Chapter 9
•Download as PPT, PDF•
0 likes•236 views
The document discusses network management topics including access lists, Cisco IOS software, backing up configurations and software, and Cisco Discovery Protocol. It describes how access lists filter packets, the differences between standard and extended lists, and how to apply lists. It also explains how to load IOS software, back up configurations and software, and restore them. Finally, it provides details on Cisco Discovery Protocol and how it helps collect device information.
![Backing Up and Restoring Cisco IOS
Before you upgrade or restore a Cisco IOS, you should copy
the existing file to a TFTP host as a backup in case the new
image does not work.
Verify Flash Memory
By using the show flash command you can verify the
amount of flash memory and the file or files being stored in
flash memory.
Router#sh flash
System flash directory:
File Length Name/status
1 8121000 c2500-js-l.112-18.bin
[8121064 bytes used, 8656152 available, 16777216 total]
16384K bytes of processor board System flash (Read ONLY)
Router#
CMC Limited](https://image.slidesharecdn.com/chapter9-110404141458-phpapp02/85/Chapter-9-16-320.jpg)
![Back Up Cisco IOS contd..
Router#copy flash tftp
System flash directory:
File Length Name/status
1 8121000 c2500-js-l.112-18.bin
[8121064 bytes used, 8656152 available, 16777216 total]
Address or name of remote host [255.255.255.255]?
192.168.0.120
Source file name?c2500-js-l.112-18.bin
Destination file name [c2500-js-l.l12-18.bin]?[Enter]
Verifying checksum for 'c2500-js-l.l12-18.bin')file #1)
...OK
Copy '/c2500-js-l.112-18' from Flash to server
as '/c2500-js-l.112-18'? [yes/no]y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!! [output cut]
Upload to server done
Flash copy took 00:02:30 [hh:mm:ss]
Router#
CMC Limited](https://image.slidesharecdn.com/chapter9-110404141458-phpapp02/85/Chapter-9-18-320.jpg)
Chapter 9
- 1. Network Management CMC Limited
- 2. Objectives • Understand different features of Access List. • Explain standard and extended IP Access Lists. • Understand IOS software and how to load IOS software. • Understand how to backup and restore Cisco IOS. • Understand how to backup and restore Cisco configuration. • Understand Cisco Discovery Protocol. CMC Limited
- 3. Access List An access list is essentially a list of conditions that control access both to and form a network segment. Access lists can filter unwanted packets and be used to implement security policies. The IP and IPX access lists work similarly – they're both packet filters. CMC Limited
- 4. Access List contd.. There are a few important rules a packet follows when it's being compared with an access list: • It's always compared with each line of the access list in sequential order. • It's compared with lines of the access list only until a match is made. Once the packet matches a line of the access list, it's acted upon, and no further comparisons take place. • There is an implicit “deny" at the end of each access list- this means that if a packet doesn't match up to any lines in the access list, it'll be discarded. CMC Limited
- 5. Access List contd.. There are two types of access lists used with IP and IPX: • Standard access lists: These use only the source IP address in an IP packet to filter the network. • Extended access lists: These check for both source and destination IP address, protocol field in the Network layer header, and port number at the Transport layer header. CMC Limited
- 6. Access List contd.. Once you create an access list, you apply it to an interface with either an inbound or outbound list: • Inbound access lists: Packets are processed through the access list before being routed to the outbound interface. • Outbound access lists: Packets are routed to the outbound interface and then processed through the access list. CMC Limited
- 7. Access List contd.. Standard IP Access Lists Standard IP access lists filter the network by using the source IP address in an IP packet. You create a standard IP access list by using the access-list numbers 1-99. You can specify access lists by names for the protocols listed below: • Apollo Domain • IP • IPX • ISO CLNS • NetBIOS IPX • Source-route bridging NetBIOS CMC Limited
- 8. Standard IP Access Lists contd.. RouterA(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1000-1099> IPX SAP access list <1100-1199> Extended 48-bit MAC address access list <1200-1299> IPX summary address access list <200-299> Protocol type-code access list <300-399> DECnet access list <400-499> XNS standard access list <500-599> XNS extended access list <600-699> Appletalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list CMC Limited
- 9. Standard IP Access Lists contd.. Wildcards • Wildcards are used with access lists to specify a host, network, or part of a network. • Block size: Some of the different block sizes available are 64, 32, 16, 8, and 4. • When you need to specify a range of addresses, you choose the next-largest block size for your needs. • Wildcards are used with the host or network address to tell the router a range of available addresses to filter. To specify a host, the address would look like this: 172.16.30.5 0.0.0.0 CMC Limited
- 10. Access List contd.. Extended IP Access Lists Extended IP access lists give more detailed control compared to standard lists which only allow you to deny or permit traffic from a certain source. Extended lists allow you to permit or deny particular TCP/IP traffic based on the Transport protocol being used (TCP or UDP) and the service or application (e.g. SMTP, Telnet) from source addresses and destination addresses. CMC Limited
- 11. IOS Software Cisco IOS Software provides a wide range of functionality - from basic connectivity, security, and network management to technically advanced services that enable businesses to deploy applications such as real-time trading, interactive support, on-demand media, and unified messaging. The functionality of Cisco IOS Software is the result of an evolution. First-generation networking devices could only store and forward data packets. Today, Cisco IOS software can recognize, classify, and prioritize network traffic, optimize routing, support voice and video applications, and much more. CMC Limited
- 12. IOS Software contd.. Cisco network platforms and the Cisco IOS Software running on them are a unified system - one that is a firm foundation for building Internet applications. CMC Limited
- 13. IOS Software contd.. Each time you switch on the router, it goes through power- on self-test (POST) diagnostics to verify basic operation of the CPU, memory and network interfaces. The system bootstrap software in ROM (boot image) executes and searches for valid router operating system software (Cisco IOS image). There are three places to find the Cisco IOS image to load: • Flash memory • TFTP server • ROM CMC Limited
- 14. IOS Software contd.. Default (Normal) Boot Sequence After power on router does POST. Bootstrap starts IOS load. Check the startup-config file in NVRAM for boot-system commands (normally there aren't any). Then load IOS from Flash. Boot System Commands Router(config)# boot system flash IOS_filename Router(config)#boot system tftp IOS_filename tftp_server_ip_address Router(config)# boot system rom Router#copy running-config startup-config CMC Limited
- 15. IOS Software contd.. Configuration Register Command Router(config)# config-register 0x10x where that last x is 0 - F in hex When the last x is: 0 = boot into ROM Monitor mode 1 = boot the ROM IOS 2 - 15 = look in startup config file in NVRAM To check the boot field setting, and to verify the config- register command, use the show version command. CMC Limited
- 16. Backing Up and Restoring Cisco IOS Before you upgrade or restore a Cisco IOS, you should copy the existing file to a TFTP host as a backup in case the new image does not work. Verify Flash Memory By using the show flash command you can verify the amount of flash memory and the file or files being stored in flash memory. Router#sh flash System flash directory: File Length Name/status 1 8121000 c2500-js-l.112-18.bin [8121064 bytes used, 8656152 available, 16777216 total] 16384K bytes of processor board System flash (Read ONLY) Router# CMC Limited
- 17. Backing Up and Restoring Cisco IOS contd.. Back Up Cisco IOS To back up the Cisco IOS to a TFTP host, you use the copy flash tftp command. This command requires only the source filename and the IP address of the TFTP host. CMC Limited
- 18. Back Up Cisco IOS contd.. Router#copy flash tftp System flash directory: File Length Name/status 1 8121000 c2500-js-l.112-18.bin [8121064 bytes used, 8656152 available, 16777216 total] Address or name of remote host [255.255.255.255]? 192.168.0.120 Source file name?c2500-js-l.112-18.bin Destination file name [c2500-js-l.l12-18.bin]?[Enter] Verifying checksum for 'c2500-js-l.l12-18.bin')file #1) ...OK Copy '/c2500-js-l.112-18' from Flash to server as '/c2500-js-l.112-18'? [yes/no]y !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!! [output cut] Upload to server done Flash copy took 00:02:30 [hh:mm:ss] Router# CMC Limited
- 19. Backing Up and Restoring Cisco IOS contd.. Restoring or Upgrading the Cisco Router IOS You may need to restore the Cisco IOS to flash memory to replace an original file that has been damaged or to upgrade the IOS. You can download the file from a TFTP host to flash memory by using the copy tftp flash command. Router#copy tftp flash CMC Limited
- 20. Backing Up and Restoring the Cisco Configuration Any changes that you make to the router configuration are stored in the running-config file. If you do not perform a copy run start command after you make a change to running-config, that change will be gone if the router reboots or gets powered down. CMC Limited
- 21. Backing Up and Restoring the Cisco Configuration contd.. Backing Up the Cisco Router Configuration To copy the router's configuration from a router to a TFTP host, you can use either the copy running-config tftp or copy startup-config tftp command. Verifying the Current Configuration To verify the configuration in DRAM, use the show running- config command as follows: Router#sh run CMC Limited
- 22. Backing Up the Cisco Router Configuration contd.. Verifying the Stored Configuration Next, you should check the configuration stored in NVRAM. To see this, use the show startup-config command as follows: Router#sh start Copying the Current Configuration to NVRAM Router#copy run start CMC Limited
- 23. Backing Up the Cisco Router Configuration contd.. Copying the Configuration to a TFTP Host Once the file is copied to NVRAM, you can make a second backup to a TFTP host by using the copy running-config tftp command, as follows: Router#copy run tftp CMC Limited
- 24. Backing Up and Restoring the Cisco Configuration contd.. Restoring the Cisco Router Configuration If you copied the router's configuration to a TFTP host as a second backup, you can restore the configuration using the copy tftp running-config command or the copy tftp startup-config command, as shown below. Router#copy tftp run Erasing the Configuration To delete the startup-config file on a Cisto router, use the command erase startup-config, as follows: Router#erase startup-config CMC Limited
- 25. Cisco Discovery Protocol (CDP) CDP is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. The show cdp command shows information about two CDP global parameters that can be configured on Cisco devices: • CDP timer is how often CDP packets are transmitted to all active interfaces. • CDP holdtime is the amount of time that the device will hold packets received from neighbor devices. CMC Limited