Summary

This document appears to be lecture notes for a networking class, covering topics such as IP datagram components, TCP/IP addressing, and internet protocols.

Full Transcript

1 NETWORKING 2 - MIDTERMS IP Datagram Components WEEK 2: THE ROLE OF TCP/IP IN INTERNET LAYER The main function of the IP datagram is to carry protocol...

1 NETWORKING 2 - MIDTERMS IP Datagram Components WEEK 2: THE ROLE OF TCP/IP IN INTERNET LAYER The main function of the IP datagram is to carry protocol information for either Internet layer protocols (other TCP/IP layer 3 protocols) or encapsulated transport layer Internet Layer protocols (TCP and User Datagram Protocol, or UDP). To designate what protocol the IP datagram is carrying in the The corresponding layer in the OSI (Open Systems data field, the IP datagram carries the protocol’s number in Interconnection) Reference Model is the network layer. the Protocol field. IP (Internet Protocol) protocols at the Internet layer include: o ARP (Address Resolution Protocol) o RARP (Reverse Address Resolution Protocol) o ICMP (Internet Control Message Protocol) o OSPF (Open Shortest Path First) o many others Introduction to TCP/IP Addressing Internet Protocol (IP) IPv4 addresses are 32 bits in length. However, to make IP (Internet Protocol) provides a connectionless, unreliable the addresses readable, they are broken into 4 bytes delivery to other devices at layer 3. (called octets), with a period (decimal) between each It treats packets individually. (represents binary code 0,1) byte. Example: If reliability and flow control are required, TCP (Transmission Control Protocol) at the transport layer can provide this function. The format of this address is commonly called dotted decimal. IP Protocol Function: Watch this videos: Connectionless data delivery: best effort delivery with no data recovery capabilities. https://www.youtube.com/watch?v=7gwWAd2DWok Hierarchical logical addressing to provide for highly https://www.youtube.com/watch?v=yEkqR_-222E scalable internetworks. (dynamic) Datagram: It is just another word for packet, shows the components of the IP datagram. 2 NETWORKING 2 - MIDTERMS Types of IP Addresses Five Upstream Address Registries: ARIN (American Registry for Internet Numbers) RIPE NCC (Réseaux IP Européens Network Coordination Centre) APNIC (Asia-Pacific Network Information Centre) LACNIC (Latin American and Caribbean Internet Address Registry) AfriNIC (African Network Information Centre) Classes of Addresses Private and Public Addresses Two components: Assigned in RFC 1918: Network component: Defines on what segment, in the network, a device is located. Class A: 10.0.0.0–10.255.255.255 (1 Class A network) Host component: Defines the specific device on a Class B: 172.16.0.0–172.31.255.255 (16 Class B networks) particular network segment. Class C: 192.168.0.0–192.168.255.255 (256 Class C networks) NOTE: Remember the list of private networks, which must be translated when accessing public networks: 10.0.0.0, 172.16.0.0– 172.31.0.0, and 192.168.0.0–192.168.255.0. DNS (Domain Name System) Five Classes: DNS is used to resolve names to IP addresses. DNS is a TCP/IP application that other applications such as FTP (File Class A addresses range from 1 to 126: 0 is reserved and Transfer Protocol) applications, telnet, web browsers, and represents all IP addresses; 127 is a reserved address and email use to resolve the names a user enters to real IP is used for testing, such as a loopback on an interface. addresses. Class B addresses range from 128 to 191: binary 10000000-10111111. Class C addresses range from 192 to 223: binary 11000000-11011111. Class D addresses range from 224 to 239: binary 11100000-11101111. Class E addresses range from 240 to 254: 255 is a reserved address and is used for local broadcasting purposes. Internet Protocols Public and Private Addresses DHCP (Dynamic Host Configuration Protocol) allows Public addresses are Class A, B, and C addresses that can devices to acquire their addressing information be used to access devices in other public networks, such as dynamically. Originally defined in RFC 2131 and updated in the Internet.. The Internet Assigned Numbers Authority 2939, DHCP is actually based on the Bootstrap Protocol (IANA) is ultimately responsible for handing out and (BOOTP). managing public addresses. Within this range of addresses for Class A, B, and C addresses are some reserved addresses, commonly called private addresses. 3 NETWORKING 2 - MIDTERMS 2 Components: Server: Delivering host configuration information. Single-Segment ARP Example Client: Requesting and acquiring host configuration information. In the ARP datagram, the source IP address is 10.1.1.1, and the destination is 255.255.255.255 (the local broadcast represents every device on the Ethernet segment). Internet Protocols DCHP provides the following advantages: It reduces the amount of configuration on devices. It reduces the likelihood of configuration errors on devices acquiring address information. It gives you more administrative control by centralizing IP addressing information and management. Two-Segment ARP Example DHCP Address Allocation Types Proxy ARP Example Address Resolution Protocol However, PC-A still assumes that PC-C is on the local segment. To ARP (Address Resolution Protocol) is a protocol or solve this reachability problem, two things need to occur: procedure that connects an ever-changing Internet Protocol (IP) address to a fixed physical machine address, The router will need a static host route that directs traffic also known as a MAC (Media Access Control) address, in a sent to the host address that was moved to the devices’ local-area network (LAN). new network segment. The proxy ARP must be enabled on the router’s interface that’s connected to the original network segment. 4 NETWORKING 2 - MIDTERMS Reverse Address Resolution Protocol RARP (Reverse Address Resolution Protocol) is sort of the reverse of an ARP. In an ARP, the device knows the layer 3 address, but not the data link layer address. With a RARP, the device doesn’t have an IP address and wants to acquire one. The only address that this device has is a MAC address. Common protocols that use RARP are BOOTP and DHCP. TCP/IP Tools for Windows PCs 5 NETWORKING 2 - MIDTERMS Subnet Masks (Recap) WEEK 3: THE IP ADDRESSING AND SUBNETTING IP Addressing Techniques Network and Host Boundaries Distinguishing Between Classes of Addresses INVALID: 11110000. 00001111. 11111111. 11111111 (240. 31. 255. 255) Subnetting (Recap) VALID: 11111111. 11111111. 11111111. 11111000 Subnetting allows you to take some of the higher-order host bits in a network number and use them to create more networks. (255. 255. 255. 248) A demonstration using a Class C network: Dotted-decimal: 192.168.1.0 255.255.255.0 Number of networking bits: 192.168.1.0/24 Hexadecimal: 192.168.1.0 0xFFFFFF00 Binary: 192.168.1.0 1111111111111111111111100000000 Subnet Mask Values (Recap) Valid Subnet Mask Values in an Octet One important item to point out is that the subnet mask, in and of itself, means nothing without the context of the IP address associated with it. For example, most people would assume that when you see a subnet mask of 255.255.255.0, you are dealing with a Class C network. 6 NETWORKING 2 - MIDTERMS Subnet Masks for Class A Networks 3. Determine the subnet mask. 4. Determine the network addresses. 5. Determine the directed broadcast addresses for your networks. 6. Determine the host addresses for your networks. 1: Determine Network and Host Requirements 2: Satisfy Host and Network Requirements Subnet Masks for Class B Networks 3: Determine the Subnet Mask Subnet Masks for Class C Networks 4: Determine the Network Addresses IP Address Planning Six-step approach plan for IP addressing: 1. Determine network and host requirements. 2. Satisfy host and network requirements. 7 NETWORKING 2 - MIDTERMS 5: Determine the Directed Broadcast Addresses 6. Between the network and broadcast addresses, write down the host addresses. Host addresses are any number between the network and directed broadcast addresses. Determining Network, Directed Broadcast, and Host Components 1. You are given the following address: 192.168.1.63/255.255.255.248. What type of address is this—network, directed broadcast, or host? The interesting octet is the fourth: 248. Subtract this from 256: 256 – 248 = 8. Network numbers are incrementing by 8: 192.168.1.0, 192.168.1.8, 192.168.1.16, 192.168.1.24, 192.168.1.32, 192.168.1.40, 192.168.1.48, 192.168.1.56, 192.168.1.64, and so on. After writing down the directed broadcast addresses, you’ll see that the network 6: Determine the Host Addresses 192.168.1.56 has a directed broadcast address of 192.168.1.63 and host address of 57–62. Therefore, this is a broadcast address. 2. You are given the following address: 172.16.4.255/255.255.252.0. What type of address is this—network, directed broadcast, or host? The interesting octet is the third: 252. Subtract this from 256: 256 – 252 = 4. Network numbers are incrementing by 4 in the third octet: 172.16.0.0, 172.16.4.0, 172.16.8.0, 172.16.12.0, and so on. After writing down the directed broadcast addresses, you’ll see that the network 172.16.4.0 has a directed broadcast address of 172.16.7.255 and host addresses of 172.16.4.1– 172.16.7.254. Therefore, this is a host address. Determining IP Address Components 1. You need an IP address and a subnet mask (this is the easy Notes: part). Cross over – Same Device 2. Examine the subnet mask and find the interesting octet. The interesting octet in the mask is the one in which the Straight Through – Different Device network and host boundary are found. This includes the TCP – Transmission Control Protocol following mask values in an octet: 0, 128, 192, 224, 240, 248, 252, and 254. It does not include 255—an octet with IP – Internet Protocol a mask value of 255 (all 8 bits are 1s) indicates that this octet is part of the network number. Only when an octet OSI – Operating System Interconnections contains one or more binary 0s does it have a host OSPF – Open Shortest Path First (Route of the data ex. Ways) component. 3. Subtract the interesting octet in the subnet mask from 256. This will give you the increment by which network numbers are increasing in the interesting octet. 4. On a piece of paper, start writing down the network numbers, starting with the first subnet (0), and working your way up to a network number that is higher than the address in question. 5. After you have written down the network numbers, beside each of these, write down their corresponding broadcast addresses. Remember that the broadcast address is one number less than the next network number. You don’t have to do this with every network number—just the networks near the network number in question. 8 NETWORKING 2 - MIDTERMS VLSM allows you to make more efficient use of IP addressing. In the figure, it shows a simple before-and- WEEK 4: UNDERSTANDING VLSM after example of using VLSM. In this example, a router at the corporate site (RouterA) VLSM (VARIABLE LENGTH SUBNET MASK) has point-to-point WAN connections to the remote office routers (RouterB, RouterC, and RouterD). VLSM, originally defined in RFC 1812, allows you to apply different subnet masks to the same class address space. For instance, a good mask for point-to-point links is Addressing with VLSM 255.255.255.252, which provides for two host addresses in VLSM basically means taking a subnet (not a network number) and each subnet. applying a different subnet mask to this, and only this, subnet. A good mask for a LAN connection might be You should follow these steps when performing VLSM: 255.255.255.192, which provides for 62 host addresses for each network segment. Using a 255.255.255.252 mask for 1. Find the largest segment in the network address space— a LAN connection will not give you enough host addresses, the segment with the largest number of devices connected and using a 255.255.255.192 mask on a point-to-point to it. connection wastes addresses. 2. Find the appropriate subnet mask for the largest network segment. 3. Write down your subnet numbers to fit your subnet mask. 4. For your smaller segments, take one of these newly Features of VLSM created subnets and apply a different, more appropriate, VLSM lets you have more than one mask for a given class subnet mask to it. of address, be it a Class A, B, or C network number. 5. Write down your newly subnetted subnets. 6. For even smaller segments, go back to step 4 and repeat Classful protocols, such as Routing Information Protocol this process. (RIP) v1, do not support VLSM. NOTE: Actually, you can take a subnetted subnet and subnet it again! Deploying VLSM requires a routing protocol that is With this process, you can come up with a very efficient addressing classless—Border Gateway Protocol (BGP), Enhanced scheme to accommodate addressing needs in your network. Interior Gateway Routing Protocol (EIGRP), Intermediate System-Intermediate System (IS-IS), Open Shortest Path First (OSPF), or RIPv2, for instance. VLSM Example 1 Features of VLSM VLSM provides two major advantages: Efficient use of addressing in large-scale networks. Route summarization or route aggregation to reduce the size of the routing tables in routers. Features of VLSM VLSM Example 2 9 NETWORKING 2 - MIDTERMS Route Summarization Route summarization is the ability to take a bunch of Supernetting contiguous network numbers in your routing table and advertise them as a single summarized or aggregated Using VLSM and summarization, you can summarize these four subnets back to 192.168.1.0/24. route. VLSM allows you to summarize subnetted routes back to CIDR takes this further by summarizing a block of contiguous Class A, B, and/or C network numbers. the class boundary. Today’s classless protocols support supernetting. However, it is most commonly configured by ISPs on the Internet who use BGP as a routing protocol. Hierarchical Addressing To perform route summarization, you will need to set up your addressing in a hierarchical fashion. Hierarchical addressing provides the following benefits: It enables more efficient routing. Advantages of Route Summarization It uses route summarization to decrease the size of routing Summarization allows you to create a more efficient routing tables. environment by providing the following advantages: It decreases the amount of memory needed to store the It reduces the size of routing tables, requiring less memory smaller routing tables. and processing. It decreases the impact on the router when needing to It reduces the size of routing updates, requiring less rebuild the routing table. bandwidth. It provides a design to simplify your troubleshooting It contains network problems such as routing flapping. process. Another advantage of route summarization is that it helps contain certain kinds of network problems. When implementing route summarization, you’ll need to consider the following: Classless Interdomain Routing (CIDR) The routing protocol must carry the subnet mask with the corresponding network entries it will be advertising. Classless Interdomain Routing (CIDR), specified in RFC 2050, is an extension to VLSM and route summarization. Routing decisions must be made on the entire destination IP address. With VLSM, you can summarize subnets back to the Class To summarize routing entries, they must have the same A, B, or C network boundary. highest order matching bits (see previous Table as an example) 10 NETWORKING 2 - MIDTERMS Routing and Subnet Masks Classful vs. classless protocols and routing updates. Summarizing Network Numbers Discontiguous subnets Summarization Difficulties Complex route summarization example. The Routing Table Performing Summarization To summarize routing entries, they must have the same highest order matching bits. In other words, you can perform summarization when the network numbers in question fall within a range of a power-of-2 number—such as 2, 4, 8, 16, and so on—or within a range of a multiple of a power of 2. Summarization and Powers of 2 When summarizing, however, remember that you can summarize routes only on a bit boundary (power of 2) or a multiple of a power-of-2 boundary. The trick to summarization is to look at your subnet mask options: 0, 128, 192, 224, 240, 248, 252, 254, and 255. For instance, suppose you have a set of Class C subnets: 192.168.1.0/30 and 192.168.1.4/30. These networks contain a total of eight addresses and start on a power-of- 2 boundary: 0. Therefore, you could summarize these as 192.168.1.0/29, which encompasses addresses from 192.168.1.0 through 192.168.1.7. 11 NETWORKING 2 - MIDTERMS A session occurs when the source opens a connection by sending one or more PDUs and typically, but not always, WEEK 5: (THE ROLE OF TCP/IP IN TRANSPORT LAYER) receives a reply from the destination. A session can be reliable or unreliable and may or may not involve flow control. Transport Layer Functions The TCP/IP transport layer is responsible for providing a logical connection between two hosts and can provide these functions: Segmentation Flow control (through the use of windowing) Segmentation is the process of breaking up data into smaller, identifiable PDUs at the transport layer. Reliable connections (through the use of sequence In TCP/IP, the transport layer packages application layer numbers and acknowledgments) data into segments to send to a destination device. Session multiplexing (through the use of port numbers and The remote destination is responsible for taking the data IP addresses) from these segments and directing it to the correct application. Segmentation (through the use of segment protocol data units, or PDUs) Transport Layer Protocols TCP/IP uses two transport layer protocols: Flow Control Flow control is used to ensure that the destination doesn’t become 1. TCP – (Transmission Control Protocol) overwhelmed by the source sending too much information at once. 2. UDP – (User Datagram Protocol) Two kinds of flow control exist: The following two sections discuss these protocols in depth and 1. Ready/not-ready signals describe their characteristics and the segmentation they use, including the layout of their segment headers. o These are signals that are not very efficient when a lot of delay is present in the data transmission. 2. Windowing. ready/not-ready Transmission Control Protocol o Windowing is a much more efficient process, TCP uses a reliable delivery system to deliver layer 4 segments since the size of the window determines how to the destination. This would be analogous to using a certified, many segments can be sent before waiting for an priority, or next-day service with the US Postal Service. acknowledgment to send the next batch of TCP’s main responsibility is to provide a reliable full-duplex, segments. connection-oriented, logical service between two devices. TCP goes through a three-way handshake to establish a session before data can be sent (discussed later in the “TCP’s Three- Way Handshake” section). Reliability When reliability is necessary, it should cover these four items: 1. Recognizing lost packets and having them re-sent Transmission Control Protocol 2. Recognizing packets that arrive out of order and TCP Segment Components reordering them 3. Detecting duplicate packets and dropping the extra ones 4. Avoiding congestion Most protocols with built-in reliability use sequence and acknowledgment numbers to deal with the first three bullet points. Multiplexing Multiplexing is the ability of a single host to have multiple concurrent sessions open to one or many other hosts. 12 NETWORKING 2 - MIDTERMS User Datagram Protocol UDP uses a best-effort delivery system, similar to how first- Ports class and lower postal services of the US Postal Service When you want to connect to an application on a work. destination host, the source port field in the TCP or UDP UDP Segment Components header will have a dynamically assigned port. The destination port field will have either a well-known or registered port number, depending on the application to which you are connecting. The destination host can use this information to determine what application needs to process the session data. Application Mapping TCP and UDP Applications TCP and UDP provide a multiplexing function for simultaneously supporting multiple sessions to one or One main difference between the OSI Reference Model and more hosts: This allows multiple applications to send and TCP/IP’s model is that TCP/IP lumps together the application, receive data to many devices simultaneously. presentation, and session layers into one layer, called the application layer. With these protocols, port numbers (at the transport Hundreds and hundreds of TCP/IP applications are available. layer) and IP addresses (at the Internet layer) are used to The most common ones are used to share information, such as differentiate the sessions. file transfers, e-mail communications, and web browsing Application Mapping Common TCP/IP Applications and Protocols Multiplexing Connections Ports TCP/IP’s transport layer uses port numbers and IP addresses to Using port numbers multiplex sessions between multiple hosts. Port numbers are 16 bits in length, allowing for port numbers from 0 to 65,535 (a total of 65,536 ports). Port numbers fall under three types: 1. Well-known - These port numbers range from 0 to 1023 and are assigned by the Internet Assigned Number Authority (IANA) to applications commonly used on the Internet, such as HTTP, DNS, and SMTP. 2. Registered - These port numbers range from 1024 to 49,151 and are assigned by IANA for proprietary applications, such as Microsoft SQL Server, Shockwave, Oracle, and many others. 3. Dynamically assigned - These port numbers range from 49,152 to 65,535 and are dynamically assigned by the operating system to use for a session. 13 NETWORKING 2 - MIDTERMS Session Establishment 2. The destination responds with both an acknowledgment and synchronization in the same segment. TCP and UDP use completely different processes when establishing a session with a remote peer. As you probably 3. Upon receiving the SYN/ACK, the source responds with an ACK already have guessed, UDP uses a fairly simple process. segment (where the ACK flag is set in the TCP header). With UDP, one of two situations will occur that indicate that the session is established: TCP’s Sequencing and Acknowledgments o The source sends a UDP segment to the Sequence and acknowledgment numbers to the process: destination and receives a response o The source sends a UDP segment to the 1. The source sends a synchronization frame with the SYN bit destination marked in the Code field. This segment contains an initial sequence number. This is referred to as a SYN segment. 2. Upon receipt of the SYN segment, the destination responds with Session Establishment its own segment, with its own initial sequence number and the As to which of the two are used, that depends on the appropriate value in the Acknowledgment field indicating the receipt application. And as to when a UDP session is over, that is of the source’s original SYN segment. also application-specific: 3. Upon receipt of the SYN/ACK segment, the source will o The application can send a message, indicating acknowledge receipt of this segment by responding to the that the session is now over, which could be part destination with an ACK segment, which has the Acknowledgment of the data payload field set to an appropriate value based on the destination’s sequence o An idle timeout is used, so if no segments are number and the appropriate bit set in the Code field. encountered over a predefined period, the application assumes the session is over TCP’s Sequencing and Acknowledgments Here is a simple example of a three-way handshake with sequence Session Establishment and acknowledgment numbers: TCP, on the other hand, is much more complicated. It uses 1. Source sends a SYN: sequence number = 1 what is called a defined state machine. 2. Destination responds with a SYN/ACK: A defined state machine defines the actual mechanics of o Sequence number = 10, acknowledgment = 2 the beginning of the state (building the TCP session), 3. Source responds with an ACK segment: maintaining the state (maintaining the TCP session), and o Sequence number = 2, acknowledgment = 11 ending the state (tearing down the TCP session). TCP’s Flow Control and Windowing TCP’s Three-Way Handshake TCP allows the regulation of the flow of segments, With reliable TCP sessions, before a host can send ensuring that one host doesn’t flood another host with too information to another host, a handshake process must many segments, overflowing its receiving buffer. TCP uses take place to establish the connection. a sliding windowing mechanism to assist with flow control. Setting up a reliable connection: threeway handshake TCP employs a positive acknowledgment with retransmission (PAR) mechanism to recover from lost segments. The same segment will be repeatedly re-sent, with a delay between each segment, until an acknowledgment is received from the destination. The acknowledgment contains the sequence number of the segment received and verifies receipt of all segments sent prior to the retransmission process. This eliminates the need for multiple acknowledgments and resending acknowledgments. TCP’s Three-Way Handshake The following three steps occur during the three-way handshake: 1. The source sends a synchronization (SYN) segment (where the SYN control flag is set in the TCP header) to the destination, indicating that the source wants to establish a reliable session. 14 NETWORKING 2 - MIDTERMS VLANs. Logical addresses are used to implement a hierarchical, scalable network. WEEK 6: SENDING AND RECEIVING TCP/IP PACKETS TCP/IP is an example of a protocol with logical addressing. An IP address has two components: network and host. A subnet mask is used to differentiate between these two Network Components and Addressing Review components. Layer 1 Components Network Layer Decides which physical path Data will take : The physical layer defines the physical properties of transmitting data between network components: electrical, mechanical, functional, and so on. This can include the kind of wiring (or wireless communications), interfaces, and other hardware components. One type of layer 1 device is an Ethernet hub. A hub replicates any signal it receives—good or bad. An Ethernet hub can be used to connect many devices to the bus topology, as well as to extend the distance between End-to-End Principle devices. The internet has a lot of different features like reliability, flow Transmission Medium Types: control, and order delivery that are separated into two components: Copper 1. IP - Internet Protocol Fiber 2. TCP - Transmission Control Protocol Air Ethernet Standard IP Protocols EIA/TIA Standards An IP address is a string of numbers separated by periods. IP addresses are expressed as a set of four numbers — an example Different Connectors address might be 192.158.1.38. Each number in the set can range from 0 to 255. So, the full IP addressing range goes from 0.0.0.0 to 255.255.255.255. TCP/IP Protocols Layer 2 Components Many protocols are used in TCP/IP to transport information between The data link layer defines how devices communicate hosts. The three commonly used protocols are: across a physical layer medium. Ethernet is one of the more common layer 2 standards. Dynamic Host Control Protocol (DHCP) Common devices that operate primarily at layer 2 include Domain Name Service (DNS) network interface cards (NICs) and switches. A NIC, commonly called an interface, provides a connection to a Address Resolution Protocol (ARP) wired or wireless network, such as Ethernet. Transmission Control Protocol (TCP) User Datagram Protocol (UDP) are used to transmit data, such as file transfers and e-mails, between hosts. TCP/IP Protocols Here’s a quick overview of the protocols: Layer 3 Components DHCP: Dynamically acquires IP addressing information on a Routers are the primary layer 3 network components. host, including an IP address, subnet mask, default Routers connect different broadcast domains together, gateway address, and a DNS server address. whether they are different Ethernet segments or different DNS: Resolves names to layer 3 IP addresses. 15 NETWORKING 2 - MIDTERMS ARP: Resolves layer 3 IP addresses to layer 2 MAC addresses so that devices can communicate in the same WEEK 7: CISCO IOS SOFTWARE PART 1 broadcast domain. TCP: Reliably transmits data between two devices. It uses a three-way handshake to build a session and windowing to implement flow control. TCP can detect and resend lost or Introduction to Cisco Device Configuration bad segments. One of the main reasons that Cisco is number one in the UDP: Delivers data with a best effort. No handshaking is enterprise networking marketplace is its Internetwork used to establish a session—a device starts a session by Operating System (IOS). sending data. The IOS provides a function similar to that provided by Microsoft Windows XP or Linux: it controls and manages the hardware on which it is running. PC-A Acquires Addressing Information Advantages of the IOS: Features Connectivity Scalability PC-A is a source 192.168.254.100 sending to PC-B, or Destination 64.233.189.168. Reliability Security Advantages of the IOS: PC-B or Destination Acknowledges PC-A or the Source Features - The IOS includes a wide array of features for protocols and functions that provide connectivity, scalability, reliability, and security solutions for networks of any size. Connectivity - The IOS supports a variety of data link layer technologies for LAN and WAN environments, including copper and fiber wiring as well as wireless support. Scalability - The IOS supports both fixed and modular chassis platforms, enabling you to purchase the appropriate hardware to meet your needs, yet still allowing you to leverage the same IOS CLI to reduce management costs. Reliability - To ensure that your critical resources are always reachable, Cisco has developed many products and IOS features to provide chassis and network redundancy. Security - With the IOS, you can strictly control access to your network and networking devices in accordance with your internal security policies. Router and Switch Connectors Cisco’s routers and switches support two types of external connections: Ports (referred to as lines): o Physical port o Console (con) port o Auxiliary (aux) port 16 NETWORKING 2 - MIDTERMS Interfaces: o Out-of-band CLI Access Modes o In-band User EXEC Mode o Provides basic access to the IOS with limited command availability (primarily for simple monitoring and troubleshooting commands). o Command prompt: IOS> Privilege EXEC Mode o Provides high-level management access to the IOS, including all commands available at User EXEC mode. Console Connection o Command prompt: IOS> enable → IOS# The console port is used to establish an out-of-band connection in order to access the CLI to manage your Cisco User EXEC Mode device locally. Once you have placed a basic configuration on your Cisco device (assigning it IP addressing information, for instance), you can then come in via one of its interfaces to manage your product inband. Some methods of in-band management include telnet, a web browser, Simple Network Management Protocol (SNMP), and CiscoWorks and Cisco Managed Services Solutions. Console Connector User Mode is the Read Only Mode, allowing the user to view certain configurations of a Cisco device. Assuming that your Cisco device has an RJ-45 console port, Changes to the Cisco device cannot be made or saved in you will need to use two components to manage your User Mode. Cisco device from your PC: ▪ An RJ-45 rollover cable ▪ An RJ-45–to–DB-9 or RJ-45–to–DB-25 terminal adapter: Privilege EXEC Mode determined by the number of pins that your COM port has on your PC If your router has a DB-25 console port, you’ll also need a DB-25–to–RJ-45 modem adapter, which is plugged into the console port of the router. Console Connector RJ-45 rollover cable Privilege Mode is the Read/Write Mode, allowing the user to perform certain actions on a Cisco device. In Privilege Mode, the user can save or delete a Cisco device’s configuration. Settings such as buffer size or clock configuration can be adjusted, but the device cannot be fully configured. RJ45 Network Cable Serial Cable Rj45 to DB9 and RS232 to USB (2 in 1) CAT5 Ethernet Adapter LAN Console Cable 17 NETWORKING 2 - MIDTERMS To leave a Subconfiguration mode and return to Global Configuration mode, use the exit command: WEEK 8: CISCO IOS SOFTWARE PART 2 Basic IOS Configuration Accessing Configuration Mode All system/operating changes in the IOS must occur within Configuration mode. To access this mode, you must first be at Privilege EXEC mode and use this command: Subconfiguration mode and type in a Global Configuration mode Device Identification command. The Cisco Discovery Protocol (CDP) uses this device name. On both routers and switches, the hostname command is used to change the name of the device. Basic IOS Security Configuration Login Banners The banner motd command is used to create the login banner: Here is an example of setting up a login banner: Basic IOS Configuration To undo changes or negate a command on an IOS device, you can Basic IOS Security Configuration precede the command with the no parameter. As an example, to change the hostname back to the factory default, use this command: A banner doesn’t have to span multiple lines, but it can be placed on a single line, as in this example: Subconfiguration Modes Besides the MOTD banner, other types of banners can be created. The MOTD banner is displayed before the login process occurs. 18 NETWORKING 2 - MIDTERMS Basic IOS Security Configuration Passwords The most common way of restricting physical access to IOS devices is to use some type of user authentication. User EXEC Password Protection Controlling access to User EXEC mode on an IOS device is accomplished on a line-by-line basis: console, auxiliary, TTYs, and VTYs. To secure the console port, you must first go into the console’s Line Subconfiguration mode with the line console 0 command to configure the line password: Privilege EXEC Password Protection Two configuration options are shown here: Password Encryption Passwords that are not encrypted can be encrypted using the service password-encryption Global Configuration mode command.

Use Quizgecko on...
Browser
Browser