Download - Network device management
www.professordkinney.com
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Lessons Summary:Configuring Network Devices Enterprise Network Security Managing Cisco Devices Some Bonus Cheat Sheets
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Configuring Network Devices ISR (Integrated Services Router combines routing,
LAN switching, security, voice, & WAN connectivity features.
Ideal for small to medium-sized businesses & ISP managed customers.
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Cisco IOS – offered in modules called imagesIP Base image: entry-level Cisco IOSImages are specific to models of devices
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
CISCO IOS Image: Types of ImagesTwo main types of image your router may use:
System image - complete Cisco IOS software. This image is loaded when your router boots and is used most of the time.
On most platforms, the image is located in Flash memory.
Boot image - A subset of the Cisco IOS software. This image is used to perform network booting or to load Cisco IOS images onto the router. This image is also used if the router cannot find a valid system image. Depending on your platform, this image may be called xboot image, rxboot image, bootstrap image, or boot loader/helper image.
On some platforms, the boot image is contained in ROM. In others, the boot image can be stored in Flash memory. On these platforms, you can specify which image should be used as the boot image using the boot bootldr global configuration command. Refer to your hardware documentation for information about the boot image used on your router.
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Image Naming ConventionYou can identify the platform, features and
image location by the image name.Naming convention is: platform – features –
typeExample: c2600-js-l_121-3.bin
• c2600 - hardware platform• js - features set (enterprise)• l - file format (relocatable, not compressed)
• 121-3 - version & release # (version 12.1 release 3)
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Platform – variable platform that can use imageFor example c1700, c2600, c7000
Features –feature sets supported by image.Type – can contain following characters
• f—The image runs from Flash memory.
• m—The image runs from RAM. • r—The image runs from ROM. • l—The image is relocatable. • z—The image is zip compressed. • x—The image is mzip compressed.
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Tools and equipment required for setup:
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Three-stage bootup process:Power-on self test (POST)Locate and load Cisco IOS Locate startup configuration file or enter
setup mode
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
POST (Power On Self Test) – test hardwareAfter POST, the bootstrap program is loadedBootstrap locates IOS and loads it into RAM
– IOS can be located – flash memory, TFTP server, or another location
– By default, IOS loads from flashAfter IOS is loaded, bootstrap locates startup
configuration file in NVRAM (non-volatile random access memory)
Startup configuration – when loaded into RAM (working memory), it become the “running” configuration.
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Loading Cisco IOS
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Show version command outputRouter>show version
• IOS version• Bootstrap program stored in ROM• Complete filename of IOS• Type of CPU; amount of RAM• Number & type of interfaces• Amount of NVRAM (used to store startup
config)• Amount of Flash (used to store IOS• Configuration register in hex
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Configuration registerDefault setting – 0x2102 (remember
this?)– Loads IOS from flash – Loads startup-config from NVRAM
Most common settings• 0x2142 –ignores contents of NVRAM/configuration
• 0x2120 – The router into ROMmon mode
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Initial ISR Router ConfigurationVerifying and troubleshooting bootup process:View output from the show version commandUse dir flash: and boot flash: in ROMmon modeView boot system commands [see miage below on next
slide]
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Out-of-band management for initial configurationIn-band management over a network connection
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Command Line Interface (CLI): text-based program
Can be used in both in-band or out-of-band
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
SDM Security Device Manager (SDM): web-based
GUIIn-Band onlySDM Express (Basic) or Full package (Advanced
configuration)Comes preinstalled in flash
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
CLI vs. SDM
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Using Cisco SDM Express and SDMFollow best practices for installing a new device to
ensure correct functions
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Eight SDM Express configuration screens:• Overview• Basic configuration• LAN IP address• DHCP• Internet (WAN)• Firewall• Security settings• Summary
Use Basic NAT Wizard to configure dynamic NAT with PAT
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Use Cisco IOS CLI to perform an initial router configuration
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Configure serial and Ethernet interfaces on a router
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
(DTE) Data Terminal Equipment endpoint of user’s device on the WAN link; Cisco routers
(DCE) Data Communications Equipment; provides clock rate; modem; converts data from router to acceptable format to cross the WAN
If back-to-back router scenario, one of the routers will be DCE and one DTE.
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Configure a default route for the Cisco routerDefault route used when router does not
know where to send a packet. IP address of next-hop router
Or
port number
Configure a Cisco router to function as a DHCP server
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Configure static NAT on a Cisco router to enable Internet access for an internal server
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Back up and restore configuration files using a TFTP server
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Capture and save configuration file output from a terminal session
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device ManagementCustomer Premise Equipment (CPE) – network devices
installed at customer location.Configuration checklists ensure that all configuration
requirements are met
Use inventory and configuration checklists and an installation plan to ensure successful installation
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Types of customer connections over a WAN:Point-to-point: often called leased lines; typically
most expensive; price based on bandwidth & distance between 2 points
Circuit-switched – similar to a phone call made over a phone network; example is ISDN or dialup connection; physical circuit reserved from source to destination
Packet-switched – each customer has a virtual circuit; example is Frame Relay
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Customer Connections over WANBandwidth and cost influence WAN choices
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Connecting the CPE to the ISP Clock rate and serial encapsulation are needed when configuring
serial WAN connections– Clock rate is set by DCE– DTE accepts clock rate
Leased WAN connections use serial connection & require Channel Service Unit/Data Service Unit (CSU/DSU
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Initial Cisco 2960 Switch Configuration Fixed-configuration, standalone devices – does not use modules or
flash card slots. Physical configuration can’t be changed. Layer 2 device that directs stream of message coming in from one
port, our of another based on destination MAC address.Configured using GUI or CLI
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Cisco 2960 switchComes preconfiguredNeeds to be assigned basic security infoBasic commands (ex: hostname, passwords)
sames as ISR switch.Configure management IP addressOne virtual local area network, VLAN 1 is
preconfigured to provide access to management functions.
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device ManagementSwitch settings can be configured using
the Cisco IOS CLIAssign an IP address to the default
management virtual local area network, VLAN1
Check switch componentsConnect cables to the switchPower up the switch and observe POST
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Connect the stand-alone LAN switch to the router and verify connectivity
Configure port security to prevent unauthorized use
Shut down unused ports
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Switch port securityPort security limits the # of MAC addresses
allowed per port.Set port to access mode using switchport mode
access command3 ways to configure port security:Static – MAC addresses are manually assigned
using switchport port-security mac-address [mac-address] interface config command.
S1# configure terminalS1(config-if)#interface fastethernet 0/20 S1(config-if)#switchport mode access S1(config-if)#switchport port-security mac-address 1000.2000.3000 S1(config-if)#end
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Dynamic MAC addresses are dynamically learned & stored in address table
# of addresses stored can be controlled; default is one address.
If port is shut down or switch is restarted, address learned are cleared from the table
S1# configure terminal S1(config-if)#interface fastethernet 0/20 S1(config-if)#switchport mode access S1(config-if)#switchport port-security S1(config-if)#end
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Sticky – similar to dynamicAddresses learned are saved to the running-config
S1# configure terminal S1(config-if)#interface fastethernet 0/20 S1(config-if)#switchport mode access S1(config-if)#switchport port-security S1(config-if)#switchport port-security
maximum 50 S1(config-if)#switchport port-security
mac-address sticky S1(config-if)#end
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Cisco Discovery Protocol (CDP) gathers information about directly-connected Cisco network devices
Two Cisco devices directly connected on the same local network are called neighbors
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Describe the most common security threats and how they impact enterprises
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Common Attacks
Describe the common mitigation techniques that enterprises use to protect themselves against threats
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Explain the concept of the Network Security Wheel
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Explain the goals of a comprehensive security policy in an organization
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Explain why the security of routers and their configuration settings is vital to network operation
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Describe the recommended approach to applying Cisco IOS security features on network routers
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management
Lessons Learned:Cisco Device Management.Enterprise SecuritySome bonus Sheets and Tables
04/10/23Instructional Design-Computer Networking - Bridges Educational Group
Network Device Management