

 Introduction to Networks v7.0

    

 /  Basic Switch and End Device Conguration /  Basic Device Conguration

Introduction to Networks

1
Basic Device Conguration
Networking Today 

2.4.1
Basic Switch and End Device
2 Conguration 
Device Names 

2.0 Introduction 

2.1 Cisco IOS Access  You have learned a great deal about the Cisco IOS, navigating the IOS, and the command structure. Now, you are ready to
congure devices! The rst conguration command on any device should be to give it a unique device name or hostname. By
default, all devices are assigned a factory default name. For example, a Cisco IOS switch is "Switch."
2.1.1 Operating Systems

The problem is if all switches in a network were left with their default names, it would be dicult to identify a specic device. For
2.1.2 GUI instance, how would you know that you are connected to the right device when accessing it remotely using SSH? The hostname
provides conrmation that you are connected to the correct device.

2.1.3 Purpose of an OS
The default name should be changed to something more descriptive. By choosing names wisely, it is easier to remember,
document, and identify network devices. Here are some important naming guidelines for hosts:
2.1.4 Access Methods
Start with a letter
Contain no spaces
2.1.5 Terminal Emulation Programs
End with a letter or digit
Use only letters, digits, and dashes
Check Your Understanding - Cisco
2.1.6 Be less than 64 characters in length
IOS Access

An organization must choose a naming convention that makes it easy and intuitive to identify a specic device. The hostnames
2.2 IOS Navigation  used in the device IOS preserve capitalization and lowercase characters. For example, the gure shows that three switches,
spanning three dierent oors, are interconnected together in a network. The naming convention that was used incorporated the
2.2.1 Primary Command Modes location and the purpose of each device. Network documentation should explain how these names were chosen so additional
devices can be named accordingly.
Conguration Mode and
2.2.2
Subconguration Modes

2.2.3
Video - IOS CLI Primary Command Sw-Floor-3
Modes

2.2.4 Navigate Between IOS Modes

Video - Navigate Between IOS

2.2.5
Modes
Sw-Floor-2
A Note About Syntax Checker
2.2.6
Activities

Syntax Checker - Navigate

2.2.7
Between IOS Modes

Check Your Understanding - IOS Sw-Floor-1

2.2.8
Navigation

2.3 The Command Structure 

2.3.1 Basic IOS Command Structure

2.3.2 IOS Command Syntax Check When network devices are named, they are easy to identify for conguration purposes.

2.3.3 IOS Help Features

When the naming convention has been identied, the next step is to use the CLI to apply the names to the devices. As shown in
the example, from the privileged EXEC mode, access the global conguration mode by entering the congure terminal
Video - Context Sensitive Help
2.3.4 command. Notice the change in the command prompt.
and Command Syntax Check

2.3.5 Hot Keys and Shortcuts Switch# configure terminal

Switch(config)# hostname Sw-Floor-1
Sw-Floor-1(config)#
2.3.6 Video - Hot Keys and Shortcuts

From global conguration mode, enter the command hostname followed by the name of the switch and press Enter. Notice the
2.3.7 Packet Tracer - Navigate the IOS change in the command prompt name.

Lab - Navigate the IOS by Using Note: To return the switch to the default prompt, use the no hostname global cong command.
2.3.8
Tera Term for Console Connectivity
Always make sure the documentation is updated each time a device is added or modied. Identify devices in the documentation
2.4 Basic Device Conguration  by their location, purpose, and address.

2.4.1 Device Names

2.4.2 Password Guidelines 2.4.2

2.4.3 Congure Passwords Password Guidelines 

2.4.4 Encrypt Passwords

The use of weak or easily guessed passwords continues to be the biggest security concern of organizations. Network devices,
including home wireless routers, should always have passwords congured to limit administrative access.
2.4.5 Banner Messages

Cisco IOS can be congured to use hierarchical mode passwords to allow dierent access privileges to a network device.
Video - Secure Administrative
2.4.6
Access to a Switch
All networking devices should limit administrative access by securing privileged EXEC, user EXEC, and remote Telnet access
Syntax Checker - Basic Device with passwords. In addition, all passwords should be encrypted and legal notications provided.
2.4.7
Conguration
When choosing passwords, use strong passwords that are not easily guessed. There are some key points to consider when
Check Your Understanding - Basic choosing passwords:
2.4.8
Device Conguration
Use passwords that are more than eight characters in length.
Use a combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences.
2.5 Save Congurations 
Avoid using the same password for all devices.
Do not use common words because they are easily guessed.
2.6 Ports and Addresses 
Use an internet search to nd a password generator. Many will allow you to set the length, character set, and other parameters.
2.7 Congure IP Addressing 
Note: Most of the labs in this course use simple passwords such as cisco or class. These passwords are considered weak and
easily guessable and should be avoided in production environments. We only use these passwords for convenience in a
2.8 Verify Connectivity  classroom setting, or to illustrate conguration examples.

2.9 Module Practice and Quiz 

2.4.3
3 Protocols and Models 
Congure Passwords 

4 Physical Layer 

When you initially connect to a device, you are in user EXEC mode. This mode is secured using the console.
5 Number Systems 
To secure user EXEC mode access, enter line console conguration mode using the line console 0 global conguration
command, as shown in the example. The zero is used to represent the rst (and in most cases the only) console interface. Next,
specify the user EXEC mode password using the password password command. Finally, enable user EXEC access using the
6 Data Link Layer 
login command.

7 Sw-Floor-1# configure terminal

Ethernet Switching 
Sw-Floor-1(config)# line console 0
Sw-Floor-1(config-line)# password cisco
Sw-Floor-1(config-line)# login
8 Network Layer  Sw-Floor-1(config-line)# end
Sw-Floor-1#

9 Address Resolution 
Console access will now require a password before allowing access to the user EXEC mode.

To have administrator access to all IOS commands including conguring a device, you must gain privileged EXEC mode access.
10 Basic Router Conguration  It is the most important access method because it provides complete access to the device.

To secure privileged EXEC access, use the enable secret password global cong command, as shown in the example.
11 IPv4 Addressing 
Sw-Floor-1# configure terminal
Sw-Floor-1(config)# enable secret class
12 IPv6 Addressing  Sw-Floor-1(config)# exit
Sw-Floor-1#

13 ICMP  Virtual terminal (VTY) lines enable remote access using Telnet or SSH to the device. Many Cisco switches support up to 16 VTY
lines that are numbered 0 to 15.

14 Transport Layer  To secure VTY lines, enter line VTY mode using the line vty 0 15 global cong command. Next, specify the VTY password using
the password password command. Lastly, enable VTY access using the login command.

An example of securing the VTY lines on a switch is shown.

15 Application Layer 

Sw-Floor-1# configure terminal

Network Security Sw-Floor-1(config)# line vty 0 15
16 
Fundamentals Sw-Floor-1(config-line)# password cisco
Sw-Floor-1(config-line)# login
Sw-Floor-1(config-line)# end
17 Build a Small Network  Sw-Floor-1#

2.4.4

Encrypt Passwords 

The startup-cong and running-cong les display most passwords in plaintext. This is a security threat because anyone can
discover the passwords if they have access to these les.

To encrypt all plaintext passwords, use the service password-encryption global cong command as shown in the example.

Sw-Floor-1# configure terminal

Sw-Floor-1(config)# service password-encryption
Sw-Floor-1(config)#

The command applies weak encryption to all unencrypted passwords. This encryption applies only to passwords in the
conguration le, not to passwords as they are sent over the network. The purpose of this command is to keep unauthorized
individuals from viewing passwords in the conguration le.

Use the show running-cong command to verify that passwords are now encrypted.

Sw-Floor-1(config)# end
Sw-Floor-1# show running-config
!
(Output omitted)
!
line con 0
password 7 094F471A1A0A
login
!
line vty 0 4
password 7 094F471A1A0A
login
line vty 5 15
password 7 094F471A1A0A
login
!
!
end

2.4.5
 Banner Messages 

Although requiring passwords is one way to keep unauthorized personnel out of a network, it is vital to provide a method for
declaring that only authorized personnel should attempt to access the device. To do this, add a banner to the device output.
Introduction to Networks Banners can be an important part of the legal process in the event that someone is prosecuted for breaking into a device. Some
legal systems do not allow prosecution, or even the monitoring of users, unless a notication is visible.

To create a banner message of the day on a network device, use the banner motd # the message of the day # global cong
1 Networking Today  command. The “#” in the command syntax is called the delimiting character. It is entered before and after the message. The
delimiting character can be any character as long as it does not occur in the message. For this reason, symbols such as the "#"
are often used. After the command is executed, the banner will be displayed on all subsequent attempts to access the device
Basic Switch and End Device until the banner is removed.
2 Conguration 

The following example shows the steps to congure the banner on Sw-Floor-1.
2.0 Introduction 

Sw-Floor-1# configure terminal

2.1 Cisco IOS Access  Sw-Floor-1(config)# banner motd #Authorized Access Only#

2.1.1 Operating Systems

2.1.2 GUI 2.4.6

2.1.3 Purpose of an OS Video - Secure Administrative Access to a Switch 

2.1.4 Access Methods

Click Play in the gure to view a video demonstration of how to secure administrative access to a switch.
2.1.5 Terminal Emulation Programs

Check Your Understanding - Cisco

2.1.6
IOS Access

2.2 IOS Navigation 

2.2.1 Primary Command Modes

Conguration Mode and

2.2.2
Subconguration Modes

Video - IOS CLI Primary Command

2.2.3
Modes

2.2.4 Navigate Between IOS Modes

Video - Navigate Between IOS

2.2.5
Modes

A Note About Syntax Checker

2.2.6
Activities

Syntax Checker - Navigate

6:56
2.2.7
Between IOS Modes

Check Your Understanding - IOS

2.2.8
Navigation 2.4.7

2.3 The Command Structure  Syntax Checker - Basic Device Conguration 

2.3.1 Basic IOS Command Structure

Secure management access to a switch.

2.3.2 IOS Command Syntax Check
Assign a device name.
2.3.3 IOS Help Features Secure user EXEC mode access.
Secure privileged EXEC mode access.
Video - Context Sensitive Help Secure VTY access.
2.3.4 Encrypt all plaintext passwords.
and Command Syntax Check
Display a login banner.

2.3.5 Hot Keys and Shortcuts

Sw-Floor-1(config)# line vty 0 15

2.3.6 Video - Hot Keys and Shortcuts Sw-Floor-1(config-line)# password cisco
Sw-Floor-1(config-line)# login
2.3.7 Packet Tracer - Navigate the IOS Sw-Floor-1(config-line)# exit

Encrypt all plaintext passwords.

Lab - Navigate the IOS by Using
2.3.8
Tera Term for Console Connectivity

Sw-Floor-1(config)# service password-encryption

2.4 Basic Device Conguration 
Create a banner message using the “#” symbol as the delimiter. The banner should display exactly: Warning!
2.4.1 Device Names Authorized access only!

2.4.2 Password Guidelines

Sw-Floor-1(config)# banner motd #Warning! Authorized access only!#

2.4.3 Congure Passwords

Reset Show Me Show All

2.4.4 Encrypt Passwords

2.4.5 Banner Messages

2.4.8
Video - Secure Administrative
2.4.6
Access to a Switch
Check Your Understanding - Basic Device 

Syntax Checker - Basic Device

2.4.7
Conguration Conguration
Check Your Understanding - Basic
2.4.8
Device Conguration

2.5 Save Congurations   Check your understanding of basic device conguration by choosing the BEST answer to the following questions.

2.6 Ports and Addresses  1. What is the command to assign the name “Sw-Floor-2” to a switch?

hostname Sw-Floor-2
2.7 Congure IP Addressing 
host name Sw-Floor-2

2.8 Verify Connectivity  name Sw-Floor-2

2.9 Module Practice and Quiz  2. How is the privileged EXEC mode access secured on a switch?

enable class

3 Protocols and Models  secret class

enable secret class

4 service password-encryption
Physical Layer 

3. Which command enables password authentication for user EXEC mode access
5 on a switch?
Number Systems 

enable secret

6 Data Link Layer  login

secret

7 service password-encryption
Ethernet Switching 

4. Which command encrypts all plaintext passwords access on a switch?

8 Network Layer 
enable secret

login
9 Address Resolution  secret

service password-encryption
10 Basic Router Conguration 
5. Which is the command to congure a banner to be displayed when connecting
to a switch?
11 IPv4 Addressing 
banner $ Keep out $ Check
banner motd $ Keep out $
12 IPv6 Addressing  Show Me
display $ Keep out $

login banner $ Keep out $

Reset
13 ICMP 

14 Transport Layer 
 
2.3 2.5
The Command Structure Save Congurations

15 Application Layer 

Network Security
16 
Fundamentals

17 Build a Small Network 