Network Management               CMC Limited
Objectives•   Understand different features of Access List.•   Explain standard and extended IP Access Lists.•   Understan...
Access List An access list is essentially a list of conditions that control access both to and form a network segment. Acc...
Access List contd..There are a few important rules a packet follows when itsbeing compared with an access list: •   Its al...
Access List contd..There are two types of access lists used with IP and IPX:  •   Standard access lists: These use only th...
Access List contd..Once you create an access list, you apply it to an interfacewith either an inbound or outbound list: • ...
Access List contd..Standard IP Access Lists Standard IP access lists filter the network by using the source IP address in ...
Standard IP Access Lists contd..RouterA(config)#access-list ?<1-99>            IP standard access list<100-199>         IP...
Standard IP Access Lists contd..Wildcards •   Wildcards are used with access lists to specify a host,     network, or part...
Access List contd..Extended IP Access Lists Extended IP access lists give more detailed control compared to standard lists...
IOS SoftwareCisco IOS Software provides a wide range of functionality -from basic connectivity, security, and network mana...
IOS Software contd..Cisco network platforms and the Cisco IOS Softwarerunning on them are a unified system - one that is a...
IOS Software contd..Each time you switch on the router, it goes through power-on self-test (POST) diagnostics to verify ba...
IOS Software contd..Default (Normal) Boot Sequence After power on router does POST. Bootstrap starts IOS load. Check the s...
IOS Software contd..Configuration Register Command Router(config)# config-register 0x10x where that last x is 0 - F in hex...
Backing Up and Restoring Cisco IOSBefore you upgrade or restore a Cisco IOS, you should copythe existing file to a TFTP ho...
Backing Up and Restoring Cisco IOS contd..Back Up Cisco IOS To back up the Cisco IOS to a TFTP host, you use the copy flas...
Back Up Cisco IOS contd..Router#copy flash tftpSystem flash directory:File Length       Name/status1     8121000     c2500...
Backing Up and Restoring Cisco IOS contd..Restoring or Upgrading the Cisco Router IOS You may need to restore the Cisco IO...
Backing Up and Restoring the CiscoConfigurationAny changes that you make to the router configuration arestored in the runn...
Backing Up and Restoring the Cisco Configuration  contd..Backing Up the Cisco Router Configuration To copy the routers con...
Backing Up the Cisco Router Configuration         contd..Verifying the Stored ConfigurationNext, you should check the conf...
Backing Up the Cisco Router Configuration        contd..Copying the Configuration to a TFTP HostOnce the file is copied to...
Backing Up and Restoring the Cisco Configuration  contd..Restoring the Cisco Router Configuration If you copied the router...
Cisco Discovery Protocol (CDP)CDP is a proprietary protocol designed by Cisco to helpadministrators collect information ab...
Upcoming SlideShare
Loading in …5
×

Chapter 9

448 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
448
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Chapter 9

  1. 1. Network Management CMC Limited
  2. 2. Objectives• Understand different features of Access List.• Explain standard and extended IP Access Lists.• Understand IOS software and how to load IOS software.• Understand how to backup and restore Cisco IOS.• Understand how to backup and restore Cisco configuration.• Understand Cisco Discovery Protocol. CMC Limited
  3. 3. Access List An access list is essentially a list of conditions that control access both to and form a network segment. Access lists can filter unwanted packets and be used to implement security policies. The IP and IPX access lists work similarly – theyre both packet filters. CMC Limited
  4. 4. Access List contd..There are a few important rules a packet follows when itsbeing compared with an access list: • Its always compared with each line of the access list in sequential order. • Its compared with lines of the access list only until a match is made. Once the packet matches a line of the access list, its acted upon, and no further comparisons take place. • There is an implicit “deny" at the end of each access list- this means that if a packet doesnt match up to any lines in the access list, itll be discarded. CMC Limited
  5. 5. Access List contd..There are two types of access lists used with IP and IPX: • Standard access lists: These use only the source IP address in an IP packet to filter the network. • Extended access lists: These check for both source and destination IP address, protocol field in the Network layer header, and port number at the Transport layer header. CMC Limited
  6. 6. Access List contd..Once you create an access list, you apply it to an interfacewith either an inbound or outbound list: • Inbound access lists: Packets are processed through the access list before being routed to the outbound interface. • Outbound access lists: Packets are routed to the outbound interface and then processed through the access list. CMC Limited
  7. 7. Access List contd..Standard IP Access Lists Standard IP access lists filter the network by using the source IP address in an IP packet. You create a standard IP access list by using the access-list numbers 1-99. You can specify access lists by names for the protocols listed below: • Apollo Domain • IP • IPX • ISO CLNS • NetBIOS IPX • Source-route bridging NetBIOS CMC Limited
  8. 8. Standard IP Access Lists contd..RouterA(config)#access-list ?<1-99> IP standard access list<100-199> IP extended access list<1000-1099> IPX SAP access list<1100-1199> Extended 48-bit MAC address access list<1200-1299> IPX summary address access list<200-299> Protocol type-code access list<300-399> DECnet access list<400-499> XNS standard access list<500-599> XNS extended access list<600-699> Appletalk access list<700-799> 48-bit MAC address access list<800-899> IPX standard access list<900-999> IPX extended access list CMC Limited
  9. 9. Standard IP Access Lists contd..Wildcards • Wildcards are used with access lists to specify a host, network, or part of a network. • Block size: Some of the different block sizes available are 64, 32, 16, 8, and 4. • When you need to specify a range of addresses, you choose the next-largest block size for your needs. • Wildcards are used with the host or network address to tell the router a range of available addresses to filter. To specify a host, the address would look like this: 172.16.30.5 0.0.0.0 CMC Limited
  10. 10. Access List contd..Extended IP Access Lists Extended IP access lists give more detailed control compared to standard lists which only allow you to deny or permit traffic from a certain source. Extended lists allow you to permit or deny particular TCP/IP traffic based on the Transport protocol being used (TCP or UDP) and the service or application (e.g. SMTP, Telnet) from source addresses and destination addresses. CMC Limited
  11. 11. IOS SoftwareCisco IOS Software provides a wide range of functionality -from basic connectivity, security, and network managementto technically advanced services that enable businesses todeploy applications such as real-time trading, interactivesupport, on-demand media, and unified messaging.The functionality of Cisco IOS Software is the result of anevolution. First-generation networking devices could onlystore and forward data packets. Today, Cisco IOS softwarecan recognize, classify, and prioritize network traffic,optimize routing, support voice and video applications, andmuch more. CMC Limited
  12. 12. IOS Software contd..Cisco network platforms and the Cisco IOS Softwarerunning on them are a unified system - one that is a firmfoundation for building Internet applications. CMC Limited
  13. 13. IOS Software contd..Each time you switch on the router, it goes through power-on self-test (POST) diagnostics to verify basic operation ofthe CPU, memory and network interfaces.The system bootstrap software in ROM (boot image)executes and searches for valid router operating systemsoftware (Cisco IOS image).There are three places to find the Cisco IOS image to load: • Flash memory • TFTP server • ROM CMC Limited
  14. 14. IOS Software contd..Default (Normal) Boot Sequence After power on router does POST. Bootstrap starts IOS load. Check the startup-config file in NVRAM for boot-system commands (normally there arent any). Then load IOS from Flash.Boot System Commands Router(config)# boot system flash IOS_filename Router(config)#boot system tftp IOS_filename tftp_server_ip_address Router(config)# boot system rom Router#copy running-config startup-config CMC Limited
  15. 15. IOS Software contd..Configuration Register Command Router(config)# config-register 0x10x where that last x is 0 - F in hex When the last x is: 0 = boot into ROM Monitor mode 1 = boot the ROM IOS 2 - 15 = look in startup config file in NVRAM To check the boot field setting, and to verify the config- register command, use the show version command. CMC Limited
  16. 16. Backing Up and Restoring Cisco IOSBefore you upgrade or restore a Cisco IOS, you should copythe existing file to a TFTP host as a backup in case the newimage does not work.Verify Flash Memory By using the show flash command you can verify the amount of flash memory and the file or files being stored in flash memory.Router#sh flashSystem flash directory:File Length Name/status1 8121000 c2500-js-l.112-18.bin[8121064 bytes used, 8656152 available, 16777216 total]16384K bytes of processor board System flash (Read ONLY)Router# CMC Limited
  17. 17. Backing Up and Restoring Cisco IOS contd..Back Up Cisco IOS To back up the Cisco IOS to a TFTP host, you use the copy flash tftp command. This command requires only the source filename and the IP address of the TFTP host. CMC Limited
  18. 18. Back Up Cisco IOS contd..Router#copy flash tftpSystem flash directory:File Length Name/status1 8121000 c2500-js-l.112-18.bin[8121064 bytes used, 8656152 available, 16777216 total]Address or name of remote host [255.255.255.255]?192.168.0.120Source file name?c2500-js-l.112-18.binDestination file name [c2500-js-l.l12-18.bin]?[Enter]Verifying checksum for c2500-js-l.l12-18.bin)file #1)...OKCopy /c2500-js-l.112-18 from Flash to server as /c2500-js-l.112-18? [yes/no]y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [output cut]Upload to server doneFlash copy took 00:02:30 [hh:mm:ss]Router# CMC Limited
  19. 19. Backing Up and Restoring Cisco IOS contd..Restoring or Upgrading the Cisco Router IOS You may need to restore the Cisco IOS to flash memory to replace an original file that has been damaged or to upgrade the IOS. You can download the file from a TFTP host to flash memory by using the copy tftp flash command. Router#copy tftp flash CMC Limited
  20. 20. Backing Up and Restoring the CiscoConfigurationAny changes that you make to the router configuration arestored in the running-config file.If you do not perform a copy run start command after youmake a change to running-config, that change will be gone ifthe router reboots or gets powered down. CMC Limited
  21. 21. Backing Up and Restoring the Cisco Configuration contd..Backing Up the Cisco Router Configuration To copy the routers configuration from a router to a TFTP host, you can use either the copy running-config tftp or copy startup-config tftp command. Verifying the Current Configuration To verify the configuration in DRAM, use the show running- config command as follows: Router#sh run CMC Limited
  22. 22. Backing Up the Cisco Router Configuration contd..Verifying the Stored ConfigurationNext, you should check the configuration stored in NVRAM.To see this, use the show startup-config command asfollows:Router#sh startCopying the Current Configuration to NVRAMRouter#copy run start CMC Limited
  23. 23. Backing Up the Cisco Router Configuration contd..Copying the Configuration to a TFTP HostOnce the file is copied to NVRAM, you can make a secondbackup to a TFTP host by using the copy running-configtftp command, as follows:Router#copy run tftp CMC Limited
  24. 24. Backing Up and Restoring the Cisco Configuration contd..Restoring the Cisco Router Configuration If you copied the routers configuration to a TFTP host as a second backup, you can restore the configuration using the copy tftp running-config command or the copy tftp startup-config command, as shown below. Router#copy tftp runErasing the Configuration To delete the startup-config file on a Cisto router, use the command erase startup-config, as follows: Router#erase startup-config CMC Limited
  25. 25. Cisco Discovery Protocol (CDP)CDP is a proprietary protocol designed by Cisco to helpadministrators collect information about both locally attachedand remote devices.The show cdp command shows information about two CDPglobal parameters that can be configured on Cisco devices: • CDP timer is how often CDP packets are transmitted to all active interfaces. • CDP holdtime is the amount of time that the device will hold packets received from neighbor devices. CMC Limited

×