Kaigai Blog living abroad in my twenties

Computer Networking Essentials Week 1

Networking

Computer Networking Essentials Week 1

Networking Today

  1. Difference between signal, data, and information:
    • Signal: A signal is a physical or electromagnetic quantity that varies with time, space, or any other independent variable. It is a way to transmit data or information and can exist in various forms such as electrical signals, light signals, sound signals, etc. For example, when you’re speaking on your phone, your voice is converted into electrical signals, which are transmitted over the network to the receiver.
    • Data: Data refers to raw, unprocessed, and uninterpreted facts or statistics collected together for reference, analysis, or computation. These could be any facts, statistics, or details from which information is derived. It’s essentially a series of symbols or quantities that are still in a raw format. For example, a collection of random numbers is data. These data by themselves do not provide much meaning until they are processed or analyzed.
    • Information: Information is data that has been processed or organized in a manner that it is meaningful, valuable, or useful to the person who receives it. It’s the result of processing, gathering, manipulating, and organizing data in a way that adds context, relevance, and purpose. For example, if we take the data of “random numbers” and organize them into a phone number, that phone number becomes information.

    In a broad sense, a signal is the physical means by which data (raw facts and figures) is transformed into information (processed and meaningful data). Let’s take a practical example: consider you are watching a video on your computer. The video file is stored as data (a series of 0s and 1s) on a server. When you click to play, this data is sent over the internet as signals (electromagnetic waves). Your computer receives these signals and decodes them back into data. Then, your video player software processes this data to generate information, i.e., the video that you watch.

  2. Network Diagrams:
    These are visual representations of a network’s architecture. They use symbols (often referred to as ‘nodes’) to represent different devices, such as computers, routers, and servers, and lines to represent the connections between them. Network diagrams can provide a quick overview of how devices are interconnected and how data flows through the network. They can be invaluable for planning, building, and troubleshooting a network. There are many different types of network diagrams, including physical diagrams (which show the physical layout of the devices), logical diagrams (which show how data flows through the network), and others.
  3. Network Interface Card (NIC): A Network Interface Card, or NIC, is a piece of hardware that allows a device to connect to a network. It provides a physical connection to the network and handles the exchange of data. Most modern computers have a NIC built-in. NICs can connect to a network via Ethernet (using an Ethernet cable) or wirelessly (such as Wi-Fi). Each NIC has a unique identifier known as a MAC (Media Access Control) address that identifies the device on the network.
  4. Physical Topology Diagrams:
    Physical topology diagrams are used to represent the physical layout of devices in a network and how they are interconnected. They can illustrate where each device is physically located and how cables are run between them.

    In a physical topology diagram, you’ll see icons representing different types of network devices such as routers, switches, firewalls, servers, and workstations. The lines between these icons typically represent the cables connecting them. This type of diagram can be very helpful for tasks like network troubleshooting and planning for physical expansions or modifications.
  5. Logical Topology Diagrams:
    Logical topology diagrams, on the other hand, illustrate the logical connections between devices, regardless of their physical layout. These diagrams are more concerned with how data travels through the network rather than the physical layout of the network itself.

    A logical topology diagram will also include devices and their connections, but it will also show details like IP addresses, network addresses, and port numbers. They may also show the paths that data takes through the network and the protocols used for data transmission.

    Like physical topologies, logical topologies can come in several types, such as bus, star, ring, and mesh. However, the physical and logical topology of a network might not always match. For example, a network might be physically wired as a star (with all devices connected to a central switch) but logically function as a bus (with all devices sharing the same communication line).
  6. Wide Area Network (WAN): A WAN is a network that spans a large geographical area, often consisting of multiple local area networks (LANs) connected together. These networks are typically connected using leased telecommunication circuits or satellite links. The Internet is the largest example of a WAN, spanning the entire Earth. WANs are generally slower than LANs due to the distance data must travel, and they are typically administered by multiple service providers.
  7. The Internet: The Internet is a global network of networks, a collection of interconnected LANs and WANs. It uses the TCP/IP protocol for communication and is not owned by any one individual or organization. Instead, its structure is maintained by several groups including:
    • IETF (Internet Engineering Task Force): Develops and promotes voluntary Internet standards and protocols.
    • ICANN (Internet Corporation for Assigned Names and Numbers): Responsible for managing and coordinating the Domain Name System (DNS) to ensure every internet address is unique.
    • IAB (Internet Architecture Board): Oversees the technical and engineering development of the Internet.
  8. Intranets: An intranet is a private network used by an organization that is inaccessible to the public. Typically, an intranet includes connections through one or more gateway computers to the outside Internet. The main purpose of an intranet is to share company information and computing resources among employees. Intranets use LAN and WAN technology to accomplish this.
  9. Extranets: An extranet is similar to an intranet, but it’s partially accessible to authorized outsiders. Whereas an intranet resides behind a firewall and is accessible only to people who are members of the same company or organization, an extranet provides various levels of accessibility to outsiders for specific purposes. They are used when there is a need for businesses to provide a secure and efficient means of sharing information such as inventory, pricing data, or in case of collaborative projects with other companies.
  10. Types of home and small office Internet connections


    • Cable: Cable internet is a form of broadband Internet access that uses the same coaxial cable lines used for cable television. It offers high-speed Internet services and is considered “always-on,” meaning it maintains a continuous connection that doesn’t need to be reestablished every time you want to use the Internet. Cable Internet typically offers faster download speeds compared to other services.
    • DSL (Digital Subscriber Line): DSL is another type of broadband Internet service that delivers high-speed Internet over standard telephone lines. DSL is also an “always-on” connection. It’s worth noting that while DSL uses phone lines, it can operate simultaneously with telephone service because it uses a higher frequency band than voice calls. The speed of DSL service can vary based on the distance from the service provider’s central office, with speeds decreasing as the distance increases.
    • Cellular: Cellular Internet access uses a mobile phone network to connect to the Internet. This connection can be established using a smartphone or other mobile device, or by using a cellular modem. Cellular Internet can be a good option for those who need Internet access on the go or in areas without wired Internet services. The speed and reliability of cellular Internet can vary based on the quality of the cellular network and signal strength.
    • Satellite: Satellite Internet access involves sending and receiving data from a small satellite dish on Earth to an orbiting satellite. This makes it a good option for remote or rural areas where cable, DSL, and cellular Internet services are not available. However, satellite Internet is typically slower and more expensive than other types of Internet services, and it can be affected by weather conditions.
    • Dial-up: Dial-up is a type of Internet connection that uses a modem connected to a phone line to dial into an Internet service provider (ISP). It is much slower than other types of Internet connections and doesn’t support simultaneous voice calls and Internet use on the same line. However, it’s often inexpensive and can be used in areas without other Internet services.
  11. Types of business Internet connections
    • Dedicated Leased Line: A dedicated leased line is a fixed-bandwidth connection between two points that is always active, rather than being available on a demand basis. Leased lines are typically used by businesses to connect geographically distant offices, providing a reliable, high-quality connection for voice or data. The circuits are ‘dedicated’ in the sense that they do not carry communications for any other parties. The bandwidth is consistent and does not fluctify based on how many users are using the line at any given time, ensuring better performance and security.
    • Ethernet WAN: Ethernet Wide Area Networks (Ethernet WANs) extend Local Area Networks (LANs) across a wide geographical area, using Ethernet connections. This provides the simplicity and speed of Ethernet technology, traditionally used for LANs, over a wider area. Businesses might use an Ethernet WAN to interconnect their office LANs, ensuring employees in different locations can effectively collaborate and share resources. Ethernet WANs can offer flexible, scalable, and reliable connectivity.
    • DSL (Digital Subscriber Line): Business DSL is similar to residential DSL, but often offers additional features suited to business use. For instance, Symmetric Digital Subscriber Lines (SDSL), a type of DSL, provide the same amount of bandwidth for both upload and download data, which can be crucial for businesses that need to send, as well as receive, large amounts of data. Business DSL might also offer guaranteed levels of service (service level agreements, or SLAs), static IP addresses, and business-oriented customer service.
    • Satellite: Satellite Internet can provide a connection when a wired solution is not available, such as for businesses located in rural or remote areas. As with residential satellite connections, business satellite connections involve sending and receiving data from a satellite dish on Earth to an orbiting satellite. While this can ensure connectivity in places other solutions can’t reach, the speed, cost, and reliability can be less favorable than other connection types, and service might be affected by weather conditions.
  12. Converging Network: A “Converging Network”, also known as a converged network, is a type of data communication infrastructure that coalesces or combines the traditional discrete networks, such as voice, video, and data into a single, unified network infrastructure. Here’s a more detailed look at the concept:
    • Before Converged Networks: Traditionally, businesses had separate networks for different types of communication. They might have one network for data (typically Ethernet-based), another for voice (telephone lines or PBX systems), and a third for video (such as dedicated video conferencing or CCTV systems). Each of these networks used different technologies and protocols to transmit information, required separate cabling and equipment, and needed different skills to install, manage, and troubleshoot.
    • After Converged Networks: A converged network, on the other hand, can carry multiple types of traffic – such as data, voice, and video – over the same infrastructure. This is typically accomplished using Internet Protocol (IP), the standard set of rules for sending and receiving data over the Internet.

    In a converged network, voice data is converted into digital packets and transported over the same network used for data and video, a process known as Voice over IP (VoIP). Video can also be digitized and sent as IP packets (a technology known as Video over IP), enabling video conferencing, streaming media, and other video services to be delivered over the same network as well. The benefits of converged networks include:

    • Cost savings: By using the same network for different types of traffic, organizations can reduce the costs associated with installing and maintaining separate networks. There may also be cost savings from using VoIP and Video over IP instead of traditional voice and video services.
    • Simplicity: Having a single network for all types of communication simplifies the network architecture and can make it easier to manage and troubleshoot.
    • Flexibility and Scalability: Converged networks can more easily adapt to the changing needs of a business. It’s generally easier to add, move, or change the services on a converged network compared to a traditional separate network infrastructure.
    • Advanced Applications: Converged networks enable advanced applications that integrate voice, video, and data. For example, a business might use video conferencing to enhance collaboration, or unified messaging to manage voice mail, email, and faxes through a single inbox.

    However, converged networks also have their challenges, such as the need to ensure quality of service (QoS) for voice and video traffic, which are more sensitive to network performance than data traffic, and the need to secure the network against a wider range of threats.

  13. 4 fundamental characteristics of network architecture
    • Fault Tolerance:
      Fault tolerance refers to the ability of a network to continue functioning correctly even when there’s a hardware or software failure. In the context of a network, fault tolerance often means having redundant network paths so that if one path fails, traffic can automatically reroute over a different path. This is achieved using packet-switched networks, where data is split into packets, each of which could take a different path to the destination. This is unlike circuit-switched networks, which establish dedicated circuits and can’t provide alternate paths if a link fails.
    • Scalability:

      Scalability is the ability of a network to handle an increasing amount of work, or its ability to be expanded to accommodate growth. A scalable network can grow to accommodate new users and applications without negatively impacting the performance for existing users. This is often achieved by following established standards and protocols, which ensure that new devices and technologies can integrate smoothly with the existing network. Scalability can involve adding more capacity to existing network elements (scaling up) or adding more network elements (scaling out).
    • Quality of Service (QoS):
      Quality of Service is a mechanism used to prioritize different types of traffic and ensure reliable delivery of content. This is particularly important for time-sensitive traffic like voice and live video, which need to be delivered without delay or interruption. Without QoS, a network can become congested with traffic, leading to delays, packet loss, and other problems. A router with QoS policies can manage the flow of data more effectively, for example by reserving a certain amount of bandwidth for voice and video, or by prioritizing traffic based on its importance.
    • Security:
      Network security involves protecting the network infrastructure and the data that travels across it. This includes both physical security (protecting the physical devices that make up the network) and information security (protecting the data transmitted over the network). Key goals of network security include:

      • Confidentiality: Ensuring that only intended recipients can read the data. This is often achieved through encryption, which scrambles data so that it can only be read by someone with the correct decryption key.
      • Integrity: Providing assurance that the data has not been altered during transmission. This can be achieved through techniques like checksums and cryptographic hashes, which provide a way to detect if data has been tampered with.
      • Availability: Providing assurance of timely and reliable access to data for authorized users. This involves protecting against threats that could disrupt network service, such as denial-of-service (DoS) attacks, and ensuring the network has sufficient capacity and redundancy to handle demand.
  14. Powerline networking: Powerline networking, also known as HomePlug or Powerline Communication (PLC), is a method of transmitting data over the electrical wiring already installed in a home or building. This method allows internet access to be extended throughout a building without the need for additional network cables or the limitations of wireless signals. It’s especially useful in locations where Wi-Fi signals can’t reach or where installing new network cables isn’t practical. Here’s a more detailed explanation:
    • How Powerline Networking Works: Powerline networking operates by sending data as a modulated signal over the electrical wiring of a building. A powerline networking setup generally involves at least two adapter plugs – one connected to the router and plugged into a power outlet, and the other(s) plugged into outlets near the devices you want to connect.

      These adapters have Ethernet ports, so you can connect devices like computers, smart TVs, or game consoles to them with an Ethernet cable. Once plugged in and configured, these adapters create a network connection over the building’s existing electrical circuit.

      It’s important to note that powerline networking uses specific frequencies different from those used for the transmission of electricity, so the data signals and electrical power can coexist on the same wires without interference.
    • Advantages of Powerline Networking: The key advantage of powerline networking is its flexibility. It allows network connectivity anywhere there’s a power outlet, bypassing the need for long Ethernet cables or wireless extenders. This makes it especially useful in situations where Wi-Fi coverage is spotty or where wireless signals can’t reach, like in buildings with thick walls or across multiple floors.

      Powerline networking is also quite simple to set up – often, it’s just a matter of plugging in the adapters and connecting your devices.

      Disadvantages of Powerline Networking: One drawback to powerline networking is that it can be affected by the quality and layout of your electrical wiring. Older wiring, circuit breakers, or large appliances on the same circuit can interfere with signal quality. Additionally, while newer powerline networking standards support speeds comparable to Wi-Fi or Ethernet, real-world speeds may be lower due to electrical noise or distance between adapters.
  15. External Security Threats:
    • Viruses, worms, and Trojan horses: These are malicious software programs that can cause damage to a network or a computer system. They can delete files, steal sensitive information, or even take control of a device.
    • Spyware and adware: These are programs that are usually secretly installed on a device and can monitor user activities, collect personal information, or display unwanted ads.
    • Zero-day attacks: These are attacks that exploit previously unknown vulnerabilities in software or hardware. Because these vulnerabilities are not known before the attack (thus giving the vendor no time, or zero days, to issue a patch), they can be particularly damaging.
    • Threat Actor attacks: Threat actors are individuals or groups that conduct cyber attacks. They can range from lone hackers to organized crime groups to state-sponsored actors. Their tactics and goals can vary widely, from stealing data to disrupting services to spreading propaganda.
    • Denial of service attacks (DoS): In these attacks, the attacker overwhelms a network, system, or service with traffic or requests, rendering it inaccessible to legitimate users.
    • Data interception and theft: This can occur when an attacker intercepts network traffic, usually through techniques like eavesdropping or man-in-the-middle attacks, with the goal of stealing sensitive data.
    • Identity theft: This involves an attacker stealing personal information, such as names, Social Security numbers, or credit card numbers, usually to commit fraud or other crimes.
  16. Internal Security Threats:
    • Lost or stolen devices: If a device like a laptop, smartphone, or USB drive is lost or stolen, any sensitive data stored on it may be at risk. If the device is used to access a network, it could also be used to attack or infiltrate the network.
    • Accidental misuse by employees: Employees can unintentionally cause security incidents by, for example, clicking on malicious links, using weak passwords, or accidentally sharing sensitive information.
    • Malicious employees: In some cases, an employee may intentionally cause harm, for example by stealing data, vandalizing systems, or granting unauthorized access to the network. This type of threat can be particularly dangerous because the employee may already have legitimate access to many resources.
  17. Home or Small Office Network Security Solutions:
    • Antivirus and Antispyware Software: These programs help protect end devices from malicious software like viruses, worms, Trojans, ransomware, spyware, and adware. They can detect and remove such threats, as well as prevent them from being installed in the first place.
    • Firewall Filtering: A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on an organization’s previously established security policies. It functions as a barrier between a trusted network and an untrusted network, like the internet, and can block unauthorized access to the network.
  18. Larger Network Security Solutions:
    • Dedicated Firewall Systems: Larger networks often require more robust firewall systems. These might include next-generation firewalls (NGFWs) that provide more advanced features, like intrusion prevention, SSL and SSH inspection, deep-packet inspection, and reputation-based malware detection.
    • Access Control Lists (ACLs): These are used in networking to provide a more granular level of control over incoming and outgoing network traffic. They can permit or deny traffic based on a variety of parameters, such as IP address, port number, protocol, or even specific types of packets.
    • Intrusion Prevention Systems (IPS): An IPS monitors network traffic for suspicious activity and issues alerts when such activity is detected. More active than an intrusion detection system, an IPS can also take immediate action, such as blocking traffic from the suspicious source.
    • Virtual Private Networks (VPNs): VPNs are used to create a secure connection to another network over the internet. They can be used to access a business’s network securely when working remotely, to shield browsing activity from prying eyes on public Wi-Fi, and more. VPNs work by encrypting the network data traffic, making it unreadable to anyone without the decryption keys.

Configure a Network Operating System

  1. Operating System (OS):
    All electronic devices require an operating system.
    • Windows, Mac, and Linux for PCs and laptops
    • Apple iOS and Android for smart phones and tablets
    • Cisco IOS for network devices (e.g., switches, routers, wireless AP,
      firewall, …).

  2. Cisco IOS: Cisco Internetwork Operating System (Cisco IOS) is a proprietary operating system that runs on most Cisco Systems routers and switches. It provides network administrators and technicians with the tools and interfaces they need to configure and manage Cisco devices and the networks they operate in.
    • Operating System: Similar to how a PC’s operating system like Windows, MacOS, or Linux allows users to interact with the computer, Cisco IOS allows users to interact with Cisco devices. But, unlike PC operating systems that often use a graphical user interface (GUI), Cisco IOS mainly operates through a command-line interface (CLI).
    • User Interaction: User interaction with Cisco IOS is primarily done through a command-line interface using a keyboard, with output viewed on a monitor. This interface allows a high degree of control and configurability, although it can also have a steeper learning curve than a graphical interface.
    • Capabilities: Using Cisco IOS, technicians can run CLI-based network programs, enter text and text-based commands to configure devices, monitor the status of the device, troubleshoot network issues, and more. Cisco IOS commands can be used to perform a variety of tasks, such as setting up network interfaces, configuring routing protocols, managing network security settings, and more.
    • Pre-installed: All Cisco networking devices come pre-installed with a version of the Cisco IOS. This means that, out of the box, these devices are ready to be configured and put to work in a network.
    • Upgradable: The Cisco IOS on a device is not static. It can be upgraded or updated as new versions or feature sets become available. This allows devices to gain new capabilities, improve performance, or address security vulnerabilities without needing to replace the entire device. Upgrading the IOS is a standard maintenance task in managing a Cisco network.
  3. Cisco IOS Access:Access to Cisco IOS is typically achieved through one of several methods, each suitable for different circumstances. The three most common ways are via Console port, Secure Shell (SSH), and Telnet. An older method used the Auxiliary port. Each of these methods has its advantages and specific use cases:
    • Console Port: The console port is an out-of-band management method primarily used for initial configuration of the device or for troubleshooting. This requires a direct physical connection between the management device (usually a computer) and the console port of the Cisco device. The console port provides a way to interact with the device even if no network services are available on the device.
    • Secure Shell (SSH): SSH is an in-band method for remotely accessing the Cisco IOS over a network. It is a protocol used to securely log into remote systems, offering a secure channel in a client-server architecture. SSH encrypts user authentication, passwords, and commands, providing confidentiality and security to the communication against eavesdropping or data leaks. As a best practice, SSH should be used instead of Telnet whenever possible due to its superior security features.
    • Telnet: Telnet is another in-band method for remotely accessing the Cisco IOS over a network. Unlike SSH, Telnet does not encrypt its data, meaning that all data including usernames, passwords, and commands are sent in plaintext. This lack of encryption makes it less secure and thus less suitable for managing devices over untrusted networks. However, it can still be useful in controlled environments or when the device does not support SSH.
    • Auxiliary (AUX) Port: The Auxiliary port is an older method of accessing the Cisco IOS remotely through a dial-up connection using a modem. It was commonly used for remote troubleshooting before broadband internet became widespread. Today, the AUX port is seldom used due to the prevalence of faster, more secure methods like SSH.
  4. Terminal Emulation Program: A terminal emulation program allows a computer to act as a terminal, emulating a particular type of terminal within a local or remote network. It is used to interface with command line systems such as Cisco IOS. Terminal emulators facilitate the execution of commands on another system, as if you were physically present at the terminal of the target system. The following are popular terminal emulation programs:
    • PuTTY: PuTTY is a free and open-source terminal emulator application which can act as a client for the SSH, Telnet, rlogin, and raw TCP computing protocols and as a serial console client. It supports a variety of network protocols to communicate with hardware. PuTTY is widely used and appreciated for its simplicity, reliability, and robustness.
    • Tera Term: Tera Term is another free software terminal emulator that supports a variety of protocols including Telnet, SSH, and serial port connections. It also includes a built-in macro scripting language and some other useful plugins.
    • SecureCRT: SecureCRT is a commercial product that provides secure remote access, file transfer, and data tunneling for everyone in your organization. It is known for its robust set of capabilities and functions such as support for SSH1, SSH2, Telnet, Telnet/SSL, Serial, and other protocols. It also has advanced session management and a host of other features.
    • OS X Terminal: The Terminal app is the default CLI (command line interface) for macOS. It can be used to establish secure shell (SSH) sessions to remote devices including Cisco devices.
  5. Cisco IOS Modes of Operation:
    • Initial configuration must be done via console connection
    • Configuration is then done via various CLI command modes.
  6. Navigate the IOS: The Cisco IOS (Internetwork Operating System) provides a command-line interface (CLI) that allows network administrators to configure and manage Cisco network devices. The CLI is organized into different modes, each with its own set of commands and access privileges. Let’s discuss each of them.
    • User EXEC Mode: This mode, also known as “view-only” mode, is the first level of access when interacting with a Cisco IOS device. It provides a limited number of basic monitoring commands for things like checking the status of the device or connecting to remote devices. By default, no authentication is required to access this mode, but for security reasons, it’s advisable to set up authentication. The prompt for User EXEC mode ends with the “>” symbol. For example: Router>
    • Privileged EXEC Mode: Often referred to as “enable mode,” Privileged EXEC Mode grants a higher level of access than User EXEC Mode. It allows the execution of more advanced configuration and management commands, such as viewing the device’s configuration or controlling system operations. You can enter this mode from User EXEC Mode using the enable command. Similar to User EXEC Mode, no authentication is required by default to access this mode, but it’s recommended to secure it. The prompt for this mode ends with the “#” symbol. For example: Router#. The disable command returns you to the User EXEC Mode.
    • Global Configuration Mode: This is the primary configuration mode, where you can make changes that affect the entire device, such as setting the device’s hostname or the enable password. To access this mode, use the configure terminal command from Privileged EXEC Mode. The prompt for this mode typically shows the device’s name followed by (config)#. For example: Router(config)#.
    • Sub-configuration Modes: From the Global Configuration Mode, you can access specific sub-configuration modes that allow you to configure a particular part or function of the IOS device. For example, the Interface Configuration Mode (accessed using the interface command) lets you configure a specific network interface, while the Line Configuration Mode (accessed using the line command) allows you to configure console, AUX, Telnet, or SSH access. The prompt changes based on the specific mode, for instance, Router(config-if)# for Interface Configuration Mode and Router(config-line)# for Line Configuration Mode.
    • Navigation Commands:
      • In each mode the ? command lists available commands
      • The exit command returns you from a specific mode to the previous more general mode, such as from interface mode to global config.
      • The end command or ^z can be used to exit out of any configuration mode and return to the Privileged EXEC Mode, regardless of which configuration mode you are in.
      • Enter privileged EXEC mode using the enable command.
      • Return to user EXEC mode using the disable command.
      • Enter global config mode using the configure terminal command.
      • Enter interface sub-config mode using the interface fa0/1 command.

    The exit command is used to go back (or exit) to the parent mode from any of the sub-configuration or configuration modes.

    Remember, Cisco IOS command modes are hierarchical, and commands available in one mode are generally available in the modes below it. Also, you should always be aware of the mode you’re in, which is indicated by the CLI prompt, as different modes permit different commands and levels of configuration.

  7. The Command Structure:

    • Basic IOS Command Structure: Every command in the Cisco IOS follows a specific syntax, which is usually in the form of the command followed by any relevant keywords and arguments.
      • A Keyword is a specific parameter that’s predefined in the operating system. It instructs the system to perform a certain operation or signifies a specific mode or option for a command.
      • An Argument is a user-defined value or variable. Unlike keywords, these are not predefined. They provide more information to the command, such as specifying a file name or a device.
    • IOS Command Syntax: This refers to the pattern or format that you need to follow when entering a command. The Cisco IOS Command Reference is a comprehensive source of information that details the exact syntax and functionality of each command in the Cisco IOS.
    • IOS Help Feature: The Cisco IOS provides built-in help features to assist users in using and understanding commands.
      • Context-Sensitive Help offers assistance based on the current context. For example, if you type a command followed by a question mark (?), the IOS will provide a list of all available options or arguments that are compatible with the entered command.
      • Command Syntax Check provides real-time feedback on the command syntax. If a command is entered incorrectly, the IOS will generate an error message indicating the mistake.
    • Hotkeys and Shortcuts: Cisco IOS supports a variety of hotkeys and shortcuts for convenience.
      • Commands and keywords can often be shortened to a unique abbreviation. For example, conf t can be used in place of configure terminal.
      • There are also line editing keyboard shortcuts, such as Ctrl-A to move to the start of the line, and Ctrl-E to move to the end of the line.

      • Please note that every command in the IOS has a specific format and can only be executed in the appropriate mode. Always consult the Cisco IOS Command Reference or use the built-in help features for guidance when using new or unfamiliar commands.

  8. Hostnames: A hostname is a unique label assigned to a device connected to a network, such as a computer, server, switch, or router. Hostnames allow network administrators to easily identify and manage devices over a network or the Internet. Here are some key points about hostnames:
    • Identification: A hostname provides a convenient way for administrators to identify a device. When a device is configured with a unique hostname, it becomes easier for an administrator to recognize and locate it on a network. For example, a router might be named “Router-Floor-1,” making it instantly clear where the device is located and what its function is.
    • Usage: Hostnames are displayed in the command-line interface (CLI) prompts of network devices and can be used in various authentication processes between devices. They should also be indicated on network topology diagrams for clarity and ease of management.
    • Importance: Without a unique hostname, network devices can be difficult to identify and manage, especially in large networks. Hostnames are particularly critical when troubleshooting or reconfiguring network devices.

    To configure a hostname in the Cisco IOS, you need to follow certain rules:

    • The hostname should start with a letter.
    • It should not contain any spaces.
    • It should end with a letter or a digit.
    • It should only use letters, digits, or dashes.
    • It should be less than 64 characters in length.

    Here is a simple example of how to set a hostname on a Cisco device:

    mathematica
Copy code
Switch> enable
Switch# configure terminal
Switch(config)# hostname Sw-Floor-1
Sw-Floor-1(config)#

    In this example, Switch> is the prompt displaying the original hostname, which is “Switch”. The enable command is used to enter the Privileged EXEC mode. The configure terminal command is then used to enter the Global Configuration Mode. The hostname Sw-Floor-1 command sets the hostname of the device to “Sw-Floor-1”. After the command is executed, the prompt changes to Sw-Floor-1(config)#, reflecting the new hostname.

  9. Limit Access to Device Configurations: Limiting access to device configurations is an essential part of maintaining a secure network. Here are the main points to consider:
    • Secure Device Access: It’s crucial to protect both the privileged EXEC mode and the user EXEC mode with strong passwords. Privileged EXEC mode provides high-level access to the device, allowing for system configuration and operational changes, while user EXEC mode allows basic monitoring commands. Securing virtual terminal lines (such as SSH or Telnet connections) with a password is also critical to prevent unauthorized remote access.
    • Configure Passwords: Use strong and unique passwords. A strong password is typically a mix of upper and lowercase letters, numbers, and special characters. Avoid reusing passwords across multiple devices or systems, as this can increase vulnerability if one password is compromised.
    • Encrypt Passwords: By default, Cisco IOS displays passwords in plaintext, which can be a significant security risk. It’s recommended to encrypt the passwords, which will obscure them and make them unreadable in the device’s configuration. You can use the “service password-encryption” command to encrypt all plaintext passwords in the device configuration.
    • Banner Messages: Banner messages are displayed to all connected terminals, making them an excellent tool for legal notifications. They can serve as a warning to unauthorized users that access is prohibited. Avoid wording that implies that a login is “welcome” or “invited”. Instead, the banner should clearly state that unauthorized access is not allowed and could result in legal prosecution.
    • Physical Security: In addition to the above software-based security measures, it’s also important to consider physical security. Network devices should be kept in secure locations such as wiring closets or locked racks to physically limit unauthorized access.

    These steps should form part of a broader approach to network security, which could include additional measures such as implementing access control lists (ACLs), securing network services, and regularly reviewing and updating security configurations. Always remember that the aim is to make unauthorized access as difficult as possible while still enabling authorized users to perform their tasks efficiently.

  10. Configure Passwords: Configuring passwords on Cisco devices is crucial for maintaining security and limiting unauthorized access. Here’s how you can set up passwords in different modes:
    • Securing Privileged EXEC Mode: Privileged EXEC Mode provides a higher level of access to a device, allowing advanced commands and system configuration. To secure this mode, use the enable secret command followed by the password you want to set.
      Example:

      Switch(config)# enable secret class

      In this example, class is the password. After setting this password, you’ll need to enter it whenever you want to enter the Privileged EXEC Mode from User EXEC Mode.

    • Securing User EXEC Mode: User EXEC Mode allows basic monitoring commands. It’s the first level of access to a device when you log in. This mode can be secured by configuring the console line password. Here’s how:
      Example:

      Switch(config)# line console 0
Switch(config-line)# password cisco
Switch(config-line)# login

      Here, the command line console 0 enters line console configuration mode, password cisco sets the password for the line console to cisco, and login makes the switch require the password when accessing User EXEC Mode.

    • Securing Remote Access: Virtual terminal (VTY) lines enable remote access to a device using protocols such as Telnet or SSH. These lines should be secured with a password to prevent unauthorized remote access. Here’s how:
      Example:

      Switch(config)# line vty 0 15
Switch(config-line)# password cisco
Switch(config-line)# login

      In this case, line vty 0 15 enters the configuration mode for all VTY lines from 0 to 15. password cisco sets the password for the VTY lines to cisco, and login makes the switch require the password for remote access.

  11. Encrypt passwords: By default, the Cisco IOS stores most passwords as plain text in the configuration files (startup-config and running-config). This is a potential security risk because anyone with access to these files can see the passwords. To mitigate this risk, the Cisco IOS provides a feature to encrypt these passwords.

    To encrypt all plaintext passwords in the configuration files, use the service password-encryption global configuration command.

    Example: 
    Sw-Floor-1(config)# service password-encryption

    Once this command is executed, all existing and future plaintext passwords in the configuration are encrypted using a weak encryption algorithm (Type 7).

    You can verify the encryption by viewing the running configuration with the show running-config command:

    Sw-Floor-1# show running-config

    In the output, you should see encrypted passwords that begin with a 7, like so:

    enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
line con 0
password 7 0822455D0A16
login
line vty 0 4
password 7 0822455D0A16
login
line vty 5 15
password 7 0822455D0A16
login

    Although the encryption applied by the service password-encryption command is relatively weak and can be cracked with specialized software, it does provide a layer of security by preventing shoulder surfing (people looking over your shoulder to see your passwords).

    For stronger encryption, consider using the enable secret command, which uses a much stronger encryption algorithm (Type 5, or MD5 hash). As seen in the output above, these passwords begin with a 5.

  12. Banner Messages: In the world of networking, banners serve as important informational or warning messages displayed to users when they attempt to log in to a device. These messages can serve various purposes from a simple welcome message, system information, to stern legal warnings against unauthorized access.

    One common use for banners is to present legal warnings to deter unauthorized access. These messages can be vital evidence in the event of legal proceedings against an individual who has illicitly accessed the device.

    There are different types of banners in the Cisco IOS, but the most commonly used is the Message of the Day (MOTD) banner. This is the first message displayed to users when they connect to the device.

    To configure an MOTD banner, you can use the banner motd command in the global configuration mode. The syntax for the command is as follows: 
    Switch(config)# banner motd delimiter message delimiter

    Here, “delimiter” can be any character as long as it does not occur in the message text itself. This character marks the start and end of the message text.

    For example, if you want to display the message “Unauthorised Access Prohibited!” whenever someone logs in to the device, you could configure it as follows:

    Switch(config)# banner motd #Unauthorised Access Prohibited!#

    In this example, the ‘#’ character is used as the delimiter. The same character is used to mark the beginning and the end of the banner text. This command would result in “Unauthorised Access Prohibited!” being displayed to all users upon login.

  13. Save Configurations: In a Cisco network device, there are two types of configuration files: the Running Configuration file and the Startup Configuration file. Both files serve distinct purposes and are stored in different memory locations within the device.

    Running Configuration File:
    • The Running Configuration file is the active configuration that the device is currently using to operate.
    • This file is stored in the device’s Random Access Memory (RAM), which is a volatile memory type, meaning it doesn’t retain information when power is lost or the device is rebooted.
    • Every time you make a change to a device’s settings, these changes are stored in the running configuration file.
    • You can view the contents of this file by using the “show running-config” command in the device’s command-line interface.

    Startup Configuration File:

    • The Startup Configuration file, on the other hand, is the configuration that the device will use the next time it starts up or reboots.
    • This file is stored in the device’s Non-Volatile Random Access Memory (NVRAM), a type of memory that retains information even when power is lost or the device is rebooted.
    • Typically, after you’ve made changes to the device’s running configuration and tested those changes, you would want to save these changes as the startup configuration so they’re not lost the next time the device is restarted.
    • This is done using the command “copy running-config startup-config”, which copies the contents of the running configuration file to the startup configuration file.
    • You can view the contents of this file by using the “show startup-config” command in the device’s command-line interface.

    In summary, the running configuration is your working configuration file where changes are made and tested, and the startup configuration is your saved configuration that the device loads upon startup. Regularly saving your running configuration to your startup configuration (“copy running-config startup-config”) is considered a best practice to prevent loss of configuration changes due to power interruptions or device reboots.

  14. Alter Configurations: In the context of network device management, making alterations to configurations is a common practice. However, not all changes have the desired effects, and sometimes it may be necessary to revert changes or remove certain configurations. There are a couple of methods for undoing or altering configurations on Cisco devices:

    1. Removing Individual Configurations:
    • If a specific change does not yield the desired effect, it can be removed individually. This is typically done using the “no” form of the configuration command in the device’s command-line interface. For example, if you’ve configured an interface with a certain IP address and you want to remove that configuration, you could do so with a command like “no ip address”.

    2. Rebooting to the Last Saved Configuration:

    • If multiple changes were made and it’s not clear which change is causing an issue, or if it’s simply faster and easier, the device can be rebooted to the last saved configuration. This is done using the “reload” command in privileged EXEC mode.
    • When the “reload” command is issued, a prompt will appear asking whether you want to save the changes made since the last saved configuration. If you want to discard these changes and revert to the last saved configuration, you can enter “n” or “no” at the prompt.
    • This will reboot the device and load the startup configuration, effectively undoing all changes made since the last time the running configuration was saved to the startup configuration.

    3. Clearing All Configurations:

    • If undesired changes were saved to the startup configuration, it may be necessary to clear all configurations on the device. This can be achieved using the “erase startup-config” command in privileged EXEC mode.
    • This command clears the startup configuration file stored in NVRAM. When the device is rebooted after executing this command, there will be no startup configuration to load, and the device will boot with its factory default settings.

    In conclusion, making changes to the configuration of a network device should be done with care, and always with the knowledge of how to undo those changes if necessary. Regularly saving your running configuration to your startup configuration can provide a recovery point to revert to if needed, and understanding how to remove individual configurations, revert to a saved configuration, or clear all configurations can help in managing and troubleshooting your device’s configuration.

  15. Configuring a switch for remote access: Configuring a switch for remote access involves setting up a switch virtual interface (SVI) and providing it with an IP configuration. This is needed because, unlike routers, Layer 2 switches don’t have physical ports that support Layer 3 IP addresses, meaning they cannot be directly accessed using IP. However, they can be remotely managed by configuring an SVI, which essentially acts as a virtual Layer 3 interface on the switch.

    A Layer 2 switch doesn’t require an IP address to operate, but an IP address is needed on the SVI for remote management of the switch.

    Each switch has a default SVI called VLAN 1. This default VLAN interface can be used to access the switch remotely. Here are the steps to configure the VLAN 1 SVI:
    1. Access the command-line interface of your switch.
    2. Enter privileged EXEC mode by typing enable and then enter your password if required.
    3. Enter global configuration mode by typing configure terminal.
    4. Enter interface configuration mode for the VLAN 1 SVI by typing interface vlan 1.
    5. Assign an IP address and subnet mask to the SVI. For example, to assign the IP address 192.168.1.1 with a subnet mask of 255.255.255.0, you would type ip address 192.168.1.1 255.255.255.0.
    6. Enable the interface by typing no shutdown. This is important because by default, the interface is administratively down.
    7. Exit interface configuration mode by typing exit.
    8. Save the configuration by typing copy running-config startup-config. This ensures that your changes are saved and will be applied when the switch reboots.

    After this, you can verify the IP configuration of the VLAN 1 SVI using the show ip interface brief command in privileged EXEC mode. This command displays the IP addresses of all interfaces on the switch, along with their status (up or down).

    With this configuration, you can now remotely manage the switch using its SVI IP address, as long as your management device is on the same network or can route to this network.

RELATED

【My Study Note】Blame

Infotech

【My Study Note】What is Git and GitHub?...

Infotech

【初心者向け】Webホスティングとは?分かりやすく解説...

Infotech

【My Study Note】BIOS

Hardware

HOME Networking Computer Networking Essentials Week 1