopback Address on an End Device

C:\> ping 127.0.0.1

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Verifying Connectivity

Testing the Interface Assignment

Verifying Connectivity

Testing End-to-End Connectivity

Confguring a Network Operating System

Chapter 2 Summary

 _{Services provided by the Cisco IOS accessed using a} command-line interface (CLI)

• _{accessed by either the console port, the AUX port, or through telnet or}

SSH

• _{can make confguration changes to Cisco IOS devices}

• _{a network technician must navigate through various hierarchical}

modes of the IOS

 Cisco IOS routers and switches support a similar operating system  _{Introduced the initial settings of a Cisco IOS switch device}

• _{setting a name}

• _{limiting access to the device confguration} • _{confguring banner messages}

• _{saving the confguration}

67

68