Dale Liu, ... Luigi DiGrande, in
Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit, 2009 To set up a VTP
hierarchy in your infrastructure, you must first create a management domain. The domain hierarchy that will be set up to support our server and clients will allow you to use VTP to replicate the VLAN information. To set up the VTP domain, use the following command vtp domain. As shown in Figure 14.7, the switch is configured for the VTP domain corporate.VLAN Trunking Protocol
Creating a Management Domain
FIGURE 14.7. Configuring the VTP Domain Corporate
EXERCISE 14.1
Setting VTP Domain, Mode, and Version
1.From User Exec mode, type the command enable.
2.From Privileged Exec mode, type the command configure terminal.
3.From Global Configuration mode, type the command vtp domain corporate, which will create the corporate domain.
4.From Global Configuration mode, type the command vtp mode server, which will set the mode to server.
5.From Global Configuration mode, type the command vtp version 1, which will set the version to version 1.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B978159749306200018X
VLANs
Dale Liu, ... Luigi DiGrande, in Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit, 2009
Setting the VLAN IP Address
Setting the VLAN IP address is pretty simple as well in a Cisco switch. If you have mastered the application of assigning IP addresses to routers we use a similar process. As illustrated later, you enter Global Configuration mode by typing configure terminal, then access the specific VLAN by typing interface VLAN and then the VLANs number. To assign the address, the syntax is ip address 10.1.1.1 255.0.0.0 if you wanted to set the address to 10.1.1.1/8. As shown in Figure 13.2, you could set the IP address for VLAN 2.
FIGURE 13.2. Setting the IP Address for VLAN2 to 10.1.1.1
Test Day Tip
Make sure you understand how to access the VLAN configuration information and set the IP address for each VLAN.
EXERCISE 13.1
Creating and Verifying VLANs
In this exercise, you will create three VLANs on your Cisco switch.
1.Type ENABLE to access privileged exec mode.
2.Type CONFIGURE TERMINAL to access global configuration mode.
3.Type VLAN 2 to create VLAN 2 and access VLAN configuration mode.
4.Type NAME HR to name this VLAN HR.
5.Type VLAN 3 to create VLAN 3.
6.Type NAME PRODUCTION to name this VLAN Production.
7.Type VLAN 4 to create VLAN 4.
8.Type NAME SALES to name it Sales.
9.Type Ctrl-Z to return to privileged exec mode.
10.Type SHOW VLAN BRIEF to verify VLAN creation.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597493062000178
Routing Protocols
Dale Liu, ... Luigi DiGrande, in Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit, 2009
Configuring RIPv2
RIP is one of the easiest protocols to configure. This is why it's one of the most widely used. With just a few simple steps, you can have your routers configured to process RIP routing information. First, you start off by enabling RIPv2 on the router. Then, you have to specify what networks you want to enable for RIPv2. These are the networks that will be tracked via the RIPv2 protocol.
EXERCISE 5.1
Configuring RIPv2 on a Cisco Router
In this exercise, we will configure RIPv2 routing on our router and enable it for network 192.168.1.0.
1.Enter Privileged Exec mode with the enable command. Enter the enable password if you have one configured.
2.Enter Global Configuration mode with the config t command.
3.To enable RIPv2 and enter RIP configuration mode, type router rip.
4.Now enter network 192.168.1.0 to enable RIP for that network. You do not need to enter a subnet mask because RIP by default is classful and the default subnet mask is assumed.
You router is now configured to run the RIPv2 protocol, and RIP routing has been set for network 192.168.1.0.
Exam Warning
By default, a router will process RIPv1 and RIPv2 updates. Forcing a router to RIPv1 will cause RIPv2 updates to be ignored.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597493062000099
Configuring Cisco Routers
Dale Liu, ... Luigi DiGrande, in Cisco CCNA/CCENT Exam 640-802, 640-822, 640-816 Preparation Kit, 2009
1.
You have just connected to your Cisco 2500 series router. You are trying to enable debugging on your router. You are receiving the error invalid command. How can you fix the problem?
A.Use the enable command to enter Privileged Exec mode
B.Use the config t command to enter Global Configuration mode
C.Use the disable command to enter Privileged Exec mode
D.Upgrade your router firmware to a version that has debug capabilities
2.Given the following IOS image filename c2500-ipbase-l.122-1.E.bin, what feature set is running on the device?
A.The c2500 feature set
B.The IPBase feature set
C.The 122 feature set
D.The Enterprise feature set
3.Given the following IOS image filename c2600-ipbase-l.122-1.E.bin, what hardware platform is the IOS designed for?
A.The C2600 platform
B.The IPBase platform
C.The 122 platform
D.The Enterprise platform
4.One of your Cisco routers is down and you need to figure out why. Since the router is down, there is no network connectivity to the router. You also are not near the router and therefore cannot use the console port. Do you have any other options for connecting to the router to troubleshoot the issue?
A.Connect to the router using Telnet
B.Connect to the Web administration interface of the router
C.Establish a SSH connection to the router
D.Use a modem to connect to the auxiliary port of the router
5.You want to configure your router so that a password is required to enter Privileged mode. What mode must your router be in so that you can configure this requirement?
A.User Exec mode
B.Global Configuration mode
C.Privileged Exec mode
D.Interface Configuration mode
6.You made several changes to your router configuration. You tested out these changes and everything was running fine. Your route lost power and restarted itself. The changes you made seem to have disappeared. What is most likely the cause of the issue?
A.You did not test the changes thoroughly
B.You were in User Exec mode when you made the changes
C.You were in Privileged Exec mode when you made the changes
D.You did not save the configuration to NVRAM
7.You have just configured a hostname for your router. But, you are unable to save your configuration to NVRAM using the write memory command. What is most likely the issue?
A.You must be in enable mode to save your configuration
B.You do not have rights to save the configuration
C.You did not configure the hostname properly
D.You are using the wrong command to save the configuration
8.You have just configured your router with an enable password. But, you notice when you do a show running-config command, the enable password you set is visible. What can be done about this?
A.Nothing can be done about this
B.Configure encryption on your config file
C.Configure an enable secret
D.Upgrade your IOS to a more secure version
9.You have made several changes to your Cisco router configuration, but have not saved them to NVRAM, yet. You are not sure which options you configured. Is there a way for you to see what configuration changes you have made?
A.Use the show startup-config command to view the configuration
B.Use the write memory command to write the configuration to the screen
C.There is no way to see the changes you made until after you save the configuration to NVRAM
D.Use the show running-config command to view the configuration
10.You have just set up your Cisco router. But, you notice that the IOS prompt says router. Is there any way for you to change this?
A.Yes, use the router command to change the router's name
B.No, this cannot be changed
C.Yes, use the hostname command to give the router a name
D.Yes, install a new IOS image that is properly licensed.
11.What command can be used to view the routing table on your Cisco router?
A.Ipconfig
B.Show route
C.Route print
D.Show ip route
12.You are trying to view information about your IOS. What command will allow you to view this information?
A.show ios
B.show version
C.show ip route
D.enable
13.The configuration on your router has become corrupt. You remember that you have a backup of your configuration on a TFTP server. Which of the following commands will allow you to restore your configuration from a TFTP server?
A.copy tftp run
B.copy run tftp
C.write mem
D.write tftp
14.You want to check the contents of your router flash memory to check which IOS file you have. What command can be used to view your router's flash?
A.dir flash
sh flash
C.view flash
D.wr mem
15.You are having trouble with your Cisco router. You believe it is a connection issue. What command can you use to check to see your router has a network connection to another router?
A.PING
B.sh route
C.route print
D.sh running-config
16.The IOS image on your router has become corrupt. You want to boot the system from a copy of an IOS image you have on a TFTP server. Which of the following commands would allow you to do this?
A.copy tftp run
B.boot system tftp ios-image-name tfp-server-address
C.copy tftp start
D.boot system flash: ios-image-name
17.Which of the following is the default register setting for a Cisco router?
A.confreg 0x2100
B.confreg 0x2142
C.confreg 0x2102
D.confreg 0x2002
18.Which of the following config register settings can you use to bypass your router's NVRAM configuration file?
A.confreg 0x2100
B.confreg 0x2142
C.confreg 0x2102
D.confreg 0x2134
19.What command is used to exit Privileged Exec mode?
A.exit
B.no enable
C.enable
D.disable
20.You want to configure your router so that a password is required in order to connect to the console. What mode must you be in, in order to configure this requirement?
A.Privileged Exec mode
B.Global Configuration mode
C.Interface Configuration mode
D.User Exec mode
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597493062000087
Network Investigations
Eoghan Casey, ... Terrance Maguire, in Handbook of Digital Forensics and Investigation, 2010
Cisco Core Dumps
A core dump is a full copy of your router's memory. A router can be configured to write a core dump when the device crashes, and an investigator can manually create a core dump without rebooting the device by running the write core command in Privileged Exec Mode. The Cisco IOS can store or transfer the core dump file using various methods, but Cisco recommends using File Transfer Protocol [FTP] to a server attached to the router [Cisco, 2009]. The following commands configure the FTP server authentication for the location to save the core dump:
cmdLabs# conf t
cmdLabs[conf]# exception core-file ROUTERNAME
cmdLabs[conf]# exception dump FTPSERVER
cmdLabs[conf]# exception protocol ftp
cmdLabs[conf]# exception region-size 65536
If the FTP server requires authentication, the correct username and password must be specified as follows:
cmdLabs[conf]# ip ftp username USERNAME
cmdLabs[conf]# ip ftp password PASSWORD
Then, to dump the contents of memory and send it to the FTP server, type write core in Privileged Exec Mode and you should see something like the following:
cmdLabs_router#write core
Remote host [10.10.10.100]?
Base name of core files to write [temp/cmdLab_router]?
Writing temp/cmdLab_routeriomem!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing temp/cmdLab_router!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
cmdLabs_router#
Analysis of the core dump file can be difficult, although the core dump can be viewed in a hex editor to extract some information as shown in Figure 9.14.
Figure 9.14. Contents of Router Memory Dump viewed using BinText showing cached contents of network traffic being handled by the router [firewall logs being sent to syslog server].
Core dump files can be submitted to Security Labs for basic analysis through its web site [//cir.recurity.com/cir/], and it sells a tool with additional functionality, including extraction of packet headers into file in packet capture, or pcap, format that can be viewed using network traffic analysis tools.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9780123742674000094
Cisco IOS Switch Basics
Dale Liu, in Cisco Router and Switch Forensics, 2009
VLAN Database Configuration
You can access the VLAN database through the privileged exec mode of the Cisco IOS. Some of the commands you will use will come up later, so it will be important to remember how VLAN configuration information is performed and how to verify whether it has been removed. This section will focus on entering VLAN configuration by going through the VLAN database and setting the VLAN Trunk Protocol [VTP] mode.
Be sure to find out whether a switch is operating in VTP server, client, or transparent mode before you do anything. This is important because the VTP server-configured switches are the masters of the VLAN information, and whatever VLAN configuration data has been configured in them will be distributed to the switches in VTP client and transparent modes.
Within privileged exec mode, open the VLAN data and set the VLAN ID and name, using these commands:
Switch#vlan database
Switch[vlan]#vlan 10 corporate
Switch[vlan]#vlan 20 itmanagement
Switch[vlan]#vlan 125 firewall
Switch[vlan]#vlan 150 marketing
Switch[vlan]#exit
Switch# copy running-config startup-config
When you are done making changes to the VLAN database you can inspect your work by displaying the VLAN configuration directly:
Switch# show vlan brief
If the switch is in transparent mode, you can view the running configuration for the changes made to the VLAN database:
Switch# show running config
I promised that you would be informed how VLAN information would be changed or removed, and this is where I make good on that. In the following code, VLAN 10 is removed entirely and VLAN 20 gets its name changed:
Switch#vlan database
Switch[vlan]#no vlan 10
Switch[vlan]#vlan 20 itmgr
Switch[vlan]#exit
Switch# copy running-config startup-config
Hopefully, that wasn't too hard of a foray into the subject of VLAN configuration and modification. Remember that a VLAN has to work in concert with a router since the information has to be routed from one subnet [because of the issue involving broadcast domains] to another and many times firewalls.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597494182000107