Madda Walabu University

Department of Information Technology

Network Device and Configuration

Chapter two
Introduction to configuration

By Gutema Bote
Basic Networking Commands

ipconfig
ipconfig /all
nslookup
ping
tracert
netstat

28/01/2024 By Gutema B. 2
Ipconfig

This command displays all current TCP/IP network configuration values

and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain
Name System (DNS) settings.

This command is mainly used to view the IP addresses on the

computers that are configured to obtain their IP address automatically.

28/01/2024 By Gutema B. 3
 This screenshot
shows the sample
output of ipconfig
command.

28/01/2024 By Gutema B. 4
ipconfig …
Ipconfig command with some parameters (options):

 /all: Displays all network configuration, including DNS, DHCP servers, etc. ...

 /renew : Renews DHCP configuration for all adapters (if adapter is not specified)

 /release : Sends a DHCPRELEASE message to the DHCP server to release the

current DHCP configuration and cancel the IP address configuration for all
adapters (if adapter is not specified)
• This parameter disables TCP/IP for network cards configured to automatically
obtain an IP address.
28/01/2024 By Gutema B. 5
28/01/2024 By Gutema B. 6
 nslookup
nslookup stands for “name server lookup”
is a network administration command-line tool used to get information about
the mapping between domain name and IP address, or other DNS records.
The following screenshot show the sample output of nslookup command.

28/01/2024 By Gutema B. 7
 ping

The ping command is used to test connectivity between two hosts.

 It sends ICMP (Internet Control Message Protocol) echo request messages to the
destination.
 The destination host replies with ICMP reply messages.
ICMP is a network level protocol.
ICMP messages communicate information about network connectivity issues
back to the source of the compromised transmission.
It sends control messages such as destination network unreachable, source route
failed, and the like.
 If the ping command gets a reply from the destination host, it displays the reply
along with round-trip times.
• The ping command uses the following syntax.
ping destination host IP or name
28/01/2024 By Gutema B. 8
28/01/2024 By Gutema B. 9
 tracert
This command is used to diagnose path-related problems.
routers exchange IP packets between the source and the destination.
• They take IP packets from the source host and forward them in a sequence until
they reach the destination host.
• The sequence of routers between the source and destination is known as the
path.
• A path consists of all routers in a sequence that IP packets sent from the source
host traverse to reach the destination host.
The tracert command prints the path.
 If all routers on the path are functional, this command prints the full path.
If a router is down on the path, this command prints the path up to the last
operational router.
Tracert command used to know the total hope counts
28/01/2024 By Gutema B. 10
Tracert…

28/01/2024 By Gutema B. 11
 Tracert…
The tracert command uses the following syntax.
tracert Destination Name or IP address
The following images show the output of this command.

28/01/2024 By Gutema B. 12
 netstat
This command displays active connections, ports on which the computer is listening,
Ethernet statistics, the IP routing table, and IP statistics.
The output of this command is organized in rows and columns.
Each row represents a new connection or an entry in the output.
 It contains four columns.
These columns provide the following information about the row.
Proto: - This column displays the name of the protocol (TCP or UDP).
Local Address: - This column displays the IP address of the local computer and the
port number being used. If the port is not yet established, the port number is shown
as an asterisk (*).
Foreign Address: - This column displays the IP address and port number of the
remote computer to which the port is connected.
State: - This column displays the status of the connection.

28/01/2024 By Gutema B. 13
netstat…

28/01/2024 By Gutema B. 14
Configuring Cisco Devices: IOS Basics
Similar to a personal computer, a router or switch cannot function without
an operating system.
Without an operating system (OS) , the hardware has no capabilities.
Cisco IOS (internetwork OS) is the system software in Cisco devices.
It is used for routers, LAN switches, small wireless access points, large
routers with dozens of interfaces, and many other devices.
The Cisco IOS provides devices with the following network services:
Basic routing and switching functions
Reliable and secure access to networked resources
Network scalability

28/01/2024 By Gutema B. 15
 Cont’d…
The services provided by the Cisco IOS are generally accessed using a CLI.
The features accessible through the CLI vary based on the version of the IOS and the
type of device.
The IOS file is stored in a memory area called flash.
Flash memory provides non-volatile storage.
This means that the contents of the memory are not lost when the device loses power.
Even though the contents are not lost, they can be changed or overwritten if needed
Using flash memory allows the IOS to be upgraded to newer versions.
In many router architectures, the IOS is copied into RAM when the device is powered on,
and the IOS runs from RAM when the device is operating.
This function increases the performance of the device.

28/01/2024 By Gutema B. 16
 Access method of Cisco IOS
There are three most common methods to access the IOS.
1. Console access
The CLI can be accessed through a console session, also known as the CTY line.
A console uses a low-speed serial connection to directly connect a computer or
terminal to the console port on the router or switch.
The console port is a management port that provides out-of-band access ( not
through network) to a router
The console port is accessible even if no networking services have been configured
on the device.
The console port is often used to access a device when the networking services have
not been started or have failed.

28/01/2024 By Gutema B. 17
 Console …
Examples of console use include the following:
The initial configuration of the network device
Disaster recovery procedures and troubleshooting where remote access is
not possible
Password recovery procedures
When a router is first placed into service, networking parameters have not
yet been configured.
• Therefore, the router cannot communicate through a network.
To prepare for the initial start-up and configuration, a computer running
terminal emulation software is connected to the console port of the device.
Configuration commands for setting up the router can be entered on the
connected computer.
28/01/2024 By Gutema B. 18
 2. Telnet
A method for remotely accessing a command line interface (CLI) session is to telnet to the
router.
 Unlike the console connection, Telnet sessions require active networking services on the
device.
The network device must have at least one active interface configured with an IP address.
 Cisco IOS devices include a Telnet server and Telnet client process that launches when the
device is started.
A host with a Telnet client can access the virtual teletype (vty) sessions running on the
Cisco device.
A vty session is a CLI created in a router for a Telnet session.
For security reasons, the IOS requires that the Telnet session use a password as a
minimum authentication method. Telnet CLI access uses plain text password.
Thus Telnet access is a less access method

28/01/2024 By Gutema B. 19
 3. Secure Shell (SSH)
The Secure Shell (SSH) protocol is a more secure method for remote device
access.
SSH provides stronger password authentication than Telnet and uses
encryption when transporting session data.
The SSH session encrypts all communications between the client and the IOS
device.
This keeps the user ID, password, and details of the management session
private.
IOS devices include an SSH server and client that can be used to establish SSH
sessions with each other.
As a best practice, always use SSH in place of Telnet whenever possible
28/01/2024 By Gutema B. 20
 Configuration Files
Network devices depend on two types of software for their operation:
operating system and configuration files.
Like the operating system in any computer, the operating system facilitates the
basic operation of the device hardware components.
Configuration files contain the Cisco IOS commands used to customize the
functionality of a Cisco device.
Commands are parsed (translated and executed) by the Cisco IOS when the
system is booted (from the startup-config file) or when commands
are entered in the CLI while in configuration mode

28/01/2024 By Gutema B. 21
A Cisco network device contains two configuration files:

startup configuration file and running configuration file

The running configuration file: Used during the current operation of the device

The startup configuration file: Used as the backup configuration and loaded
when the device is started

A configuration file can be stored remotely on a server as a backup.

28/01/2024 By Gutema B. 22
A network administrator creates a
configuration that defines the
desired functionality of a Cisco
device

28/01/2024 By Gutema B. 23
 Startup Configuration File
The startup configuration file (startup-config) is used during system startup to
configure the device.
The startup configuration file or startup-config file is stored in non-volatile RAM
(NVRAM).
Because NVRAM is non-volatile, when the Cisco device is turned off, the file remains
intact (safe or undamaged).
The startup-config files are loaded into RAM each time the router is started or
reloaded.
After the configuration file is loaded into RAM, it is considered as the running
configuration or running-config

28/01/2024 By Gutema B. 24
 Running Configuration File
After it is in RAM, the running configuration (running-config) is used to operate the
network device.
The running configuration is modified when the network administrator performs
device configuration.
Changes to the running configuration will immediately affect the operation of
the device.
After making any changes to running configuration file, the administrator has the
option of saving those changes to the startup-config file so that they will be used the
next time the device restarts.
Because the running configuration file is in RAM, it is lost if the power to the device
is turned off or if the device is restarted.
Changes made to the running-config file will also be lost if they are not saved to the
startup-config file before the device is powered off.
28/01/2024 By Gutema B. 25
Introducing Cisco IOS Modes
The Cisco IOS is designed as a modal operating system.
The term modal describes a system where there are different modes of
operation, each having its own domain of operation.
The CLI uses a hierarchical structure for the modes.
From top to bottom, the major modes are as follows:
User executive mode ,
Privileged executive mode,
Global configuration mode and
Other specific configuration modes

28/01/2024 By Gutema B. 26
 IOS Modes…
User executive mode: A mode that is very limited in scope, allowing basically only
“viewing” types of IOS commands.
Privileged executive mode: A mode similar to the “root” in UNIX, or “administrator” in
Windows, allowing users logged on in the privileged executive mode access to the
entire IOS command structure.
Global configuration mode: Commands executed in this mode apply to the entire router.
Other specific configuration modes: Commands executed while in the router mode,
would apply only to that particular routing process.
• Each mode is used to accomplish particular tasks and has a specific set of commands that
are available when in that mode.
• For example, to configure a router interface, the user must enter interface configuration
mode.
• All configurations that are entered in interface configuration mode apply only to that
interface.

28/01/2024 By Gutema B. 27
Summary of the primary modes
28/01/2024 By Gutema B. 28
28/01/2024 By Gutema B. 29
Command Prompts:
When using the CLI, the mode is identified by the command-line prompt that is unique to
that mode.
 The prompt is composed of the words and symbols on the line to the left of the entry area.
The word prompt is used because the system is prompting you to make an entry.
By default, every prompt begins with the device name.
Following the name, the remainder of the prompt indicates the mode.
 For example, the following default prompt indicates the global configuration mode on a
router: Router(config)#
As commands are used and modes are changed, the prompt changes to reflect the current
context.
For example, the following shows the ping command executed at the user EXEC
level: Router> ping 192.168.10.5

28/01/2024 By Gutema B. 30
 User Executive Mode
The user executive (EXEC) mode has limited capabilities but is useful for some basic
operations.
The user EXEC mode is at the top of the modal hierarchical structure.
This mode is the first entrance into the CLI of an IOS router.
The user EXEC mode allows only a limited number of basic monitoring commands.
This is often referred to as view-only mode.
The user EXEC level does not allow the execution of any commands that might change the
configuration of the device.
By default, there is no authentication required to access the user EXEC mode from the console.
 It is a good practice to ensure that authentication is configured during the initial
configuration.
The user EXEC mode is identified by the CLI prompt that ends with the > symbol, as follows:
Switch>

28/01/2024 By Gutema B. 31
 Privileged EXEC Mode
The execution of configuration and management commands requires that
the network administrator use the privileged EXEC mode or a specific mode
farther down the hierarchy.
The privileged EXEC mode can be identified by the prompt ending with the #
symbol, as: Switch#
By default, privileged EXEC does not require authentication.
 It is a good practice to ensure that authentication is configured.
Global configuration mode and all other more specific configuration modes
can be reached only from the privileged EXEC mode.

28/01/2024 By Gutema B. 32
28/01/2024 By Gutema B. 33
 Moving Between the User EXEC and Privileged EXEC Modes
The enable and disable commands are used to change the CLI between the user
EXEC mode and the privileged EXEC mode, respectively.
To access the privileged EXEC mode, use the enable command.
The privileged EXEC mode is sometimes called the enable mode.
The syntax for entering the enable command is:
Router> enable
This command is executed without the need for an argument or keyword.
When you press Enter, the router prompt changes to
Router#
The # at the end of the prompt indicates that the router is now in privileged EXEC
mode.

28/01/2024 By Gutema B. 34
Cont’d…
If password authentication has been configured for the privileged EXEC mode,
the IOS will ask you to enter the password, as shown below:
Router> enable
Password:
Router#

The disable command is used to return from the privileged EXEC to the user
EXEC mode, as follows:
Router# disable
Router>
28/01/2024 By Gutema B. 35
Cont’d…

28/01/2024 By Gutema B. 36
Moving from and to Global Configuration Mode and Submodes
 To quit from the global configuration mode and return to the privileged EXEC mode, enter
the exit command.
 Note that entering the exit command in privileged EXEC mode causes the console session to be ended.
 That is, upon entering exit in privileged EXEC mode, you will be presented with the screen that you see
when you first initiate a console session.
 At this screen you have to press the Enter key to enter user EXEC mode.
 To move from any sub-mode of the global configuration mode to the mode one step above it in the
hierarchy of modes, enter the exit command.

28/01/2024 By Gutema B. 37
 Moving from…
To move from any submode of the
privileged EXEC mode to the privileged
EXEC mode, enter the end command or
enter the key combination Ctrl+Z.

To move from any submode of the

global configuration mode to another
“immediate” submode of the global
configuration mode, simply enter the
corresponding command that is
normally entered from global
configuration mode.
28/01/2024 By Gutema B. 38
 Basic IOS Command Structure

Each IOS command has a specific format or syntax and is executed at the
appropriate prompt.

The commands are not case sensitive.

The general syntax for a command is the command followed by any

appropriate keywords and arguments.

The keywords and arguments provide additional functionality and

describe specific parameters to the command interpreter.

28/01/2024 By Gutema B. 39
 Cont’d…
For example, the show command is used to display information about
the device, and it has various keywords that you can use to define the
particular output you want to see.

 For example, in the following syntax, the show command is followed by

the keyword running-config.

 The keyword specifies that the running configuration is to be displayed

as the output:
Switch# show running-config
By Gutema B.
28/01/2024 40
 Cont’d…
A command might require one or more arguments.
Unlike a keyword, an argument is generally not a predefined word.
An argument is a value or variable defined by the user.
As an example, when applying a description to an interface with the description command,
enter a line such as the following:
• Switch(config-if)# description MainHQ Office Switch
• The command is description.
• The argument is MainHQ Office Switch.
The user defines the argument; the argument can be any text string of up to 80 characters.
After entering each complete command, including any keywords and arguments, press
Enter to submit the command to the command interpreter.
Prompt commands are followed by a space and then the keyword or arguments.
Figure on next slide shows the basic IOS command structure.

28/01/2024 By Gutema B. 41
Figure: Basic IOS Command Structure
28/01/2024 By Gutema B. 42
 Wildcard Masks
A wildcard mask is a mask of bits that indicates which parts of an IP address
are available for examination.
It is 32 bit long like subnet mask
Wildcard masks are used in
 routing protocols such as OSPF (Open Shortest Path First) and access
control lists (ACLs) in order to filter network traffic.
Indicating what IP address should be permitted or denied in access lists
(ACLs)
Wildcard mask can be used to target ;
a specific host/IP address,
entire network, subnet, or
a range of IP addresses.

28/01/2024 By Gutema B. 43
 Wildcard Masks …
A wildcard mask can be thought of as an inverted subnet mask.
• For example, a subnet mask of 255.255.255.0 (binary equivalent =
11111111.11111111.11111111.00000000) inverts to a wildcard
mask of 0.0.0.255 (binary equivalent =
00000000.00000000.00000000.11111111).

28/01/2024 By Gutema B. 44
 Wildcard Masks…
Wildcard masks are similar to subnet masks, except the 1’s and 0’s are
flipped.
The numbers 1 and 0 in the subnet mask identify the network portion and the
host portion of an IP address.
Subnet mask bit 1, match the network portion of the IPv4 address.
Subnet mask bit 0, match the host portion of the IPv4 address.
The numbers 1 and 0 in the wildcard mask identify how to treat the
corresponding IP address bits using the following:
Wildcard mask bit 1 ignore (not important) the corresponding bit value in
the address.
Wildcard mask bit 0 match the corresponding bit value in the address.

28/01/2024 By Gutema B. 45
 Wildcard Masks…
Converting from subnet mask to wildcard mask and vice versa
Method 1: flipping 1 and 0
Example 1: Find wildcard mask for subnet mask in 255.255.255.192
implies 1’s that indicate network portion and the 0’s indicate host
portion of an IPv4 address.
Solution
Subnet 255 . 255 . 255 . 192
mask 11111111.11111111.11111111.11000000
Wildcard 0 . 0 . 0 . 63
mask 00000000.00000000.00000000.00111111
28/01/2024 By Gutema B. 46
 Wildcard Masks…
Example 2: 255. 255. 248 . 0 convert to wildcard mask
Solution
Subnet 255 . 255 . 248 .0
mask 11111111.11111111.11111000.0000000
Wildcard 0 . 0 . 7 . 255
mask 00000000.00000000.00000111.111111111
Exercise: find wildcard mask for subnet mask
a) 255.255.240.0
b) 255.255.255.252

28/01/2024 By Gutema B. 47
 Wildcard Masks…
Method 2: Subtract each octet from Example 2: Find wildcard mask for
255
subnet mask 255.255.255.224
Example 1 : Solution
Solution 255.255.225.255
Subnet mask 255.255.248.0 - 255.255.255.224 Subnet mask
255.255.255.255 0 . 0 . 0 . 31 wildcard mask
-255.255. 248. 0
= 0 . 0 . 7 . 255

Exercise: find wildcard mask for subnet mask 255.255.240.0 by method 2

28/01/2024 By Gutema B. 48
Table 1: Examples of Wildcard Masks
28/01/2024 By Gutema B. 49
 Table 2: List of wildcard mask
28/01/2024 By Gutema B. 50
 Access Control Lists (ACLs)
 An access control list (ACL) is a list of rules that specifies which users are
granted or denied access to a particular system resource.

Access control lists are also installed in routers or switches, where they act
as filters, managing which traffic can access the network.

Access control lists are used through out many IT security policies,
procedures, & technologies

28/01/2024 By Gutema B. 51
 ACLs …
Any access attempt by a subject to an object (resource) that does not have a
matching entry on the ACL will be denied.

Technologies like firewalls and routers are dependent upon access control lists
in order to properly function.

One thing to consider when implementing an access control list is to plan for
and implement a routine update procedure for those access control lists.

28/01/2024 By Gutema B. 52
Types of IPv4 ACLs

There are two types of IPv4 ACLs:

Standard ACLs and Extended ACLs

Standard ACLs:
 permit or deny packets based only on the source IPv4 address.
Are given a ID # from 1-99 is access list range .
Should be applied closest to the Destination

28/01/2024 By Gutema B. 53
 Types of IPv4 ACLs…
Extended ACLs:
Are given an ID number from 100-199, that is ,the access list number range
Much more flexible and complex
permit or deny packets based on
• Source IPv4 address
• Destination IPv4 address
• Protocol type
• Source port and destination port
• Port Number (80 http, 23 telnet…)
Should be applied closest to the Source

28/01/2024 By Gutema B. 54
 Syntax for ACLs
Syntax for Standard ACLs

access-list <ID #> <action> <source>

<ID #> : ID number which links multiple entries (access list entries /ACE) together
ID # = 1-99 for standard ACL

<action> : this field is one of the two item; permit or deny.

Permit – accept traffic
Deny – reject traffic Relative to how the ACL is applied
<source>: source IPv4 address
28/01/2024 By Gutema B. 55
 Syntax…
Example: R1(config)# access-list 10 permit 192.168.10.0 0.0.0.255

• The above example shows how to create a standard ACL.

• In this example, ACL 10 permits hosts on the source network 192.168.10.0

• Because of the implied “deny any” at the end, all traffic except for traffic
coming from the 192.168.10.0 network is blocked with this ACL.

• Notice that the standard ACL 10 is only capable of filtering by source address

28/01/2024 By Gutema B. 56
 Syntax…
Syntax for Extended ACL
access-list <ID #> <action> <source> <protocol> <source> <Destination>
<ID #> , <action> & <source> are the same with the standard ACLs
Protocol: can be
IP: match IP traffic (i.e. all IPv4 traffic)
ICMP: match ICMP traffic (ping, tracert/traceroute, etc.… )

Source or Destination : source & destination IP address, Source

& destination port number
28/01/2024 By Gutema B. 57
 Syntax…
Example:

R1(config)# access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq www

• The above example shows, the extended ACL 100 permits traffic originating
from any host on the 192.168.10.0 network to any IPv4 network if the
destination host port is 80 (HTTP).
• Notice that the extended ACL 100 is filtering on the source and destination
Layer 3 and Layer 4 protocol (for example, TCP) information.

28/01/2024 By Gutema B. 58