8/11/2019 hoofdstuk11

1/15

ConfiguringCiscoDevices:IOSBasicsApersonalcomputer,arouterorswitchcannotfunctionwithoutanoperatingsystem.Withoutan

operatingsystem,hardwarehasnocapabilities.CiscoIOS(InternetworkOperatingSystem)isthe

systemsoftware

in

Cisco

devices.

CiscoIOS

TheCiscoIOSprovidesdeviceswiththefollowingnetworkservices

Basicroutingandswitchingfunctions

Reliableandsecureaccesstonetworkedresources

Networkscalability

TheservicesprovidedbyCiscoIOSaregenerallyaccessedusingaCLI.

TheIOSfileitselfisseveralmegabytesinsizeandisstoredinasemipermanentmemorycalledflash.

Flashmemory

provides

nonvolatile

storage.

This

means

that

the

contents

of

memory

are

not

lost

whenthedevicelosespower.UsingflashmemoryallowstheIOStobeupgradedtonewerversions

ortohavenewfeaturesadded.

AccessMethods

YoucanaccesstheCLIenvironmentinseveralways:(Figure111)

Console

TheCLIcanbeaccessedthroughaconsolesession,alsoknownastheCTYline.Aconsoleuseslow

speedserialconnectiontodirectlyconnectacomputerorterminaltotheconsoleportontherouter

orswitch.

The

console

port

is

amanagement

port

that

provides

out

of

band

access

to

arouter.

Examplesofconsoleuseincludethefollowing:

Theinitialconfigurationofthenetworkdevice

Disasterrecoveryproceduresandtroubleshootingwhenremoteaccessisnotpossible

Passwordrecoveryprocedures

Whenarouterisfirstplacedintoservice,networkingparametershavenotyetbeenconfigured.

Therefore,theroutercannotcommunicatethroughanetwork.Acomputerrunningterminal

emulationsoftwareisconnectedtotheconsoleportofthedevice.

FormanyIOSdevices,consoleaccessdoesnotrequireanyformofsecurity,bydefault.

TelnetandSSH

AmethodforremotelyaccessingaCLIsessionistotelnettotherouter.Telnetsessionsrequireactive

networkingservicesonthedevices.Thenetworkdevicemusthaveatleastoneactiveinterface

configuredwithaLayer3address,suchasanIPv4address.CiscoIOSdevicesincludeaTelnetserver

processthatlauncheswhenthedeviceisstarted.TheIOSalsocontainsaTelnetclient.

AhostwithaTelnetclientcanaccessthevirtualteletypeinterface(vty)sessionsrunningonthe

Ciscodevice.TheIOSrequiresthattheTelnetsessionuseapassword.

TheSecureShell(SSH)protocolisamoresecuremethodforremotedeviceaccess.

SSHprovidesstrongerpasswordauthenticationthanTelnetandusesencryptionwhentransporting

sessiondata.

This

keeps

the

user

ID,

password,

and

details

of

the

management

session

private.

8/11/2019 hoofdstuk11

2/15

AUXport

ToestablishaCLIsessionremotelyisthroughatelephonedialupconnectionusingamodem

connectedtotherouterauxiliary(AUX)port.Thismethoddoesnotrequirenetworkingservicestobe

configuredoravailableonthedevice.

TheAUXportcanalsobeusedlocally,withadirectconnectiontoacomputerrunningaterminal

emulationprogram.

The

console

port

is

preferred

over

the

AUX

port

for

trouble

shooting

because

it

displaysrouterstartup,debugging,anderrormessagesbydefault.

TheonlytimetheAUXportisusedlocallyiswhenthereareproblemsusingtheconsoleport.

ConfigurationFiles

ConfigurationfilescontaintheCiscoIOSsoftwarecommandsusedtocustomizethefunctionalityofa

Ciscodevice.Commandsareparsed(translatedandexecuted)bytheCiscoIOSsoftwarewhenthe

systemisbooted(fromthestartupconfigfile)orwhencommandsareenteredintheCLIwhilein

configurationmode.(Figure112)

Theconfigurationfileistypicallyafewhundredtoafewthousandbytesinsize.

Twoconfigurationfiles:

Therunningconfigurationfile:usedduringthecurrentoperationonthedevice

Thestartupconfigurationfile:usedasthebackupconfigurationandloadedwhenthedevice

isstarted

StartupConfigurationFile

Thestartupconfigurationfileisusedduringsystemstartuptoconfigurethedevice.Thestartup

configurationfileorstartupconfigfileisstoredinnonvolatileRAM(NVRAM).Thestartupconfig

filesareloadedintoRAMeachtimetherouterisstartedorreloaded.

RunningConfiguration

AfteritisinRAM,therunningconfiguration(runningconfig)isusedtooperatethenetworkdevice.

BecausetherunningconfigurationfileisinRAM,itislostifthepowertothedeviceisturnedofforif

thedeviceisrestarted.

IntroducingCiscoIOSModes

Thetermmodaldescribesasystemwheretherearedifferentmodesofoperation.CLIusesa

hierarchicalstructureforthemodes.Fromtoptobottom:

Userexecutivemode:amodethatisverylimitedinscope,allowingbasicallyonlyviewing

typesofIOScommands.

Privilegedexecutivemode:amodeallowingusersloggedoninthismodeaccesstothe

entireIOScommandstructure.

Globalconfigurationmode:commandsexecutedinthismodeapplytotheentirerouter

Otherspecificconfigurationmodes:commandsexecutedwhileintheroutermode,would

applyonlytothatparticularroutingprocess.

Eachmodeisusedtoaccomplishparticulartasksandhasaspecificsetofcommandsthatare

availablewheninthatmode.(Table111)

Somecommandsareavailabletoallusers,inallmodes;otherscanbeexecutedonlyafterentering

themodeinwhichthatcommandisavailable.

Thehierarchalmodalstructurecanbeconfiguredtoprovidesecurity.

8/11/2019 hoofdstuk11

3/15

Twoprimarymodesofoperation:UserEXECandprivilegedEXEC.

Asasecurityframe,theCiscoIOSSoftwareseparatestheEXECsessionsintotwoaccessmodes.The

privilegedEXECmodehasahigherlevelofauthorityinwhatitallowstobeexecuted.

CommandPrompts

Whenusing

the

CLI,

the

mode

is

identified

by

the

command

line

prompt

that

is

unique

to

that

mode.

Bydefault,everypromptbeginswiththedevicename. Followingthename,theremainderofthe

promptindicatesthemode.

Router(config)#

Ascommandsareusedandmodesarechanged,thepromptchangestoreflectthecurrentcontext.

PromptshowsthepingcommandexecutedattheuserEXEClevel:

Router>ping192.168.10.5s

CLIcommandthatwillresultinthecontentsofthefilerunningconfig:

Router#showrunningconfig

CLIcommand,executedattheprivilegedEXEClevelthatwillallowyoutoentercommandsthatwill

changetherunningconfigfile:

Router#configterminal

CLIcommandthatwilltakeyoutothespecificinterfaceconfigurationmode:

Router(config)#InterfaceFastEthernet0/1

CLIcommandthatwillapplyanIPaddressandasubnetmasktoaspecificinterface:

Router(configif)#ipaddress192.168.10.1255.255.255.0

UserExecutiveMode

Theuser

executive

(EXEC)

mode

has

limited

capabilities

but

is

useful

for

some

basic

operations.

The

userEXECmodeallowsonlyalimitednumberofbasicmonitoringcommands(viewonlymode).The

userEXECleveldoesnotallowtheexecutionofanycommandsthatmightchangetheconfiguration

ofthedevice.

TheuserEXECmodeisidentifiedbytheCLIpromptthatendswiththe>symbol.

PrivilegedEXECMode

Theexecutionofconfigurationandmanagementcommandsrequiresthatthenetworkadministrator

usetheprivilegedEXECmodeoraspecificmodefartherdownthehierarchy.TheprivilegedEXEC

modecanbeidentifiedbythepromptendingwiththe#symbol.

Globalconfiguration

mode

and

all

other

more

specific

configuration

modes

can

be

reached

only

from

theprivilegedEXECmode.

MovingBetweentheUserEXECandPrivilegedEXECModes

TheenableanddisablecommandsareusedtochangetheCLIbetweentheuserEXECmodeandthe

privilegedEXECmode,respectively.

ToaccesstheprivilegedEXECmode,usetheenablecommand:Router>enable.

IfpasswordauthenticationhasbeenconfiguredfortheprivilegedEXECmode,theIOSwillasyouto

enterthepassword.

ThedisablecommandisusedtoreturnfromtheprivilegedEXECtotheuserEXECmode:

Router#disable

8/11/2019 hoofdstuk11

4/15

BasicIOSCommandStructure

EachIOScommandhasaspecificformatorsyntaxandisexecutedattheappropriateprompt.The

commandsarenotcasesensitive.Thegeneralsyntaxforacommandisthecommandfollowedby

anyappropriatekeywordsandarguments.

Thekeywordsandargumentsprovideadditionalfunctionalityanddescribespecificparametersto

thecommandinterpreter.(Theshowcommanddisplaysinformationaboutthedevice)

Acommandmightrequireoneormorearguments.Anargumentisgenerallynotapredefinedword.

Switch(configif)#descriptionMainHQOfficeSwitch

Description=command,MainHQOfficeSwitch=argument(Figure113)

IOSConventions

Convention Description

Boldface boldfacetextindicatescommandsandkeywordsthatareenteredliterallyasshown

Italics italictextindicatesargumentswheretheuserssuppliesvalues

[X] squarebracketsencloseanoptionalelement(keywordorargument)

| indicatesachoicewithinanoptionalorrequiredsetofkeywordsorarguments

[X|Y] squarebracketsenclosinganoptionalelementseparatedbyaverticallineindicatean

optionalchoice

{X|Y} bracesenclosinganoptionalelementindicatearequiredchoice

UsingCLIHelp

TheIOShasseveralformsofhelpavailable

Context-SensitiveHelp

Thecontextsensitivehelpprovidesalistofcommandsandtheargumentsassociatedwiththose

commandswithinthecontextofthecurrentmode.Toaccesscontextsensitivehelp,entera

questionmarkatanyprompt.

Oneuseofcontextsensitivehelpistogetalistofavailablecommands.

Anotheruseofcontextsensitivehelpistodisplayalistofcommandsorkeywordsthatstartwitha

specificcharacterorcharacters.

Afinaltypeofcontextsensitivehelpisusedtodeterminewhichoptions,keywords,orargumentsare

matchedwithaspecificcommand.

CommandSyntaxCheck

WhenacommandissubmittedbypressingEnter,thecommandlineinterpreterparsesthe

commandfrom

left

to

right

to

determine

what

action

is

being

requested.

If

the

interpreter

understandsthecommand,therequestedactionisexecutedandtheCLIreturnstotheappropriate

prompt.Iftheinterpretercannotunderstandthecommandbeingentered,itwillprovidefeedback

describingwhatiswrongwiththecommand.(Table113)

Threedifferenttypesoferrormessages:

Ambiguouscommand:theIOSreturnsanerrormessagetoindicatethattherewerenot

enoughcharactersenteredforthecommandinterpretertorecognizethecommand.

Incompletecommand:indicatesthatrequiredkeywordsorargumentswereleftofftheend

ofthecommand.

Incorrectcommand

(invalid

input):

acaret

symbol

(^)

indicates

where

the

command

interpretercannotdecipherthecommand.

8/11/2019 hoofdstuk11

5/15

HotKeysandShortcuts

TheIOSCLIprovideshotkeysandshortcutsthatmakeconfiguring,monitoring,andtroubleshooting

easier.(Table114)

Tab

Tabis

used

to

complete

the

remainder

of

abbreviated

commands

and

parameters.

Ctrl-R

PressCtrlRtoredisplaytheline

Ctrl-Z

ToleaveaconfigurationmodeandreturntoprivilegedEXECmodeatthetoplevel,pressCtrlZ

Up- andDown-ArrowKeys

Usetheuparrowkeytodisplaythepreviouslyenteredcommands.Eachtimethiskeyispressed,the

nextsuccessivelyoldercommandwillbedisplayed.Usethedownarrowkeytoscrollforward

throughthe

history

to

display

the

more

recent

commands.

Ctrl-Shift-6x

TointerrupttheoutputandinteractwithCLI,pressCtrlShift 6andthenthexkey.

Ctrl-C

PressingCtrlCinterruptstheentryofacommandandexitstheconfigurationmode.

AbbreviatedCommandsorKeywords

Commandsandkeywordscanbeabbreviatedtotheminimumnumberofcharactersthatidentifiesa

uniqueselection.

IOSExaminationCommands

Toverifyandtroubleshootnetworkoperation,youmustexaminetheoperationofthedevices.The

basicexaminationcommandistheshowcommand.Theshowcommandhasmanydifferent

variations.(Figure114)

Someshowcommandsareasfollows:

showarp:displays theARPtableofthedevice

showmacaddresstable:(switchonly)displaystheMACtableofaswitch

showstartupconfig:displaysthesavedconfigurationlocatedinNVRAM

show

running

config:

displays

the

contents

of

the

currently

running

configuration

file

or

the

configurationforaspecificinterface,ormapclassinformation.

showipinterfaces:displaysIPv4statisticsforallinterfacesonarouter.Toviewthestatistics,

entertheshowipinterfacescommandfollowedbythespecificinterfaceslot/portnumber.

Commonlyusedshowcommands:showinterfacesandshowversion

showinterfacesCommand

Theshowinterfacescommanddisplaysstatisticforallinterfacesonthedevice.Toviewthestatistics

foraspecificinterface,entertheshowinterfacescommandfollowedbythespecificinterface

slot/portnumber

Router#show

interfaces

serial

0/1

8/11/2019 hoofdstuk11

6/15

showversionCommand

Theshowversioncommanddisplaystheinformationaboutthecurrentlyloadedsoftwareversion,

alongwithhardwareanddeviceinformation.

Softwareversion:IOSsoftwareversion

Bootstrapversion

Systemuptime:timesincelastreboot

Systemrestartinformation:methodofrestart

Softwareimagename:IOSfilenamestoredinflash

Routertypeandprocessortype

Memorytypeandallocation(shared/main)

Softwarefeatures

Hardwareinterfaces

Configurationregister

IOSConfiguration

Modes

Theprimaryconfigurationmodeiscalledglobalconfiguration.Fromglobalconfig,CLIconfiguration

changesaremadethataffecttheoperationofthedeviceasawhole.Theglobalconfigmodeisalso

usedasaprecursortoaccessingspecificconfigurationmodes.

Router#configureterminal

Afterthecommandisexecuted,thepromptchangestoshowthattherouterisinglobal

configurationmode.

Router(config)#

Fromtheglobalconfigmode,therearemanydifferentconfigurationmodes.Eachofthesemodes

allowstheconfigurationofaparticularpartorfunctionoftheIOSdevice.

Interfacemode:

configure

one

of

the

network

interfaces

Linemode:configureoneofthelines,physicalorvirtual

Routermode:configuretheparametersforoneoftheroutingprotocols

Toexitaspecificconfigurationmodeandreturntoglobalconfigurationmode,enterexitata

prompt.ToleaveconfigurationmodecompletelyandreturntoprivilegedEXECmode,enterend.

Thecommandtosavetherunningconfigurationtothestartupconfigurationfileisasfollows:

Router#copyrunning configstartupconfig

8/11/2019 hoofdstuk11

7/15

ApplyingaBasicConfigurationUsingCiscoIOS

NamingDevices

ThehostnameisusedinCLIprompts.Ifthehostnameisnotexplicitlyconfigured,arouterusesthe

factoryassigneddefaulthostnameRouter.Aswitchhasafactoryassigneddefaulthostname

Switch.

Bychoosinganddocumentingnameswisely,itiseasiertoremember,discussandidentifynetwork

devices.Whenyouarenamingdevices,namesshouldfollowtheseconventions:

Startwithaletter,notcontainaspace,endwithaletterordigit,havecharacterofonlyletters,digits

anddashes,be63charactersorfewer.ThehostnamesusedinthedeviceIOSpreservecapitalization

andlowercasecharacters.RFC1178ChoosingaNameforyourComputerprovidesrulesthatyou

canuseasareferencefordevicenaming.Aspartofthedeviceconfiguration,auniquehostname

shouldbeconfiguredforeachdevice.(Figure115)

Tocreateanamingconventionforrouters,takeintoconsiderationthelocationandthepurposeof

thedevices.

The

next

step

is

to

apply

the

names

to

the

router

using

the

CLI.

(Example

p431)

Alwaysmakesurethatyourdocumentationisupdatedeachtimeadeviceisaddedormodified.To

negatetheeffectsofacommand,prefacethecommandwiththenokeyword.

LimitingDeviceAccess:ConfiguringPasswordsandBanners

Passwordsaretheprimarydefenseagainstunauthorizedaccessnetworkdevices.

TheIOSuseshierarchicalmodestohelpwithdevicesecurity.Aspartofthissecurityenforcement,

theIOScanacceptseveralpasswordstoallowdifferentaccessprivilegestothedevice.

Usedifferentauthenticationpasswordsforeachlevelofaccess.Usestrongpasswords thatarenot

easilyguessed.(Figure116)

ConsolePassword

Consolepasswordlimitsdeviceaccessusingtheconsoleconnection.

Theconsoleportofnetworkdevicesmustbesecured,ataminimum,byrequiringtheusertosupply

astrongpassword.Thefollowingcommandsareusedinglobalconfigurationmodetosetapassword

fortheconsoleline:

Switch(config)#lineconsole0 enterslineconfigurationmode,0=firstconsoleinterface

Switch(configline)#passwordpw specifiesapasswordonaline

Switch(configline)#login configurestheroutertorequireauthenticationuponlogin

Afterthesethreecommandsareexecuted,apasswordpromptwillappeareachtimeauserattempts

togain

access

to

the

console

port.

EnableandEnableSecretPasswords

LimitsaccesstotheprivilegedEXECmodeandEncryptedlimitsaccesstotheprivilegedEXECmode.

Theenablepasswordcommandortheenablesecretcommandprovidesadditionsecurity.

Alwaysusetheenablesecretcommandifpossible.Theenablesecretcommandprovidesgreater

securitybecausethepasswordisencrypted.Theenablepasswordcommandcanbeusedonlyif

enablesecrethasnotyetbeenset.

TheenablepasswordcommandwouldbeusedifthedeviceusesanoldercopyoftheCiscoIOS

softwarethatdoesnotrecognizetheenablesecretcommand.

Router(config)#

enable

password

pw

Router(config)#enablesecretpw

8/11/2019 hoofdstuk11

8/15

VTYPassword

VTYpasswordlimitsdeviceaccessusingTelnet.

ThevtylinesallowaccesstoarouterthroughTelnet.Bydefault,manyCiscodevicessupportfivevty

linesthatarenumbered0to4.Apasswordneedstobesetforallavailablevtylines.

Thefollowingcommandsareusedtosetapasswordonvtylines:

Router(config)#line

vty

04

Router(configline)#passwordpw

Router(configline)#login

Bydefault,theIOSincludesthelogincommandonthevtylines.ThispreventsTelnetaccesstothe

devicewithoutfirstrequiringauthentication.

EncryptingPasswordDisplay

Theservicepasswordencryptioncommandpreventspasswordsfromshowingupasplaintextwhen

viewingtheconfigurationfiles.Thiscommandcausestheencryptionofpasswordstooccurwhena

passwordisconfigured.Theservicepasswordencryptioncommandappliesweakencryptiontoall

unencryptedpasswords.

If

you

execute

the

show

running

config

or

show

startup

config

command

priortotheservicepasswordencryptioncommandbeingexecuted,theunencryptedpasswordsare

visibleintheconfigurationoutput.

BannerMessages

Itisvitaltoprovideamethodfordeclaringthatonlyauthorizedpersonnelshouldattempttogain

entryintothedevice.Todothis,addabannertothedeviceoutput.

Bannerscanbeanimportantpartofthelegalprocessintheeventthatsomeoneisprosecutedfor

breakingintoadevice.

Theexactcontentorwordingofabannerdependsonthelocallawsandcorporatepolicies.

Becausebanners

can

be

seen

by

anyone

who

attempt

to

log

in,

the

message

must

be

worded

very

carefully.Thebannercanincludescheduledsystemshutdownsandotherinformationthataffectsall

networkusers.

TheIOSprovidesmultipletypesofbanners.Onecommonbanneristhemessageoftheday(MOTD).

Thebannermotdcommandrequirestheuseofdelimiterstoidentifythecontentofthebanner

message.Thebannermotdcommandisfollowedbyaspaceandadelimitingcharacter.Then,oneor

morelinesoftextareenteredtorepresentthebannermessage.

ToconfigureanMOTD,formglobalconfigurationmode,enterthebannermotdcommand:

Switch(config)#bannermotd#message#

ManagingConfiguration

Files

Modifyingarunningconfigurationaffectstheoperationofthedeviceimmediately.

MakingtheChangedConfigurationtheNewStartupConfiguration

BecausetherunningconfigurationisstoredinRAM,itistemporarilyactivewhiletheCiscodeviceis

running.Ifpowertotherouterislostoriftherouterisrestarted,allconfigurationchangeswillbe

lostunlesstheyhavebeensaved.

Theshowrunningconfigcommandcanbeusedtoseearunningconfigurationfile.

Whenthechangesareverifiedtobecorrect,usethecopyrunningconfigstartupconfigcommand

attheprivilegedEXECmodeprompt:

Switch#copyrunningconfigstartupconfig

8/11/2019 hoofdstuk11

9/15

Afterthecommandisexecuted,therunningconfigurationfilereplacesthestartupconfigurationfile.

ReturningtheDevicetoItsOriginalConfiguration

Assumingthatyouhavenotoverwrittenthestartupconfigurationwiththechanges,youcanreplace

therunningconfigurationwiththestartupconfiguration.Thisisbestdonebyrestartingthedevice

usingthe

reload

command

at

the

privileged

EXEC

mode

prompt.

(Example

11

3)

BackingUpConfigurationsOffline

Configurationfilesshouldbestoredasbackupfilesintheeventofaproblem.Configurationfilescan

bestoredonaTFTPserver,aCD,aUSBmemorystickAconfigurationfileshouldalsobeincludedin

thenetworkdocumentation:(howto)

RemovingAllConfigurations

Thestartupconfigurationisremovedbyusingtheerasestartupconfigcommand.Toerasethe

startupconfigurationfile,useeraseNVRAM:startupconfigorerasestartupconfigattheprivileged

EXECmodeprompt:

Router#erasestartupconfig

Whenthecommandisissuedtherouterwillpromptyouforconfirmation.

AfterremovingthestartupconfigurationfromNVRAM,reloadthedevicetoremovethecurrent

runningconfigurationfilefromRAM.

BackingupConfigurationswithTextCapture(HyperTerminalorTeraTerm)

Configurationfilescanbesavedorarchivedtoatextdocument.

WhenusingHyperTerminal:(howto)Figure117

ConfigurationfilescanbesavedorarchivedtoatextdocumentusingTeraTerm:(howto)Figure118

RestoringText

Configurations

Aconfigurationfilecanbecopiedfromstoragetoadevice.Whencopiedtotheterminal,theIOS

executeseachlineoftheconfigurationtextasacommand.

Further,attheCLI,thedevicemustbesetattheglobalconfigurationmodetoreceivethecommands

fromthetextfilebeingcopied:(howto)

ConfiguringInterfaces

MostintermediarynetworkdeviceshaveanIPaddressforthepurposeofdevicemanagement.Some

devices,suchasswitchesandwirelessaccesspoints,canoperatewithouthavinganIPaddress.

EachinterfaceonarouterhasitsownuniqueIPv4address.Theaddressassignedtoeachinterfaceis

partof

the

network

address

range

of

the

network

segment

connected

to

that

interface.

Youcanconfiguremanyparametersonrouterinterfaces.

EnablingtheInterface

Bydefault,interfacesaredisabled.Toenableaninterface,enterthenoshutdowncommandfrom

interfaceconfigurationmode.Ifaninterfaceneedstobedisabledformaintenanceor

troubleshooting,usetheshutdowncommand.

ConfiguringRouterEthernetInterfaces

RouterEthernetinterfacesareusedasthegatewaysfortheenddevicesontheLANsdirectly

connectedto

the

router.

Each

Ethernet

interface

must

have

an

IP

address

and

subnet

mask

to

route

IPpackets:(howto)

8/11/2019 hoofdstuk11

10/15

ConfiguretheEthernetIPaddressusingthefollowingcommands:

Router(config)#interfaceFastEthernet0/0

Router(configif)#ipaddressip_addressnetmask

Router(configif)#noshutdown

ConfiguringRouter

Serial

Interfaces

SerialinterfacesareusedtoconnectWANstoroutersattheremotesiteorISP.Configure:(howto)

EachconnectedserialinterfacemusthaveanIPaddressandsubnetmasktorouteIPpackets.

ConfiguretheIPaddresswiththefollowingcommands:

Router(config)#interfaceSerial0/0/0

Router(configif)#ipaddressip_addressnetmask

Serialinterfacesrequireaclocksignaltocontrolthetimingofthecommunications.ADCEdevice

suchasachannelserviceunit/dataserviceunit(CSU/DSU)willprovidetheclock.

Onseriallinksthataredirectlyinterconnected,onesidemustoperateasDCEtoprovideaclocking

signal.The

clock

is

enabled

and

the

speed

is

specified

with

the

clock

rate

command.

Thecommandsthatareusedtosetaclockrateandenableaserialinterfacearethese:

Router(config)#interfaceSerial0/0/0

Router(configif)#clockrate56000

Router(configif)#noshutdown

DescribingInterfaces

Aninterfacedescriptionindicatesthepurposeoftheinterface.Theinterfacedescriptionwillappear

intheoutputofthesecommands:showstartupconfig,showrunningconfigandshowinterfaces.

Adescriptioncanassistindeterminingthedevicesorlocationsconnectedtotheinterface.

Circuitand

contact

information

can

also

be

embedded

in

the

interface

description.

Tocreateadescriptionusethedescriptioncommand.Afterthedescriptionisappliedtothe

interface,usetheshowinterfacescommandtoverifythatthedescriptioniscorrect.

ConfiguringaSwitchInterface

ALANswitchisanintermediarydevicethatinterconnectssegmentswithinanetwork.Therefore,the

physicalinterfacesontheswitchdonothaveIPaddresses.Unlikearouter,aphysicalinterfaceona

switchconnectsdeviceswithinanetwork.Switchinterfacesareenabledbydefault.(Example115)

Tobeabletomanageaswitch,assignaddressestothedevice.WithanIPaddressassignedtothe

switch,itactslikeahostdevice.Aftertheaddressisassigned,youaccesstheswitchwithTelnet,SSH,

orweb

services.

TheaddressforaswitchisassignedtoavirtualinterfacerepresentedasavirtualLAN(VLAN)

interface.Likethephysicalinterfacesofarouter,youalsomustenabletheinterfacewiththeno

shutdowncommand.

Likeanyotherhost,theswitchneedsagatewayaddressdefinedtocommunicateoutsideofthelocal

network.Weassignthisgatewaywiththeipdefaultgatewaycommand.(Example116)

8/11/2019 hoofdstuk11

11/15

VerifyingConnectivity

TesttheStack

Toverifyconnectivity,thefirststepistotesttheTCP/IPstack.

Usingping

in

aTesting

Sequence

Usingthepingcommandisaneffectivewaytotestconnectivity.Thetestisoftenreferredtoas

testingtheprotocolstack,becausethepingcommandmovesfromLayer3oftheOSImodeltoLayer

2andthenLayer1.PingusesInternetControlMessageProtocol(ICMP)tocheckforconnectivity.

Thepingcommandwillnotalwayspinpointthenatureoftheproblem,butitcanhelptoidentifythe

sourceoftheproblem.Thepingcommandprovidesamethodforcheckingtheprotocolstackand

IPv4addressconfigurationonahost.

ApingfromtheIOSwillyieldoneofseveralindicationsforeachICMPechothatwassent.Themost

commonindicatorsare:

!(exclamationmark):indicatesreceiptofanICMPechoreply.

.(period):indicatesatimeoutwhilewaitingforareply

U:anICMPUnreachablemessagewasreceived.TheUindicatesthatarouteralongthepath

didnothavearoutetothedestinationaddress.

TestingtheLoopback

ThepingcommandisusedtoverifytheinternalIPconfigurationonthelocalhost.Thistestis

accomplishedbyusingthepingcommandonareservedaddresscalledtheloopbackaddress

(127.0.0.1).Thisverifiestheproperoperationoftheprotocolstackfromthenetworklayertothe

physicallayerandbackwithoutactuallyputtingasignalonthemedia.(Example117)

Testingthe

Interface

TheIOSprovidescommandstoverifytheoperationofrouterandswitchinterfaces.

VerifyingtheRouterInterfaces

Oneofthemostusedcommandsistheshowipinterfacebriefcommand.Thiscommandprovidesa

oreabbreviatedoutputthantheshowipinterfacecommand.Theshowipinterfacebriefcommand

providesasummaryofthekeyinformationforalltheinterfaces.(Figure119,Example118)

TestingRouterConnectivity

YoucanverifytheLayer3connectivitywiththepingandtraceroutecommands.(Example119&10)

VerifyingtheSwitchInterfaces

Theshowipinterfacebriefcommandisusedtoverifytheconditionoftheswitchinterfaces.TheIP

addressfortheswitchisappliedtoaVLANinterface.(Example1111)

IftheFastEthernet0/1interfaceisdown,thereisnodeviceconnectedtotheinterfaceorthenetwork

interfaceofthedevicethatisconnectedisnotoperational.

TheoutputsfortheFastEthernet0/2andFastEthernet0/3interfacesareoperational.Thisisindicated

byboththeStatusandProtocolbeingshownasup.

8/11/2019 hoofdstuk11

12/15

TestingSwitchConnectivity

TheswitchcantestitsLayer3connectivitywiththepingandtraceroutecommands.(Example1112

&13)

Keepinmindthefollowingimportantpoints:

AnIP

address

is

not

required

for

aswitch

to

perform

its

job

or

frame

forwarding

Theswitchrequiresadefaultgatewaytocommunicateoutsideitslocalnetwork

TheIPaddressanddefaultgatewayareneededfortheswitchtobeaccessedremotelyfor

administrativepurposesandfortroubleshooting.Thenextstepinthetestingsequenceistoverify

thattheNICaddressisboundtotheIPv4addressandthattheNICisreadytotransmitsignalsacross

themedia.(Example1114)

TestingtheLocalNetwork

ThenexttestinthesequenceistotesthostsonthelocalLAN.Successfullypinginghostsverifiesthat

boththe

local

host

and

the

remote

hosts

are

configured

correctly.

This

test

is

conducted

by

pinging

eachhostonebyoneontheLAN.

IfahostrespondswithaDestinationUnreachablemessage,notewhichaddresswasnotsuccessful

andcontinuetopinttheotherhostsontheLAN.

AnotherfailuremessageisRequestTimedOut.Thisindicatesthatnoresponsewasmadetotheping

attemptinthedefaulttimeperiod,indicatingthatnetworklatencycanbeanissue.

Toexaminenetworklatency,theIOSoffersanextendedmodeofthepingcommand.Thismodeis

enteredbytypingpinginprivilegedEXECmodeattheCLIpromptwithoutadestinationIPaddress.

(Figure1110,Example1115)

NotethatenteringytotheExtendedcommandspromptprovidesmoreoptionsthatareusefulin

troubleshooting.

TestingGatewayandRemoteConnectivity

Thenextstepinthetestingsequenceistousethepingcommandtoverifythatalocalhostcan

connectwithagatewayaddress.Ifthepingcommandreturnsasuccessfulresponse,connectivityto

thegatewayisverified.

Tobegin,chooseastationasthesourcedevice.Usethepingcommandtoreachthegateway

address.(Figure1111)

Ifthegatewaytestfails,backuponestepinthesequenceandtestanotherhostinthelocalLANto

verifythattheproblemisnotthesourcehost.

TestingRouteNextHop

Inarouter,usetheIOStotestthenexthopoftheindividualroutes.Todeterminethenexthop,

examinetheroutingtableformtheoutputoftheshowiproutecommand.Ifthenexthopisnot

accessible,thepacketwillbedropped.Totestthenexthop,determinetheappropriateroutetothe

destinationandtrytopingthedefaultgatewayorappropriatenexthopforthatrouteintherouting

table.Afailedpingindicatesthattheremightbeaconfigurationorhardwareproblem.

TestingRemoteHosts

Testingcanproceedtoremotedevices,whichisthenextstepinthetestingsequence.The

verificationtests

should

begin

within

the

local

network

can

progress

outward

to

the

remote

devices.

(Figure1112)

8/11/2019 hoofdstuk11

13/15

Beginbytestingtheoutsideinterfaceofarouterthatisdirectlyconnectedtoaremotenetwork.

Ifthepingcommandissuccessful,connectivitytotheoutsideinterfaceisverified.Nextpingthe

outsideIPaddressoftheremoterouter.Ifsuccessful,connectivitytotheremoterouterisverified.If

thereisafailure,trytoisolatetheproblem.Retestuntilthereisavalidconnectiontoadevice,and

doublecheckalladdresses.

Thepingcommandwillnotalwayshelpwithidentifyingtheunderlyingcausetoaproblem,butitcan

isolateproblemsandgivedirectiontothetroubleshootingprocess.

CheckingforRouterRemoteConnectivity

Arouterformsaconnectionbetweennetworksbyforwardingpacketsbetweenthem.Toforward

packetsbetweenanytwonetworks,theroutermustbeabletocommunicatewithboththesource

andthedestinationnetworks.Therouterwillneedroutestobothnetworksinitsroutingtable.

Totestthecommunicationtotheremotenetwork,youcanpingaknownhostonthisremote

network.

Tracingand

Interpreting

Trace

Results

Thenextstepinthetestingsequenceistoperformatrace.Atracereturnsalistofhopsasapacketis

routedthroughanetwork.WhenperformingthetracefromaWindowscomputer,usetracert.When

performingthetracefromarouterCLI,usetraceroute.

PingandTrace

Pingandtracecanbeusedtogethertodiagnoseaproblem.(Figure1113,Example1116)

Thetracecanshowthepathofthelastsuccessfulcommunication.

TracetoaRemoteHost

Like

ping

commands,

trace

commands

are

entered

at

the

command

line

and

take

an

IP

address

as

theargument.(Example1117)

Tracerequeststothenexthoptimedout,meaningthatthenexthopdidnotrespond.

TestingSequence:PuttingitallTogether

P455 458

8/11/2019 hoofdstuk11

14/15

MonitoringandDocumentingNetworks

BasicNetworkBaselines

Oneofthemosteffectivetoolsformonitoringandtroubleshootingnetworkperformanceisto

establishanetworkbaseline.Abaselineisaprocessforstudyingthenetworkatregularintervalsto

ensurethatitisworkingasdesigned.Itismorethanasinglereportdetailingthehealthofthe

networkatacertainpointintime.Creatinganeffectivenetworkperformancebaselineis

accomplishedoveraperiodoftime.Measuringperformanceatvaryingtimesandloadswillassistin

creatingabetterpictureofoverallnetworkperformance.

Onemethodishostcapture.

Aneffectiveuseofthestoredinformationistocomparetheresultsovertime.

Theimportanceofcreatingdocumentationcannotbeemphasizedenough.Verificationofhostto

hostconnectivity,latencyissues,andresolutionsofidentifiedproblemscanassistanetwork

administratorinkeepinganetworkrunningasefficientlyaspossible.

HostCapture

Onecommonmethodforcapturingbaselineinformationistocopytheoutputfromthecommand

linewindowandpastitintoatextfile.Tocapturetheresultofthepingcommand,beginby

executingacommandatthecommandlinesimilartothisone.SubstituteavalidIPaddressonyour

network:(howto)

Runthesametestoveraperiodofdaysandsavethedataeachtime.Anexaminationofthefileswill

begintorevealpatternsinnetworkperformanceandprovidethebaselineforfuture

troubleshooting.

Whenselectingtextfromthecommandwindow,rightclickandchooseSelectAlltocopyallthetext

inthe

window.

Use

the

Mark

command

to

select

aportion

of

the

text.

IOSCapture

CapturingpingcommandoutputcanalsobecompletedfromtheIOSprompt:(howto)

CapturingandInterpretingTraceInformation

Tracecanbeusedtotracethesteps,orhops,betweenhosts.Iftherequestreachestheintended

destination,theoutputshowseveryrouterthatthepackettraverses.Thisoutputcanbecaptured

andusedinthesamewaythatpingoutputisused.

Sometimesthesecuritysettingatthedestinationnetworkwillpreventthetracefromreachingthe

finaldestination.(Example1124)

Selectthetextfromthecommandwindowandpasteitintoatextfile.

Thedatafromatracecanbeaddedtothedatafromthepingcommandstoprovideacombined

pictureofnetworkperformance.

Thehoppathwaytothedestinationcanvaryovertimeastheroutersselectdifferentbestpathsfor

thetracepackets.

Capturingthetracerouteoutputcanalsobedonefromtherouterprompt:(howto).

LearningAbouttheNodesontheNetwork

ThearpcommandprovidesthemappingofphysicaladdressestoknownIPv4addresses.Acommon

method

for

executing

the

arp

command

is

to

execute

it

from

the

command

prompt.

This

method

involvessendingoutanARPrequest.Thedevicethatneedstheinformationsendsoutabroadcast

8/11/2019 hoofdstuk11

15/15

ARPrequesttothenetwork,andonlythelocaldevicethatmatchestheIPaddressoftherequest

sendsbackanARPreplycontainingitsIPMACpair.

Toexecuteanarpcommandatthecommandpromptofahost,enterthefollowing:

C:\>host1>arpa

(Example1125,Figure1115)

Theroutercachecanbeclearedbyusingthearpdcommand,intheeventthenetwork

administratorwantstorepopulatethecachewithupdatedinformation

PingSweep

AnothermethodforcollectingMACaddressesistoemployapingsweepacrossarangeofIP

addresses.Apingsweepisascanningmethodthatcanbeexecutedatthecommandlinebyusing

networkadministratortools.Thesetoolsprovideawaytospecifyarangeofhoststopingwithone

command.

Networkdatacanbegeneratedintwoways.First,manyofthepingsweeptoolsconstructatableof

respondinghosts.ThesetablesoftenlistthehostsbyIPaddressandMACaddress.

Aseachpingisattempted,anARPrequestismadetogettheIPaddressintheARPcache.Thearp

commandcanreturnthetableofMACaddresses,butnowthereisreasonableconfidencethatthe

ARPtableisuptodate.

SwitchConnections

Amappingofhowhostsareconnectedtoaswitchcanbeobtainedbyissuingtheshowmac

addresstablecommand.

Usingacommandlinefromaswitch,entertheshowcommandwiththemacaddresstable

argument:

Sw12950#showmacaddresstable

(Example11

26)

lists

the

MAC

address

of

the

host.

This

information

can

be

copied

and

pasted

into

a

file.

SeveralMACaddressesarerepresentingmultiplenodes.Thisisanindicationthataportisconnected

toanotherintermediarydevicesuchasahub,wirelessaccesspoint,oranotherswitch.