Accessing Cisco IOS Devices

Questions and Answers

What is the primary purpose of assigning a unique hostname to a device?

• To provide a default configuration
• To identify the device on the network (correct)
• To improve network performance
• To facilitate automatic updates

What command is used to enter the line VTY configuration mode?

• vty 0 15 line
• set vty lines
• configure line vty
• line vty 0 15 (correct)

What are the restrictions for naming devices?

• Must end with a special character
• Cannot include spaces (correct)
• Can only contain upper case letters
• Must start with a digit

What is a recommended practice regarding passwords for networking devices?

Create passwords longer than eight characters using diverse character types (A)

What is the primary purpose of setting a banner message on a network device?

To warn unauthorized personnel (C)

Which command is used to encrypt all plaintext passwords on a Cisco device?

service password-encryption (D)

What should be done to secure user EXEC mode access?

Enter line console configuration mode and specify the password (B)

Which command would you use to enable user EXEC access after setting the password?

login (A)

What feature assists in securing Cisco routers by applying default security settings?

Cisco AutoSecure (B)

What is a recommended action regarding default usernames and passwords for device security?

They should be changed immediately (C)

Why should passwords not be the same for all devices?

It increases vulnerability to security breaches (C)

Which of the following characters can be used in device names?

Dashes (A)

What does the 'login' command do when applied in line VTY configuration mode?

It activates remote login via Telnet (A)

What is the first step in configuring passwords for privileged EXEC mode?

Enter global configuration mode (B)

Which character is used as a delimiting character in the banner command syntax?

(B)

Why should unnecessary services and applications be turned off on a network device?

To reduce the chance of security vulnerabilities (B)

What is the purpose of the console port in network device management?

To perform initial configurations and maintenance (C)

Which of the following methods is the recommended way to establish a remote connection to a network device?

Secure Shell (SSH) (C)

What character denotes the prompt for User EXEC Mode in the CLI?

(D)

What is a characteristic of Telnet when connecting to a network device?

User authentication is sent in plaintext. (A)

What type of connections are the console and AUX ports considered?

Out-of-band connections (A)

Which of the following terminal emulation programs is NOT mentioned as an example?

HyperTerminal (C)

In Privileged EXEC Mode, which symbol indicates the CLI prompt?

(B)

Which access method uses a physical management port for device access?

Console (D)

What is the purpose of the Tab key in the IOS CLI?

Completes a partial command name entry. (A)

Which keystroke will move the cursor one character to the left?

Ctrl+B (C)

What command can be used to exit configuration mode and return to privileged EXEC mode?

Ctrl-Z (C)

When receiving a '--More--' prompt, which keystroke will display the next line of output?

Enter Key (A)

How can you recall the most recent commands in the IOS CLI?

Up Arrow (C)

Which keystroke will allow you to display the next screen when output exceeds window space?

Space Bar (A)

Which of the following commands can be used as an all-purpose break sequence?

Ctrl+Shift+6 (A)

What will the Backspace key do while using the IOS CLI?

Erases the character to the left of the cursor. (B)

Which command is used to access global configuration mode?

configure terminal (C)

What is the primary purpose of Line Configuration Mode?

To configure console or remote access settings (D)

What command should be used to return from line configuration mode to global configuration mode?

exit (B)

How can you directly switch from one subconfiguration mode to another?

Type the subconfiguration mode command directly (C)

What is typically defined as an argument in IOS command structure?

A user-defined variable or value (D)

Which command sequence is required to exit from any subconfiguration mode to global configuration mode?

Both B and C (D)

Which mode allows access to configuration options on the device?

Global Configuration Mode (B)

To move from user EXEC mode to privileged EXEC mode, you must use which command?

enable (A)

What is the purpose of the startup-config file?

It contains commands used upon device startup. (C)

Which command is used to save changes from running-config to startup-config?

copy running-config startup-config (B)

What will happen if the device is reloaded without saving the running-config?

All unsaved changes will be lost. (B)

What should you do to restore a device to its previous configuration if changes have not been saved?

Remove changed commands individually or reload the device. (B)

What does the running-config reflect?

It reflects the current configuration in RAM. (C)

Which process can cause network downtime on a device?

Reloading the device using the reload command. (C)

What is the first step to save configuration files to a text document?

Open terminal emulation software and connect to the device. (A)

What must you do to capture the output of configuration commands to a file?

Enable logging and specify a file location in terminal software. (A)

Flashcards

CLI Hot Keys

Special keys in the Cisco IOS command line interface used to make navigation and editing commands easier.

Tab Completion

Completing a command name by typing a few letters and pressing the Tab key.

Backspace

Deletes the character to the left of the cursor in the command line.

History Buffer

Stores previously entered commands to recall.

--More-- Prompt

A prompt indicating that terminal output is longer than displayed area.

Enter Key

Displays the next line of command output when viewing long output.

Ctrl-C

Ends the configuration mode and returns to privileged EXEC mode.

Ctrl-Shift-6

Used to end the display string.

VTY password

Password protecting remote access to a network device via Telnet or SSH.

Service password-encryption

Globally encrypts passwords in the running-config and startup-config files.

Banner message

A warning message displayed to unauthorized users attempting device access.

Banner motd

Command to create a banner message.

Default usernames and passwords

Default credentials on new devices that should be changed immediately.

Device access restriction

Restricting system resource access to authorized users only.

Unnecessary services/applications

Unneeded services or applications that should be turned off or removed.

Cisco AutoSecure

Feature in Cisco routers to assist with system security (default settings inadequate).

Device Naming Guideline

Device names must start with a letter, contain no spaces and end with either a letter or digit.They must use only letters, digits, and dashes, and should be less than 64 characters.

Strong Passwords

Passwords should be more than eight characters long, and include a mix of uppercase and lowercase letters, numbers, symbols, and/or numeric sequences.

Password Uniqueness

Never use the same password on multiple devices. Avoid common words, they are easily guessed.

User EXEC Mode

This allows limited command access in a secure configuration environment. Access should be secure.

Privileged EXEC Mode

This gives higher levels of access for configuring and managing a network device

Global configuration mode

The mode where instructions apply to the device as a whole.

Line Configuration Mode

The mode where instructions apply to a specific line or interface, such as a console port.

Password Encryption

Passwords should be protected in the encrypted format. Should be safe to use legal notifications need to be provided

Console Port

A physical port for accessing a network device for initial configuration.

Auxiliary Port (AUX)

A physical port for accessing a device over a telephone line, similar to the console port.

Out-of-Band Connection

Accessing a network device without a configured networking service. Using Console & AUX ports are examples.

Secure Shell (SSH)

A secure remote CLI connection method to a device over a network (recommended).

Telnet

An insecure remote CLI connection method to a device over the network (not recommended).

Terminal Emulation

Software programs (like PuTTY, Tera Term) enabling access to network devices.

Interface Configuration Mode

The mode where you configure individual ports or interfaces on a router or switch, such as setting IP addresses.

Configure Terminal Command?

Used to enter Global Configuration Mode from privileged EXEC mode.

Exit Command

Used to move back up a level in the IOS configuration hierarchy.

Keyword

A predefined parameter in the IOS command structure that identifies the specific action or setting to be configured.

Argument

A user-defined value provided within an IOS command to specify a specific setting or parameter.

Command Syntax

The specific format and structure of an IOS command, including keywords and required arguments.

Startup Configuration

The saved configuration file stored in NVRAM, used by the device upon startup or reboot. It contains all the commands that will be used by the device and is not lost when the device is powered off.

Running Configuration

The current configuration of the device stored in RAM. It reflects the changes made and is in effect immediately. However, it is lost when the device is powered off or restarted.

How to save running config to startup config

Use the command 'copy running-config startup-config' in privileged EXEC mode. This saves the current configuration changes to the persistent startup configuration.

How to restore a device to its previous configuration

1. Remove changed commands individually. 2. Reload the device using the 'reload' command in privileged EXEC mode. 3. If changes were saved to startup-config, use the 'erase startup-config' and reload to clear both files.

Capture configuration to a text file

Save and archive the device configuration to a text file for later reference or troubleshooting. Use a terminal emulator like PuTTY or Tera Term, enable logging, specify a file name and location, and then execute the 'show running-config' or 'show startup-config' command.

What is NVRAM?

Non-Volatile Random Access Memory, a type of memory that retains its data even when the device is powered off. It is used to store the startup configuration file.

What is RAM?

Random Access Memory, a type of memory that loses its data when the device is powered off. It is used to store the running configuration.

What is the difference between 'show running-config' and 'show startup-config'?

'show running-config' displays the current configuration used by the device. 'show startup-config' displays the saved configuration that will be loaded upon reboot.

Study Notes

Cisco IOS Access

• The presentation is about accessing Cisco IOS devices.
• Different access methods are available.
• These allow maintenance and initial configurations.

Access Methods

• Console Port: A physical port used for maintenance and initial configurations. Requires a special rollover cable. Connects to a PC's COM port.
• Auxiliary Port (AUX): A physical port used for remote access over telephone lines.
• Out-of-Band Connections: Console and AUX ports are out-of-band, meaning they provide access without a configured networking service.

Access Methods (Continued)

• Secure Shell (SSH): Secure remote CLI connection to a device over a network. This is the recommended method.
• Telnet: Insecure remote CLI connection over a network. Passwords and commands are sent in plain text.

Terminal Emulation Programs

• Terminal emulation programs connect to network devices via console ports or SSH/Telnet connections.
• Examples: PuTTY, Tera Term, SecureCRT.

IOS Navigation

• User EXEC Mode: Limited basic monitoring commands. Identified by the > symbol.
• Privileged EXEC Mode: Access to all commands and features. Identified by the # symbol.

Configuration Modes and Subconfiguration Modes

• Global Configuration Mode: Used to configure global options on the device.
• Line Configuration Mode: Used for console, SSH, Telnet, or AUX access.
• Interface Configuration Mode: Used to configure a switch or router interface.

Navigation Between IOS Modes

• Privileged EXEC Mode: Move from User EXEC to privileged EXEC mode by using the enable command.
• Global Configuration mode: Move in and out of the global configuration mode using the configure terminal command(to return to privilege EXEC mode use the exit command).
• Line Configuration Mode: Move in and out of line configuration mode, by using the line command followed by the management line type then to return to global mode use exit command.

Subconfiguration Modes

• To move out of a subconfiguration mode, use the exit command. To return to privilege EXEC use the end command or Ctrl+Z.
• Move directly from one mode to another using the desired subconfiguration mode command (e.g., (config-line)# to (config-if)#.

The Command Structure

• Basic IOS Command Structure: The command structure defines the format for commands—prompt, command, space, keyword or argument.
• Keywords: Specific parameters defined in the OS (e.g., ip protocols).
• Arguments: User-defined values, not predefined (e.g., IP address 192.168.10.5).

IOS Command Syntax Check

• Different formatting rules, for input, can be applied.
• Boldface text represents commands and keywords.
• Italics represent arguments.
• Brackets [ ] and braces { } are used for optional or required elements.

IOS Command Syntax Check (continued)

• The command syntax provides the pattern, or format, to use when entering commands
• For the ping command, the argument is the IP address of the destination device
• For the traceroute command, the argument is also the IP address of the destination device

IOS Help Features

• Context-sensitive help: Quickly finds commands or help to specific commands, or starts with specific characters.
• Command syntax check: Verifies inputs to check if the input is valid in the given context.
• If the input is invalid feedback will be given.

Hot Keys and Shortcuts

• IOS CLI uses various shortcuts or hot keys to ease the configuration process, monitoring process and troubleshooting process.
• Commands and keywords can be shortened. For example, conf can be used for configure, based on uniqueness.

Hot Keys and Shortcuts (continued)

• Table of keystrokes (e.g., Tab to complete commands, Backspace to erase characters, arrows to move cursor, Ctrl+P for past commands).

Hot Keys and Shortcuts (continued)

• More than one line of command output might be produced, causing the "--More--" prompt in the terminal.
• A variety of keystrokes used to control the display when this prompt appears (e.g., Enter, Space bar, any other key).

Basic Device Configuration

• Initial configuration command for a device involves giving a unique hostname.
• Default device name is Switch.
• Naming guidelines for devices start with a letter, contain no spaces, end with a letter/digit, and use only hyphens, letters or digits, less than 64 chars.

Password Guidelines

• Weak passwords are a security risk
• All access (privileged EXEC, user EXEC, and remote TELNET sessions) should be secured with passwords that are strong and encrypted
• Security Guidelines Guideline 1- use passwords with at least 8 characters (preferable 10 or more) Guideline 2 - passwords must be complex

Configure Passwords

• User EXEC mode access:
  • Use the line console 0 command in global configuration mode.
  • Specify the user EXEC mode password.
  • Enable user EXEC access.
• Privileged EXEC Mode access:
  • Enter global configuration mode.
  • Use the enable secret password command.
• VTY Line Access:
• Use the line vty 0 15 to enable VTY access.
• Specify the password
• Enable VTY access using login

Encrypt Passwords

• Startup-config and running-config files usually display passwords in plain text
• Use the service password-encryption command under global configuration mode to encrypt all plaintext passwords.
• Use show running-config to check password encryption was applied.

Device Security

• Cisco AutoSecure: Default security settings on new OS may need adjusting
• Default usernames/passwords should be changed.
• Limit access to authorized users.
• Turn off/uninstall unnecessary services/applications.
• Update software and install security patches for the hardware.

Enable SSH

• Unique Device Hostname: Needed for Cisco devices
• IP Domain Name: Set IP domain name using global configuration mode
• SSH Traffic Encryption: Create keys using crypto key generate rsa general-keys modulus bits.
• Local Database Verification/Creation: Using username global config command to create the database to authenticate users.
• Authenticate against the local database: Use login local line config command to authenticate against the local database.
• Enable inbound SSH sessions: Use the transport input command to allow SSH sessions on the VTY lines.

Disable Unused Services

• Disable any unused services. This preserves resources like CPU cycles and RAM, protecting the hardware from threat actors exploits.
• Verify this using the show ip ports all command or theshow control-plane host open-ports command.

Save Configurations

• Startup-config: Stored in NVRAM; contains commands to be used for the first initialization upon start up and reboot
• Running-config: Stored in RAM and it represents the current configuration of the router.
• To copy running configuration to startup-config: Use copy running-config startup-config

Capture Configuration to a Text File

• Save configurations to a text file. This can be used for archiving or reference purposes.
• Use terminal emulation software (e.g. PuTTY, Tera Term).
• Enable logging, specifying a file name.

Device Security

Description

This quiz covers different methods for accessing Cisco IOS devices, including console and auxiliary ports, as well as secure connections like SSH and Telnet. It also discusses the use of terminal emulation programs for device management. Test your knowledge on the various access methods and their applications!