Cisco Discovery 3 Module 2 Picture Descriptions 2.0 ? Chapter Introduction 2.0.1 - Introduction Five Slides Slide 1, Image Slide text ?Enterprise networks contain hundreds of sites and support thousands of users worldwide. A well-managed network allows users to work reliably?, is posted at the bottom of this slide. Slide 2, Image Slide text ?Network documentation is crucial for maintaining the required 99.999% uptime?, is posted at the bottom of these slide. Slide 3, Image Slide text ? All Internet traffic flows through the enterprise edge making security considerations necessary?, is posted at the bottom of this slide. Slide 4, Image Slide text ?Routers and switches provide connectivity, security and redundancy while controlling broadcasts and failure domains?, is posted at the bottom of this slide. Slide Marker 5, Image Slide text The objectives for this module are listed below: - Interpret network documentation - Describe the equipment located In the Network Operations Centre - - Identify security considerations and equipment situated at the Enterprise Edge - Identify router and switch hardware characteristics and use router configuration and verification commands. 2.1 - Describing the Current Network 2.1.1 - Enterprise Network Documentation Four Diagrams Diagram 1, Image The image shows the difference between what is a physical topology and a logical topology. The physical topology is a map of actual devices such as PCs, admin hubs, switches, file, web and mail servers, as well as routers and any other physical devices in the network. It shows the way these devices are physically connected to one another. The logical topology is more concerned with the grouping of these devices in regard to their addressing and security. Diagram 2, Image Close up of a person designing a network with pencil and paper. Diagram 3, Image Shows a filing cabinet with four draws labeled BCP, BSP, NMP and SLA. Business Continuity Plan - Ensures business operations by defining procedures that must take place in the event of a disaster. IT support may include: Offsite storage of backup data Alternate IT processing centers Redundant communication links Business Security Plan ? Prevents unauthorized access to organizational resources and assets by defining security policies. The IT security plan can contain policies related to: User authentication Permissible software Remote access Intrusion monitoring Incident handling Network Maintenance Plan -Minimizes downtime by defining hardware and software maintenance procedures. The maintenance plan can contain: Maintenance windows Scheduled downtime Staff on-call responsibility Equipment and software to be maintained - (OS, IOS, services) Network performance monitoring Service Level Agreements ? Ensures service parameters by defining required service provider level of performance. An SLA can include: Connection speeds / bandwidth Network uptime Network performance monitoring Problem resolution response time On-call responsibilities Diagram 4, Activity Activity Identify the network documentation where the information would most likely be found. Legend: A: BCP = Business Continuity Plan B: BSP = Business Security Plan C: NMP = Network Maintenance Plan D: SLA = Service Level Agreements Redundant communication links OS and IOS upgrade ISP connection bandwidth Local network scheduled downtime Offsite storage of backup data User authentication Service provider problem response time Intrusion monitoring 2.1.2 - Network Operations Center (NOC) Four Diagrams Diagram 1, Image Image of a network operation centre surrounded by small images with the following heading: Network monitor (man monitoring network) Backup systems Power conditioning (UPS) Environment Controls Raise Floors Fire Suppression Switches Router Data Storage Server Diagram 2, Image Two pictures one of a Server Farm showing a rack of servers and the other Network Attached Storage (NAS) showing a rack of networks storage. Diagram 3, Image Picture showing a rack of equipment defining the depth of a 1 RU rack mountable component and the depths of a 2 RU rack mountable component. Diagram 4, Image Picture of a bundle of network cabling on a switch or patch panel which depicts how cabling should look which is neat, untangled and clearly labelled. 2.1.3 - Telecommunication Room Design and Considerations Four Diagrams Diagram 1, Image Image is of a network technician undertaking an audit on a rack of equipment. Diagram 2, Image The image shows a Main Distribution Facility (MDF) connected in an extended star topology via Fiber-optic or UTP Cable to an number of IDF units in Building A and by Fiber-optic cable two other IDF units is Building B and Building C MDF POP Routers Gigabit switches Gigabit links to IDFs Servers Disk Storage IDF Fast Ethernet switches G igabit link to MDF Wireless APs Diagram 3, Image Telecommunications Room Image shows a Power over Ethernet (PoE) switch distributing PoE to several devices such as: Access Point IP Based Camera IP Phone Diagram 4, Activity State whether the location described is suitable for a MDF or IDFs and identify appropriate cables to connect them. Switch at centre of a star topology (Is it MDF, IDF, Fiber Cable or UTP). One of the arms coming from the centre switch of the star topology connecting to another switch in the same building (Is it MDF, IDF, Fiber Cable or UTP). Another arms coming from the centre switch of the star topology connecting to another switch in the same building (Is it MDF, IDF, Fiber Cable or UTP). A switch at the end of the star topology in the same building as the centre switch (Is it MDF, IDF, Fiber Cable or UTP). Another switch at the end of the star topology in the same building as the centre switch (Is it MDF, IDF, Fiber Cable or UTP). A cable connecting the centre switch of the star topology to a switch in another building (Is it MDF, IDF, Fiber Cable or UTP). Another cable connecting the centre switch of the star topology to a switch in another building (Is it MDF, IDF, Fiber Cable or UTP). A switch at the end of a cable in a separate building to the centre switch (Is it MDF, IDF, Fiber Cable or UTP). Another switch at the end of a cable in a separate building to the centre switch (Is it MDF, IDF, Fiber Cable or UTP). 2.2 - Supporting the Enterprise Edge 2.2.1 - Service Delivery at the Point-of-Presence One Diagram Diagram 1, Image Service Delivery at the Point-of-Presence The picture depicts a WAN, there are four schools (School A, B, C, D,) and a Main Office. All pop points of the schools and Main Office are connected via T1 link to the central WAN link. The main office is connected to a PSTN and the Internet via T1 link. All of the schools connect to the Internet via the Main Office. 2.2.2 - Security Considerations at the Enterprise Edge One Diagram Diagram 1, Image Security Considerations of the Enterprise Edge The picture depicts a network of four buildings (HQ (the Edge), Site A, Site B, Site C) and identifies the outside attacks which the network is exposed to. These attacks include FW, IDS, ACL, DM2, VPN, IPS attacks. 2.2.3 ? Connecting the Enterprise Network to External Services Two Diagrams Diagram 1, Image Connecting the Enterprise Network to External Services The picture depicts a Connection from an ISP to a Host. There is One Host (H1), H1 is connected to an Internal Switch (MDF/IDF). The Internal Switch is connected to an Internal Router. The Internal Router is connected to a DMZ Switch, which is connected to a DMZ Router/firewall. The DMZ router is connected to a CSU/DSU, The CSU/DSU is connected to Punchdown Block (Demarc See caption below). The Punchdown Block is connected to the ISP?s Web Server via T1 Circuit There is a caption which says ?The point of demarcation can vary depending on the SLA with the service provider?. Diagram 2, Activity Connecting the Enterprise Network to External Services Order the components needed to connect a service from the edge to the Internal Network. 1. Components 2. DMZ Switch 3. Punchdown block 4. Internal Switch 5. DMZ Router 6. T1 circuit 7. CSU/DSU 8. Internal Router 2.3 ? Reviewing Routing and Switching 2.3.1 - Router Hardware 3 Diagrams Diagram 1, Image The diagram depicts for boxes each housing a different network topology configuration. The four boxes are labeled Broadcast Containment, Security, Locations and Logical Grouping. The first box named, ?Broadcast Containment? contains the following information, ? Routers in the Distribution Layer limit broadcasts to the local network where they need to be heard. Although broadcasts are necessary, too many hosts connected on the same local network generate excessive broadcast traffic and slow down the network.? The physical topology of the Broadcast Containment box is as follows, one distribution router connected to two switches that have four computers directly connected to each switch. The security box has a distribution router and two switches directly connected. Connected to these two switches are four computers per switch. The Information available in the Security information box is as follows, ? Routers in the Distribution Layer separate and protect certain groups of computers where confidential information resides. Routers also hide the addresses of internal computers from the outside world to help prevent attacks, and control who gets into or out of the local network.? The Location box has two sites named A and B each housing a small corporate network. The routers in both these sites have been linked by a virtual link to indicate communication between them. The information available in the Security box is as follows,? Routers in the Distribution Layer can interconnect local networks at various locations of an organization some of which maybe geographically separated.? The Logical grouping box has two logical blocks each having a dedicated network. The individual networks have been named the, ?Accounting? and ?Engineering? blocks and they are connected to a distribution router. The router is directly connected to two switches, one switch for each location. Directly connected to each switch is four computers and the Logical Grouping box has the information stated below referenced, ?Routers in the Distribution Layer logically group users, such as departments within a company, who have common needs or require access to the same resources.? Diagram 2, Image The diagram depicts the different types of Cisco networking hardware and at which enterprise level the device is aimed at. The Cisco networking devices are listed below along with its market group. 800 Series hardware and Linksys ? Small Office, Tele-worker 1800,2800,3800 Series ? Branch Offices and Small to Medium sized businesses 7600 Series, Catalyst 6500 Series, 7200 Series ? Head Office, WAN aggregation Diagram 3, Image The diagram depicts two different types of connection for configuration. 1: Out-of-Band Configuration. The physical topology of this scenario is as follows, a host connecting to a client through the console port of a router or the router AUX port connected to a modem through the PSTN network to modem and client computer. 2: In-Band Router Configuration. The connection is accomplished via the Ethernet interface on the router connected to a PC. The second part to this image depicts a routers connected via an IP network. 2.3.2 - Basic Router CLI show Commands Three Diagrams Diagram 1, Table The diagram depicts a table of the commonly used ?Show? command for router information display. The table has the headings, Command, Abbreviation and Purpose/Information Displayed listed below from left to right. Command Abbreviation GENERAL USE Show running-config sh run Show startup-config sh star Show version sh ve ROUTING RELATED Show ip protocols sh ip pro Show ip route sh ip ro INTERFACE RELATED Show interfaces (type#) sh int f0/0 Show ip interface brief sh ip int br Show protocols sh prot CONNECTIVITY RELATED Show cdp neighbors detail sh cdp ne Show sessions sh ses Show ssh sh ssh Ping (IP or Hostname) P Traceroute (IP or host) Tr COMMAND PURPOSE/INFORMATION DISPLAYED Show running config Displays current config running in RAM. Includes hostname, passwords, interface IP addresses, routing protocol activated, DHCP and NAT configuration. Must be issued in EXEC mode. Show startup-config Displays backup config in NVRAM. May be different if running config has not been copied to backup. Must be issued in EXEC mode. Show version Displays IOS version, ROM version, router uptime system image file name, boot method, number and type of interfaces installed, amount of RAM, NVRAM and flash. Config register Show ip protocols Displays information for routing protocols configured including timer settings, version numbers, update intervals, active interfaces and networks advertised. Show IP route Displays routing table information including: routing code, networks known, admin distance and metric, how they were learned, last update next hop, interface learned via, and any static routes(including default) routes configured. Show interfaces(type #) Displays one or all interfaces with line (protocol) status, bandwidth, delay, reliability, encapsulation, duplex and I/O statistics. Show ip interfaces brief Displays all interfaces with IP address with interface status (up/down/admin down) and line protocol status (up/down) Show cdp neighbors Displays information on directly connected devices including Device ID(hostname). Local interface where device is connected, capability(R=router), S=switch), platform (eg.2620XM) and port ID or remote device. The details option provides the IP address of the other device as well as the IOS version. Show sessions Displays telnet sessions (VTY) with remote hosts. Displays session number, host name and address. Show ssh Displays ssh server connections with remote hosts. Ping (nost name or IP) Sends 5 ICMP echo requests to an IP address or host name (if DNS is available) and displays min and max and avg time to respond. Trace-route (host or IP) Sends echo request with varying TTL. Lists routes (hops) in path and time to respond. Diagram 2, Image The diagram depicts the show commands the outputs to the screen when the command is issued. The physical topology has H1 client connected to the switch S1 and the network address of 192.168.1.0/24. Also directly connected to switch S1 is Router R1 and its Fast Ethernet port Fa0/0 is in use for this network. The routers serial port S0/0 is in use and has the DCE clock rate configured. A serial link has been established between R1 and R2 router and R2?s serial port S0/0/0 is in use. Router R2?s Fast Ethernet port Fa0/0 is directly connected to the H2 client and the network address for this network is 192.168.3.0/24. The commands used to show router configuration information are listed below along with there associated outputs. ***show running - config*** Building configuration... Current configuration : 422 bytes version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Router ip subnet-zero interface FastEthernet0 no ip address shutdown speed auto interface Serial0 no ip address shutdown no fair-queue interface Serial1 no ip address shutdown ip classless no ip http server line con 0 line aux 0 line vty 0 4 no scheduler allocate end Router# ***show startup-config*** Using 831 out of 245752 bytes version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname Router boot-start-marker boot-end-marker enable secret 5 $1$jX.P$R5n.pyoUSgEgZgJz9otjd1 enable password cisco no aaa new-model resource policy ip subnet-zero ip cef interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 duplex auto speed auto interface FastEthernet0/1 no ip address shutdown duplex auto speed auto interface Serial0/0/0 ip address 192.168.15.2 255.255.255.252 no fair-queue clock rate 64000 interface Serial0/0/1 no ip address shutdown clock rate 125000 ip classless ip http server control-plane line con 0 password cisco login line aux 0 line vty 0 4 password cisco login scheduler allocate 20000 1000 end ***show version*** Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLYDEPLOYMENT RELEASE SOFTWARE (fc1) Synched to technology version 12.2(6.8)T2 TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Fri 15-Mar-02 20:32 by ealyon Image text-base: 0x80008124, data-base: 0x807D8744 ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1) ROM: C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by power-on System image file is "flash:C1700-Y-MZ.122-4.YB.bin" cisco 1721 (MPC860P) processor (revision 0x100) with 29492K/3276K bytes of memory. Processor board ID FOC070701ZH (2882989793), with hardware revision 0000 MPC860P processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 ***show ip protocols*** Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.15.2 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 192.168.0.0 0.0.0.255 area 0 192.168.15.0 0.0.0.3 area 0 Routing Information Sources: Gateway Distance Last Update 192.168.15.1 110 00:42:45 Distance: (default is 110) ***show ip route*** Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set ***show interfaces*** FastEthernet0 is administratively down, line protocol is down Hardware is PQUICC_FEC, address is 000b.be96.3445 (bia 000b.be96.3445) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 252/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, 10Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:07:54, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 11 packets output, 2334 bytes, 0 underruns 11 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 11 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Serial0 is administratively down, line protocol is down Hardware is PowerQUICC Serial MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters 00:07:57 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=down DSR=down DTR=down RTS=down CTS=down Serial1 is administratively down, line protocol is down Hardware is PowerQUICC Serial MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/32 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 96 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=down DSR=down DTR=down RTS=down CTS=down Router# ***show ip interfaces*** FastEthernet0 is administratively down, line protocol is down Internet protocol processing disabled Serial0 is administratively down, line protocol is down Internet protocol processing disabled Serial1 is administratively down, line protocol is down Internet protocol processing disabled ***show protocols*** Global values: Internet Protocol routing is enabled FastEthernet0 is administratively down, line protocol is down Serial0 is administratively down, line protocol is down Serial1 is administratively down, line protocol is down Router# ***show cdp neighbors*** Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID Router# Diagram 3, Activity The diagram depicts an activity in which you have to match the command with the statement that best describes it. Commands 1. show sessions 2. show startup-config 3. show ip interface brief 4. show interfaces s0/0/0 5. show protocols 6. show ip route 7. show ip protocols 8. show running-config 9. show cdp neighbors details 10. show version Scenario / Information Needed A: You suspect there is a problem with the current router configuration and want to see the backup configuration to compare it. B: You are on a call the Cisco tech support and you need to tell them the name of the router IOS system image file. You also need to know the amount of RAM, NVRAM and flash in the router. C: You are running RIP routing protocols and need to know the timer settings, update intervals and what active interfaces and networks are currently being advertised. D: Your users cannot get to a particular network. You need to know if the router has a route to that network and how it was learned. E: You suspect there is a problem with a serial interface on the router. You want to see the bandwidth, encapsulation and I/O statistics. F: You need to get a quick list of interfaces on the router with their IP addresses and status. You do not need to see the subnet mask. G: You think the serial interface of the router at a remote site has incorrectly configured IP address. You want to find out the model number of the router, the IOS version the router is running and the IP address of the remote interface. H: You have used telnet to connect to several different routers and wish to see what connections you have open. 2.3.3 ? Basic Router Configuration Using CLI 2 Diagrams Diagram 1, Image The diagram depicts the general commands entered to configure the router. The commands are listed below as they would be entered into the CLI. Configuration Router> enable Router# configure terminal Router(config)# hostname R1 R1(config)# banner motd %Unauthorised access prohibited% R1(config)# enable password cisco R1(config)# enable secret class R1(config)# line con 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# interface fastethernet 0/0 R1(config-if)# ip address 192.168.1.1 255.255.255.0 R1(config-if)# no shutdown R1(config-if)# interface serial 0/0/0 R1(config-if)# ip address 192.168.2.1 255.255.255.0 R1(config-if)# clockrate 64000 R1(config-if)# no shutdown R1(config-if)# description WAN link to R2 R1(config-if)# encapsulation ppp R1(config-if)# router rip R1(config-router)# version 2 R1(config-router)# network 192.168.1.0 R1(config-router)# network 192.168.2.0 R1(config-router)# exit R1(config)# ip route 0.0.0.0 0.0.0.0 192.168.2.2 R1(config)# end R1# Aug 9 16:09:25.423: %SYS-5-CONFIG_I: Configured by console from console R1# copy running-config startup-config Destination filename [startup-config]? Building configuration?. [OK] R1# The command show running-config is entered and the output is as follows: R1# show running-config (Note: Some output is omitted) Building configuration? Current configuration: 1177 bytes Version 12.4 Hostname R1 Enable secret 5 $drgadgr$dfjladflkj$dfsdfsdfsdf/vsdfgd Enable password cisco Interface fastethernet0/0 Ip address 192.168.1.1 255.255.255.0 Duplex auto Speed auto Interface serial0/0/0 Description WAN link to R2 Ip address 192.168.2.1 255.255.255.0 Encapsulation ppp Router rip Version 2 Network 192.168.1.0 Network 182.168.2.0 Ip route 0.0.0.0 0.0.0.0 192.168.2.2 Banner motd %Unauthorised access prohibited% Line con 0 Password cisco login line aux 0 Line vty 0 4 Password cisco Login Diagram 2, Packet Tracer Exercise 2.3.4 ? Switch Hardware 2 Diagrams Diagram 1, Image The diagram depicts a graph plotting the Hierarchical Design Model against Organization Size Density. Listed below is the Organization Size and the switching devices at each level. Also listed at each organization size density is the Hierarchical Design model reference. Small Business ? Wiring Closet Devices ? Catalyst Express 500, Catalyst 2960 Medium Sized ? Wiring Closet Devices ? Catalyst 3560, Catalyst 3560-E, Catalyst 3750, Catalyst 3750=E Large Sized ? Wiring Closet Devices ? Catalyst 4500, Catalyst 6500 Small Business ? Data Center Access Devices ? Blade switches Medium Sized Business ? Data Center Access Devices ? Catalyst 4948 Medium Sized Business ? Data Center Access Devices ? Catalst 6500 Small to Medium Sized - Distribution Core Devices ? Catalyst 4500 Large Organization ? Distribution Core Devices ? Catalyst 6500 Diagram 2, Image The diagram depicts a switch. The switch is a 48 port managed device with ports being able to operate at speeds of 10/100/1000 Mbps. There is also two 10Gbps Fiber Optic ports used as uplinks to other local network segments. 2.3.5 ? Basic Switch Commands 5 Diagrams Diagram 1, Table The diagram depicts the basic switch commands. These are listed below: Command Abbreviation GENERAL USE Show running-config sh run Show startup-config sh star Show version sh ve INTERFACE RELATED Show interfaces (type#) sh int f0/0 Show ip interface brief sh ip int br Show port-security sh por Show mac-address-table sh mac-a CONNECTIVITY RELATED Show cdp neighbors detail sh cdp ne Show sessions sh ses Show ssh sh ssh Ping (IP or Hostname) P Traceroute (IP or host) Tr COMMAND PURPOSE/INFORMATION DISPLAYED Show running config Displays current config running in RAM. Includes hostname, passwords, interface IP addresses, routing protocol activated, DHCP and NAT configuration. Must be issued in EXEC mode. Show startup-config Displays backup config in NVRAM. May be different if running config has not been copied to backup. Must be issued in EXEC mode. Show version Displays IOS version, ROM version, router uptime system image file name, boot method, number and type of interfaces installed, amount of RAM, NVRAM and flash. Config register Show interfaces(type #) Displays one or all interfaces with line (protocol) status, bandwidth, delay, reliability, encapsulation, duplex and I/O statistics. Show ip interfaces brief Displays all interfaces with IP address with interface status (up/down/admin down) and line protocol status (up/down) Show port-security Show any ports where security has been activated along with max address allowed, current count, security violation count and action to take. (usually shutdown) Show mac-address-table Displays all mac addresses the switch has learned, how learned (dynamic or static) the port number and the VLAN the port is in. Show cdp neighbors Displays information on directly connected devices including Device ID(hostname). Local interface where device is connected, capability(R=router), S=switch), platform (eg.2620XM) and port ID or remote device. The details option provides the IP address of the other device as well as the IOS version. Show sessions Displays telnet sessions (VTY) with remote hosts. Displays session number, host name and address. Show ssh Displays ssh server connections with remote hosts Ping (nost name or IP) Sends 5 ICMP echo requests to an IP address or host name (if DNS is available) and displays min and max and avg time to respond. Trace-route (host or IP) Sends echo request with varying TTL. Lists routes (hops) in path and time to respond. Diagram 2, Image The diagram depicts the show commands the outputs to the screen when the command is issued. The physical topology has H1 client connected to the switch S1 and the network address of 192.168.1.0/24. Also directly connected to switch S1 is Router R1 and its Fast Ethernet port Fa0/0 is in use for this network. The routers serial port S0/0 is in use and has the DCE clock rate configured. A serial link has been established between R1 and R2 router and R2?s serial port S0/0/0 is in use. Router R2?s Fast Ethernet port Fa0/0 is directly connected to the H2 client and the network address for this network is 192.168.3.0/24. The commands used to show router configuration information are listed below along with there associated outputs. ***show running - config*** Building configuration... Current configuration : 422 bytes version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Router ip subnet-zero interface FastEthernet0 no ip address shutdown speed auto interface Serial0 no ip address shutdown no fair-queue interface Serial1 no ip address shutdown ip classless no ip http server line con 0 line aux 0 line vty 0 4 no scheduler allocate end Router# ***show startup-config*** Using 831 out of 245752 bytes version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname Router boot-start-marker boot-end-marker enable secret 5 $1$jX.P$R5n.pyoUSgEgZgJz9otjd1 enable password cisco no aaa new-model resource policy ip subnet-zero ip cef interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 duplex auto speed auto interface FastEthernet0/1 no ip address shutdown duplex auto speed auto interface Serial0/0/0 ip address 192.168.15.2 255.255.255.252 no fair-queue clock rate 64000 interface Serial0/0/1 no ip address shutdown clock rate 125000 ip classless ip http server control-plane line con 0 password cisco login line aux 0 line vty 0 4 password cisco login scheduler allocate 20000 1000 end ***show version*** Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLYDEPLOYMENT RELEASE SOFTWARE (fc1) Synched to technology version 12.2(6.8)T2 TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Fri 15-Mar-02 20:32 by ealyon Image text-base: 0x80008124, data-base: 0x807D8744 ROM: System Bootstrap, Version 12.2(7r)XM1, RELEASE SOFTWARE (fc1) ROM: C1700 Software (C1700-Y-M), Version 12.2(4)YB, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by power-on System image file is "flash:C1700-Y-MZ.122-4.YB.bin" cisco 1721 (MPC860P) processor (revision 0x100) with 29492K/3276K bytes of memory. Processor board ID FOC070701ZH (2882989793), with hardware revision 0000 MPC860P processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. 1 FastEthernet/IEEE 802.3 interface(s) 2 Low-speed serial(sync/async) network interface(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Gateway of last resort is not set ***show interfaces*** FastEthernet0 is administratively down, line protocol is down Hardware is PQUICC_FEC, address is 000b.be96.3445 (bia 000b.be96.3445) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 252/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Auto-duplex, 10Mb/s, 100BaseTX/FX ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:07:54, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog 0 input packets with dribble condition detected 11 packets output, 2334 bytes, 0 underruns 11 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 11 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Serial0 is administratively down, line protocol is down Hardware is PowerQUICC Serial MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters 00:07:57 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=down DSR=down DTR=down RTS=down CTS=down Serial1 is administratively down, line protocol is down Hardware is PowerQUICC Serial MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/0/32 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 96 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=down DSR=down DTR=down RTS=down CTS=down Router# ***show port-security*** S1# show port-security Secure Port Max Secure Address Current Address Security Violation Security Action Total addresses in system(excluding one mac per port) Max addresses limit in system (excluding one mac per port) ***show mac-address-table*** MAC Address Table VLAN MAC Address Type Ports All 0014.6954.2480 Static CPU All 0100.0ccc.cccc Static CPU All 0100.0ccc.cccd Static CPU All 0100.0cdd.dddd Static CPU 1 000b.be02.a841 Dynamic Fa0/1 1 000c.2999.758e Dynamic Fa0/2 1 000c.29c4.9e26 Dynamic Fa0/3 1 000c.29ff.0744 Dynamic Fa0/1 1 0014.6a46.e1c8 Dynamic Fa0/2 1 0014.6a46.e1c9 Dynamic Fa0/3 1 0016.763f.935d Dynamic Fa0/3 Total MAC addresses for this criterion: 11 ***show ip interfaces*** FastEthernet0 is administratively down, line protocol is down Internet protocol processing disabled Serial0 is administratively down, line protocol is down Internet protocol processing disabled Serial1 is administratively down, line protocol is down Internet protocol processing disabled ***show cdp neighbors*** Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID Router# Diagram 3, Image The diagram depicts the basic commands issued from the CLI to the switch in order to configure it for network traffic. The configuration command statements are listed below and the output from the ?show running-config? follow the command configuration statements. ***some output has been omitted*** Switch> enable Switch# configure terminal Enter configuration commands, one per line. Switch(config)# hostname S1 S1(config)#banner motd %Unauthorised access prohibited% S1(config)# enable password cisco S1(config)# enable secret class S1(config)#line con 0 S1(config-line)#password cisco S1(config-line)# login S1(config-line)# line vty 0 4 S1(config0line)#password cisco S1(config-line)# login S1(config-line)# interface vlan 1 S1(config-if)# ip address 192.168.1.5 255.255.225.0 S1(config-if)# no shutdown S1(config-if)# ip default-gateway 192.168.1.1 S1(config)# interface f0/2 S1(config-if)# switchport mode access S1(config-if)# switchport port-security S1(config-if)# interface f0/3 S1(config-if)# speed 10 S1(config-if)# duplex half S1(config)# end Configured from console by console S1# S1# copy running-config startup-config Destination filenane [startup-config]? Building configuration?. [ok] S1# The command ?show running-config? is typed and output of this command is listed below: ***some output is omitted*** no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption hostname Switch ip subnet-zero spanning-tree extend system-id! interface FastEthernet0/1 no ip address interface FastEthernet0/2 no ip address! interface FastEthernet0/3 no ip address interface FastEthernet0/4 no ip address interface FastEthernet0/5 no ip address interface FastEthernet0/6 no ip address interface FastEthernet0/7 no ip address interface FastEthernet0/8 no ip address interface FastEthernet0/9 no ip address interface FastEthernet0/10 no ip address interface FastEthernet0/11 no ip address interface FastEthernet0/12 no ip address interface FastEthernet0/13 no ip address interface FastEthernet0/14 no ip address interface FastEthernet0/15 no ip address interface FastEthernet0/16 no ip address interface FastEthernet0/17 no ip address interface FastEthernet0/18 no ip address interface FastEthernet0/19 no ip address interface FastEthernet0/20 no ip address interface FastEthernet0/21 no ip address interface FastEthernet0/22 no ip address interface FastEthernet0/23 no ip address interface FastEthernet0/24 no ip address interface Vlan1 no ip address no ip route-cache shutdown ip http server line con 0 line vty 5 15 end Switch# Diagram 4, Packet Tracer Activity Diagram 5, Hands-On-Lab 2.4 - Chapter Summary 2.4.1 ? Summary One Diagram Diagram 1, Slideshow Summary Slide 1 Network infrastructure diagrams document devices in a network. Network documentation includes the Business Continuity plan, Business Security plan, Network Maintenance plan, and Service Level Agreements. The enterprise NOC manages and monitors all network resources. End-users connect to the network via access layer switches and wireless APs in the IDF. PoE provides power to devices over the same UTP cable that carries data. The picture identifies a network. Three buildings (BuildingA, BuildingB, BuildingC) Building A is connected to Building B via Fiber-optic cable Building A is connected to Building C via Fiber optic cable Building A has an MDF which is connected to two switches (IDF-A2, IDF-A1) via Fiber-optic or UTP Cable. IDF-A1 has four hosts connected, IDF-A2 has 3 hosts connected. Building B has an IDF(IDF-B1) with three hosts connected Building C has an IDF (IDF-C1) with three hosts connected Slide 2 The enterprise edge provides Internet access and service for users inside the organization. The POP provides a direct link to an ISP and connects remote sites. The POP contains a demarc line of responsibility, between the service provider and customer. Edge devices provide security against attacks. Services are brought to the enterprise by copper wires or fiber-optic cable. The picture depicts a network of four buildings (HQ, SiteA, SiteB, SiteC) and identifies the outside attacks which the network is exposed to. These attacks include FW, IDS, ACL, DM2, VPN, IPS attacks. Slide 3 Access Layer switches provide connectivity to end users. Distribution Layer routers move packets between locations and the Internet. Routers and switches use in-band and out-of-band management. Routers can control broadcasts The picture depicts a 48 port Cisco Gigabit Ethernet Switch, which has had the two 10 Gigabit fiber optic uplink ports removed from the Switch.