Network Device & Configuration

Chapter One
 1.1. Configuration Wizard

• While the configuration wizard is an easy way

to display complex configuration options, it
does rely on the user having a basic
understanding of the software component.
 Cont’d…
Network Devices

• Computer networking devices are units that mediate

data in a computer network and are also called
network equipment. Units that are the last receiver or
generate data are called hosts or data terminal
equipment.

• Network Models It was developed by the

International Organization for Standardization (ISO).
 Cont’d…

OSI Model
• The OSI Model (Open Systems Interconnection
Model) is a conceptual framework used to
describe the functions of a networking system.
The OSI model characterizes computing functions
into a universal set of rules and requirements in
order to support interoperability between different
products and software. It comprises of seven
layers.
 Cont’d…
Advantages:-
• Network communication is broken into smaller,
more manageable parts.
• Allows different types of network hardware and
software to communicate with each other.
• All layers are independent and changes does not
affect other layers.
• Easier to understand network communication.
 Cont’d…

Why layered communication?

• To reduce complexity of communication task
by splitting it into several layered small tasks
• assists in protocol design
• changes in one layer do not affect other layers
• provides a common language
 Cont’d…

Figure 1. 1 OSI model

 Cont’d…

LAYER 1: PHYSICAL LAYER

The lowest layer of the OSI Model is concerned with

electrically or optically transmitting raw unstructured data
bits across the network from the physical layer of the
sending device to the physical layer of the receiving device.
It can include specifications such as voltages, pin layout,
cabling, and radio frequencies. At the physical layer, one
might find “physical” resources such as network hubs,
cabling, repeaters, network adapters or modems.
 Cont’d…

• Define physical characteristics of network. E.g. wires,

connector, voltages, data rates, Asynchronous,
Synchronous Transmission.
• Handles bit stream or binary transmission.

• Used to maintain, activate and deactivate physical link.

• For receiver it reassembles bits and send to upper layer

for frames.
• For Sender it convert frames into bit stream and send
on transmission medium.
 Cont’d…

LAYER 2: DATA LINK

• At the data link layer, directly connected nodes are used

to perform node-to-node data transfer where data is
packaged into frames. The data link layer also corrects
errors that may have occurred at the physical layer. The
data link layer encompasses two sub-layers of its own.
The first, media access control (MAC), provides flow
control and multiplexing for device transmissions over a
network.
 Cont’d…

• The second, the logical link control (LLC), provides flow and

error control over the physical medium as well as identifies line

protocols.

• Packages raw bits from the physical layer into FRAMES.

• The data link layer provides reliable transit of data across a

physical link by using the Media Access Control (MAC)

addresses. Source & Destination (address of device that connects

one Network to next) address.

• Flow Control: Prevent overwhelming of Receiving Node.

 Cont’d…

• Error Control: Through Trailer

• Access Control: Which device to have control
• Data Link LAN specifications: Fast Ethernet,
Token Ring, FDDI.
• Data Link WAN specifications are: Frame
Relay, PPP, X.25.
• Bridges and Switches operate at this layer
 Cont’d…
Sub layers of Layer 2

• Logical link layer (LLC)

– Used for communication with upper layers

– Error correction

– Flow control

• Media Access Control (MAC)

– Access to physical medium

– Header and trailer

– Trailer: The trailer typically includes a frame check sequence (FCS),

which is used to perform error detection.
 Cont’d…
LAYER 3: NETWORK

The network layer is responsible for receiving frames

from the data link layer, and delivering them to their
intended destinations among based on the addresses
contained inside the frame. The network layer finds the
destination by using logical addresses, such as IP (internet
protocol). At this layer, routers are a crucial component
used to quite literally route information where it needs to
go between networks.
 Cont’d…
• Defines source to destination delivery of packets across
NWs.
• Defines logical addressing and best path determination.
• Treat each packet independently
• Defines how routing works and how routes are learned
• Converts frames to packets
• Routed protocols ( encapsulate data into packets) and
Routing protocols (create routing tables) work on this
layer
• Examples of Routed protocols are: IP, IPX, AppleTalk
and Routing protocols are OSPF, IGRP/EIGRP, RIP, BGP
• Routers operate at Layer 3.
 Cont’d…
LAYER 4: TRANSPORT
• The transport layer manages the delivery and error
checking of data packets. It regulates the size,
sequencing, and ultimately the transfer of data
between systems and hosts. One of the most common
examples of the transport layer is TCP. It regulates
information flow to ensure process-to- process
connectivity between host applications reliably and
accurately.
• Adds service point address or Port address
 Cont’d…
• Segmentation & Re-assembly: SEGMENTS data from sending node

and reassembles data on receiving node

• Flow control / Error control at Source to destination level

• Connection oriented transport service ensures that data is delivered

error free, in sequence with no losses or duplications

• Establishes, maintains and terminates virtual circuits

• Connection oriented / Connectionless:

• TCP (Reliable, provides guaranteed delivery),

UDP (Unreliable, less overhead, reliability can be provided by the
Application layer)
 Cont’d…
• LAYER 5: SESSION

• The session layer controls the conversations between different

computers. A session or connection between machines is set up
and managed at layer 5. Session layer services also include
authentication and reconnections.

• The session layer defines how to start, control and end

conversations (called sessions) between applications

• Establishes dialog control between the two computers in a

session, regulating which side transmits, plus when and how long
it transmits (Full duplex)
 Cont’d…

LAYER 6: PRESENTATION

• The presentation layer formats or translates data for the application layer

based on the syntax or semantics that the application accepts. Because of

this, it at times also called the syntax layer. This layer can also handle the

encryption and decryption required by the application layer.

• Presentation layer is concerned with the syntax and semantics of the

information exchanged between two systems.

• This layer is primarily responsible for the translation, encryption and

compression of data.

• Defines coding and conversion functions

 Cont’d…
LAYER 7: APPLICATION
• At this layer, both the end user and the
application layer interact directly with the
software application. This layer sees network
services provided to end-user applications such as
a web browser or Office 365. The application
layer identifies communication partners, resource
availability, and synchronizes communication.
 Cont’d…
• The application layer is responsible for providing
services to the user
• Closest to the user and provides user interface
• Establishes the availability of intended
communication partners
• Examples of Application layer protocols are:
Telnet, SMTP, FTP, SNMP.
Layer 1 Vs Layer 2

Layer 1 cannot communicate with upper layers Layer 2 does this using LLC

Layer 1 cannot identify computer Layer 2 uses addressing process

Layer 1 can only describe stream of bits Layer 2 uses framing to organize bits
 Cont’d…
Data Encapsulation

• Data Encapsulation is the process of adding a header to wrap/envelop

the data that flows down the OSI model. The 5 Steps of Data

Encapsulation are:

• The Application, Presentation and Session layers create DATA from

users’ input.

• The Transport layer converts the DATA to SEGMENTS

• The NW layer converts the Segments to Packets (datagram)

• The Data Link layer converts the PACKETS to FRAMES

• The Physical layer converts the FRAMES to BITS.

 Cont’d…
Some of application layer protocols and their functions
Simple Mail Transfer Protocol (SMTP)
• Governs the transmission of mail messages and
attachments
• SMTP is used in the case of outgoing messages
• More powerful protocols such as POP3 and IMAP4
are needed and available to manage incoming
messages
• POP3(Post Office Protocol version 3) is the older
protocol
• IMAP4(Internet Mail Access Protocol version 4) is
the more advanced protocol
 Cont’d…
Telnet:

• It allows a user on a remote client machine, called the Telnet

client, to access the resources of another machine, the Telnet

server, in order to access a command-line interface.

File Transfer Protocol (FTP)

• File Transfer Protocol (FTP) actually lets us transfer files, and

it can accomplish this between any two machines using it.

• FTP’s functions are limited to listing and manipulating

directories, typing file contents, and copying files between

hosts.
 Cont’d…

Simple Network Management Protocol (SNMP)

• Simple Network Management Protocol (SNMP)
collects and manipulates valuable network
information.

Hypertext Transfer Protocol (HTTP)

• It’s used to manage communications between web
browsers and web servers and opens the right
resource when you click a link, wherever that
resource may actually reside.
 Cont’d…
Hypertext Transfer Protocol Secure (HTTPS)

• Hypertext Transfer Protocol Secure (HTTPS) is also known as Secure

Hypertext Transfer Protocol. It uses Secure Sockets Layer (SSL).

Domain Name Service (DNS)

• Domain Name Service (DNS)resolves hostnames—specifically, Internet names,

such as www.wsu.edu.et

Dynamic Host Configuration Protocol (DHCP)

• Dynamic Host Configuration Protocol (DHCP)assigns IP addresses to hosts

dynamically.

• It allows for easier administration and works well in small to very large

network environments.
 Cont’d…
TCP (Transmission Control Protocol)

• TCP: takes large blocks of information from an application

and breaks them into segments.

• It is Connection oriented means that a virtual connection is

established before any user data is transferred. (handshake)

User Datagram Protocol (UDP)

• UDP does not sequence the segments and does not care about

the order in which the segments arrive at the destination.

• UDP just sends the segments off and forgets about them.
 Cont’d…

Table 1. 1 Well-Known TCP Port Numbers

29
30
31
32
33
34
35
36
 Types of bridge

Transparent Bridges:

Transparent Bridges is invisible to the other devices on

the network. Transparent Bridge only perform the
function of blocking or forwarding data based on MAC
address. MAC address may also be referred as hardware
address or physical address. These addresses are used to
built tables and make decision regarding whether a
frame should be forward and where it should be
forwarded.
 Cont’d…
Source Routing Bridge:
The SR Bridge derives the entire route of the
frame embedded within the frame. This allows the
Bridge to make specific decision about how the
frame should be forwarded through the network.
This sending terminal means the bridges that the
frames should stay. This type of bridge is used to
prevent looping problem.
 Cont’d…
Translational Bridge:
Translational Bridges are useful to connect
segments running at different speeds or using
different protocols such as token Ring and
Ethernet networks. Depending on the direction of
travel, a Translational Bridge can add or remove
information and fields from frame as needed.
 What is repeater

Repeaters work with the actual physical signal, and do not attempt
to interpret the data being transmitted, they operate on the physical
layer, the first layer of the OSI model. Repeaters are majorly
employed in long distance transmission to reduce the effect of
attenuation. It is important to note that repeaters do not amplify the
original signal but simply regenerate it.

Modem

Modem (from modulator-demodulator) is a device that turns the

digital 1s and 0s of a personal computer into sounds that can be
transmitted over the telephone lines
 Modem
NIC (Network Interface Card)

• A network interface card is a computer hardware component

designed to allow computers to communicate over a computer

network. It is both an OSI layer 1 (physical layer) and layer 2 (data link

layer) device, as it provides physical access to a networking medium

and provides a low-level addressing system through the use of MAC

addresses. It allows users to connect to each other either by using

cables or wirelessly. Most motherboards today come equipped with a

network interface card in the form of a controller, with the hardware

built into the board itself, eliminating the need for a standalone card.
42
43
44
45
 Cont’d…

 A switch operates in the layer 2, i.e. data link layer of the OSI

model.

 It is an intelligent network device that can be conceived as a

multiport network bridge.

 It uses MAC addresses (addresses of medium access control

sublayer) to send data packets to selected destination ports.

 It uses packet switching technique to receive and forward data

packets from the source to the destination device.

 It is supports unicast (one-to-one), multicast (one-to-many) and

broadcast (one-to-all) communications.

 Cont’d…

 Transmission mode is full duplex, i.e. communication

in the channel occurs in both the directions at the same
time. Due to this, collisions do not occur.
 Switches are active devices, equipped with network
software and network management capabilities.
 Switches can perform some error checking before
forwarding data to the destined port.
 The number of ports is higher – 24/48.
 Types of Switches

Unmanaged Switch −

Unmanaged switches are generally made as plug-and-play

devices and require little to no special installation beyond an
Ethernet cable. The setup of this type of switch relies on auto-
negotiation between Ethernet devices to enable communication
between them. The switch will automatically determine the best
data rate to use, switching between full-duplex mode (where data
is received or transmitted in two directions at the same time) or
half-duplex mode (where data is received or transmitted two
ways but only one direction at a time).
 Cont’d…

Managed Switch − These are costly switches that are used

in organizations with large and complex networks, since

they can be customized to augment the functionalities of a

standard switch. The augmented features may be QoS

(Quality of Service) like higher security levels, better

precision control and complete network management.

Despite their cost, they are preferred in growing

organizations due to their scalability and flexibility.

 Cont’d…

• Simple Network Management Protocol (SNMP) is used

for configuring managed switches.
• his type of switch gives you total control over the traffic
accessing your network while allowing you to custom-
configure each Ethernet port so you get maximum
efficiency over data transfers on the network. Managed
switches are also typically the best network switches to
support the Gigabit standard of Ethernet rather than
traditional Fast Ethernet.
 Cont’d…
• LAN Switch − Local Area Network (LAN)
switches connects devices in the internal LAN of
an organization. They are also referred as Ethernet
switches or data switches. These switches are
particularly helpful in reducing network
congestion or bottlenecks. They allocate
bandwidth in a manner so that there is no
overlapping of data packets in a network.
 Cont’d…

Power over Ethernet (PoE) switches are used in PoE Gogabit

Ethernets. PoE technology combine data and power transmission
over the same cable so that devices connected to it can receive
both electricity as well as data over the same line. PoE switches
offer greater flexibility and simplifies the cabling connections. A
PoE switch distributes power over the network to different
devices. This means any device on the network, from PCs to IP
cameras and smart lighting systems, can function without the
need to be near an AC access point or router, because the PoE
switch sends both data and power to the connected devices.
 Media Converter
• A media converter, in the context of network hardware, is a
cost-effective and flexible device intended to implement
and optimize fiber links in every kind of network. Among
media converters, the most often used type is a device that
works as a transceiver, which converts the electrical signal
utilized in copper unshielded twisted pair (UTP) network
cabling to light waves used for fiber optic cabling. It is
essential to have the fiber optic connectivity if the distance
between two network devices is greater than the copper
cabling is transmission distance.
 Cont’d…

The copper-to-fiber conversion carried out by a media

converter allows two network devices having copper ports to

be connected across long distances by means of fiber optic

cabling. Media converters are available as Physical Layer or

Layer 2 switching devices, and can provide rate-switching

and other advanced switching features like VLAN tagging.

Media converters are typically protocol specific and are

available to support a wide variety of network types and data

rates.
 The Benefits of Media Converters

Network complexity, demanding applications, and the

growing number of devices on the network are driving
network speeds and bandwidth requirements higher
and forcing longer distance requirements within the
Local Area Network (LAN). Media converters present
solutions to these problems, by allowing the use of
fiber when it is needed, and integrating new equipment
into existing cabling infrastructure.
 Cont’d…

• Media converters provide seamless

integration of copper and fiber, and different
fiber types in Enterprise LAN networks. They
support a wide variety of protocols, data rates
and media types to create a more reliable and
cost-effective network.

Figure 1. 2 Multi-mode media

converter
 Configuring Basic Settings

Setting the Hostname

Cisco switch by default have a host name “switch”. To change this name
follow the instructions below:
 Cont’d…
• Click on the Switch. A popup window will be
opened.
• Go to CLI tab in the popup window.
• Click in command box.
• Press “Enter”.
• To enable the switch give give following
command: 1 | enable
• To enable configuration mode give following
command:
1 | configure terminal
 Cont’d…

• To change the host name give following

command: 1 | hostname
• To save the configuration give following
command: 1 | do write memory
• To exit the configuration mode give following
command: 1 | exit
• To exit enable mode give following command:
1 | exit
Set or change password of cisco switch in cisco
packet tracer
 Cont’d…

Cisco switch by default have no password. To set

a password or change previous password follow
the instructions below: Click on the Switch. A
popup window will be opened. Go to CLI tab in
the popup window. Click in command box. Press
“Enter”. To enable the switch give following
command: enable To enable.
 Cont’d…
Configuring Command-Line Access

• To configure parameters to control access to the router, perform the following

steps.

• SUMMARY STEPS

• configure terminal

• line [ aux | console | tty | vty ] line-number

• password password

• login

• exec-timeout minutes [ seconds ]

• line [ aux | console | tty | vty ] line-number

• password password

• login

• end
 1.2. View VLANs by Device and Port

• VLANs are assigned to individual switch ports.

• Ports can be statically assigned to a single VLAN or

dynamically assigned to a single VLAN.
• All ports are assigned to VLAN 1 by default

• Ports are active only if they are assigned to VLANs that exist
on the switch.
• Static port assignments are performed by the administrator
and do not change unless modified by the administrator,
whether the VLAN exists on the switch or not.
 Cont’d…

• Dynamic VLANs are assigned to a port based on the MAC

address of the device plugged into a port.
• Dynamic VLAN configuration requires a VLAN Membership
Policy Server (VMPS) client, server, and database to operate
properly.
Configuring Static VLANs
On a Cisco switch, ports are assigned to a single VLAN. These
ports are referred to as access ports and provide a connection for
end users or node devices, such as a router or server. By default,
all devices are assigned to VLAN 1, known as the default VLAN.
 Cont’d…

• After creating a VLAN, you can manually assign a

port to that VLAN and it will be able to communicate
only with or through other devices in the VLAN.
Configure the switch port for membership in a given
VLAN as follows:
 Cont’d…

• To change the VLAN for a COS device, use the

set vlan command, followed by the VLAN
number, and then the port or ports that should be
added to that VLAN. VLAN assignments such
as this are considered static because they do not
change unless the administrator changes the
VLAN configuration.
 Cont’d…

Configuring Dynamic VLANs

Although static VLANs are the most common form of port

VLAN assignments, it is possible to have the switch
dynamically choose a VLAN based on the MAC address of
the device connected to a port. To achieve this, you must
have a VTP database file, a VTP server, a VTP client switch,
and a dynamic port. After you have properly configured
these components, a dynamic port can choose the VLAN
based on whichever device is connected to that port.
 Cont’d…

Figure 1. 3 Networking diagram for configuring a VLAN based on ports

 Cont’d…

Pre-configuration Tasks
• Before configuring a VLAN based on ports,
complete the following task: Connecting ports and
configuring physical parameters of the ports,
ensuring that the ports are physically Up.
Configuration Procedures
Figure 8-6 Procedure of configuring a VLAN based
on ports
 Cont’d…

Figure 1. 4 Procedure of configuring a VLAN based on ports

 Cont’d…

• After a VLAN profile is created, assign it to

switches, aggregation devices in a Junes Fusion
fabric, Virtual Chassis Fabric, members of Layer 3
Fabric, or members of custom groups. You must
have one or more existing VLAN profiles, either
user-configured or system-created, before you can
assign a VLAN profile to a switch, or member of
a custom group or port group.
 1.3. Automatic Discovery and Configuration
Manager
Configuration management is a process closely linked to change
management, which is also called configuration control. Any system
that needs to be controlled closely and run with good reliability,
maintainability and performance benefits greatly from configuration
management, i.e., the management of system information and
system changes. Configuration management can extend life, reduce
cost, reduce risk, and even correct defects. It should be applied over
the life cycle of a system in order to provide visibility and control of
its performance as well as its functional and physical attributes.
 Cont’d…

In Configuration Manager 2012, the discovery of

users, groups and devices has been improved since
Configuration Manager 2007. The discovery feature
in Configuration Manager 2012 enables you to
identify computer and user resources that can be
managed with Configuration Manager. You are able
to configure the discovery of resources on different
levels in the Configuration Manager 2012 hierarchy.
 Cont’d…
Active Directory Forest Discovery

• The Active Directory Forest Discovery is a new discovery

method in Configuration Manager 2012 that allows the

discovery of Active Directory Forest where the site servers
reside and any trusted forest. With this discovery method,
you are able to automatically create the Active Directory or
IP subnet boundaries that are within the discovered Active
Directory Forests.

• Active Directory Forest Discovery can be configured on

Central Administration Sites and Primary Sites.

 1.4. Wireless Mobility Configuration Menu

A Mobility Domain enables users to roam

geographically across the system while
maintaining data sessions and VLAN or subnet
membership, including IP address, regardless of
connectivity to the network backbone. As users
move from one area of a building or campus to
another, client associations with servers or other
resources remains the same.
 Cont’d…
• A Mobility Group is a group of Wireless LAN Controllers
(WLCs) in a network with the same Mobility Group
name. These WLCs can dynamically share context and
state of client devices, WLC load information, and can
forward data traffic among them, which enables inter-
controller wireless LAN roam and controller redundancy.
Before you add controllers to a mobility group,

• you must verify that certain requirements are met for all
controllers that are to be included in the group.
 Cont’d…

In a mobility list, the below combinations of mobility

groups and members are allowed:
• 3 mobility groups with 24 members in each group
• 12 mobility groups with 6 members in each group
• 24 mobility groups with 3 members in each group
• 72 mobility groups with 1 member in each group
 Cont’d…

Configuring Mobility Groups (Cisco Wireless LAN

Controllers)

• To add an entry to a controller mobility configuration

using the GUI, go to CONTROLLER > Mobility

Management > Mobility Groups, and click on New.

Here you enter the MAC address and IP address of

the controller management interface you are adding

along with the mobility group name of that controller.

 Wireless access point

A wireless access point (WAP or AP) is a device

that allows wireless communication devices to
connect to a wireless network using Wi-Fi,
Bluetooth or related standards. The WAP usually
connects to a wired network, and can relay data
between the wireless devices (such as computers
or printers) and wired devices on the network.
79
80
81
82
83
84
85
86
87
88
89
90
 1.5. Device Schedules

Device configurations need to be backed up often in

order to maintain a repository of backups ready to be
restored in case of emergencies. In large enterprises
with more number of devices, this task of getting the
device configuration backup up becomes a huge
mundane task taking up most of the time of an admin.
Being able to schedule configuration backups is used
to free up a network admin’s time to do productivity
enhancing tasks.
 1.6. VPN Policy Manager

A virtual private network (VPN) is a private data

network connection that makes use of the public
telecommunications infrastructure, maintaining
privacy through the use of a tunneling protocol and
security procedures. Using a virtual private network
involves maintaining privacy through the use of
authorization, authentication, and encryption controls
that encrypt da ta before sending it through the public
network and decrypting it at the receiving end.
 Cont’d…
In a remote user configuration, a VPN can be contrasted
to a privately managed remote access system (e.g. dial-
up). The concept of the VPN is to give the agency the
same capabilities at much lower costs by using the shared
public infrastructure rather than a private one. However,
VPN links are considered to be less trusted than
dedicated, private connections; therefore, this policy sets
forth the security requirements for VPN connections to
the State’s network.
 Cont’d…

Overview of how it Works

• Two connections – one is made to the Internet and
the second is made to the VPN.
• Datagrams – contains data, destination and source
information.
• Firewalls – VPNs allow authorized users to pass
through the firewalls.
• Protocols – protocols create the VPN tunnels.
 Cont’d…

VPN Gateway and Tunnels

• A VPN gateway is a network device that
provides encryption and authentication service to
a multitude of hosts that connect to it. From the
outside (internet), all communications addressed
to inside hosts flow through the gateway. There
are two types of endpoint VPN tunnels:
 Cont’d…
Computer to gateway
• For remote access: generally set up for a remote user to
connect A corporate LAN

Gateway to Gateway
• This is a typical enterprise-to-enterprise configuration. The
two gateways communicate with each other

Figure 1. 5 Types of endpoint VPN

 1.7. Element Manager
Importance of Managing Network Devices

• Configuration Management

• Performance Management

• Fault Management

Common ways to analyze the configuration, Performance and Faults

on a Cisco Device

• CLI (Command Line Interface)

• SNMP (Simple Network Management Protocol)

• CiscoView
 Cont’d…
Using SNMP and CiscoView:
• A user can define a VTP domain,

• Configure devices as VTP servers, clients, or transparent devices

in the domain,
• Create VLANs within the domain,

• Assign ports to a VLAN, and view the ports assigned to a VLAN.

 Cont’d…

Figure 1. 6 Access a device using CiscoView

Cont’d…
 1.8. CLI Configuration Manager

Configuration Manager can be run from a command line. You

want to run the Configuration Manager from the commend
line as opposed to using the graphical user interface because
of the following reasons:

• You want to automate the configuration of the software.

• Your site wants the command-line version run for security

reasons.

• You want to create a script to set up your system and then

allow a user to run the script.
 Cont’d…
Understanding Cisco IOS Command Line Modes

Cisco Command Line Interface (CLI) is the main interface where

we will interact with Cisco IOS devices. CLI is accessible directly
via console cable or remotely via methods such as Telnet/SSH.
From here, we can do things such as monitoring device status or
changing configuration. Cisco has divided its CLI into several
different modes. Understanding Cisco IOS Command Line Modes
is essential because each mode has its own set of commands. Cisco
has at least three main command line modes: user EXEC mode,
privileged EXEC mode, and global configuration mode.
 Cont’d…
User EXEC mode

• The characteristics of user EXEC mode are:

 Indicated by a right angle bracket sign (“>”) next to the

device hostname.
 Contains commands that we can use to test
device/network configuration such as ping and trace
route.
 Cont’d…

 A limited set of commands that are not changing the

device configuration such as the show and clear
command are available.
 We can connect to other device from user EXEC mode
by using telnet or ssh
 To protect user EXEC mode we can create username
and password combination on the device.
 Issuing exit command here will disconnect the session.
 Cont’d…
This flowchart below will show the position of each
node against the other modes.

Figure 1. 7 Cisco IOS Command Line Modes

 Cont’d…
Privileged EXEC mode

Below are the characteristics of privileged EXEC mode:

 Indicated by a hash sign (“#”) next to the device hostname

 All commands that are available on user EXEC mode are available in here
too

 More complete set of commands under show and clear command are
available here. For example, in user EXEC mode there is no show running-
config under the show command, but in privileged EXEC mode it is exist.
 Cont’d…
• Unless the user account that we used has specific
privilege level assigned to it, by default it will get the
highest privilege level, which is level 15.
• Privileged EXEC mode can be protected using an
enable password.
• Issuing disable command here will bring us back to
the user EXEC mode.
• Issuing exit command here will disconnect the session.
 Cont’d…
Global configuration mode

This is where the real configurations are done. We can enter global
configuration mode from privileged EXEC mode by using
command configure terminal. From here we can do changes on the
global device configuration such as hostname, domain-name,
creating user accounts, etc; or we can enter more specific
configuration within global configuration mode and make changes
such as IP address interface, access-list, DHCP, policy, etc.
 Cont’d…
Some characteristics of global configuration mode are:
• Indicated by device hostname prompt, followed by a
word “config” inside a bracket and then hash sign (“#”).
• All commands from EXEC mode can be used here by
adding a word do before the command that we want to
execute, for example if we want to use show running-
config in global configuration mode we have to type it
as do show running-config.
 Cont’d…

• Despite that we can change configuration within global

configuration mode, if we want to save the configuration

we have to do it by exiting back to privileged EXEC mode

and issue command write memory or copy running-config

startup-startup config from there (however, these two

commands can also be used from within global

configuration mode by adding a do prefix to the

command, as explained in the previous point).

 Cont’d…
• Global configuration mode can be protected by assigning a

custom privilege level to the user account then set allowed

commands and block the rest, thus limiting the configuration

capability.

• Issuing exit here will bring us back to the privileged EXEC

mode. To change a device configuration, you need to enter

the global configuration mode. This mode can be accessed

by typing configure terminal (or conf t, the abbreviated

version of the command) from the enable mode.

 Cont’d…
The prompt for this mode is hostname(config). Global
configuration mode commands are used to configure a
device. You can set a hostname, configure authentication,
set an IP address for an interface, etc. From this mode,
you can also access submodes, for example the interface
mode, from where you can configure interface options.
You can get back to a privileged EXEC mode by typing
the end command. You can also type CTRL + C to exit
the configuration mode.
 Cont’d…

Submode Commands

A global configuration mode contains many sub-

modes. For example, if you want to configure an
interface you have to enter that interface configuration
mode. Each submode contains only commands that
pertain to the resource that is being configured. To
enter the interface configuration mode you need to
specify which interface you would like to configure.
 Cont’d…

This is done by using the interface

INTERFACE_TYPE/INTERFACE_NUMBER global configuration

command, where INTERFACE_TYPE represents the type of an

interface (Ethernet, FastEthernet, Serial…) and

INTERFACE_NUMBER represents the interface number, since

CIsco devices usually have more than one physical interface. Once

inside the interface configuration mode, you can get a list of

available commands by typing the “?” character. Each submode has

its own prompt.

End