Network

 

Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways & Brouter) 

1. Repeater – A repeater operates at the physical layer. Its job is to regenerate the signal over the same network before the signal becomes too weak or corrupted so as to extend the length to which the signal can be transmitted over the same network. An important point to be noted about repeaters is that they do not amplify the signal. When the signal becomes weak, they copy the signal bit by bit and regenerate it at the original strength. It is a 2 port device. 

 

2. Hub –  A hub is basically a multiport repeater. A hub connects multiple wires coming from different branches, for example, the connector in star topology which connects different stations. Hubs cannot filter data, so data packets are sent to all connected devices.  In other words, collision domain of all hosts connected through Hub remains one.  Also, they do not have intelligence to find out best path for data packets which leads to inefficiencies and wastage.

Types of Hub 
 

·         Active Hub:- These are the hubs which have their own power supply and can clean, boost and relay the signal along with the network. It serves both as a repeater as well as wiring centre. These are used to extend the maximum distance between nodes.

·         Passive Hub :- These are the hubs which collect wiring from nodes and power supply from active hub. These hubs relay signals onto the network without cleaning and boosting them and can’t be used to extend the distance between nodes.

·         Intelligent Hub :- It work like active hubs and include remote management capabilities. They also provide flexible data rates to network devices. It also enables an administrator to monitor the traffic passing through the hub and to configure each port in the hub.
   

3. Bridge – A bridge operates at data link layer. A bridge is a repeater, with add on the functionality of filtering content by reading the MAC addresses of source and destination. It is also used for interconnecting two LANs working on the same protocol. It has a single input and single output port, thus making it a 2 port device.

Types of Bridges 
 

·         Transparent Bridges:- These are the bridge in which the stations are completely unaware of the 
bridge’s existence i.e. whether or not a bridge is added or deleted from the network, reconfiguration of 
the stations is unnecessary. These bridges make use of two processes i.e. bridge forwarding and bridge learning.

·         Source Routing Bridges:- In these bridges, routing operation is performed by source station and the frame specifies which route to follow. The hot can discover frame by sending a special frame called discovery frame, which spreads through the entire network using all possible paths to destination.

  

4. Switch – A switch is a multiport bridge with a buffer and a design that can boost its efficiency(a large number of ports imply less traffic) and performance. A switch is a data link layer device. The switch can perform error checking before forwarding data, that makes it very efficient as it does not forward packets that have errors and forward good packets selectively to correct port only.  In other words, switch divides collision domain of hosts, but broadcast domain remains same. 
  

5. Routers – A router is a device like a switch that routes data packets based on their IP addresses. Router is mainly a Network Layer device. Routers normally connect LANs and WANs together and have a dynamically updating routing table based on which they make decisions on routing the data packets. Router divide broadcast domains of hosts connected through it.

 

Figure: Network Devices layer Concept

6. Gateway – A gateway, as the name suggests, is a passage to connect two networks together that may work upon different networking models. They basically work as the messenger agents that take data from one system, interpret it, and transfer it to another system. Gateways are also called protocol converters and can operate at any network layer. Gateways are generally more complex than switch or router.

   

7. Brouter – It is also known as bridging router is a device which combines features of both bridge and router. It can work either at data link layer or at network layer. Working as router, it is capable of routing packets across networks and working as bridge, it is capable of filtering local area network traffic. 

Figure: Network topology

Router Tutorials:

A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. Data sent through the internet, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork (e.g. the Internet) until it reaches its destination node.

A router is connected to two or more data lines from different IP networks. When a data packet comes in on one of the lines, the router reads the network address information in the packet header to determine the ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey.

Functions of a Router:
The router basically performs two major functions:

1.      Forwarding –
Router receives the packets from its input ports, checks it header, performs some basic functions like checking checksum and then looks upto the routing table to find the appropriate output port to dump the packets onto, and forwards the packets onto that output port.

2.      Routing –
Routing is the process by which the router ascertains what is the best path for the packet to reach the destination, It maintains a routing table which is made using different algorithms by the router only.

FUNCTIONS OF A ROUTER (identify and describe)

1.       Restrict broadcasts to the LAN

2.       Act as the default gateway.

3.       Perform Protocol Translation (Wired Ethernet to Wireless/WiFi, or Ethernet to CATV)

4.       Move (route) data between networks

5.       Learn and advertise loop free paths

6.       Calculate 'best paths' to reach network destinations.

 

 

Router Internal Diagram:

 

Fig: A Generic router consist of the following components

1.      Input Port –
This is the interface by which packets are admitted into the router, it performs sevral key functions as terminating the physical link at router, this is done by the leftmost part in the below diagram, the middle part does the work of interoperating with the link layer like decapsulation, in the last part of the input port the forwarding table is looked up and is used to determine the appropriate output port based on the destination address.

2.      Switching Fabric –
This is the heart of the Router, It connects the input ports with the output ports. It is kind of a network inside a networking device. The switching fabric can be implemented in a number of ways some of the prominent ones are:

1.      Switching via memory: In this we have a processor which copies the packet from input ports and sends it to the appropriate output port. It works as a traditional cpu with input and output ports acting as input and output devices

2.      Switching via bus: In this implementation we have a bus which connects all the input ports to all the output ports.On receiving a packet and determining which ouput port it must be delivered to, the input port puts a particular token on the packet and transfers it to the bus. All output ports are able to see the packets but it will be delivered to the output port whose token has been put in, the token is then scrapped off by that output port and the packet is forwarded

3.      Switching via interconnection network: This is a more sophisticated network, here instead of a single bus we use 2N bus to connect n input ports to n output ports.

3.      Output Port –
This is the segment from which packets are transmitted out of the router. The output port looks at its queuing buffers (when more than one packets have to be transmitted through the same output port queuing buffers are formed) and takes packets, does link layer functions and finally transmits the packets to outgoing link

4.      Routing Processor –
It executes the routing protocols, it works like a tradition cpu. It employs various routing algorithm like link-state algorithm, distance-vector algorithm etc. to prepare the forwarding table, which is looked up to determine the forwarding table.

 

Types of Routing

Routing can be classified into three categories:

1.      Static Routing

• Static Routing is also known as Nonadaptive Routing.
• It is a technique in which the administrator manually adds the routes in a routing table.
• A Router can send the packets for the destination along the route defined by the administrator.
• In this technique, routing decisions are not made based on the condition or topology of the networks

Advantages Of Static Routing

Following are the advantages of Static Routing:

o    No Overhead: It has ho overhead on the CPU usage of the router. Therefore, the cheaper router can be used to obtain static routing.

o    Bandwidth: It has not bandwidth usage between the routers.

o    Security: It provides security as the system administrator is allowed only to have control over the routing to a particular network.

Disadvantages of Static Routing:

Following are the disadvantages of Static Routing:

o    For a large network, it becomes a very difficult task to add each route manually to the routing table.

o    The system administrator should have a good knowledge of a topology as he has to add each route manually.

2.      Default Routing

• Default Routing is a technique in which a router is configured to send all the packets to the same hop device, and it doesn't matter whether it belongs to a particular network or not. A Packet is transmitted to the device for which it is configured in default routing.
• Default Routing is used when networks deal with the single exit point.
• It is also useful when the bulk of transmission networks have to transmit the data to the same hp device.
• When a specific route is mentioned in the routing table, the router will choose the specific route rather than the default route. The default route is chosen only when a specific route is not mentioned in the routing table.

3.      Dynamic Routing

• It is also known as Adaptive Routing.
• It is a technique in which a router adds a new route in the routing table for each packet in response to the changes in the condition or topology of the network.
• Dynamic protocols are used to discover the new routes to reach the destination.
• In Dynamic Routing, RIP and OSPF are the protocols used to discover the new routes.
• If any route goes down, then the automatic adjustment will be made to reach the destination.

The Dynamic protocol should have the following features:

• All the routers must have the same dynamic routing protocol in order to exchange the routes.
• If the router discovers any change in the condition or topology, then router broadcast this information to all other routers.

Advantages of Dynamic Routing:

o    It is easier to configure.

o    It is more effective in selecting the best route in response to the changes in the condition or topology.

Disadvantages of Dynamic Routing:

o    It is more expensive in terms of CPU and bandwidth usage.

o    It is less secure as compared to default and static routing.

How Do Routers Work?

Let's use a home wireless router connected to a cable provider's internet network in a very simplified example.

1. The router powers on and loads it's OS from flash
2. The router loads the configuration file last saved to NVRAM and sets up the network interfaces and routing protocols it will run.
3. The router adds the network address and subnet for each interface to it's routing table along with the name of the interface itself.
4. The router has a simple static default route to send all non-local data out the network port connected to the cable company.
5. When the router receives a web page request from your computer, it checks the destination IP address against its routing table.
6. The bits forming the destination IP address in the IP packet are used as a hash key to point to the correct route, which in turn points to the correct network interface that the packet should be forwarded out of.
7. The router transmits the packet out the correct interface, to the next router, which repeats the process until the packet reaches the destination.

Router Components & Parts

Since routers are just specialized computers, the have the same "parts" as other computers:

• Central Processing Unit (CPU)
• Flash Memory
• Non-Volitile RAM
• RAM
• Network Interfaces
• Console

1. Central Processing Unit:  Runs special software called an "operating system" such as JunOS on Juniper routers, or Cisco IOS (Nexus OS) for Cisco routers. The operating system manages the router's components and provies all the logical networking functions of the router.
2. Flash Memory is where the operating system is stored, and in this respect, is like the hard disk drive in your computer. If you use a Solid State Disk Drive (SSD), then your computer uses Flash RAM, just like the router does.
3. Non-Volitile RAM:  This is additional memory for storing the backup or startup version of the operating system being used. The router will boot from this memory and load all it's programs from here.
4. RAM: When the router starts up, the operating system is loaded into RAM. Once the router finishes starting up, it begins to calculate its own routes and, if configured to do so, learns network routes from other routers via RIP (v1 and v2), OSPF, EIGRP, IS-IS or BGP. RAM is also used for caching ARP tables, routing tables, routing metrics and other data that can speed up the process of forwarding of packets.
5. Network Interfaces:  Routers always have lots of network interfaces. The operating system contains 'drivers' that allow the operating sytem to access the network hardware in the interface modules. Routers will learn which networks are configured on which ports as they start up. After that, they will 'learn' routes from other routers they are connected to, and learn which interface to transmit packets on to reach a remote network destination.
6. Console:  Last, but not least, is the console. In "Ye Olden Days" managing and configuring a router was performed at the console of individual devices, as was most troubleshooting and diagnostics. Network certification exams will contain a large selection of questions on the configuration and troubleshooting commands you can issue from the console. However, manufacturers are rapidly doing away with a console on each device and building management systems for managing large numbers of network devices from a centralized location.

Figure: Router Parts

Figure: Router Internal Parts

Standard Router Ports

One of your first tasks in enabling your standard router ports is identifying and classifying the ports available on your router. You may find several ports on your router; these ports include the ones described in this list:

·         Aux port: This auxiliary port is used to connect a modem to the router, which can then be used to remotely modify the configuration on the router.

·         Attachment Unit Interface (AUI) port: Before the WIC became a standard for providing expansion through an add-on port, the AUI allowed transceivers to be used, providing you with the ability to add various types of network connections, such as fiber or copper Ethernet connections.

A transceiver is a small electronic device that converts electrical signals from the AUI specification on one side of the transceiver to that of the connection type on the other side of the transceiver. An AUI port is shown in the following figure.

·         Serial: Connects a modem or other serial device to allow a WAN network interface to be used on the router.

·         Ethernet/Fast Ethernet/Gigabit Ethernet: Standard network interfaces used to connect different network segments.

·         Console: Serial configuration port for command-line access to router management and configuration. Refer to Figure 3-1 to see the console port.

·         WAN Interface Card (WIC) port: Because a wide variety of WAN connectivity options are available (for example, T1, ISDN, ADSL), you can use this port to add different interfaces to a standard router.

·         Hardware WAN Interface Card (HWIC) port: With the integration of services into routers, the WIC interface became too limiting. The HWIC interface was created to support a wider variety of hardware expansion options, such as switches and service cards. This port is backward compatible with most older WIC hardware

Figure: Router Interface necessary cables

Figure: Router Parts and program mapping

Figure: Router Ports

Comparison between LAN port and WAN port:

 

	LAN Port	WAN Port
Full form	Local Area Network Port	Wide Area Network Port
Definition	A LAN port is used to connect the computers and other client machines.	A WAN port is used to establish a connection with an external network like the internet.
Number	Depends upon the type and make of the router.	Most routers have one WAN port

 

Routers are manufactured by some popular companies like −

• Cisco
• D-Link
• HP
• 3Com
• Juniper
• Nortel

Types of Routers

A variety of routers are available depending upon their usages. The main types of routers are −

·         Wireless Router − They provide WiFi connection WiFi devices like laptops, smartphones etc. They can also provide standard Ethernet routing. For indoor connections, the range is 150 feet while its 300 feet for outdoor connections.

·         Broadband Routers − They are used to connect to the Internet through telephone and to use voice over Internet Protocol (VoIP) technology for providing high-speed Internet access. They are configured and provided by the Internet Service Provider (ISP).

·         Core Routers − They can route data packets within a given network, but cannot route the packets between the networks. They helps to link all devices within a network thus forming the backbone of network. It is used by ISP and communication interfaces.

·         Edge Routers − They are low-capacity routers placed at the periphery of the networks. They connect the internal network to the external networks, and are suitable for transferring data packets across networks. They use Border Gateway Protocol (BGP) for connectivity. There are two types of edge routers, subscriber edge routers and label edge routers.

·         Brouters − Brouters are specialised routers that can provide the functionalities of bridges as well. Like a bridge, brouters help to transfer data between networks. And like a router, they route the data within the devices of a network.

Routes can be statically configured or dynamically learnt. One route can be configured to be preferred over others.

Unicast routing

Most of the traffic on the internet and intranets known as unicast data or unicast traffic is sent with specified destination. Routing unicast data over the internet is called unicast routing. It is the simplest form of routing because the destination is already known. Hence the router just has to look up the routing table and forward the packet to next hop.

Broadcast routing

By default, the broadcast packets are not routed and forwarded by the routers on any network. Routers create broadcast domains. But it can be configured to forward broadcasts in some special cases. A broadcast message is destined to all network devices.

Broadcast routing can be done in two ways (algorithm):

·        A router creates a data packet and then sends it to each host one by one. In this case, the router creates multiple copies of single data packet with different destination addresses. All packets are sent as unicast but because they are sent to all, it simulates as if router is broadcasting.

This method consumes lots of bandwidth and router must destination address of each node.

·        Secondly, when router receives a packet that is to be broadcasted, it simply floods those packets out of all interfaces. All routers are configured in the same way.

This method is easy on router's CPU but may cause the problem of duplicate packets received from peer routers.

Reverse path forwarding is a technique, in which router knows in advance about its predecessor from where it should receive broadcast. This technique is used to detect and discard duplicates.

Multicast Routing

Multicast routing is special case of broadcast routing with significance difference and challenges. In broadcast routing, packets are sent to all nodes even if they do not want it. But in Multicast routing, the data is sent to only nodes which wants to receive the packets.

The router must know that there are nodes, which wish to receive multicast packets (or stream) then only it should forward. Multicast routing works spanning tree protocol to avoid looping.

Multicast routing also uses reverse path Forwarding technique, to detect and discard duplicates and loops.

Anycast Routing

Anycast packet forwarding is a mechanism where multiple hosts can have same logical address. When a packet destined to this logical address is received, it is sent to the host which is nearest in routing topology.

Anycast routing is done with help of DNS server. Whenever an Anycast packet is received it is enquired with DNS to where to send it. DNS provides the IP address which is the nearest IP configured on it.

Unicast Routing Protocols

There are two kinds of routing protocols available to route unicast packets:

·         Distance Vector Routing Protocol

Distance Vector is simple routing protocol which takes routing decision on the number of hops between source and destination. A route with less number of hops is considered as the best route. Every router advertises its set best routes to other routers. Ultimately, all routers build up their network topology based on the advertisements of their peer routers,

For example Routing Information Protocol (RIP).

·         Link State Routing Protocol

Link State protocol is slightly complicated protocol than Distance Vector. It takes into account the states of links of all the routers in a network. This technique helps routes build a common graph of the entire network. All routers then calculate their best path for routing purposes.for example, Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (ISIS).

Multicast Routing Protocols

Unicast routing protocols use graphs while Multicast routing protocols use trees, i.e. spanning tree to avoid loops. The optimal tree is called shortest path spanning tree.

·        DVMRP  - Distance Vector Multicast Routing Protocol

·        MOSPF  - Multicast Open Shortest Path First

·        CBT  - Core Based Tree

·        PIM  - Protocol independent Multicast

Protocol Independent Multicast is commonly used now. It has two flavors:

·        PIM Dense Mode

This mode uses source-based trees. It is used in dense environment such as LAN.

·        PIM Sparse Mode

This mode uses shared trees. It is used in sparse environment such as WAN.

Routing Algorithms

The routing algorithms are as follows:

Flooding

Flooding is simplest method packet forwarding. When a packet is received, the routers send it to all the interfaces except the one on which it was received. This creates too much burden on the network and lots of duplicate packets wandering in the network.

Time to Live (TTL) can be used to avoid infinite looping of packets. There exists another approach for flooding, which is called Selective Flooding to reduce the overhead on the network. In this method, the router does not flood out on all the interfaces, but selective ones.

Shortest Path

Routing decision in networks, are mostly taken on the basis of cost between source and destination. Hop count plays major role here. Shortest path is a technique which uses various algorithms to decide a path with minimum number of hops.

Common shortest path algorithms are:

·        Dijkstra's algorithm

·        Bellman Ford algorithm

·        Floyd Warshall algorithm

 

Cisco Command Summary

• Cisco Router Configuration Commands - Lists how to enable and disable interfaces, add IP addresses to interfaces, enable RIP or IGRP and set passwords.
• Cisco Router Show Commands - Handy show commands to check on the status of interfaces.
• Cisco Router Basic Operations - Covers getting into and out of different modes. Also, some handy shortcut keys are included.
• Cisco Router Copy Commands - How to save and backup your router configuration and IOS file.
• Cisco Router Debug Commands - Some useful debug commands.

Cisco Router Configuration Commands

Requirement	Cisco Command
Set a console password to cisco	Router(config)#line con 0 Router(config-line)#login Router(config-line)#password cisco
Set a telnet password	Router(config)#line vty 0 4 Router(config-line)#login Router(config-line)#password cisco
Stop console timing out	Router(config)#line con 0 Router(config-line)#exec-timeout 0 0
Set the enable password to cisco	Router(config)#enable password cisco
Set the enable secret password to peter. This password overrides the enable password and is encrypted within the config file	Router(config)#enable secret peter
Enable an interface	Router(config-if)#no shutdown
To disable an interface	Router(config-if)#shutdown
Set the clock rate for a router with a DCE cable to 64K	Router(config-if)clock rate 64000
Set a logical bandwidth assignment of 64K to the serial interface	Router(config-if)bandwidth 64 Note that the zeroes are not missing
To add an IP address to a interface	Router(config-if)#ip addr 10.1.1.1 255.255.255.0
To enable RIP on all 172.16.x.y interfaces	Router(config)#router rip Router(config-router)#network 172.16.0.0
Disable RIP	Router(config)#no router rip
To enable IRGP with a AS of 200, to all interfaces	Router(config)#router igrp 200 Router(config-router)#network 172.16.0.0
Disable IGRP	Router(config)#no router igrp 200
Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops	Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5
Disable CDP for the whole router	Router(config)#no cdp run
Enable CDP for he whole router	Router(config)#cdp run
Disable CDP on an interface	Router(config-if)#no cdp enable

Cisco Router Show Commands

Requirement	Cisco Command
View version information	show version
View current configuration (DRAM)	show running-config
View startup configuration (NVRAM)	show startup-config
Show IOS file and flash space	show flash
Shows all logs that the router has in its memory	show log
View the interface status of interface e0	show interface e0
Overview all interfaces on the router	show ip interfaces brief
View type of serial cable on s0	show controllers 0 (note the space between the 's' and the '0')
Display a summary of connected cdp devices	show cdp neighbor
Display detailed information on all devices	show cdp entry *
Display current routing protocols	show ip protocols
Display IP routing table	show ip route
Display access lists, this includes the number of displayed matches	show access-lists
Check the router can see the ISDN switch	show isdn status
Check a Frame Relay PVC connections	show frame-relay pvc
show lmi traffic stats	show frame-relay lmi
Display the frame inverse ARP table	show frame-relay map

Cisco Router Basic Operations

Requirement	Cisco Command
Enter privileged mode	enable
Return to user mode from privileged	disable
Exit Router	Logout or exit or quit
Recall last command	up arrow or <Ctrl-P>
Recall next command	down arrow or <Ctrl-N>
Suspend or abort	<Shift> and  <Ctrl> and 6 then x
Refresh screen output	<Ctrl-R>
Complete Command	TAB

Cisco Router Copy Commands

Requirement	Cisco Command
Save the current configuration from DRAM to NVRAM	copy running-config startup-config
Merge NVRAM configuration to DRAM	copy startup-config running-config
Copy DRAM configuration to a TFTP server	copy runing-config tftp
Merge TFTP configuration with current router configuration held in DRAM	copy tftp runing-config
Backup the IOS onto a TFTP server	copy flash tftp
Upgrade the router IOS from a TFTP server	copy tftp flash

Cisco Router Debug Commands

Requirement	Cisco Command
Enable debug for RIP	debug ip rip
Enable summary IGRP debug information	debug ip igrp events
Enable detailed IGRP debug information	debug ip igrp transactions
Debug IPX RIP	debug ipx routing activity
Debug IPX SAP	debug IPX SAP
Enable debug for CHAP or PAP	debug ppp authentication
Switch all debugging off	no debug all undebug all

 

Cisco Router modes

A router is a layer 3 device used to forward packet from one network to another. It forwards the packet through one of its port on the basis of destination IP address and the entry in the routing table. By using routing table, it finds an optimised path between the source and destination network.

Let’s discuss about about Cisco router different modes.

Cisco IOS supports various command modes, among those followings are the main command modes.

• User EXEC Mode
• Privileged EXEC Mode
• Global Configuration Mode
• Interface Configuration Mode
• Sub Interface Configuration Mode
• Setup Mode
• ROM Monitor Mode

·         Following table lists essential commands to navigate between different IOS modes.

Mode	Prompt	Command to enter	Command to exit
User EXEC	Router >	Default mode after booting. Login with password, if configured.	Use exit command
Privileged EXEC	Router #	Use enable command from user exec mode	Use exit command
Global Configuration	Router(config)#	Use configure terminal command from privileged exec mode	Use exit command
Interface Configuration	Router(config-if)#	Use interface type number command from global configuration mode	Use exit command to return in global configuration mode
Sub-Interface Configuration	Router(config-subif)	Use interface type sub interface number command from global configuration mode or interface configure mode	Use exit to return previous mode. Use end command to  return in privileged exec mode.
Setup	Parameter[Parameter value]:	Router will automatically insert in this mode if running configuration is not present	Press CTRL+C to abort. Type  yes to save configuration, or no to exit without saving  when asked in the end of setup.
ROMMON	ROMMON >	Enter reload command from privileged exec mode. Press CTRL + C key combination during the first 60 seconds of booting process	Use exit command.

Configuration example–
The user execution mode:

router>

Entering into privilege mode from user execution mode:

router>enable

router# 

Exiting from privilege mode to user execution mode:

router#disable

router>

Entering in global configuration mode from privilege mode:

router#configure terminal

router(config)#

Exiting from global configuration mode to privilege mode:

router(config)#exit

router#

Entering into interface mode from global configuration mode. here we have to specify the router’s interface.

router(config)#interface fa0/0

router(config-if)#

Exiting from interface mode to global configuration mode.

router(config-if)#exit

router(config)#

Exiting from interface mode to privilege mode.

router(config-if)#end

router#

Entering into ROMMON mode from privilege mode.

router#reload

 Backing up Cisco IOS Router image

As a network administrator, you should always have a backup for worse conditions. One of the common worse condition that can occur is IOS image of a device deleted.This condition gets more worse if there is no backup of IOS image present.

So to ignore conditions like these, backup should be must and here we will take a Cisco IOS image backup on TFTP server.

Trivial File Transfer Protocol (TFTP) –
TFTP is a simple file transfer protocol which is either used to put or get a file from a remote host. It uses UDP port number 69.
But TFTP is used where no authentication and control is required. Also, it takes less overhead. While on the other hand, it is less interactive than FTP. Therefore, according to the need, FTP or TFTP is used.

Configuration –

Here is a simple topology in which there is a router (for which we will take IOS backup) and a TFTP server. Router has IP address 10.1.1.1/24 and TFTP server has IP address 10.1.1.2/24.

Note –
Before taking IOS backup, make sure Tftp server and router is able to ping each other.

As shown in the figure, we see a IOS image file in flash (.bin file) by command:

router#show flash

Now, we will copy this file to our Tftp server by command:

router#copy flash: tftp:

Source filename[]? c1841-advipservicesk9-mz.124-15.T1.bin

Address or name of remote host []? 10.1.1.2

Destination filename [c1841-advipservicesk9-mz.124-15.T1.bin]? routerios 

Now, as we can see in the above image it is asking for source filename, Address of remote host and destination filename.

·         Source filename – It is the name of IOS image file.here, it is named as c1841-advipservicesk9-mz.124-15.T1.bin (shown in flash).

·         Address or name of remote host – It is the IP address of the TFTP server.In our scenario, it is 10.1.1.2.

·         Destination filename – It is the name of the destination file that will be put in the TFTP server.Here,we have named it as routerios.

 

 

As shown in the above figure, the file has been as copied to tftp server.
Now, we will delete the IOS image from the router:

router(config)#delete flash:

Note –
Now, as the file is deleted still the router is running because the IOS has already been loaded into RAM. Therefore, when we will reload the router, it will enter ROMMON mode.

Therefore,now to copy the IOS file from tftp server we will use the command:

rommon 1>tftpdnld

Now, as soon as we type this command, we see that the parameters which we have to enter next.

ROMMON 2>IP_ADDRESS=10.1.1.1

ROMMON 3>IP_SUBNET_MASK=255.255.255.0

ROMMON 4>DEFAULT_GATEWAY=10.1.1.2

ROMMON 5>TFTP_SERVER=10.1.1.2

ROMMON 6>TFTP_FILE=routerios

·         IP_ADDRESS – It is the IP address we want to give to our router’s interface fa0/0 but remember this IP address should be of the same subnet. Here, we have provided 10.1.1.1 on the router’s interface.

·         IP_SUBNET_MASK – This is the subnet mask which we want to give it to the router’s interface IP address which is 255.255.255.0 in our scenario.

·         DEFAULT_GATEWAY – Here, we have to give the default gateway for that router’s interface IP address.
Here, notice that our TFTP server is directly connected to router’s interface therefore we can give TFTP server’s IP address which have given as 10.1.1.2 but if there is any router in between TFTP server and router then we have to give the default gateway IP address of the router.

·         TFTP_server – This command requires the IP address of the TFTP server which is 10.1.1.2 in our scenario.

·         TFTP_FILE – It is the name of the file which we have saved on the TFTP server. In our scenario, we have given the name as routerios.bin.

After we have entered these commands, we will again enter the command tftpdnld.

After that it will ask us to continue say yes (as shown in the figure) if we have entered the right parameters otherwise enter no and again specify the correct parameters.

ROMMON 7>reset

After that just enter command reset to reload the router.

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

 

Basic Configuration Commands
Command	Purpose
enable	Logs you into enable mode, which is also known as user exec mode or privileged mode
configure terminal	Logs you into configuration mode
interface fastethernet/number	Enters interface configuration mode for the specified fast ethernet interface
reload	An exec mode command that reboots a Cisco switch or router
hostname name	Sets a host name to the current Cisco network device
copy from-location to-location	An enable mode command that copies files from one file location to another
copy running-config startup-config	An enable mode command that saves the active config, replacing the startup config when a Cisco network device initializes
copy startup-config running-config	An enable mode command that merges the startup config with the currently active config in RAM
write erase erase startup-config	An enable mode command that deletes the startup config
ip address ip-address mask	Assigns an IP address and a subnet mask
shutdown no shutdown	Used in interface configuration mode. “Shutdown” shuts down the interface, while “no shutdown” brings up the interface.
ip default-gateway ip_address	Sets the default gateway on a Cisco device
show running-config	An enable mode command that displays the current configuration
description name-string	A config interface command to describe or name an interface
show running-config interface interface slot/number	An enable mode command to display the running configuration for a specific interface
show ip interface [type number]	Displays the usability status of interfaces that are configured for IP
ip name-server serverip-1 serverip-2	A configure mode command that sets the IP addresses of DNS servers
Troubleshooting Commands
ping {hostname | system-address} [source source-address]	Used in enable mode to diagnose basic network connectivity
speed {10 | 100 | 1000 | auto}	An interface mode command that manually sets the speed to the specified value or negotiates it automatically
duplex {auto | full | half}	An interface mode command that manually sets duplex to half, full or auto
cdp run no cdp run	A configuration mode command that enables or disables Cisco Discovery Protocol (CDP) for the device
show mac address-table	Displays the MAC address table
show cdp	Shows whether CDP is enabled globally
show cdp neighbors[detail]	Lists summary information about each neighbor connected to this device; the “detail” option lists detailed information about each neighbor
show interfaces	Displays detailed information about interface status, settings and counters
show interface status	Displays the interface line status
show interfaces switchport	Displays a large variety of configuration settings and current operational status, including VLAN trunking details.
show interfaces trunk	Lists information about the currently operational trunks and the VLANs supported by those trunks
show vlan show vlan brief	Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks
show vtp status	Lists the current VTP status, including the current mode
Routing and VLAN Commands
ip routenetwork-number network-mask {ip-address | interface}	Sets a static route in the IP routing table
router rip	Enables a Routing Information Protocol (RIP) routing process, which places you in router configuration mode
network ip-address	In router configuration mode, associates a network with a RIP routing process
version 2	In router configuration mode, configures the software to receive and send only RIP version 2 packets
no auto-summary	In router configuration mode, disables automatic summarization
default-information originate	In router configuration mode, generates a default route into RIP
passive-interface interface	In router configuration mode, sets only that interface to passive RIP mode. In passive RIP mode, RIP routing updates are accepted by, but not sent out of, the specified interface.
show ip rip database	Displays the contents of the RIP routing database
ip nat [inside | outside]	An interface configuration mode command to designate that traffic originating from or destined for the interface is subject to NAT
ip nat inside source {list{access-list-number | access-list-name}} interface type number[overload]	A configuration mode command to establish dynamic source translation. Use of the “list” keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The “overload” option enables the router to use one global address for many local addresses.
ip nat inside source static local-ip global-ip	A configuration mode command to establish a static translation between an inside local address and an inside global address
vlan	Creates a VLAN and enters VLAN configuration mode for further definitions
switchport access vlan	Sets the VLAN that the interface belongs to.
switchport trunk encapsulation dot1q	Specifies 802.1Q encapsulation on the trunk link.
switchport access	Assigns this port to a VLAN
vlan vlan-id [name vlan-name]	Configures a specific VLAN name (1 to 32 characters)
switchport mode { access | trunk }	Configures the VLAN membership mode of a port. The access port is set to access unconditionally and operates as a non-trunking, single VLAN interface that sends and receives non-encapsulated (non-tagged) frames. An access port can be assigned to only one VLAN. The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.
switchport trunk {encapsulation { dot1q }	Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port.
encapsulation dot1q vlan-id	A configuration mode command that defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance
DHCP Commands
ip address dhcp	A configuration mode command to acquire an IP address on an interface via DHCP
ip dhcp pool name	A configuration mode command to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode
domain-name domain	Used in DHCP pool configuration mode to specify the domain name for a DHCP client
network network-number [mask]	Used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server
ip dhcp excluded-address ip-address [last-ip-address]	A configuration mode command to specify IP addresses that a DHCP server should not assign to DHCP clients
ip helper-address address	An interface configuration mode command to enable forwarding of UDP broadcasts, including BOOTP, received on an interface
default-router address[address2 ... address8]	Used in DHCP pool configuration mode to specify the default router list for a DHCP client
Security Commands
passwordpass-value	Lists the password that is required if the login command (with no other parameters) is configured
username name password pass-value	A global command that defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used.
enable password pass-value	A configuration mode command that defines the password required when using the enable command
enable secretpass-value	A configuration mode command that sets this Cisco device password that is required for any user to enter enable mode
service password-encryption	A configuration mode command that directs the Cisco IOS software to encrypt the passwords, CHAP secrets, and similar data saved in its configuration file
ip domain-name name	Configures a DNS domain name
crypto key generate rsa	A configuration mode command that creates and stores (in a hidden location in flash memory) the keys that are required by SSH
transport input {telnet | ssh}	Used in vty line configuration mode, defines whether Telnet or SSH access is allowed into this switch. Both values can be specified in a single command to allow both Telnet and SSH access (default settings).
access-list access-list-number {deny | permit} source [source-wildcard] [log]	A configuration mode command that defines a standard IP access list
access-class	Restricts incoming and outgoing connections between a particular vty (into a basic Cisco device) and the addresses in an access list
ip access-list {standard | extended} {access-list-name | access-list-number}	A configuration mode command that defines an IP access list by name or number
permit source [source-wildcard]	Used in ACL configuration mode to set conditions to allow a packet to pass a named IP ACL. To remove a permit condition from an ACL, use the “no” form of this command.
deny source [source-wildcard]	Used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the “no” form of this command.
ntp peer <ip-address>	Used in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peer
switchport port-security	Used in interface configuration mode to enable port security on the interface
switchport port-security maximum maximum	Used in interface configuration mode to set the maximum number of secure MAC addresses on the port
switchport port-security mac-address {mac-addr | {sticky [mac-addr]}}	Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface.
switchport port-security violation {shutdown | restrict | protect}	Used in interface configuration mode to set the action to be taken when a security violation is detected
show port security [interface interface-id]	Displays information about security options configured on the interface
Monitoring and Logging Commands
logging ip address	Configures the IP address of the host that will receive the system logging (syslog) messages
logging trap level	Used in configuration mode to limit messages that are logged to the syslog servers based on severity. Specify the number or name of the desired severity level at which messages should be logged.
show logging	Enable mode command that displays the state of system logging (syslog) and the contents of the standard system logging buffer.
terminal monitor	An enable mode command that tells Cisco IOS to send a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command

Cisco Router basic commands

A router is a layer 3 device used to forward packet from one network to another. It forwards the packet through one of its port on the basis of destination IP address and the entry in the routing table. By using routing table, it finds an optimised path between the source and destination network.

Here, we will talk about Cisco router basic commands like assigning IP address to an interface, bringing up an interface, applying enable and secret password.

Administrative Configuration:

Giving hostname to router –
It is used to set a name to a device stating an identity to a device. This is important as these hostname are used in WAN for authentication purpose.
We can set the hostname as:

router(config)#hostname GeeksforGeeksrouter

GeeksforGeeksrouter(config)#

Applying banner – These are specifically used to give a small security notice to the user who wants to access the router. We can customize it According to our need as like asking for credentials needed for the login.

  Types of banner are:

1.      banner motd –

2.      GeeksforGeeksrouter(config)#banner motd #

3.      Enter Text message. End with character '#'

$ No unauthorised access allowed. Enter your credentials!! #

Here motd means message of the day and # means delimiter i.e message should end with the symbol provided. This message will be shown while entering into the router’s user execution mode

4.      Exec banner – It will be displayed on the screen when the user will login through the VTY lines.

5.      Login banner – This banner will be displayed after the banner motd but before the login.

These banners are used to make login interactive.

Setting password –
There are five passwords used to secure a cisco device:

1.      enable password – The enable password is used for securing privilege mode. This password will be shown in clear text by command “show running-configuration”. These are replaced by secret password nowadays.

router(config)#enable password GeeksforGeeks 

2.      Enable secret password – This is also used for securing privilege mode but the d the difference is that it will be displayed as cipher in “show running-configuration”. This password will override the enable password if both passwords are set.

router(config)#enable secret GeeksforGeeks 

3.      line console password – When a user will take access through console port then this password will be asked.

4.      router(config)#line console 0

5.      router(config-line)#password GeeksforGeeks 

router(config-line)#login

6.      line VTY password – When a user want to access a router through VTY lines (telnet or ssh) then this password will be asked.
Following configuration is shown for telnet password.

7.      router(config)#line VTY 0 4

8.      router(config-line)#password GeeksforGeeks 

router(config-line)#exit

9.      auxiliary password – This password will secure the aux port.

10.  router(config)#line aux 0

11.  router(config-line)#password GeeksforGeeks 

router(config-line)#login

 

Assigning IP address to a router’s interface –
As we know router is a layer 3 device therefore every port of a router should have an IP address to work. By default, a router’s port has no IP address and its line protocol is also down.

router(config)#interface fa0/0

router(config-if)#ip address 192.168.1.1 255.255.255.0

router(config-if)#no shut

Here first we have to specify the router’s interface on which we want to give an IP address. Then we will enter interface mode where we will give an IP address as shown followed by its subnet mask (255.255.255.0).Then, we have made the router port administratively up by no shut command.

Copying and erasing configuration –
We can manually copy the running-configuration (configuration in RAM) to startup-configuration (configuration in NVRAM). Therefore, when the next time router will boot up, it will load the configuration that we have copied (as by default the configuration of NVRAM is loaded).

router#copy running-config startup-config

To erase the configuration of NVRAM, use the command

router#erase startup-config

Switch  Tutorial

Switch – A switch is a multiport bridge with a buffer and a design that can boost its efficiency(a large number of ports imply less traffic) and performance. A switch is a data link layer device. The switch can perform error checking before forwarding data, that makes it very efficient as it does not forward packets that have errors and forward good packets selectively to correct port only.  In other words, switch divides collision domain of hosts, but broadcast domain remains same. 

Switch functions at layer 2
Switch is a layer 2 device which works on the basis of MAC address (physical address) of a device. Switch mainly performs these functions:

1.      Learning – The switch learns the MAC address of the device on the switch port on which it receives the frame.

2.      Forwarding – The switch does 2 types of message forwarding:
(a) Unicast: The switch unicast the frame to the destination only when it has an entry for destination MAC address in its MAC address table.
(b) Unknown Unicast: When a switch receives a unicast frame for a destination for which switch has no entry in its MAC table then the switch simply broadcast the frame through all ports. This is known as flooding.

3.      Filtering – The frame will be forwarded through that switch port only for which the switch has already learned the MAC address in its MAC table.

4.      Loop avoidance – For redundancy, two switches are connected to each other through two links which can also result in layer 2 loops. These loops are avoided by switch by using STP(Spanning tree protocol) protocol.

Note – An entry in the switch MAC table, also known as CAM (Content Addressable Memory), can remain upto for 300 seconds. When a frame is received for a destination MAC address, the time limit of 300 seconds gets reset. MAC table has 4 entries:

·         Port Number – The switch port attached to the destination MAC.

·         MAC Address – MAC address of that host which is attached to that switch port.

·         Type – It tells us about how the switch has learned the MAC address of the host i.e static or dynamic. If the entry is added manually the it will be static otherwise it will be dynamic.

·         VLAN –It tells about to which Vlan the host, attached to that switch port, belongs to.

 

Types of switches in Computer Network
Switches are the connectivity points of an Ethernet network. These are small devices that can receive data from multiple input ports and send it to the specific output port that takes data to its intended destination in the network. There are different types of switches in a network. These are:

1)      Unmanaged switches –
These are the switches that are mostly used in home networks and small businesses as they plug-in and instantly start doing their job and such switches do not need to be watched or configured. These require only small cable connections. It allows devices on a network to connect with each other such as a computer to a computer or a computer to a printer in one location. They are the least expensive switches among all categories.

2)      Managed switches –
These type of switches have many features like the highest levels of security, precision control and full management of the network. These are used in organisations containing a large network and can be customized to enhance the functionality of a certain network. These are the most costly option but their scalability makes them an ideal option for a network that is growing. They are achieved by setting a simple network management protocol(SNMP).
They are of two types:

a)      Smart switches:
These switches offer basic management features with the ability to create some levels of security but have a simpler management interface than the other managed switches. Thus they are often called partially managed switches. These are mostly used in fast and constant LANs which support gigabit data transfer and allocations.It can accept configuration of VLANs (Virtual LAN).

b)      Enterprise managed switches:
They have features like ability to fix, copy, transform and display different network configurations along with a web interface SNMP agent and command line interface. These are also known as fully managed switches and are more expensive than the smart switches as they have more features that can be enhanced. These are used in organisations that contain a large number of ports, switches and nodes.

a).    

3)      LAN switches –
These are also known as Ethernet switches or data switches and are used to reduce network congestion or bottleneck by distributing a package of data only to its intended recipient. These are used to connect points on a LAN.

4)      PoE switches –
PoE switches are used in PoE technology which stands for power over Ethernet that is a technology that integrates data and power on the same cable allowing power devices to receive data in parallel to power.Thus these switches provide greater flexibility by simplifying the cabling process.

 

Before We Begin: Know What Hardware You’re Using and Download PuTTY 

The first step is to check what hardware you’re using before you begin. If you’re using a Cisco switch you need to know what model you have. You also want to check the physical state of the device and verify that none of the cables are damaged. You can turn the router on to make sure there is no damage to the lighting/indicators.

Now that you’ve made sure the device is in working order you’re ready to start configuring. In this guide, we’re going to configure a Cisco switch through the command-line interface (CLI) with the open-source SSH/Telnet client PuTTY (although you can use another tool if you prefer). If for any reason putty is not an option for your setup, you can get similar results with a PuTTY alternative.

1. Connect the Switch to PuTTY

To start configuration, you want to connect the switch console to PuTTY. You can do this by doing the following:

1. Connect the switch to PuTTY with a 9-pin serial cable.
2. Now open PuTTY and the PuTTY Configuration window will display. Go to the Connection type settings and check the Serial option (shown below).

3. Go to the Category list section on the left-hand side and select the Serial option.
4. When the options controlling local serial lines page displays enter the COM port your network is connected to in the Serial line to connect to box e.g. COM1.
5. Next, enter the digital transmission speed of your switch model. For 300 and 500 Series Managed Switches, this is 115200.
6. Go to the Data bits field and enter 8.
7. Now go to the Stops bits field and enter 1.
8. Click on the Parity drop-down menu and select the None option.
9. Go to the Flow Control drop-down menu and select the None option.

Save Your Settings and Start the PuTTY CLI

To save your PuTTY settings for your next session do the following:

1. Click on the Session option from the Category list on the left-hand side of the page.
2. Go to the Saved Session field and enter a name for your settings e.g. Comparitech.
3. Click the Save button to store the settings.
4. Press the Open button at the bottom of the page to launch the CLI.

The following message will display in the command prompt:

Switch>

2. Enter Privileged EXEC Mode and Set a Hostname for the Switch

Type in the enable command to enter privileged EXEC mode (you don’t need a password at this stage because you’re under the default configurations which don’t have one!):

Enable 

Next, enter Global Configuration Mode and enter the following command:

Switch# configure terminal 

Switch(config)#

You can make the switch easier to locate in the network by assigning a hostname. Enter the following command to assign a hostname:

Switch(config)# hostname access-switch1 

access-switch1(config)#

3. Assign a Password to the Switch

Once you’ve assigned a hostname you will want to create a password to control who has access to the privileged EXEC mode (to prevent everyone from being able to log in). To assign an administrator password to enter the following command:

access-switch1(config)# enable secret COMPARI7ECH

Remember to pick a strong password so that it’s harder to figure out.

4. Configure Telnet and Console Access Passwords

The next step is to configure passwords for Telnet and console access. Configuring passwords for these is important because it makes your switch more secure. If someone without authorization gains telnet access then it puts your network at serious risk. You can configure passwords by entering the following lines (See the top paragraph for Telnet and the bottom paragraph for Console access).

Telnet

access-switch1(config)# line vty 0 15

 

access-switch1(config-line)# password COMPARI7ECH

 

access-switch1(config-line)# login

 

access-switch1(config-line)# exit

 

access-switch1(config)#

Console

access-switch1(config)# line console 0

 

access-switch1(config-line)# password COMPARI7ECH 

 

access-switch1(config-line)# login

 

access-switch1(config-line)# exit

 

access-switch1(config)#

5. Configure IP Addresses With Telnet Access

The next step is to decide which IP addresses will have access to Telnet, and add them with the PuTTY CLI. To select permitted IP’s enter the following command (replace the listed IPs with the IPs of the components you want to grant permission to):

access-switch1(config)# ip access-list standard TELNET-ACCESS

 

access-switch1(config-std-nacl)# permit 216.174.200.21

 

access-switch1(config-std-nacl)# permit 216.174.200.21

 

access-switch1(config-std-nacl)# exit

You can also configure your network’s access control lists (ACLs) to virtual terminal (VTY) lines. ACLs ensure that only the administrator can connect to the router through Telnet.

access-switch1(config)# line vty 0 15

 

access-switch1(config-line)# access-class TELNET-ACCESS in

 

access-switch1(config-line)# exit

 

access-switch1(config)#

6. Configure a Network Management IP address (or Management Interface)

Next, you need to configure a network management IP address. Switches don’t come with an IP address by default, meaning that you can’t connect to it with Telnet or SSH. To solve this problem you can select a virtual LAN(VLAN) on the switch and create a virtual interface with an IP address. You can do this by entering the following command:

access-switch1(config)# interface vlan 1

 

access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0

 

access-switch1(config-if)# exit

 

access-switch1(config)#

The new IP management address is located in VLAN1, which other computers will now use to connect.

7. Assign a Default Gateway to the Switch

At this stage, you want to assign a default gateway to the switch. The default gateway is essentially the address of the router that the switch will be communicating with. If you don’t configure a default gateway then VLAN1 will be unable to send traffic to another network. To assign the default gateway, enter the command below (change the IP address to that of your router).

access-switch1(config)# ip default-gateway 10.1.1.254

8. Disable Unused Open Ports

As a best practice, it is a good idea to disable any unused open ports on the switch. Cybercriminals often use unsecured ports as a way to breach a network. Closing these ports down reduces the number of entry points into your network and makes your switch more secure. Enter the range of ports you want to close by entering the following command (you would change 0/25-48 to the ports that you want to close):

access-switch1(config)# interface range fe 0/25-48

 

access-switch1(config-if-range)# shutdown

 

access-switch1(config-if-range)# exit

 

access-switch1(config)#

9. Save Your System Configuration Settings

Once you’ve finished configuring the router it’s time to save your system configuration. Saving the configuration will make sure that your settings are the same when you open up your next session. To save enter the following command:

access-switch1(config)# exit

access-switch1# wr

Always remember to save any changes to your settings before closing the CLI.

10. Configure NetFlow to Manage Your Cisco Switch (Optional)

It is also a good idea to use a network traffic analyzer to monitor network traffic. As a Cisco device, your switch will have the communication protocol NetFlow. However, it must be configured first. You can configure NetFlow by completing the four steps below. Before we begin, enter Global Configuration Mode by executing the following command:

Switch# configure terminal 

Create a flow record

1. The first step is to create a flow record (you can change the name). You can do this by entering the following command:

#flow record Comparitechrecord

2. After you’ve entered the previous command you need to set the IPv4 source address, IPv4 destination address, iPv4 protocol, transport source-port, transport destination-port, IPv4 dos, interface input, and interface output. You can do this by entering the following command:

Switch# match ipv4 source address 

 

Switch# match ipv4 destination address 

 

Switch# match ipv4 protocol 

 

Switch# match transport source-port 

 

Switch# match transport destination-port 

 

Switch# match ipv4 tos 

 

Switch# match interface input 

Switch# collect interface output 

3.      To finish configuring the flow record and define the type of data you’re going to collect, enter the following switch configuration commands:

Switch# collect interface output 

Switch# collect counter bytes 

Switch# collect counter packets 

Switch# collect timestamp sys-uptime first 

Switch# collect timestamp sys-uptime last 

Create the Flow Exporter

1. You must now create the flow exporter to store the information that you want to export to an external network analyzer. The first step is to name the flow exporter:

Switch# flow exporter Comparitechexport

2. Enter the IP address of the server your network analyzer is on (Change the IP address):

Switch# destination 117.156.45.241

3. Configure the interface that you want to export packets with:

Switch# destination source gigabitEthernet 0/1 

4. Configure the port that the software agent will use to listen for network packets:

Switch# transport UDP 2055 

5. Set the type of protocol data that you’re going to export by entering this command:

Switch# export-protocol netflow-v9 

6. To make sure there are no gaps in when flow data is sent enter the following command:

Switch# template data timeout 60 

Create a Flow Monitor

1. Once you’ve configured the flow exporter it is time to create the flow monitor. Create the flow monitor with the following command:<

Switch# flow monitor Comparitechmonitor

2. Associate the flow monitor with the flow record and exporter we configured earlier:

Switch# record Comparitechrecord 

Switch# exporter Comparitechexport

3. To make sure that flow information is collected and normalized without a delay, enter the following command:

Switch# cache timeout active 60 

Switch# cache timeout inactive 15 

4. Enter the exit command:

Switch# exit 

5. You need to input the interfaces that will collect the NetFlow data. If this is an ethernet interface you would enter the following:

Switch# interface gigabitEthernet 0/1

6. Use the following command to configure NetFlow on multiple interfaces (the input command will still collect data in both directions):

Switch# ip flow monitor Comparitechmonitor input 

7. If you want to collect NetFlow data on only one interface then you must use the input and output command. So you would enter the following:

Switch# ip flow monitor Comparitechmonitor input 

Switch# ip flow monitor Comparitechmonitor output 

8. Exit configuration mode by entering the following command:

Switch# exit 

9. Save your settings to finish.

Configure a Cisco Switch for Peace of Mind! 

Configuring a Cisco switch properly means your network can make connections efficiently. Completing simple tasks like configuring passwords and creating network access lists controls who can access the switch can enable you to stay secure online. Incomplete or incorrect configurations are a vulnerability that attackers can exploit.

Configuring a Cisco switch is only half the battle, you also have to regularly monitor its status. Any performance issues with your switch can have a substantial impact on your users.

Using a network monitoring tool and network analyzer can help you to monitor switches remotely and review performance concerns. Taking the time out of your day to configure a switch and assign strong passwords gives you peace of mind so that you can communicate safely online.

Cisco Switches FAQs

⚙How to configure a trunk port on a Cisco 2960 switch?

To configure a trunk port on a Cisco 2960 switch:

1. Enter configuration mode:

configure terminal

2. Specify the port to use:

interface <interface-id>

3. Configure the port as a Layer 2 trunk:

switchport mode {dynamic {auto | desirable} | trunk}

These options mean:

• dynamic auto – The Default. Creates a trunk link if the neighboring interface is set to trunk or desirable mode.
• dynamic desirable – Creates a trunk link if the neighboring interface is set to trunk, desirable, or auto mode.
• trunk – Sets the interface in permanent trunking mode.

4. Specify a default VLAN to use for back up. This is optional:

switchport access vlan <vlan-id>

5. Specify the native VLAN:

switchport trunk native vlan <vlan-id>

6. Exit the config mode:

end

🤔How do I set a static IP on a Cisco switch?

A problem with the GUI interface of Cisco switches makes it impossible to assign a static IP address to an interface. Follow these steps for a workaround:

1. Create a text file on your PC. It doesn’t matter where you save it or what you call it, but make sure you remember where it is. Substitute real values for the tokens shown in angle brackets (<>) below. The text in the file should be:

Config t

Interface <VLAN ID>

No ip address DHCP

Y

No ip address <old IP address>

IP address <new IP address> <subnet mask>

Exit

IP default-gateway <gateway IP address>

2. Access the admin menu of the switch for Switch Management.
3. In the menu, click on Administration, then File Management, and then select File Operations.
4. In the File Operations screen, set the following:

• Operation Type: Update File
• Destination File Type: Running Configuration
• Copy Method: HTTP/HTTPS
• File Name: (Browse to select the file you created on your PC).

5. Click on Apply.

These steps will create a static IP address, which you can check by going from the main menu to IP Configuration > IPv4 Interface.

 

Cisco Switch Configuration basic commands

A switch is a layer 2 device used to forward packet from one device to another within the network. It forwards the packet through one of its ports on the basis of destination MAC address and the entry in the MAC table.

Following basic commands are used to configure a new switch :

1. Changing the hostname of a switch to GfgSwitch :

It is used to set the name of the device.

switch(config)#hostname GfgSwitch

GfgSwitch(config)#

2. To add a banner message :

It provides a short message to the user who wants to access the switch.

GfgSwitch(config)#banner motd &

Enter Text message. End with character '&'

$ This is GeeksforGeeks floor Switch &

3. To set IP address in Switch :

IP address is the address of device in network.

GfgSwitch(config)#interface vlan1

GfgSwitch(config-if)#ip address 172.16.10.1 255.255.255.0

GfgSwitch(config-if)#exit

GfgSwitch(config)#ip default-gateway 172.16.10.0

4. To set the current clock time :

This is set the current time stored in the switch.

GfgSwitch#clock set 3:03:14 June 25 2020

5. Apply password protection (enable password, secret password, console password and vty password) :

·         Enable password :

The enable password is used for securing privilege mode.

GfgSwitch(config)#enable password GFGGFG

·         Enable secret password :

This is also used for securing privilege mode but the difference is that it will be displayed as ciphertext(***) on the configuration file.

GfgSwitch(config)#enable secret GFGGFG

·         Line console password :

When a person will take access through console port then this password will be asked.

GfgSwitch(config)#line console 0

GfgSwitch(config-line)#password GFG

GfgSwitch(config-line)#login

·         Line VTY password :

When a person want to access a router through VTY lines (telnet or ssh) then this password will be asked.

GfgSwitch(config)#line VTY 0 2

GfgSwitch(config-line)#password GFGGFG

GfgSwitch(config-line)#exit

6. Copy to startup-configuration file from running-configuration file :

GfgSwitch#copy running-config startup-config

7. To watch startup-configuration file and running-configuration file :

GfgSwitch#show startup-config

GfgSwitch#show running-config

8. Clear mac address table :

Switch stores MAC addresses in MAC address table

GfgSwitch#clear mac address-table

Connect a cisco switch in web with GUI mode for configuration:

Step by step:

Step 1: First know your cisco switch default username, password and ip address.

Example, The majority of Cisco switch have a default username of cisco, a default password of cisco ( or default username of admin, a default password of admin/[none]) , and the default IP address of 192.168.1.254 or 192.168.1.1

Step 2: Make sure your computer with same network static IP address (necessarily disable DHCP/automatic obtaining IP address).

               Example, any of between 192.168.1.2 to 192.168.1.253

Step 3: Connect Ethernet cable with straight through connection in PC RJ-45 Ethernet port and any of switch Ethernet port.

Step 4: Open browser in pc and type default IP address of switch/router in URL.

Step 5: Enter default username, password, and then go to web GUI menu for configuration.

Troubleshoot Your Connection:

If you cannot access your switch from the web-based interface, the switch may not be reachable from your computer. You can test network connections by using ping on a computer running Windows:

STEP 1 Open a command window by using Start > Run and enter cmd.

STEP 2 At the Command window prompt enter ping and the managed

switch IP address. For example ping 192.168.1.254 (the

default static IP address of the managed switch).

If you can reach the switch, you should get a reply similar to the following:

    Pinging 192.168.1.254 with 32 bytes of data:

    Reply from 192.168.1.254: bytes=32 time<1ms TTL=128

If you cannot reach the switch, you should get a reply similar to the following:

    Pinging 192.168.1.254 with 32 bytes of data:

    Request timed out.

Overview of VLANs

A VLAN is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

Create Vlans on switch

Method 1

Switch>enable

Switch#sh vlan brief

#vlan database

(vlan)#vlan 55 name Sales

(vlan)#vlan 80 name HR

(vlan)#Exit

%Check if apply completed or not%

-----------------
Method 2

Switch#conf t

(config)#vlan 425

(config-vlan)#name Accounts

exit

(config)#vlan 600

(config-vlan)#name Manager

exit

--------------------------
Assigning Members

Switch#conf t

(config)#int fa0/5

(config-if)#switchport access vlan 55

exit

(config)#int fa0/22

(config-if)#switchport access vlan 80

exit

Assigning Range of Members

(config)#interface range int fa0/10 - 15 , fa0/17, fa0/24

(config-range)#switchport access vlan 600

------------------------------
To verify

Switch#sh vlan brief

Before Deleting the VLANS make sure to remove Membership First

Deleting all VLANS

Switch#delete flash:vlan.dat

Here is a chart to show the Difference between a Managed and Unmanaged Switch

Capability	Manageable Switch	Unmanageable Switch
Configuration	Configurable	Non-Configurable
Remote Access	Yes	No
Technical Expertise Required	Yes, For setup and maintain	No, Plug and Play basis
VLAN	Yes	No
SNMP	Yes	No
Capabilities	Spanning Tree protocol support, QoS, Bandwidth rate limiting and port mirroring	Maintains MAC address tables.
Advanced Features	Yes	No
Typically Modular	Yes – expansion modules can be added to accommodate growing networks.	No
Typically Fixed	No	Yes – comes with a fixed number of ports and cannot be expanded.
Multi-layer Networks	Yes	Yes
Pricing	More Expensive	Less Expensive

 

Let’s see that the difference between router and switch:

S.NO	ROUTER	SWITCH
1.	The main objective of router is to connect various networks simultaneously.	While the main objective of switch is to connect various devices simultaneously.
2.	It works in network layer.	While it works in data link layer.
3.	Router is used by LAN as well as MAN.	While switch is used by only LAN.
4.	Through router data is sent in the form of packet.	While through switch data is sent in the form of packet and frame.
5.	It is a full duplex mode transmission.	It is also a full duplex mode transmission.
6.	There is less collision take place in router.	While there is no collision take place in full duplex switch.
7.	Router is compatible with NAT.	While it is not compatible with NAT.
8.	The types of routing are: Adaptive and Non-adaptive routing.	The types of switching are: Circuit, Packet and Message Switching.

 

Cabling:

Color code: