Unit II

Configure a Network Operating System

2.1 Introduction

A network operating system enables device hardware to function and provides an interface for
users to interact. In the CCNA course of study, students learn to configure both devices that
connect to the network (end devices such as PCs) and devices that connect networks together
(intermediary devices like routers and switches.

The Cisco Internetwork Operating System (IOS) is a generic term for the collection of network
operating systems used by Cisco networking devices. Cisco IOS is used for most Cisco devices,
regardless of the type or size.

2.2 IOS Bootcamp

2.2.1 Cisco IOS

This topic will introduce the operating system used in most Cisco devices.

2.1.1.1 Operating Systems

All end devices and network devices require an operating system (OS). As shown in Figure

the portion of the OS that interacts directly with computer hardwareis known as the kernel. The
portion that interfaces with applications and the user is known as the shell. The user can interact
with the shell using a command-line interface (CLI) or a graphical user interface (GUI).

The definitions of shell, kernel, and hardware are as follows:

1
  Shell – The user interface that allows users to request specific tasks from the computer.
These requests can be made either through the CLI or GUI interfaces.
 Kernel – Communicates between the hardware and software of a computer and manages
how hardware resources are used to meet software requirements.
 Hardware – The physical part of a computer including underlying electronics.

When using a CLI as shown for Windows in Figure

the user interacts directly with the system in a text-based environment by entering commands on
the keyboard at a command prompt.

The system executes the command, often providing textual output. The CLI requires very little
overhead to operate. However, it does require that the user have knowledge of the underlying
structure that controls the system.

A GUI interface such as Windows, OS X, Apple iOS, or Android allows the user to interact with
the system using an environment of graphical icons, menus, and windows. The Windows GUI
example in Figure is more user-friendly and requires less knowledge of the underlying command
structure that controls the system. For this reason, many individuals rely on GUI environments.

2
However, GUIs may not always be able to provide all of the features available at the CLI. GUIs
can also fail, crash, or simply not operate as specified. For these reasons, network devices are
typically accessed through a CLI. The CLI is less resource intensive and very stable when
compared to a GUI.

2.1.1.2 Purpose of OS

Network operating systems are similar to a PC operating system. Through a GUI, a PC operating
system enables a user to

 Use a mouse to make selections and run programs

 Enter text and text-based commands
 View output on a monitor

A CLI-based network operating system like the Cisco IOS on a switch or router enables a
network technician to

 Use a keyboard to run CLI-based network programs

 Use a keyboard to enter text and text-based commands
 View output on a monitor

2.1.2 Cisco IOS Access

This topic investigates the methods of accessing the CLI environment of the Cisco IOS.

2.1.2.1 Access Methods

A Cisco IOS switch can be implemented with no configuration and still switch data between
connected devices. By connecting two PCs to a switch, those PCs will instantly have
connectivity with one another.

There are several ways to access the CLI environment and configure the device. The most
common methods are

1. Console – This is a physical management port that provides out-of-band access to a

Cisco device. Out-of-band access refers to access via a dedicated management channel
that is used for device maintenance purposes only. The advantage of using a console port
is that the device is accessible even if no networking services have been configured, such
as when performing an initial configuration of the networking device

2. Secure Shell (SSH) – SSH is a method for remotely establishing a secure CLI connection
through a virtual interface, over a network. Unlike a console connection, SSH
connections require active networking services on the device including an active interface
configured with an address. SSH is the recommended method for remote management

3
 because it provides a secure connection. SSH provides encrypted password authentication
and transport of session data. This keeps the user ID, password, and the details of the
management session private.

3. Telnet – Telnet is an insecure method of remotely establishing a CLI session through a

virtual interface, over a network. Unlike SSH, Telnet does not provide a securely
encrypted connection. User authentication, passwords, and commands are sent over the
network in plaintext. Best practice dictates to use SSH instead of Telnet for remote
management CLI connections. Cisco IOS includes a Telnet server and a Telnet client that
can be used to establish Telnet sessions with other devices.

2.1.2.2 Terminal Emulation Programs

There are a number of excellent terminal emulation programs available for connecting to a
networking device either by a serial connection over a console port or by a SSH/Telnet
connection. Some of these include

1. PuTTY

4
 2. Tera Term

3. SecureCRT

These programs allow you to enhance your productivity by adjusting window sizes, changing
font sizes, and changing color schemes.

5
2.1.3 Navigate the IOS
To configure, test, and troubleshoot Cisco network devices, technicians need to have a working
knowledge of the Cisco IOS. This section introduces the fundamentals of the method and modes
of the Cisco IOS.

2.1.3.1 Cisco IOS Modes of Operation

To initially configure a Cisco device, a console connection must be established. Once consoled
in, the network technician will have to navigate through various command modes of the IOS
CLI. The Cisco IOS modes use a hierarchical structure and are quite similar for both switches
and routers.

2.1.3.2 Primary Command Modes

As a security feature, the Cisco IOS software separates management access into the following
two command modes:

 User EXEC Mode – This mode has limited capabilities but is useful for basic operations.
It allows only a limited number of basic monitoring commands but does not allow the
execution of any commands that might change the configuration of the device. The user
EXEC mode is identified by the CLI prompt that ends with the > symbol.
 Privileged EXEC Mode – To execute configuration commands, a network administrator
must access privileged EXEC mode. Higher configuration modes, like global
configuration mode, can only be reached from privileged EXEC mode. The privileged
EXEC mode can be identified by the prompt ending with the # symbol.

2.1.3.3 Configuration Command Modes

To configure the device, the user must enter Global Configuration Mode, which is commonly
called global config mode.

From global config mode, CLI configuration changes are made that affect the operation of the
device as a whole. Global configuration mode is identified by a prompt that ends with (config)#
after the device name, such as Switch(config)#.

Global configuration mode is accessed before other specific configuration modes. From global
config mode, the user can enter different sub-configuration modes. Each of these modes allows
the configuration of a particular part or function of the IOS device. Two common sub-
configuration modes include

 Line Configuration Mode – Used to configure console, SSH, Telnet, or AUX access.
 Interface Configuration Mode – Used to configure a switch port or router network
interface.

6
2.1.3.4 Navigate Between IOS Modes

Various commands are used to move in and out of command prompts. To move from user EXEC
mode to privileged EXEC mode, use the enable command. Use the disable privileged EXEC
mode command to return to user EXEC mode.

Switch> enable

Switch# disable

Switch>

To move in and out of global configuration mode, use the configure terminal privileged EXEC
mode command. To return to the privileged EXEC mode, enter the exit global config mode
command.

To enter line sub-configuration mode, you use the line command followed by the management
line type and number you wish to access. To exit a sub-configuration mode and return to global
configuration mode, use the exit command. Notice the changes in the command prompt.

Switch(config)# line console 0

Switch(config-line)#

To move from any sub-configuration mode of the global configuration mode to the mode one
step above it in the hierarchy of modes, enter the exit command.

Switch(config-line)# exit

Switch(config)#

To move from any sub-configuration mode to the privileged EXEC mode, enter the end
command or enter the key combination Ctrl+Z.

Switch(config-line)# end

Switch#

2.1.4 The Command Structure

The Cisco IOS, like programming languages, uses commands that have a specific structure. To
configure an IOS device, a network technician needs to understand this structure. This topic will
introduce the IOS command structure

7
2.1.4.1 Basic IOS Command Structure

A Cisco IOS device supports many commands. Each IOS command has a specific format or
syntax and can only be executed in the appropriate mode. The general syntax for a command is
the command followed by any appropriate keywords and arguments, as shown in figure

 Keyword – a specific parameter defined in the operating system.

 Argument – not predefined; a value or variable defined by the user.

After entering each complete command, including any keywords and arguments, press the Enter
key to submit the command to the command interpreter.

A command might require one or more arguments. To determine the keywords and arguments
required for a command, refer to the command syntax. The syntax provides the pattern or format
that must be used when entering a command.

Convention Description
boldface Boldface text indicates commands and
keywords that you enter literally
italics Italic text indicates arguments for which you
supply values.
[x] Square brackets indicate an optional element
(keyword or argument).
{x} Braces indicate a required element (keyword or
argument).
[x {y | z}] Braces and vertical lines within square brackets
indicate a required choice within an optional
element

The following examples demonstrate conventions used to document and use IOS commands.

 ping ip-address – The command is ping and the user-defined argument is the ip-address
of the destination device. For example, ping 10.10.10.5.
 traceroute ip-address – The command is traceroute and the user-defined argument is the
ip-address of the destination device. For example, traceroute 192.168.254.254.
8
2.1.4.3 IOS Help Features

The IOS has two forms of help available:

1. Context-Sensitive Help

Context-sensitive help enables you to quickly find which commands are available in each
command mode, which commands start with specific characters or group of characters, and
which arguments and keywords are available to particular commands. To access context-
sensitive help, simply enter a question mark, ?, at the CLI.

2. Command Syntax Check

Command syntax check verifies that a valid command was entered by the user. When a
command is entered, the command line interpreter evaluates the command from left to right.
If the interpreter understands the command, the requested action is executed, and the CLI
returns to the appropriate prompt. However, if the interpreter cannot understand the
command being entered, it will provide feedback describing what is wrong with the
command.

2.1.4.4 Hotkeys and Shortcuts

 Tab - Completes a partial command name entry.

 Backspace - Erases the character to the left of the cursor.
 Ctrl-D - Erases the character at the cursor.
 Ctrl-K - Erases all characters from the cursor to the end of the command line.
 Esc D - Erases all characters from the cursor to the end of the word.
 Ctrl-U or Ctrl-K - Erases all characters from the cursor back to the beginning of the
command line.
 Ctrl-W - Erases the word to the left of the cursor.
 Ctrl-A - Moves the cursor to the beginning of the line.
 Left Arrow or Ctrl-B - Moves the cursor one character to the left.
 Esc B - Moves the cursor back one word to the left.
 Esc F - Moves the cursor forward one word to the right.
 Right Arrow or Ctrl-F - Moves the cursor one character to the right.
 Ctrl-E - Moves the cursor to the end of the command line.
 Up Arrow or Ctrl-P - Recalls the command in the history buffer, beginning with the
most recent commands.
 Ctrl-R or Ctrl-I or Ctrl-L - Redisplays the system prompt and command line after a
console message is received.
 Enter Key - Displays the next line.
 Space Bar - Displays the next screen.

9
  Any Key - Ends the display string, returning to privileged EXEC mode
 Ctrl-C - When in any configuration mode, end the configuration mode and returns to
privileged EXEC mode. When in setup mode, aborts back to the command prompt.
 Ctrl-Z - When in any configuration mode, end the configuration mode and returns to
privileged EXEC mode.
 Ctrl-Shift-6 - All-purpose break sequence. For example, can be used to abort DNS
lookups, traceroutes, and pings.

2.2 Basic Device Configuration

Before devices can be used in a network, they will require configuration. This section introduces
the basic configuration of Cisco IOS devices.

2.2.1 Hostnames

An important part of the basic device configuration is assigning the device a name. This topic
will discuss the naming of Cisco IOS network devices.

2.2.1.1 Device Names

When configuring a networking device, one of the first steps is configuring a unique device
name or hostname. Hostnames that appear in CLI prompts can be used in various authentication
processes between devices and should be used on topology diagrams.

If the device name is not explicitly configured, a factory-assigned default name is used by the
Cisco IOS. The default name for a Cisco IOS switch is “Switch.” If all network devices were left
with their default names, it would be difficult to identify a specific device. For instance, when
accessing a remote device using SSH, it is important to have confirmation that you are connected
to the proper device.

By choosing names wisely, it is easier to remember, document, and identify network devices.
Guidelines for hostname include the following:

 Start with a letter

 End with a letter or digit
 Use only letters, digits, and dashes
 Contain no space
 Be fewer than 64 characters in length

10
The hostnames used in the device IOS preserve capitalization and lowercase characters.
Therefore, it allows you to capitalize a name as you ordinarily would. This contrasts with most
Internet naming schemes, where uppercase and lowercase characters are treated identically.

2.2.1.2 Configure Hostnames

Once the naming convention has been identified, the next step is to apply the names to the
devices using the CLI.

From global configuration mode, enter the command hostname followed by the name of the
switch and press Enter. Notice the change in the command prompt name.

Switch# configure terminal

Switch(config)# hostname Sw-Floor-1

Sw-Floor-1(config)#

2.2.2 Limit Access to Device Configurations

To help ensure the security of a network, access to the network devices should be protected. This
topic will examine the basics of limiting device access.

2.2.2.1 Secure Device Access

The use of weak or easily guessed passwords continues to be a security issue in many facets of
the business world. Network devices, including home wireless routers, should always have
passwords configured to limit administrative access.

Cisco IOS can be configured to use hierarchical mode passwords to allow different access
privileges to a network device.

All networking devices should limit access as follows:

 Securing Administrative Access

 Secure privileged EXEC access with a password
 Secure user EXEC access with a password
 Secure remote Telnet access with a password

Other tasks

 Encrypt all passwords

11
  Provide legal notification

Use strong passwords that are not easily guessed. When choosing a password, consider the
following key points:

 Use passwords that are more than 8 characters in length.

 Use a combination of upper and lowercase letters, numbers, special characters, and/or
numeric sequences.
 Avoid using the same password for all devices.
 Don’t use common words because these are easily guessed.

2.2.2.2 Configure Passwords

The most important password to configure secures access to the privileged EXEC mode, To
secure privileged EXEC access, use the enable secret password global config command.

Enter line console configuration mode using the line console 0 global configuration command.
The zero is used to represent the first (and in most cases the only) console interface. Next,
specify the user EXEC mode password using the password password command. Finally, enable
user EXEC access using the login command. Console access will now require a password before
gaining access to the user EXEC mode.

2.2.2.3 Encrypt Passwords

The startup-config and running-config files display most passwords in plaintext. This is a
security threat since anyone can see the passwords used if they have access to these files.

To encrypt passwords, use the service password-encryption global config command. The
command applies weak encryption to all unencrypted passwords. This encryption applies only to
passwords in the configuration file, not to passwords as they are sent over the network. The
purpose of this command is to keep unauthorized individuals from viewing passwords in the
configuration file.

2.2.2.4 Banner Messages

Although requiring passwords is one way to keep unauthorized personnel out of a network, it is
vital to provide a method for declaring that only authorized personnel should attempt to gain
entry into the device. To do this, add a banner to the device output.

Banners can be an important part of the legal process in the event that someone is prosecuted for
breaking into a device. Some legal systems do not allow prosecution, or even the monitoring of
users, unless a notification is visible.

12
To create a banner message of the day on a network device, use the banner motd # the message
of the day # global config command. The “#” in the command syntax is called the delimiting
character. It is entered before and after the message.

The delimiting character can be any character as long as it does not occur in the message. For
this reason, symbols such as the “#” are often used. After the command is executed, the banner
will be displayed on all subsequent attempts to access the device until the banner is removed.

2.2.3 Save Configurations

Configuration changes to Cisco IOS–based devices occur to the running configuration. This
working configuration should be backed up to support network recovery. This topic will examine
some the methods used to back up and restore the running configuration on Cisco IOS devices.

2.2.3.1 Save the Running Configuration File

There are two system files that store the device configuration:

startup-config – The file stored in Non-volatile Random Access Memory (NVRAM) that
contains all of the commands that will be used by the device upon startup or reboot. NVRAM
does not lose its contents when the device is powered off.

running-config – The file stored in Random Access Memory (RAM) that reflects the current
configuration. Modifying a running configuration affects the operation of a Cisco device
immediately. RAM is volatile memory. It loses all of its content when the device is powered off
or restarted.

2.2.3.2 Alter the Running Configuration

If changes made to the running configuration do not have the desired effect and the running-
config file has not yet been saved, you can

 Restore the device to its previous configuration by removing the changed commands
individually.
 Copy the startup configuration file to the running configuration with the copy startup-
config running-config privileged EXEC mode command.
 Reload the device using the reload privileged EXEC mode command.

2.2.3.3 Capture Configuration to a Text File

Configuration files can also be saved and archived to a text document. This sequence of steps
ensures that a working copy of the configuration file is available for editing or reuse later.

1. Open a terminal emulation software such as PuTTY or Tera Term connected to a switch.
13
2. Enable logging in the terminal software, such as PuTTY or Tera Term, and assign a name and
file location to save the log file.

3. Execute the show running-config or show startup-config command at the privileged EXEC
prompt. Text displayed in the terminal window will be placed into the chosen file.

4. Disable logging in the terminal software

2.3 Address Schemes

2.3.1 Ports and Addresses

For devices to communicate on a network, each device must have addressing information
applied. This topic introduces how IPv4 addresses are configured on the devices.

2.3.1.1 IP Addresses

The use of IP addresses is the primary means of enabling devices to locate one another and
establish end-to-end communication on the Internet. Each end device on a network must be
configured with an IP address. Examples of end devices that require IP addresses include the
following:

 Computers (work stations, laptops, file servers, web servers)

 Network printers
 VoIP phones
 Security cameras
 Smart phones
 Mobile handheld devices (such as wireless barcode scanners)

The structure of an IPv4 address is called dotted decimal notation and is represented by four
decimal numbers between 0 and 255. IPv4 addresses are assigned to individual devices
connected to a network. With the IPv4 address, a subnet mask is also necessary. An IPv4 subnet
mask is a 32-bit value that separates the network portion of the address from the host portion.
Coupled with the IPv4 address, the subnet mask determines the particular subnet of which the
device is a member.

14
2.3.1.2 Interfaces and Ports

Network communications depend on end user device interfaces, networking device interfaces,
and the cables that connect them. Each physical interface has specifications, or standards, that
define it. A cable connecting to the interface must be designed to match the physical standards of
the interface.

Network media have the same characteristics and are appropriate for the same purpose. Some of
the differences among various types of media include

 Distance the media can successfully carry a signal

 Environment in which the media is to be installed
 Amount of data and the speed at which it must be transmitted
 Cost of the media and installation

15
2.3.2 Configure IP Addressing

In addition to the IP address, additional addressing information must be configured for devices to
communicate on a network. This section introduces how this addressing information is
configured on devices.

2.3.2.1 Manual IP Address Configuration for End Devices

In order for an end device to communicate over the network, it must be configured with a unique
IPv4 address and subnet mask. IPv4 address information can be entered into end devices
manually, or automatically using Dynamic Host Configuration Protocol (DHCP).

To manually configure an IPv4 address on a Windows host, open the Control Panel > Network
Sharing Center > Change adapter settings and choose the adapter. Next right-click and select
Properties to display the Local Area Connection Properties.

Highlight Internet Protocol Version 4 (TCP/IPv4) and click Properties to open the Internet
Protocol Version 4 (TCP/IPv4) Properties window Configure the IPv4 address and subnet mask
information, and default gateway.

16
2.3.2.2 Automatic IP Address Configuration for End Devices

PCs typically default to using DHCP for automatic IPv4 address configuration. DHCP is a
technology that is used in almost every network. The best way to understand why DHCP is so
popular is by considering all the extra work that would have to take place without it.

In a network, DHCP enables automatic IPv4 address configuration for every end device that has
DHCP enabled. Imagine the amount of time it would consume if every time you connected to the
network, you had to manually enter the IPv4 address, the subnet mask, the default gateway, and
the DNS server. Multiply that by every user and every device in an organization and you see the
problem. Manual configuration also increases the chance of misconfiguration by duplicating
another device’s IPv4 address.

On a Windows PC, you only need to select “Obtain an IP address automatically” and “Obtain
DNS server address automatically.” Your PC will search out a DHCP server and be assigned the
address settings necessary to communicate on the network.

17
It is possible to display the IP configuration settings on a Windows PC by using the ipconfig
command at the command prompt. The output will show the IPv4 address, subnet mask, and
gateway information received from the DHCP server.

18