hoofdstuk11
TRANSCRIPT
-
8/11/2019 hoofdstuk11
1/15
ConfiguringCiscoDevices:IOSBasicsApersonalcomputer,arouterorswitchcannotfunctionwithoutanoperatingsystem.Withoutan
operatingsystem,hardwarehasnocapabilities.CiscoIOS(InternetworkOperatingSystem)isthe
systemsoftware
in
Cisco
devices.
CiscoIOS
TheCiscoIOSprovidesdeviceswiththefollowingnetworkservices
Basicroutingandswitchingfunctions
Reliableandsecureaccesstonetworkedresources
Networkscalability
TheservicesprovidedbyCiscoIOSaregenerallyaccessedusingaCLI.
TheIOSfileitselfisseveralmegabytesinsizeandisstoredinasemipermanentmemorycalledflash.
Flashmemory
provides
nonvolatile
storage.
This
means
that
the
contents
of
memory
are
not
lost
whenthedevicelosespower.UsingflashmemoryallowstheIOStobeupgradedtonewerversions
ortohavenewfeaturesadded.
AccessMethods
YoucanaccesstheCLIenvironmentinseveralways:(Figure111)
Console
TheCLIcanbeaccessedthroughaconsolesession,alsoknownastheCTYline.Aconsoleuseslow
speedserialconnectiontodirectlyconnectacomputerorterminaltotheconsoleportontherouter
orswitch.
The
console
port
is
amanagement
port
that
provides
out
of
band
access
to
arouter.
Examplesofconsoleuseincludethefollowing:
Theinitialconfigurationofthenetworkdevice
Disasterrecoveryproceduresandtroubleshootingwhenremoteaccessisnotpossible
Passwordrecoveryprocedures
Whenarouterisfirstplacedintoservice,networkingparametershavenotyetbeenconfigured.
Therefore,theroutercannotcommunicatethroughanetwork.Acomputerrunningterminal
emulationsoftwareisconnectedtotheconsoleportofthedevice.
FormanyIOSdevices,consoleaccessdoesnotrequireanyformofsecurity,bydefault.
TelnetandSSH
AmethodforremotelyaccessingaCLIsessionistotelnettotherouter.Telnetsessionsrequireactive
networkingservicesonthedevices.Thenetworkdevicemusthaveatleastoneactiveinterface
configuredwithaLayer3address,suchasanIPv4address.CiscoIOSdevicesincludeaTelnetserver
processthatlauncheswhenthedeviceisstarted.TheIOSalsocontainsaTelnetclient.
AhostwithaTelnetclientcanaccessthevirtualteletypeinterface(vty)sessionsrunningonthe
Ciscodevice.TheIOSrequiresthattheTelnetsessionuseapassword.
TheSecureShell(SSH)protocolisamoresecuremethodforremotedeviceaccess.
SSHprovidesstrongerpasswordauthenticationthanTelnetandusesencryptionwhentransporting
sessiondata.
This
keeps
the
user
ID,
password,
and
details
of
the
management
session
private.
-
8/11/2019 hoofdstuk11
2/15
AUXport
ToestablishaCLIsessionremotelyisthroughatelephonedialupconnectionusingamodem
connectedtotherouterauxiliary(AUX)port.Thismethoddoesnotrequirenetworkingservicestobe
configuredoravailableonthedevice.
TheAUXportcanalsobeusedlocally,withadirectconnectiontoacomputerrunningaterminal
emulationprogram.
The
console
port
is
preferred
over
the
AUX
port
for
trouble
shooting
because
it
displaysrouterstartup,debugging,anderrormessagesbydefault.
TheonlytimetheAUXportisusedlocallyiswhenthereareproblemsusingtheconsoleport.
ConfigurationFiles
ConfigurationfilescontaintheCiscoIOSsoftwarecommandsusedtocustomizethefunctionalityofa
Ciscodevice.Commandsareparsed(translatedandexecuted)bytheCiscoIOSsoftwarewhenthe
systemisbooted(fromthestartupconfigfile)orwhencommandsareenteredintheCLIwhilein
configurationmode.(Figure112)
Theconfigurationfileistypicallyafewhundredtoafewthousandbytesinsize.
Twoconfigurationfiles:
Therunningconfigurationfile:usedduringthecurrentoperationonthedevice
Thestartupconfigurationfile:usedasthebackupconfigurationandloadedwhenthedevice
isstarted
StartupConfigurationFile
Thestartupconfigurationfileisusedduringsystemstartuptoconfigurethedevice.Thestartup
configurationfileorstartupconfigfileisstoredinnonvolatileRAM(NVRAM).Thestartupconfig
filesareloadedintoRAMeachtimetherouterisstartedorreloaded.
RunningConfiguration
AfteritisinRAM,therunningconfiguration(runningconfig)isusedtooperatethenetworkdevice.
BecausetherunningconfigurationfileisinRAM,itislostifthepowertothedeviceisturnedofforif
thedeviceisrestarted.
IntroducingCiscoIOSModes
Thetermmodaldescribesasystemwheretherearedifferentmodesofoperation.CLIusesa
hierarchicalstructureforthemodes.Fromtoptobottom:
Userexecutivemode:amodethatisverylimitedinscope,allowingbasicallyonlyviewing
typesofIOScommands.
Privilegedexecutivemode:amodeallowingusersloggedoninthismodeaccesstothe
entireIOScommandstructure.
Globalconfigurationmode:commandsexecutedinthismodeapplytotheentirerouter
Otherspecificconfigurationmodes:commandsexecutedwhileintheroutermode,would
applyonlytothatparticularroutingprocess.
Eachmodeisusedtoaccomplishparticulartasksandhasaspecificsetofcommandsthatare
availablewheninthatmode.(Table111)
Somecommandsareavailabletoallusers,inallmodes;otherscanbeexecutedonlyafterentering
themodeinwhichthatcommandisavailable.
Thehierarchalmodalstructurecanbeconfiguredtoprovidesecurity.
-
8/11/2019 hoofdstuk11
3/15
Twoprimarymodesofoperation:UserEXECandprivilegedEXEC.
Asasecurityframe,theCiscoIOSSoftwareseparatestheEXECsessionsintotwoaccessmodes.The
privilegedEXECmodehasahigherlevelofauthorityinwhatitallowstobeexecuted.
CommandPrompts
Whenusing
the
CLI,
the
mode
is
identified
by
the
command
line
prompt
that
is
unique
to
that
mode.
Bydefault,everypromptbeginswiththedevicename. Followingthename,theremainderofthe
promptindicatesthemode.
Router(config)#
Ascommandsareusedandmodesarechanged,thepromptchangestoreflectthecurrentcontext.
PromptshowsthepingcommandexecutedattheuserEXEClevel:
Router>ping192.168.10.5s
CLIcommandthatwillresultinthecontentsofthefilerunningconfig:
Router#showrunningconfig
CLIcommand,executedattheprivilegedEXEClevelthatwillallowyoutoentercommandsthatwill
changetherunningconfigfile:
Router#configterminal
CLIcommandthatwilltakeyoutothespecificinterfaceconfigurationmode:
Router(config)#InterfaceFastEthernet0/1
CLIcommandthatwillapplyanIPaddressandasubnetmasktoaspecificinterface:
Router(configif)#ipaddress192.168.10.1255.255.255.0
UserExecutiveMode
Theuser
executive
(EXEC)
mode
has
limited
capabilities
but
is
useful
for
some
basic
operations.
The
userEXECmodeallowsonlyalimitednumberofbasicmonitoringcommands(viewonlymode).The
userEXECleveldoesnotallowtheexecutionofanycommandsthatmightchangetheconfiguration
ofthedevice.
TheuserEXECmodeisidentifiedbytheCLIpromptthatendswiththe>symbol.
PrivilegedEXECMode
Theexecutionofconfigurationandmanagementcommandsrequiresthatthenetworkadministrator
usetheprivilegedEXECmodeoraspecificmodefartherdownthehierarchy.TheprivilegedEXEC
modecanbeidentifiedbythepromptendingwiththe#symbol.
Globalconfiguration
mode
and
all
other
more
specific
configuration
modes
can
be
reached
only
from
theprivilegedEXECmode.
MovingBetweentheUserEXECandPrivilegedEXECModes
TheenableanddisablecommandsareusedtochangetheCLIbetweentheuserEXECmodeandthe
privilegedEXECmode,respectively.
ToaccesstheprivilegedEXECmode,usetheenablecommand:Router>enable.
IfpasswordauthenticationhasbeenconfiguredfortheprivilegedEXECmode,theIOSwillasyouto
enterthepassword.
ThedisablecommandisusedtoreturnfromtheprivilegedEXECtotheuserEXECmode:
Router#disable
-
8/11/2019 hoofdstuk11
4/15
BasicIOSCommandStructure
EachIOScommandhasaspecificformatorsyntaxandisexecutedattheappropriateprompt.The
commandsarenotcasesensitive.Thegeneralsyntaxforacommandisthecommandfollowedby
anyappropriatekeywordsandarguments.
Thekeywordsandargumentsprovideadditionalfunctionalityanddescribespecificparametersto
thecommandinterpreter.(Theshowcommanddisplaysinformationaboutthedevice)
Acommandmightrequireoneormorearguments.Anargumentisgenerallynotapredefinedword.
Switch(configif)#descriptionMainHQOfficeSwitch
Description=command,MainHQOfficeSwitch=argument(Figure113)
IOSConventions
Convention Description
Boldface boldfacetextindicatescommandsandkeywordsthatareenteredliterallyasshown
Italics italictextindicatesargumentswheretheuserssuppliesvalues
[X] squarebracketsencloseanoptionalelement(keywordorargument)
| indicatesachoicewithinanoptionalorrequiredsetofkeywordsorarguments
[X|Y] squarebracketsenclosinganoptionalelementseparatedbyaverticallineindicatean
optionalchoice
{X|Y} bracesenclosinganoptionalelementindicatearequiredchoice
UsingCLIHelp
TheIOShasseveralformsofhelpavailable
Context-SensitiveHelp
Thecontextsensitivehelpprovidesalistofcommandsandtheargumentsassociatedwiththose
commandswithinthecontextofthecurrentmode.Toaccesscontextsensitivehelp,entera
questionmarkatanyprompt.
Oneuseofcontextsensitivehelpistogetalistofavailablecommands.
Anotheruseofcontextsensitivehelpistodisplayalistofcommandsorkeywordsthatstartwitha
specificcharacterorcharacters.
Afinaltypeofcontextsensitivehelpisusedtodeterminewhichoptions,keywords,orargumentsare
matchedwithaspecificcommand.
CommandSyntaxCheck
WhenacommandissubmittedbypressingEnter,thecommandlineinterpreterparsesthe
commandfrom
left
to
right
to
determine
what
action
is
being
requested.
If
the
interpreter
understandsthecommand,therequestedactionisexecutedandtheCLIreturnstotheappropriate
prompt.Iftheinterpretercannotunderstandthecommandbeingentered,itwillprovidefeedback
describingwhatiswrongwiththecommand.(Table113)
Threedifferenttypesoferrormessages:
Ambiguouscommand:theIOSreturnsanerrormessagetoindicatethattherewerenot
enoughcharactersenteredforthecommandinterpretertorecognizethecommand.
Incompletecommand:indicatesthatrequiredkeywordsorargumentswereleftofftheend
ofthecommand.
Incorrectcommand
(invalid
input):
acaret
symbol
(^)
indicates
where
the
command
interpretercannotdecipherthecommand.
-
8/11/2019 hoofdstuk11
5/15
HotKeysandShortcuts
TheIOSCLIprovideshotkeysandshortcutsthatmakeconfiguring,monitoring,andtroubleshooting
easier.(Table114)
Tab
Tabis
used
to
complete
the
remainder
of
abbreviated
commands
and
parameters.
Ctrl-R
PressCtrlRtoredisplaytheline
Ctrl-Z
ToleaveaconfigurationmodeandreturntoprivilegedEXECmodeatthetoplevel,pressCtrlZ
Up- andDown-ArrowKeys
Usetheuparrowkeytodisplaythepreviouslyenteredcommands.Eachtimethiskeyispressed,the
nextsuccessivelyoldercommandwillbedisplayed.Usethedownarrowkeytoscrollforward
throughthe
history
to
display
the
more
recent
commands.
Ctrl-Shift-6x
TointerrupttheoutputandinteractwithCLI,pressCtrlShift 6andthenthexkey.
Ctrl-C
PressingCtrlCinterruptstheentryofacommandandexitstheconfigurationmode.
AbbreviatedCommandsorKeywords
Commandsandkeywordscanbeabbreviatedtotheminimumnumberofcharactersthatidentifiesa
uniqueselection.
IOSExaminationCommands
Toverifyandtroubleshootnetworkoperation,youmustexaminetheoperationofthedevices.The
basicexaminationcommandistheshowcommand.Theshowcommandhasmanydifferent
variations.(Figure114)
Someshowcommandsareasfollows:
showarp:displays theARPtableofthedevice
showmacaddresstable:(switchonly)displaystheMACtableofaswitch
showstartupconfig:displaysthesavedconfigurationlocatedinNVRAM
show
running
config:
displays
the
contents
of
the
currently
running
configuration
file
or
the
configurationforaspecificinterface,ormapclassinformation.
showipinterfaces:displaysIPv4statisticsforallinterfacesonarouter.Toviewthestatistics,
entertheshowipinterfacescommandfollowedbythespecificinterfaceslot/portnumber.
Commonlyusedshowcommands:showinterfacesandshowversion
showinterfacesCommand
Theshowinterfacescommanddisplaysstatisticforallinterfacesonthedevice.Toviewthestatistics
foraspecificinterface,entertheshowinterfacescommandfollowedbythespecificinterface
slot/portnumber
Router#show
interfaces
serial
0/1
-
8/11/2019 hoofdstuk11
6/15
showversionCommand
Theshowversioncommanddisplaystheinformationaboutthecurrentlyloadedsoftwareversion,
alongwithhardwareanddeviceinformation.
Softwareversion:IOSsoftwareversion
Bootstrapversion
Systemuptime:timesincelastreboot
Systemrestartinformation:methodofrestart
Softwareimagename:IOSfilenamestoredinflash
Routertypeandprocessortype
Memorytypeandallocation(shared/main)
Softwarefeatures
Hardwareinterfaces
Configurationregister
IOSConfiguration
Modes
Theprimaryconfigurationmodeiscalledglobalconfiguration.Fromglobalconfig,CLIconfiguration
changesaremadethataffecttheoperationofthedeviceasawhole.Theglobalconfigmodeisalso
usedasaprecursortoaccessingspecificconfigurationmodes.
Router#configureterminal
Afterthecommandisexecuted,thepromptchangestoshowthattherouterisinglobal
configurationmode.
Router(config)#
Fromtheglobalconfigmode,therearemanydifferentconfigurationmodes.Eachofthesemodes
allowstheconfigurationofaparticularpartorfunctionoftheIOSdevice.
Interfacemode:
configure
one
of
the
network
interfaces
Linemode:configureoneofthelines,physicalorvirtual
Routermode:configuretheparametersforoneoftheroutingprotocols
Toexitaspecificconfigurationmodeandreturntoglobalconfigurationmode,enterexitata
prompt.ToleaveconfigurationmodecompletelyandreturntoprivilegedEXECmode,enterend.
Thecommandtosavetherunningconfigurationtothestartupconfigurationfileisasfollows:
Router#copyrunning configstartupconfig
-
8/11/2019 hoofdstuk11
7/15
ApplyingaBasicConfigurationUsingCiscoIOS
NamingDevices
ThehostnameisusedinCLIprompts.Ifthehostnameisnotexplicitlyconfigured,arouterusesthe
factoryassigneddefaulthostnameRouter.Aswitchhasafactoryassigneddefaulthostname
Switch.
Bychoosinganddocumentingnameswisely,itiseasiertoremember,discussandidentifynetwork
devices.Whenyouarenamingdevices,namesshouldfollowtheseconventions:
Startwithaletter,notcontainaspace,endwithaletterordigit,havecharacterofonlyletters,digits
anddashes,be63charactersorfewer.ThehostnamesusedinthedeviceIOSpreservecapitalization
andlowercasecharacters.RFC1178ChoosingaNameforyourComputerprovidesrulesthatyou
canuseasareferencefordevicenaming.Aspartofthedeviceconfiguration,auniquehostname
shouldbeconfiguredforeachdevice.(Figure115)
Tocreateanamingconventionforrouters,takeintoconsiderationthelocationandthepurposeof
thedevices.
The
next
step
is
to
apply
the
names
to
the
router
using
the
CLI.
(Example
p431)
Alwaysmakesurethatyourdocumentationisupdatedeachtimeadeviceisaddedormodified.To
negatetheeffectsofacommand,prefacethecommandwiththenokeyword.
LimitingDeviceAccess:ConfiguringPasswordsandBanners
Passwordsaretheprimarydefenseagainstunauthorizedaccessnetworkdevices.
TheIOSuseshierarchicalmodestohelpwithdevicesecurity.Aspartofthissecurityenforcement,
theIOScanacceptseveralpasswordstoallowdifferentaccessprivilegestothedevice.
Usedifferentauthenticationpasswordsforeachlevelofaccess.Usestrongpasswords thatarenot
easilyguessed.(Figure116)
ConsolePassword
Consolepasswordlimitsdeviceaccessusingtheconsoleconnection.
Theconsoleportofnetworkdevicesmustbesecured,ataminimum,byrequiringtheusertosupply
astrongpassword.Thefollowingcommandsareusedinglobalconfigurationmodetosetapassword
fortheconsoleline:
Switch(config)#lineconsole0 enterslineconfigurationmode,0=firstconsoleinterface
Switch(configline)#passwordpw specifiesapasswordonaline
Switch(configline)#login configurestheroutertorequireauthenticationuponlogin
Afterthesethreecommandsareexecuted,apasswordpromptwillappeareachtimeauserattempts
togain
access
to
the
console
port.
EnableandEnableSecretPasswords
LimitsaccesstotheprivilegedEXECmodeandEncryptedlimitsaccesstotheprivilegedEXECmode.
Theenablepasswordcommandortheenablesecretcommandprovidesadditionsecurity.
Alwaysusetheenablesecretcommandifpossible.Theenablesecretcommandprovidesgreater
securitybecausethepasswordisencrypted.Theenablepasswordcommandcanbeusedonlyif
enablesecrethasnotyetbeenset.
TheenablepasswordcommandwouldbeusedifthedeviceusesanoldercopyoftheCiscoIOS
softwarethatdoesnotrecognizetheenablesecretcommand.
Router(config)#
enable
password
pw
Router(config)#enablesecretpw
-
8/11/2019 hoofdstuk11
8/15
VTYPassword
VTYpasswordlimitsdeviceaccessusingTelnet.
ThevtylinesallowaccesstoarouterthroughTelnet.Bydefault,manyCiscodevicessupportfivevty
linesthatarenumbered0to4.Apasswordneedstobesetforallavailablevtylines.
Thefollowingcommandsareusedtosetapasswordonvtylines:
Router(config)#line
vty
04
Router(configline)#passwordpw
Router(configline)#login
Bydefault,theIOSincludesthelogincommandonthevtylines.ThispreventsTelnetaccesstothe
devicewithoutfirstrequiringauthentication.
EncryptingPasswordDisplay
Theservicepasswordencryptioncommandpreventspasswordsfromshowingupasplaintextwhen
viewingtheconfigurationfiles.Thiscommandcausestheencryptionofpasswordstooccurwhena
passwordisconfigured.Theservicepasswordencryptioncommandappliesweakencryptiontoall
unencryptedpasswords.
If
you
execute
the
show
running
config
or
show
startup
config
command
priortotheservicepasswordencryptioncommandbeingexecuted,theunencryptedpasswordsare
visibleintheconfigurationoutput.
BannerMessages
Itisvitaltoprovideamethodfordeclaringthatonlyauthorizedpersonnelshouldattempttogain
entryintothedevice.Todothis,addabannertothedeviceoutput.
Bannerscanbeanimportantpartofthelegalprocessintheeventthatsomeoneisprosecutedfor
breakingintoadevice.
Theexactcontentorwordingofabannerdependsonthelocallawsandcorporatepolicies.
Becausebanners
can
be
seen
by
anyone
who
attempt
to
log
in,
the
message
must
be
worded
very
carefully.Thebannercanincludescheduledsystemshutdownsandotherinformationthataffectsall
networkusers.
TheIOSprovidesmultipletypesofbanners.Onecommonbanneristhemessageoftheday(MOTD).
Thebannermotdcommandrequirestheuseofdelimiterstoidentifythecontentofthebanner
message.Thebannermotdcommandisfollowedbyaspaceandadelimitingcharacter.Then,oneor
morelinesoftextareenteredtorepresentthebannermessage.
ToconfigureanMOTD,formglobalconfigurationmode,enterthebannermotdcommand:
Switch(config)#bannermotd#message#
ManagingConfiguration
Files
Modifyingarunningconfigurationaffectstheoperationofthedeviceimmediately.
MakingtheChangedConfigurationtheNewStartupConfiguration
BecausetherunningconfigurationisstoredinRAM,itistemporarilyactivewhiletheCiscodeviceis
running.Ifpowertotherouterislostoriftherouterisrestarted,allconfigurationchangeswillbe
lostunlesstheyhavebeensaved.
Theshowrunningconfigcommandcanbeusedtoseearunningconfigurationfile.
Whenthechangesareverifiedtobecorrect,usethecopyrunningconfigstartupconfigcommand
attheprivilegedEXECmodeprompt:
Switch#copyrunningconfigstartupconfig
-
8/11/2019 hoofdstuk11
9/15
Afterthecommandisexecuted,therunningconfigurationfilereplacesthestartupconfigurationfile.
ReturningtheDevicetoItsOriginalConfiguration
Assumingthatyouhavenotoverwrittenthestartupconfigurationwiththechanges,youcanreplace
therunningconfigurationwiththestartupconfiguration.Thisisbestdonebyrestartingthedevice
usingthe
reload
command
at
the
privileged
EXEC
mode
prompt.
(Example
11
3)
BackingUpConfigurationsOffline
Configurationfilesshouldbestoredasbackupfilesintheeventofaproblem.Configurationfilescan
bestoredonaTFTPserver,aCD,aUSBmemorystickAconfigurationfileshouldalsobeincludedin
thenetworkdocumentation:(howto)
RemovingAllConfigurations
Thestartupconfigurationisremovedbyusingtheerasestartupconfigcommand.Toerasethe
startupconfigurationfile,useeraseNVRAM:startupconfigorerasestartupconfigattheprivileged
EXECmodeprompt:
Router#erasestartupconfig
Whenthecommandisissuedtherouterwillpromptyouforconfirmation.
AfterremovingthestartupconfigurationfromNVRAM,reloadthedevicetoremovethecurrent
runningconfigurationfilefromRAM.
BackingupConfigurationswithTextCapture(HyperTerminalorTeraTerm)
Configurationfilescanbesavedorarchivedtoatextdocument.
WhenusingHyperTerminal:(howto)Figure117
ConfigurationfilescanbesavedorarchivedtoatextdocumentusingTeraTerm:(howto)Figure118
RestoringText
Configurations
Aconfigurationfilecanbecopiedfromstoragetoadevice.Whencopiedtotheterminal,theIOS
executeseachlineoftheconfigurationtextasacommand.
Further,attheCLI,thedevicemustbesetattheglobalconfigurationmodetoreceivethecommands
fromthetextfilebeingcopied:(howto)
ConfiguringInterfaces
MostintermediarynetworkdeviceshaveanIPaddressforthepurposeofdevicemanagement.Some
devices,suchasswitchesandwirelessaccesspoints,canoperatewithouthavinganIPaddress.
EachinterfaceonarouterhasitsownuniqueIPv4address.Theaddressassignedtoeachinterfaceis
partof
the
network
address
range
of
the
network
segment
connected
to
that
interface.
Youcanconfiguremanyparametersonrouterinterfaces.
EnablingtheInterface
Bydefault,interfacesaredisabled.Toenableaninterface,enterthenoshutdowncommandfrom
interfaceconfigurationmode.Ifaninterfaceneedstobedisabledformaintenanceor
troubleshooting,usetheshutdowncommand.
ConfiguringRouterEthernetInterfaces
RouterEthernetinterfacesareusedasthegatewaysfortheenddevicesontheLANsdirectly
connectedto
the
router.
Each
Ethernet
interface
must
have
an
IP
address
and
subnet
mask
to
route
IPpackets:(howto)
-
8/11/2019 hoofdstuk11
10/15
ConfiguretheEthernetIPaddressusingthefollowingcommands:
Router(config)#interfaceFastEthernet0/0
Router(configif)#ipaddressip_addressnetmask
Router(configif)#noshutdown
ConfiguringRouter
Serial
Interfaces
SerialinterfacesareusedtoconnectWANstoroutersattheremotesiteorISP.Configure:(howto)
EachconnectedserialinterfacemusthaveanIPaddressandsubnetmasktorouteIPpackets.
ConfiguretheIPaddresswiththefollowingcommands:
Router(config)#interfaceSerial0/0/0
Router(configif)#ipaddressip_addressnetmask
Serialinterfacesrequireaclocksignaltocontrolthetimingofthecommunications.ADCEdevice
suchasachannelserviceunit/dataserviceunit(CSU/DSU)willprovidetheclock.
Onseriallinksthataredirectlyinterconnected,onesidemustoperateasDCEtoprovideaclocking
signal.The
clock
is
enabled
and
the
speed
is
specified
with
the
clock
rate
command.
Thecommandsthatareusedtosetaclockrateandenableaserialinterfacearethese:
Router(config)#interfaceSerial0/0/0
Router(configif)#clockrate56000
Router(configif)#noshutdown
DescribingInterfaces
Aninterfacedescriptionindicatesthepurposeoftheinterface.Theinterfacedescriptionwillappear
intheoutputofthesecommands:showstartupconfig,showrunningconfigandshowinterfaces.
Adescriptioncanassistindeterminingthedevicesorlocationsconnectedtotheinterface.
Circuitand
contact
information
can
also
be
embedded
in
the
interface
description.
Tocreateadescriptionusethedescriptioncommand.Afterthedescriptionisappliedtothe
interface,usetheshowinterfacescommandtoverifythatthedescriptioniscorrect.
ConfiguringaSwitchInterface
ALANswitchisanintermediarydevicethatinterconnectssegmentswithinanetwork.Therefore,the
physicalinterfacesontheswitchdonothaveIPaddresses.Unlikearouter,aphysicalinterfaceona
switchconnectsdeviceswithinanetwork.Switchinterfacesareenabledbydefault.(Example115)
Tobeabletomanageaswitch,assignaddressestothedevice.WithanIPaddressassignedtothe
switch,itactslikeahostdevice.Aftertheaddressisassigned,youaccesstheswitchwithTelnet,SSH,
orweb
services.
TheaddressforaswitchisassignedtoavirtualinterfacerepresentedasavirtualLAN(VLAN)
interface.Likethephysicalinterfacesofarouter,youalsomustenabletheinterfacewiththeno
shutdowncommand.
Likeanyotherhost,theswitchneedsagatewayaddressdefinedtocommunicateoutsideofthelocal
network.Weassignthisgatewaywiththeipdefaultgatewaycommand.(Example116)
-
8/11/2019 hoofdstuk11
11/15
VerifyingConnectivity
TesttheStack
Toverifyconnectivity,thefirststepistotesttheTCP/IPstack.
Usingping
in
aTesting
Sequence
Usingthepingcommandisaneffectivewaytotestconnectivity.Thetestisoftenreferredtoas
testingtheprotocolstack,becausethepingcommandmovesfromLayer3oftheOSImodeltoLayer
2andthenLayer1.PingusesInternetControlMessageProtocol(ICMP)tocheckforconnectivity.
Thepingcommandwillnotalwayspinpointthenatureoftheproblem,butitcanhelptoidentifythe
sourceoftheproblem.Thepingcommandprovidesamethodforcheckingtheprotocolstackand
IPv4addressconfigurationonahost.
ApingfromtheIOSwillyieldoneofseveralindicationsforeachICMPechothatwassent.Themost
commonindicatorsare:
!(exclamationmark):indicatesreceiptofanICMPechoreply.
.(period):indicatesatimeoutwhilewaitingforareply
U:anICMPUnreachablemessagewasreceived.TheUindicatesthatarouteralongthepath
didnothavearoutetothedestinationaddress.
TestingtheLoopback
ThepingcommandisusedtoverifytheinternalIPconfigurationonthelocalhost.Thistestis
accomplishedbyusingthepingcommandonareservedaddresscalledtheloopbackaddress
(127.0.0.1).Thisverifiestheproperoperationoftheprotocolstackfromthenetworklayertothe
physicallayerandbackwithoutactuallyputtingasignalonthemedia.(Example117)
Testingthe
Interface
TheIOSprovidescommandstoverifytheoperationofrouterandswitchinterfaces.
VerifyingtheRouterInterfaces
Oneofthemostusedcommandsistheshowipinterfacebriefcommand.Thiscommandprovidesa
oreabbreviatedoutputthantheshowipinterfacecommand.Theshowipinterfacebriefcommand
providesasummaryofthekeyinformationforalltheinterfaces.(Figure119,Example118)
TestingRouterConnectivity
YoucanverifytheLayer3connectivitywiththepingandtraceroutecommands.(Example119&10)
VerifyingtheSwitchInterfaces
Theshowipinterfacebriefcommandisusedtoverifytheconditionoftheswitchinterfaces.TheIP
addressfortheswitchisappliedtoaVLANinterface.(Example1111)
IftheFastEthernet0/1interfaceisdown,thereisnodeviceconnectedtotheinterfaceorthenetwork
interfaceofthedevicethatisconnectedisnotoperational.
TheoutputsfortheFastEthernet0/2andFastEthernet0/3interfacesareoperational.Thisisindicated
byboththeStatusandProtocolbeingshownasup.
-
8/11/2019 hoofdstuk11
12/15
TestingSwitchConnectivity
TheswitchcantestitsLayer3connectivitywiththepingandtraceroutecommands.(Example1112
&13)
Keepinmindthefollowingimportantpoints:
AnIP
address
is
not
required
for
aswitch
to
perform
its
job
or
frame
forwarding
Theswitchrequiresadefaultgatewaytocommunicateoutsideitslocalnetwork
TheIPaddressanddefaultgatewayareneededfortheswitchtobeaccessedremotelyfor
administrativepurposesandfortroubleshooting.Thenextstepinthetestingsequenceistoverify
thattheNICaddressisboundtotheIPv4addressandthattheNICisreadytotransmitsignalsacross
themedia.(Example1114)
TestingtheLocalNetwork
ThenexttestinthesequenceistotesthostsonthelocalLAN.Successfullypinginghostsverifiesthat
boththe
local
host
and
the
remote
hosts
are
configured
correctly.
This
test
is
conducted
by
pinging
eachhostonebyoneontheLAN.
IfahostrespondswithaDestinationUnreachablemessage,notewhichaddresswasnotsuccessful
andcontinuetopinttheotherhostsontheLAN.
AnotherfailuremessageisRequestTimedOut.Thisindicatesthatnoresponsewasmadetotheping
attemptinthedefaulttimeperiod,indicatingthatnetworklatencycanbeanissue.
Toexaminenetworklatency,theIOSoffersanextendedmodeofthepingcommand.Thismodeis
enteredbytypingpinginprivilegedEXECmodeattheCLIpromptwithoutadestinationIPaddress.
(Figure1110,Example1115)
NotethatenteringytotheExtendedcommandspromptprovidesmoreoptionsthatareusefulin
troubleshooting.
TestingGatewayandRemoteConnectivity
Thenextstepinthetestingsequenceistousethepingcommandtoverifythatalocalhostcan
connectwithagatewayaddress.Ifthepingcommandreturnsasuccessfulresponse,connectivityto
thegatewayisverified.
Tobegin,chooseastationasthesourcedevice.Usethepingcommandtoreachthegateway
address.(Figure1111)
Ifthegatewaytestfails,backuponestepinthesequenceandtestanotherhostinthelocalLANto
verifythattheproblemisnotthesourcehost.
TestingRouteNextHop
Inarouter,usetheIOStotestthenexthopoftheindividualroutes.Todeterminethenexthop,
examinetheroutingtableformtheoutputoftheshowiproutecommand.Ifthenexthopisnot
accessible,thepacketwillbedropped.Totestthenexthop,determinetheappropriateroutetothe
destinationandtrytopingthedefaultgatewayorappropriatenexthopforthatrouteintherouting
table.Afailedpingindicatesthattheremightbeaconfigurationorhardwareproblem.
TestingRemoteHosts
Testingcanproceedtoremotedevices,whichisthenextstepinthetestingsequence.The
verificationtests
should
begin
within
the
local
network
can
progress
outward
to
the
remote
devices.
(Figure1112)
-
8/11/2019 hoofdstuk11
13/15
Beginbytestingtheoutsideinterfaceofarouterthatisdirectlyconnectedtoaremotenetwork.
Ifthepingcommandissuccessful,connectivitytotheoutsideinterfaceisverified.Nextpingthe
outsideIPaddressoftheremoterouter.Ifsuccessful,connectivitytotheremoterouterisverified.If
thereisafailure,trytoisolatetheproblem.Retestuntilthereisavalidconnectiontoadevice,and
doublecheckalladdresses.
Thepingcommandwillnotalwayshelpwithidentifyingtheunderlyingcausetoaproblem,butitcan
isolateproblemsandgivedirectiontothetroubleshootingprocess.
CheckingforRouterRemoteConnectivity
Arouterformsaconnectionbetweennetworksbyforwardingpacketsbetweenthem.Toforward
packetsbetweenanytwonetworks,theroutermustbeabletocommunicatewithboththesource
andthedestinationnetworks.Therouterwillneedroutestobothnetworksinitsroutingtable.
Totestthecommunicationtotheremotenetwork,youcanpingaknownhostonthisremote
network.
Tracingand
Interpreting
Trace
Results
Thenextstepinthetestingsequenceistoperformatrace.Atracereturnsalistofhopsasapacketis
routedthroughanetwork.WhenperformingthetracefromaWindowscomputer,usetracert.When
performingthetracefromarouterCLI,usetraceroute.
PingandTrace
Pingandtracecanbeusedtogethertodiagnoseaproblem.(Figure1113,Example1116)
Thetracecanshowthepathofthelastsuccessfulcommunication.
TracetoaRemoteHost
Like
ping
commands,
trace
commands
are
entered
at
the
command
line
and
take
an
IP
address
as
theargument.(Example1117)
Tracerequeststothenexthoptimedout,meaningthatthenexthopdidnotrespond.
TestingSequence:PuttingitallTogether
P455 458
-
8/11/2019 hoofdstuk11
14/15
MonitoringandDocumentingNetworks
BasicNetworkBaselines
Oneofthemosteffectivetoolsformonitoringandtroubleshootingnetworkperformanceisto
establishanetworkbaseline.Abaselineisaprocessforstudyingthenetworkatregularintervalsto
ensurethatitisworkingasdesigned.Itismorethanasinglereportdetailingthehealthofthe
networkatacertainpointintime.Creatinganeffectivenetworkperformancebaselineis
accomplishedoveraperiodoftime.Measuringperformanceatvaryingtimesandloadswillassistin
creatingabetterpictureofoverallnetworkperformance.
Onemethodishostcapture.
Aneffectiveuseofthestoredinformationistocomparetheresultsovertime.
Theimportanceofcreatingdocumentationcannotbeemphasizedenough.Verificationofhostto
hostconnectivity,latencyissues,andresolutionsofidentifiedproblemscanassistanetwork
administratorinkeepinganetworkrunningasefficientlyaspossible.
HostCapture
Onecommonmethodforcapturingbaselineinformationistocopytheoutputfromthecommand
linewindowandpastitintoatextfile.Tocapturetheresultofthepingcommand,beginby
executingacommandatthecommandlinesimilartothisone.SubstituteavalidIPaddressonyour
network:(howto)
Runthesametestoveraperiodofdaysandsavethedataeachtime.Anexaminationofthefileswill
begintorevealpatternsinnetworkperformanceandprovidethebaselineforfuture
troubleshooting.
Whenselectingtextfromthecommandwindow,rightclickandchooseSelectAlltocopyallthetext
inthe
window.
Use
the
Mark
command
to
select
aportion
of
the
text.
IOSCapture
CapturingpingcommandoutputcanalsobecompletedfromtheIOSprompt:(howto)
CapturingandInterpretingTraceInformation
Tracecanbeusedtotracethesteps,orhops,betweenhosts.Iftherequestreachestheintended
destination,theoutputshowseveryrouterthatthepackettraverses.Thisoutputcanbecaptured
andusedinthesamewaythatpingoutputisused.
Sometimesthesecuritysettingatthedestinationnetworkwillpreventthetracefromreachingthe
finaldestination.(Example1124)
Selectthetextfromthecommandwindowandpasteitintoatextfile.
Thedatafromatracecanbeaddedtothedatafromthepingcommandstoprovideacombined
pictureofnetworkperformance.
Thehoppathwaytothedestinationcanvaryovertimeastheroutersselectdifferentbestpathsfor
thetracepackets.
Capturingthetracerouteoutputcanalsobedonefromtherouterprompt:(howto).
LearningAbouttheNodesontheNetwork
ThearpcommandprovidesthemappingofphysicaladdressestoknownIPv4addresses.Acommon
method
for
executing
the
arp
command
is
to
execute
it
from
the
command
prompt.
This
method
involvessendingoutanARPrequest.Thedevicethatneedstheinformationsendsoutabroadcast
-
8/11/2019 hoofdstuk11
15/15
ARPrequesttothenetwork,andonlythelocaldevicethatmatchestheIPaddressoftherequest
sendsbackanARPreplycontainingitsIPMACpair.
Toexecuteanarpcommandatthecommandpromptofahost,enterthefollowing:
C:\>host1>arpa
(Example1125,Figure1115)
Theroutercachecanbeclearedbyusingthearpdcommand,intheeventthenetwork
administratorwantstorepopulatethecachewithupdatedinformation
PingSweep
AnothermethodforcollectingMACaddressesistoemployapingsweepacrossarangeofIP
addresses.Apingsweepisascanningmethodthatcanbeexecutedatthecommandlinebyusing
networkadministratortools.Thesetoolsprovideawaytospecifyarangeofhoststopingwithone
command.
Networkdatacanbegeneratedintwoways.First,manyofthepingsweeptoolsconstructatableof
respondinghosts.ThesetablesoftenlistthehostsbyIPaddressandMACaddress.
Aseachpingisattempted,anARPrequestismadetogettheIPaddressintheARPcache.Thearp
commandcanreturnthetableofMACaddresses,butnowthereisreasonableconfidencethatthe
ARPtableisuptodate.
SwitchConnections
Amappingofhowhostsareconnectedtoaswitchcanbeobtainedbyissuingtheshowmac
addresstablecommand.
Usingacommandlinefromaswitch,entertheshowcommandwiththemacaddresstable
argument:
Sw12950#showmacaddresstable
(Example11
26)
lists
the
MAC
address
of
the
host.
This
information
can
be
copied
and
pasted
into
a
file.
SeveralMACaddressesarerepresentingmultiplenodes.Thisisanindicationthataportisconnected
toanotherintermediarydevicesuchasahub,wirelessaccesspoint,oranotherswitch.