Accessing Cisco IOS Devices

Questions and Answers

What is the primary purpose of assigning a unique hostname to a device?

To provide a default configuration

To identify the device on the network (correct)

To improve network performance

To facilitate automatic updates

What command is used to enter the line VTY configuration mode?

vty 0 15 line

set vty lines

configure line vty

line vty 0 15 (correct)

What are the restrictions for naming devices?

Must end with a special character

Cannot include spaces (correct)

Can only contain upper case letters

Must start with a digit

What is a recommended practice regarding passwords for networking devices?

Create passwords longer than eight characters using diverse character types

What is the primary purpose of setting a banner message on a network device?

To warn unauthorized personnel

Which command is used to encrypt all plaintext passwords on a Cisco device?

service password-encryption

What should be done to secure user EXEC mode access?

Enter line console configuration mode and specify the password

Which command would you use to enable user EXEC access after setting the password?

login

What feature assists in securing Cisco routers by applying default security settings?

Cisco AutoSecure

What is a recommended action regarding default usernames and passwords for device security?

They should be changed immediately

Why should passwords not be the same for all devices?

It increases vulnerability to security breaches

Which of the following characters can be used in device names?

Dashes

What does the 'login' command do when applied in line VTY configuration mode?

It activates remote login via Telnet

What is the first step in configuring passwords for privileged EXEC mode?

Enter global configuration mode

Which character is used as a delimiting character in the banner command syntax?

Why should unnecessary services and applications be turned off on a network device?

To reduce the chance of security vulnerabilities

What is the purpose of the console port in network device management?

To perform initial configurations and maintenance

Which of the following methods is the recommended way to establish a remote connection to a network device?

Secure Shell (SSH)

What character denotes the prompt for User EXEC Mode in the CLI?

What is a characteristic of Telnet when connecting to a network device?

User authentication is sent in plaintext.

What type of connections are the console and AUX ports considered?

Out-of-band connections

Which of the following terminal emulation programs is NOT mentioned as an example?

HyperTerminal

In Privileged EXEC Mode, which symbol indicates the CLI prompt?

Which access method uses a physical management port for device access?

Console

What is the purpose of the Tab key in the IOS CLI?

Completes a partial command name entry.

Which keystroke will move the cursor one character to the left?

Ctrl+B

What command can be used to exit configuration mode and return to privileged EXEC mode?

Ctrl-Z

When receiving a '--More--' prompt, which keystroke will display the next line of output?

Enter Key

How can you recall the most recent commands in the IOS CLI?

Up Arrow

Which keystroke will allow you to display the next screen when output exceeds window space?

Space Bar

Which of the following commands can be used as an all-purpose break sequence?

Ctrl+Shift+6

What will the Backspace key do while using the IOS CLI?

Erases the character to the left of the cursor.

Which command is used to access global configuration mode?

configure terminal

What is the primary purpose of Line Configuration Mode?

To configure console or remote access settings

What command should be used to return from line configuration mode to global configuration mode?

exit

How can you directly switch from one subconfiguration mode to another?

Type the subconfiguration mode command directly

What is typically defined as an argument in IOS command structure?

A user-defined variable or value

Which command sequence is required to exit from any subconfiguration mode to global configuration mode?

Both B and C

Which mode allows access to configuration options on the device?

Global Configuration Mode

To move from user EXEC mode to privileged EXEC mode, you must use which command?

enable

What is the purpose of the startup-config file?

It contains commands used upon device startup.

Which command is used to save changes from running-config to startup-config?

copy running-config startup-config

What will happen if the device is reloaded without saving the running-config?

All unsaved changes will be lost.

What should you do to restore a device to its previous configuration if changes have not been saved?

Remove changed commands individually or reload the device.

What does the running-config reflect?

It reflects the current configuration in RAM.

Which process can cause network downtime on a device?

Reloading the device using the reload command.

What is the first step to save configuration files to a text document?

Open terminal emulation software and connect to the device.

What must you do to capture the output of configuration commands to a file?

Enable logging and specify a file location in terminal software.

Study Notes

Cisco IOS Access

• The presentation is about accessing Cisco IOS devices.
• Different access methods are available.
• These allow maintenance and initial configurations.

Access Methods

• Console Port: A physical port used for maintenance and initial configurations. Requires a special rollover cable. Connects to a PC's COM port.
• Auxiliary Port (AUX): A physical port used for remote access over telephone lines.
• Out-of-Band Connections: Console and AUX ports are out-of-band, meaning they provide access without a configured networking service.

Access Methods (Continued)

• Secure Shell (SSH): Secure remote CLI connection to a device over a network. This is the recommended method.
• Telnet: Insecure remote CLI connection over a network. Passwords and commands are sent in plain text.

Terminal Emulation Programs

• Terminal emulation programs connect to network devices via console ports or SSH/Telnet connections.
• Examples: PuTTY, Tera Term, SecureCRT.

IOS Navigation

• User EXEC Mode: Limited basic monitoring commands. Identified by the > symbol.
• Privileged EXEC Mode: Access to all commands and features. Identified by the # symbol.

Configuration Modes and Subconfiguration Modes

• Global Configuration Mode: Used to configure global options on the device.
• Line Configuration Mode: Used for console, SSH, Telnet, or AUX access.
• Interface Configuration Mode: Used to configure a switch or router interface.

Navigation Between IOS Modes

• Privileged EXEC Mode: Move from User EXEC to privileged EXEC mode by using the enable command.
• Global Configuration mode: Move in and out of the global configuration mode using the configure terminal command(to return to privilege EXEC mode use the exit command).
• Line Configuration Mode: Move in and out of line configuration mode, by using the line command followed by the management line type then to return to global mode use exit command.

Subconfiguration Modes

• To move out of a subconfiguration mode, use the exit command. To return to privilege EXEC use the end command or Ctrl+Z.
• Move directly from one mode to another using the desired subconfiguration mode command (e.g., (config-line)# to (config-if)#.

The Command Structure

• Basic IOS Command Structure: The command structure defines the format for commands—prompt, command, space, keyword or argument.
• Keywords: Specific parameters defined in the OS (e.g., ip protocols).
• Arguments: User-defined values, not predefined (e.g., IP address 192.168.10.5).

IOS Command Syntax Check

• Different formatting rules, for input, can be applied.
• Boldface text represents commands and keywords.
• Italics represent arguments.
• Brackets [ ] and braces { } are used for optional or required elements.

IOS Command Syntax Check (continued)

• The command syntax provides the pattern, or format, to use when entering commands
• For the ping command, the argument is the IP address of the destination device
• For the traceroute command, the argument is also the IP address of the destination device

IOS Help Features

• Context-sensitive help: Quickly finds commands or help to specific commands, or starts with specific characters.
• Command syntax check: Verifies inputs to check if the input is valid in the given context.
• If the input is invalid feedback will be given.

Hot Keys and Shortcuts

• IOS CLI uses various shortcuts or hot keys to ease the configuration process, monitoring process and troubleshooting process.
• Commands and keywords can be shortened. For example, conf can be used for configure, based on uniqueness.

Hot Keys and Shortcuts (continued)

• Table of keystrokes (e.g., Tab to complete commands, Backspace to erase characters, arrows to move cursor, Ctrl+P for past commands).

Hot Keys and Shortcuts (continued)

• More than one line of command output might be produced, causing the "--More--" prompt in the terminal.
• A variety of keystrokes used to control the display when this prompt appears (e.g., Enter, Space bar, any other key).

Basic Device Configuration

• Initial configuration command for a device involves giving a unique hostname.
• Default device name is Switch.
• Naming guidelines for devices start with a letter, contain no spaces, end with a letter/digit, and use only hyphens, letters or digits, less than 64 chars.

Password Guidelines

• Weak passwords are a security risk
• All access (privileged EXEC, user EXEC, and remote TELNET sessions) should be secured with passwords that are strong and encrypted
• Security Guidelines Guideline 1- use passwords with at least 8 characters (preferable 10 or more) Guideline 2 - passwords must be complex

Configure Passwords

• User EXEC mode access:
  • Use the line console 0 command in global configuration mode.
  • Specify the user EXEC mode password.
  • Enable user EXEC access.
• Privileged EXEC Mode access:
  • Enter global configuration mode.
  • Use the enable secret password command.
• VTY Line Access:
• Use the line vty 0 15 to enable VTY access.
• Specify the password
• Enable VTY access using login

Encrypt Passwords

• Startup-config and running-config files usually display passwords in plain text
• Use the service password-encryption command under global configuration mode to encrypt all plaintext passwords.
• Use show running-config to check password encryption was applied.

Device Security

• Cisco AutoSecure: Default security settings on new OS may need adjusting
• Default usernames/passwords should be changed.
• Limit access to authorized users.
• Turn off/uninstall unnecessary services/applications.
• Update software and install security patches for the hardware.

Enable SSH

• Unique Device Hostname: Needed for Cisco devices
• IP Domain Name: Set IP domain name using global configuration mode
• SSH Traffic Encryption: Create keys using crypto key generate rsa general-keys modulus bits.
• Local Database Verification/Creation: Using username global config command to create the database to authenticate users.
• Authenticate against the local database: Use login local line config command to authenticate against the local database.
• Enable inbound SSH sessions: Use the transport input command to allow SSH sessions on the VTY lines.

Disable Unused Services

• Disable any unused services. This preserves resources like CPU cycles and RAM, protecting the hardware from threat actors exploits.
• Verify this using the show ip ports all command or theshow control-plane host open-ports command.

Save Configurations

• Startup-config: Stored in NVRAM; contains commands to be used for the first initialization upon start up and reboot
• Running-config: Stored in RAM and it represents the current configuration of the router.
• To copy running configuration to startup-config: Use copy running-config startup-config

Capture Configuration to a Text File

• Save configurations to a text file. This can be used for archiving or reference purposes.
• Use terminal emulation software (e.g. PuTTY, Tera Term).
• Enable logging, specifying a file name.

Device Security

Description

This quiz covers different methods for accessing Cisco IOS devices, including console and auxiliary ports, as well as secure connections like SSH and Telnet. It also discusses the use of terminal emulation programs for device management. Test your knowledge on the various access methods and their applications!