Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,006 --> 00:00:00,386
[Inaudible Remark]
2
00:00:00,386 --> 00:00:08,596
>> You run to the door 'cause you know
that that sound means a delivery truck
3
00:00:08,896 --> 00:00:11,486
and they're bringing the Cisco
switches that you ordered.
4
00:00:11,486 --> 00:00:15,386
And sure enough, there's the delivery
guy unloading them from the truck,
5
00:00:15,386 --> 00:00:19,236
bring them in on a little push cart
and you got them in your organization.
6
00:00:19,466 --> 00:00:20,926
You pull them out of the
box and you look at them,
7
00:00:20,926 --> 00:00:24,106
they smell great, they look good, now what?
8
00:00:24,106 --> 00:00:26,376
That's going to be where we pick up here.
9
00:00:26,656 --> 00:00:28,026
Two things I want to discuss,
10
00:00:28,026 --> 00:00:33,316
one is understanding the physical connections
then we'll get into the base IOS configurations
11
00:00:33,316 --> 00:00:35,566
to optimize how these switches operate.
12
00:00:36,046 --> 00:00:41,746
So the first thing that you want to do with
that switch is get it physically connected.
13
00:00:42,356 --> 00:00:48,416
Okay, now this is a piece that is actually
not much of the CCNA certification at all.
14
00:00:48,716 --> 00:00:52,386
And I still I'm not completely sure as to why.
15
00:00:52,386 --> 00:00:55,346
I have some ideas but for the most part,
16
00:00:55,516 --> 00:00:59,956
Cisco assume somebody else does all the
physical connections which sometimes is true,
17
00:00:59,956 --> 00:01:03,716
sometimes you have a cabling company
that comes in and does all this.
18
00:01:03,716 --> 00:01:06,646
But if you're new into the
network world and you haven't seen,
19
00:01:06,756 --> 00:01:09,966
at least seen how old this stuff
physically connects together,
20
00:01:10,196 --> 00:01:13,336
this is a hugely valuable piece to understand.
21
00:01:13,846 --> 00:01:15,906
A lot of you may have started here.
22
00:01:15,906 --> 00:01:19,346
This is where you first got your feet wet
in the network world is doing cabling.
23
00:01:19,416 --> 00:01:24,196
So, the computers in your
organizations, and servers, and printers,
24
00:01:24,196 --> 00:01:27,056
and fill in the device here
that connects to the network,
25
00:01:27,056 --> 00:01:30,776
everything all eventually
terminates to an Ethernet wire.
26
00:01:30,966 --> 00:01:36,766
Even if you have a wireless device, you know,
here's you're iPad where you're scribbling
27
00:01:36,766 --> 00:01:41,076
on the screen, it's going Wi-Fi,
well, that Wi-Fi eventually terminates
28
00:01:41,076 --> 00:01:45,146
to a wireless access point which is
physically plugged into the network.
29
00:01:45,146 --> 00:01:49,736
So it's essentially converting your wireless
communication down to some form of wire.
30
00:01:50,066 --> 00:01:54,496
Now, if you look in an organization, you'll
see, you know, physically and walk around,
31
00:01:54,496 --> 00:01:59,756
you will see Cat5, Cat6 cabling
wall jacks that are everywhere.
32
00:01:59,756 --> 00:02:04,066
Now, inside of-- if you were to, you know,
I don't want to get down to this level
33
00:02:04,066 --> 00:02:08,776
but you could actually take those
jacks out and physically look at them.
34
00:02:08,776 --> 00:02:11,246
Actually, let me just bring
up a picture from MonoPrice.
35
00:02:11,246 --> 00:02:13,646
This is what a wall jack looks like.
36
00:02:13,936 --> 00:02:17,156
You have the play tray here
where this little widget,
37
00:02:17,156 --> 00:02:19,596
the little connector just snaps right into it.
38
00:02:19,836 --> 00:02:20,996
This is what it looks like.
39
00:02:20,996 --> 00:02:26,306
So, really, this is kind of a small little punch
down block and what that means is if you look
40
00:02:26,306 --> 00:02:30,596
at the back of this right here are
all the little punch down connection.
41
00:02:30,596 --> 00:02:33,826
So, you take a cable which an Ethernet cable,
42
00:02:33,826 --> 00:02:36,646
if you strip back the shielding
is eight individual wires
43
00:02:36,646 --> 00:02:39,376
with specific color code, and you line them up.
44
00:02:39,376 --> 00:02:41,326
You put wire 1, I can't draw.
45
00:02:41,436 --> 00:02:44,526
You put wire 1 right there,
wire 2 right there, wire 3,
46
00:02:44,736 --> 00:02:47,086
and you actually use something
called a punch down tool.
47
00:02:47,086 --> 00:02:53,136
Actually, let me just-- make sure
I get all the pieces in place.
48
00:02:53,356 --> 00:02:54,126
So let's see.
49
00:02:54,126 --> 00:02:56,216
We've got-- there's-- there we are.
50
00:02:56,216 --> 00:03:02,086
So, a punch down tool which this little
guy has a blade on-- man, I need my arrows.
51
00:03:02,286 --> 00:03:07,926
This little guy has a blade on it where
he will actually take that little wire
52
00:03:07,926 --> 00:03:14,746
and punch it down, thus the name, kind
of push it down into this slot and kind
53
00:03:14,746 --> 00:03:15,926
of move that where all the way down.
54
00:03:15,926 --> 00:03:19,246
Now, inside of the there, if you
were to somehow see the view inside,
55
00:03:19,246 --> 00:03:23,966
you would see that there's very sharp metal
connectors in there that when the cable that--
56
00:03:23,966 --> 00:03:28,336
or I shouldn't say the cable, the wire, the
individual wire from the cable gets pushed
57
00:03:28,336 --> 00:03:33,276
down in there, it's strips off the shielding
of the wire and makes a physical metal
58
00:03:33,276 --> 00:03:36,006
to metal connection allowing
the communication to flow.
59
00:03:36,006 --> 00:03:38,716
So you do that with each one of the eight wires.
60
00:03:38,716 --> 00:03:41,556
And you can see down at the
bottom, depending on the wall jack,
61
00:03:41,556 --> 00:03:45,606
it will actually give you a little color code
of what that is and then this is just showing,
62
00:03:45,876 --> 00:03:49,976
when you're done putting all the wires in
there's, you usually, I actually don't,
63
00:03:49,976 --> 00:03:52,986
I'm kind of lazy, but you will usually
put these little protectors on there
64
00:03:53,266 --> 00:03:55,986
that will peel off your fingernails
if you try and get them off,
65
00:03:56,096 --> 00:03:58,506
to keep the wires from popping back out
66
00:03:58,506 --> 00:04:02,606
and then you take this little
widget and push it on the wall jack.
67
00:04:02,606 --> 00:04:06,576
So you physically have cabling that
are all running through the walls
68
00:04:06,826 --> 00:04:09,436
that terminate those wall jacks and
those wall jacks are what plugged
69
00:04:09,436 --> 00:04:12,346
in to your actual computer or
whatever device you want to do.
70
00:04:12,616 --> 00:04:17,926
Now, if you were to follow it up the wall, it
would go up the dry wall through the ceiling
71
00:04:17,926 --> 00:04:20,816
or whatever kind of environment you
have, however you're running that wire,
72
00:04:21,006 --> 00:04:25,256
and eventually come down and
terminate into your IT room.
73
00:04:25,686 --> 00:04:31,406
Now, not shown here and I got to give these
guys props, this is a beautiful looking network.
74
00:04:31,406 --> 00:04:40,986
I always love seeing just a nice clean cabling,
you now, the spaghetti string, I loathe just so,
75
00:04:40,986 --> 00:04:42,976
you know, I'm like I just want to clean it up.
76
00:04:42,976 --> 00:04:43,966
I want to fix it.
77
00:04:44,136 --> 00:04:49,126
You know, it's like, you know, some people
like the scenery, you know, you're like, "Oh,
78
00:04:49,126 --> 00:04:53,596
the beautiful sunset," you know, shed a tear,
for me, I'm like, "Oh, look at that cabling."
79
00:04:53,886 --> 00:04:57,926
You know, I'm going to cry,
tear, it's beautiful.
80
00:04:57,926 --> 00:05:01,896
So, the cable comes out of the
wall and you're actually going to--
81
00:05:01,986 --> 00:05:05,516
it's not shown here 'cause it's probably
not as pretty but you got a big old bundle
82
00:05:05,516 --> 00:05:08,806
of cable coming out of the ceiling or
whatever usually wire-tied or whatever.
83
00:05:09,126 --> 00:05:11,926
Bring it back down to behind of these guys.
84
00:05:11,926 --> 00:05:14,026
Now these, these are not switches.
85
00:05:15,026 --> 00:05:17,066
These are patch panels.
86
00:05:17,386 --> 00:05:21,006
What the patch panels do is act
as a little termination point
87
00:05:21,006 --> 00:05:25,256
where I can bring all the cable out of the
ceiling, you know, so it's running from the wall
88
00:05:25,436 --> 00:05:27,526
through the ceiling, it comes
out right here and I actually,
89
00:05:27,526 --> 00:05:30,056
if you were to flip these guys
around, here, I'll show you.
90
00:05:31,366 --> 00:05:35,886
Okay, so here is a example of a
little 12 port patch panel, you know.
91
00:05:35,886 --> 00:05:38,856
The ones that are on there are 24 port,
but if you flip that guy around actually,
92
00:05:38,856 --> 00:05:42,776
let's do them in here, if you flip that
guy around, this is actually a whole bunch
93
00:05:42,776 --> 00:05:48,176
of those little like, you know, if we go
back here or a whole bunch of these things.
94
00:05:48,816 --> 00:05:53,596
It's not as zoomed in so we can't see it quite
as well but really, that's all these are.
95
00:05:53,596 --> 00:05:54,666
It's a bunch of a little punch down.
96
00:05:54,666 --> 00:05:57,556
So, all of that cabling, all that
cabling comes out of the ceiling
97
00:05:57,716 --> 00:05:59,336
and gets punched into the magnets.
98
00:05:59,336 --> 00:06:00,226
Does it take a long time?
99
00:06:00,226 --> 00:06:01,876
Yeah. Does it hurt your fingers?
100
00:06:01,876 --> 00:06:07,006
Yeah. So using that little punch down
tool effectively, what that tool does
101
00:06:07,006 --> 00:06:10,506
that I showed you will actually punch
that wire in there and then if as long
102
00:06:10,506 --> 00:06:13,006
as the blade is sharp enough,
we'll actually cut it off.
103
00:06:13,006 --> 00:06:15,556
Like this one actually comes
with a small little punch
104
00:06:15,556 --> 00:06:17,726
down tool right here that's
probably not going to work as well
105
00:06:17,726 --> 00:06:19,756
but hey, it's free, might as well.
106
00:06:19,756 --> 00:06:22,756
So this will push those wires into the--
107
00:06:22,756 --> 00:06:27,516
each one of those little openings and now you
have all the wires connected a patch panel.
108
00:06:27,516 --> 00:06:31,896
Now, patch panels are optional kind of.
109
00:06:31,896 --> 00:06:36,736
You might say, "Well, can I just bring all
of these wires out of the ceiling and instead
110
00:06:36,736 --> 00:06:42,766
of punching them into here, just put little Cat5
or Cat6 ends on them to where you got the wire
111
00:06:42,766 --> 00:06:48,236
and now you clip a little end on them with--
that's actually backwards but put the little tip
112
00:06:48,236 --> 00:06:49,336
on them that plugs in the computer.
113
00:06:49,546 --> 00:06:50,116
Yes, you could.
114
00:06:50,316 --> 00:06:53,686
You could actually bring those and then
plug those directly into the switch.
115
00:06:54,216 --> 00:06:57,956
However, now you're stuck, if you
ever want to move your switches
116
00:06:57,956 --> 00:07:01,496
around like let's say you put your switches
right here, that's where you mounted them
117
00:07:01,496 --> 00:07:03,106
and that's where you cut the wires too.
118
00:07:03,436 --> 00:07:06,456
And then you go, "Oh man,
because of, you know, something,
119
00:07:06,456 --> 00:07:08,526
we have to move our switches over to this one."
120
00:07:08,776 --> 00:07:13,936
Now you're stuck because you've got all these
wires with tips on them that are terminated
121
00:07:13,936 --> 00:07:17,356
at that point and you can't, you
know, make them longer easily anyway.
122
00:07:17,836 --> 00:07:18,866
So, you're stuck.
123
00:07:18,866 --> 00:07:21,726
You have to leave your switches there
where if you've got patch panels,
124
00:07:21,886 --> 00:07:23,616
patch panels are just dummy devices.
125
00:07:23,616 --> 00:07:24,736
There's no power to them.
126
00:07:24,736 --> 00:07:28,776
They're just kind of a coupler that take
the wire from the wall and move to a jack.
127
00:07:28,776 --> 00:07:33,236
And then you can buy however long cables
you want to connect from the patch panel.
128
00:07:33,236 --> 00:07:38,366
Now, these cables actually go up, you
know, through the nicely wire-tied conduit
129
00:07:38,366 --> 00:07:41,256
that they have here and then run
down into the individual switches.
130
00:07:41,256 --> 00:07:43,116
So down here are the switches.
131
00:07:44,246 --> 00:07:48,856
The ones that came from the delivery truck and
you mounted into your rack so you take the cable
132
00:07:49,036 --> 00:07:53,546
from the patch panel and plug it into
here and now you have full communication.
133
00:07:53,816 --> 00:08:00,896
So that's a view of the physical
connections of the switch infrastructure.
134
00:08:00,896 --> 00:08:03,606
Again, it's not typically
covered too much in the CCNA.
135
00:08:03,606 --> 00:08:05,746
You probably won't to see it on the exam.
136
00:08:05,746 --> 00:08:09,416
There-- Cisco of course, since they
don't really manufacture patch panels,
137
00:08:09,586 --> 00:08:11,966
they're more interested in do
you know the switch itself.
138
00:08:11,966 --> 00:08:14,256
So, here's what the Cisco switch looks like.
139
00:08:14,256 --> 00:08:17,166
Now this one I can tell just because
I've owned a number of those,
140
00:08:17,416 --> 00:08:21,526
that's a Cisco 3550 switch
which is a great switch.
141
00:08:21,526 --> 00:08:26,796
It's a 10/100, it's not gigabit, but it's
a 10/100 switch great for a lab environment
142
00:08:26,796 --> 00:08:28,446
because it actually does layer three switching.
143
00:08:28,446 --> 00:08:30,146
It does all kinds of stuff.
144
00:08:30,146 --> 00:08:34,186
So, this switch a lot of times, I
put a little arrow here 'cause many
145
00:08:34,186 --> 00:08:35,426
of them will have a mode button.
146
00:08:36,456 --> 00:08:39,266
And the mode button depending on
the switch will do different things.
147
00:08:39,266 --> 00:08:42,996
So, not all switches have mode buttons
but it can switch between status
148
00:08:42,996 --> 00:08:46,306
like is there something connected
to utilization to where you'll--
149
00:08:46,306 --> 00:08:49,636
it's kind of like a radio equalizer
where you kind of get levels based
150
00:08:49,636 --> 00:08:53,706
on how much the switch is being utilized
to duplex where you see different colors.
151
00:08:53,706 --> 00:08:57,416
If one is full duplex, one
is half duplex into speed.
152
00:08:57,416 --> 00:08:58,116
That's the bottom line.
153
00:08:58,116 --> 00:09:02,776
Or you can see 10 megabit or a hundred
megabit or nowadays in more recent switches,
154
00:09:02,776 --> 00:09:06,916
you get the gigabit connections or even
10 or 40 gigabit per second connection.
155
00:09:06,916 --> 00:09:09,676
I mean, the speed just continues to
increase more and more and more and more.
156
00:09:10,136 --> 00:09:12,636
So you can click that button
and go through those.
157
00:09:12,906 --> 00:09:17,076
Also, something to be aware of is
if a Cisco switch has a button,
158
00:09:17,296 --> 00:09:21,536
it may support a feature that
can erase the entire thing.
159
00:09:21,626 --> 00:09:25,946
If you hold down that button for somewhere
around 10 seconds, just hold it down,
160
00:09:26,056 --> 00:09:30,726
you'll actually see a blink a number of
times and the switch will reboot itself.
161
00:09:30,806 --> 00:09:35,956
That will flush all configurations that you have
on the switch and reset it to factory default.
162
00:09:36,646 --> 00:09:41,496
Wow! What does that tell you about
physical location of these switches?
163
00:09:41,806 --> 00:09:43,226
Can we say locked door?
164
00:09:43,536 --> 00:09:44,346
Yes, absolutely.
165
00:09:44,346 --> 00:09:49,356
This room is behind a locked door because if
somebody can get to that, they can really mess
166
00:09:49,356 --> 00:09:54,836
up your entire network just by holding
down a button for 10 seconds or so.
167
00:09:54,836 --> 00:09:56,936
So this is the physical world.
168
00:09:57,726 --> 00:10:02,336
Now, I want to reinforce that Cisco doesn't
usually focus on the physical connections
169
00:10:02,336 --> 00:10:05,906
because normally, other companies
come in there and do that all for you.
170
00:10:06,046 --> 00:10:09,646
They can do it faster, cheaper than a Cisco
engineer could 'cause they've got all the right
171
00:10:09,826 --> 00:10:13,736
tools and all the right expertise to run the
cables to the wall and solve the patch panels
172
00:10:13,736 --> 00:10:15,836
and essentially leave you at that point.
173
00:10:15,836 --> 00:10:19,616
They'll say, "Okay, there you go, install
your switches right there and you're good.
174
00:10:19,616 --> 00:10:21,246
Thanks. Bye-bye."
175
00:10:21,246 --> 00:10:25,696
So, we pick up in the Cisco world
from an initial switch configuration.
176
00:10:25,966 --> 00:10:31,576
Now, I've got behind the scenes, my Cisco switch
loading up so it's actually booting right now,
177
00:10:31,576 --> 00:10:33,646
going through all its power and self-test.
178
00:10:33,646 --> 00:10:34,956
So we'll let it do that.
179
00:10:35,236 --> 00:10:38,626
In the meanwhile, I want
to first off re-emphasize,
180
00:10:38,626 --> 00:10:42,786
I said this in the previous nugget,
switches will work out of the box.
181
00:10:43,936 --> 00:10:46,916
So you pull those switches out of
box, you connect the cables to them
182
00:10:46,916 --> 00:10:50,106
and they will do what a switch
does which is learn MAC addresses
183
00:10:50,106 --> 00:10:52,156
and allow devices to communicate.
184
00:10:52,396 --> 00:10:56,936
However, if you're going to leave it at
that, you might as well go by any switch.
185
00:10:56,936 --> 00:11:01,596
I mean, there's no real advantage
other than getting the support in good,
186
00:11:01,596 --> 00:11:05,396
really solid hardware from Cisco,
there's no real advantage to having Cisco
187
00:11:05,396 --> 00:11:09,176
and the advantage comes in when you start
configuring it and enabling features.
188
00:11:09,176 --> 00:11:14,076
So what you see on the screen right
now is a base configuration, meaning,
189
00:11:14,276 --> 00:11:19,126
this will get you started to where you can
enable a lot more features on the Cisco switch.
190
00:11:19,246 --> 00:11:20,866
So we'll work through this one by one.
191
00:11:20,866 --> 00:11:22,916
Let's see if the switches booted.
192
00:11:22,916 --> 00:11:24,116
Okay, good, it is.
193
00:11:24,116 --> 00:11:27,386
Now, by the way, when the switch
boots, initially it might be--
194
00:11:27,386 --> 00:11:31,996
a lot of times you will just sit there
staring at this going, okay, is it done,
195
00:11:31,996 --> 00:11:34,046
you know, expecting this screen to clear.
196
00:11:34,376 --> 00:11:37,766
There is no fear in pressing
the Enter key, right?
197
00:11:37,766 --> 00:11:43,396
The Enter key is pretty much going to always
call up a new line in the Cisco device.
198
00:11:43,396 --> 00:11:46,356
I guess there's fear of you type the
Enter key after the wrong command
199
00:11:46,356 --> 00:11:48,956
but just enter on a blank line is harmless.
200
00:11:48,956 --> 00:11:53,396
So, it's asking us, do you want to enter the
initial config dialog, you might remember
201
00:11:53,396 --> 00:11:58,806
from the IOS basics nugget, the answer
to that is always no because it's going
202
00:11:58,806 --> 00:12:02,146
to have you configure all
kinds of legacy old stuff
203
00:12:02,146 --> 00:12:03,976
and we don't want to waste our time with that.
204
00:12:04,136 --> 00:12:06,206
We just want to get into what we need to do.
205
00:12:06,676 --> 00:12:08,866
The first thing is to name the switch.
206
00:12:09,736 --> 00:12:11,506
So I'm sitting in privilege mode.
207
00:12:11,746 --> 00:12:16,986
You remember, again, just some fly by review
from IOS basics, question mark gives me a list
208
00:12:16,986 --> 00:12:20,666
of commands and the first thing I
need to do is to get into enable mode.
209
00:12:20,836 --> 00:12:24,706
Now, if I want to finish the partially typed
command, you guys remember, tab key, right?
210
00:12:25,016 --> 00:12:27,546
Enable now takes me straight
over to enable mode.
211
00:12:27,546 --> 00:12:29,616
I know I'm there because of the pound symbol.
212
00:12:29,976 --> 00:12:33,346
There was no password because
the switch has no configuration.
213
00:12:33,346 --> 00:12:35,006
That's can be one of the things that we do here.
214
00:12:35,136 --> 00:12:41,446
So I'm sitting at the switch with a pound symbol
and from here I can view all the configuration.
215
00:12:41,446 --> 00:12:42,436
You remember the modes?
216
00:12:42,506 --> 00:12:46,686
We start off in the user mode that
was the little right angle bracket.
217
00:12:47,086 --> 00:12:52,576
We type in Enable and that will take us to
privilege mode where we have the pound symbol.
218
00:12:52,696 --> 00:12:56,076
Now, from there we can view all the
configurations of the Cisco device
219
00:12:56,076 --> 00:13:01,476
but we still can't configure anything unless
we move into global configuration mode.
220
00:13:01,806 --> 00:13:06,066
So I'll put GC, global config, and we
do that by typing in configure terminal
221
00:13:06,066 --> 00:13:10,096
or the shortcut is CONF T.
So I'll type in C-O-N-F--
222
00:13:11,656 --> 00:13:17,576
I drop my pen, C-O-N-F T using the tab
key to finish that and hit the Enter key.
223
00:13:17,576 --> 00:13:19,856
I'm now in global configuration mode.
224
00:13:19,856 --> 00:13:26,686
Okay, great starting point because anything that
I type here globally affects the whole switch
225
00:13:26,686 --> 00:13:30,326
and that does mean things
like the name of the device
226
00:13:30,326 --> 00:13:32,396
which is the first thing that I have, host name.
227
00:13:32,826 --> 00:13:35,386
Host name is the command
that will name the device.
228
00:13:35,516 --> 00:13:38,526
So I'm sitting here, I can just type in
host name and I'll hit the question mark,
229
00:13:38,526 --> 00:13:40,566
it says, "What is the system's name?"
230
00:13:40,946 --> 00:13:45,126
And you might remember, I said anytime you see
something at all capitals where it says word,
231
00:13:45,486 --> 00:13:49,946
it's saying there's no syntax for
this other than just type a word.
232
00:13:49,946 --> 00:13:51,876
We don't know what you want to name your device.
233
00:13:51,876 --> 00:13:53,266
So fill it in right here.
234
00:13:53,626 --> 00:13:55,256
So we can type in the host name.
235
00:13:55,256 --> 00:13:57,976
Now, different companies
will do different things.
236
00:13:57,976 --> 00:14:01,306
You'll see some companies that
are like host name, Neo, you know,
237
00:14:01,306 --> 00:14:03,666
and they start picking a
theme for their devices.
238
00:14:03,666 --> 00:14:06,026
Then the next switch will be
Trinity and Morpheus and all that,
239
00:14:06,246 --> 00:14:08,616
and then that's fine for smaller company.
240
00:14:08,966 --> 00:14:14,496
But before long, it becomes paginal
because there's only one guy meaning you,
241
00:14:14,586 --> 00:14:18,996
the network admin, who knows what's going
on, you know, a consulting coming in.
242
00:14:18,996 --> 00:14:21,766
They're like, "I am on Morpheus right now."
243
00:14:21,766 --> 00:14:24,286
What does that mean?
244
00:14:24,286 --> 00:14:27,386
And they need the other guy to come
in and go, "Well, I'm Morpheus,
245
00:14:27,386 --> 00:14:28,376
that's actually that switch over there."
246
00:14:28,696 --> 00:14:32,076
So as you move into larger companies, you'll
find they start coming up with schemes.
247
00:14:32,286 --> 00:14:37,826
It starts out simple to where some of
them will say, you know, third floor,
248
00:14:39,576 --> 00:14:42,376
switch one, you know, something like that.
249
00:14:42,376 --> 00:14:46,206
You can't use spaces in the name but, you
know, that way, you know, as the company grows,
250
00:14:46,206 --> 00:14:49,206
they're like, "Okay, oh, so that's
the switch one on the third floor."
251
00:14:49,206 --> 00:14:49,876
That makes sense.
252
00:14:49,876 --> 00:14:53,226
And as you start getting into
the enormous companies, you know,
253
00:14:53,226 --> 00:14:57,926
start talking about companies, the size of
Intel, Motorola, American Express, you know,
254
00:14:57,926 --> 00:15:02,416
all these giant enterprise companies, they'll
have names, you'll see host names like,
255
00:15:02,416 --> 00:15:13,386
you know, XJ500-L or X-LL1-, you know,
BB9 or, you know, I'm just making that up
256
00:15:13,616 --> 00:15:15,216
but there's literally, you know a--
257
00:15:15,486 --> 00:15:21,046
and so there's going to be a white paper that
they've produced where literally every character
258
00:15:21,046 --> 00:15:25,236
of that host name means something like the
first letter might represent what region
259
00:15:25,236 --> 00:15:26,296
of the world it's in.
260
00:15:26,296 --> 00:15:31,586
X stands for an exciting
place, you know, whatever.
261
00:15:31,586 --> 00:15:35,356
So, they'll actually have different
definitions so the technicians are trained
262
00:15:35,356 --> 00:15:38,866
when they see these names, they're
able to quickly identify exactly
263
00:15:38,866 --> 00:15:40,586
where the switch fits into the scheme.
264
00:15:40,586 --> 00:15:47,486
So, just for this series, let's just
call this the CVT switch, right?
265
00:15:47,486 --> 00:15:48,566
This will be our first switch.
266
00:15:48,566 --> 00:15:50,686
So that's the host name of the switch.
267
00:15:50,686 --> 00:15:51,996
You can see it's just a prompt.
268
00:15:51,996 --> 00:15:53,796
It's just an identifier of what it is.
269
00:15:54,076 --> 00:15:59,166
Now, before we go anywhere, I want to also
show you how to negate commands because a lot
270
00:15:59,166 --> 00:16:01,786
of times, I mean, you saw
me, I type in host name Neo
271
00:16:01,906 --> 00:16:03,876
and then I type in this and it overwrites that.
272
00:16:03,876 --> 00:16:07,826
And then I type in this and it overwrites
that, it kind of replaces my old host name.
273
00:16:08,016 --> 00:16:09,206
Well, not all commands are that way.
274
00:16:09,696 --> 00:16:14,136
Sometimes when you type a command, it'll
stay there until you remove that command.
275
00:16:14,476 --> 00:16:18,376
So, there's always the ability
to negate a command.
276
00:16:18,646 --> 00:16:20,126
Cisco makes it really easy.
277
00:16:20,566 --> 00:16:26,146
You just type in no and whatever command you
want to negate, and negate meaning remove.
278
00:16:26,146 --> 00:16:32,456
So for instance, if I were to type in No Host
name, I don't even have to type in CVT switch,
279
00:16:32,576 --> 00:16:37,976
I just hit Enter and notice the switch goes
back to its normal configuration of switch
280
00:16:37,976 --> 00:16:40,886
because I've said, "Oh, nope,
there's no more host name anymore."
281
00:16:41,256 --> 00:16:43,016
Hit the up arrow a few times in the key board,
282
00:16:43,246 --> 00:16:46,116
recall that host name CVT
switch and I put that back in.
283
00:16:46,366 --> 00:16:52,086
So the no command can be use for a lot of
stuff, a lot of stuff on the Cisco device.
284
00:16:52,086 --> 00:16:53,776
You'll see it all over the place.
285
00:16:53,776 --> 00:16:57,236
So, now let's start getting into the
pass-- I should be checking this, right?
286
00:16:57,236 --> 00:16:58,656
Let's get in to the passwords.
287
00:16:59,016 --> 00:17:02,716
There are three different passwords
that I want to show you on the device.
288
00:17:03,106 --> 00:17:05,676
The first one is the console password.
289
00:17:06,956 --> 00:17:11,066
Now, when we get into this
device, when we physically come up
290
00:17:11,066 --> 00:17:12,376
and that's how I'm connected right now.
291
00:17:12,376 --> 00:17:13,236
I've gone in.
292
00:17:13,476 --> 00:17:18,106
If I were to go into-- let's see,
set up do the-- what would it be?
293
00:17:18,106 --> 00:17:22,006
General, is that where it's--
yeah, so there we are.
294
00:17:22,006 --> 00:17:23,336
I've got my general set up.
295
00:17:23,336 --> 00:17:30,316
I'm using COM4 which is my serial port right now
attached to a USB to a serial adapter to connect
296
00:17:30,316 --> 00:17:31,426
to the console port of the device.
297
00:17:31,426 --> 00:17:34,646
So I'm configuring it through the console
board, and you saw when I got in here,
298
00:17:34,646 --> 00:17:36,776
I booted the switch and poof, there I am.
299
00:17:36,846 --> 00:17:40,946
Now if I-- let me exit out, and I
said, "Okay, you're logged out."
300
00:17:41,146 --> 00:17:46,476
I hit Enter and I'm in, I'm in to at least user
mode and then I can get into privilege mode,
301
00:17:46,746 --> 00:17:51,256
the global config mode, you know, it's very easy
for me to navigate 'cause there is no passwords.
302
00:17:51,256 --> 00:17:57,316
So to set a console password, what I need to
do is go into the console configuration mode.
303
00:17:58,056 --> 00:18:00,066
That's where we're going to
start seeing the different modes.
304
00:18:00,066 --> 00:18:03,426
So we've gone in from user to privilege, right?
305
00:18:03,426 --> 00:18:06,156
So here we have limited show
commands, all show commands.
306
00:18:06,476 --> 00:18:10,516
We've gone from privilege to global config
where we can now configure global options,
307
00:18:10,856 --> 00:18:14,436
but now we can start going to some of
the individual configuration modes.
308
00:18:14,686 --> 00:18:22,436
The first one I want to show you is called
line console, a line con or line console.
309
00:18:22,736 --> 00:18:27,096
Essentially, Cisco has created
a console mode of configuration.
310
00:18:27,096 --> 00:18:27,716
Let me show you.
311
00:18:28,136 --> 00:18:33,096
I can go in here and type in line, let me
just do a space question mark, it says, "Okay,
312
00:18:33,096 --> 00:18:36,936
do you wan to configure VTY lines," which
we're going to talk about in just a second,
313
00:18:36,936 --> 00:18:39,366
"or do you want to configure the console line."
314
00:18:39,366 --> 00:18:42,466
So I'm going to say, "Console
line" and I hit the question mark.
315
00:18:42,466 --> 00:18:44,836
And it says, "Well, which console
port are you talking about?"
316
00:18:45,176 --> 00:18:49,486
Now, Cisco is just being kind of
trivial here because they know as well
317
00:18:49,486 --> 00:18:53,816
as we know all Cisco devices
only have one console port.
318
00:18:54,046 --> 00:18:56,706
You're never going to find one
that has multiple console ports
319
00:18:56,706 --> 00:18:57,886
for redundancy or anything like that.
320
00:18:57,886 --> 00:18:59,326
But nonetheless, they make you type it.
321
00:18:59,326 --> 00:19:02,086
They say, "Okay, well, the
first line number is zero."
322
00:19:02,086 --> 00:19:07,336
And by the way, you might-- 'cause
numbering in Cisco often starts from zero.
323
00:19:07,486 --> 00:19:10,406
So the very first line, instead of
being one will be the number zero.
324
00:19:10,406 --> 00:19:16,476
So the very first or essentially the
only console port is blank console zero.
325
00:19:16,476 --> 00:19:18,146
So, now notice what happened here.
326
00:19:18,526 --> 00:19:19,416
My mode changed.
327
00:19:19,416 --> 00:19:22,826
I'm now-- I've gone from
config to config dash line.
328
00:19:23,706 --> 00:19:28,076
Every command that I type right
now, right now I'm in this mode,
329
00:19:28,326 --> 00:19:32,546
every single one of these commands deal
specifically with the console port.
330
00:19:32,546 --> 00:19:35,556
If I were to exit out of this mode,
those commands would disappear.
331
00:19:35,746 --> 00:19:37,336
They're no longer valid.
332
00:19:37,336 --> 00:19:44,806
So inside of here is where I want to
use the command password and I type
333
00:19:44,806 --> 00:19:46,396
in whatever I want my password to be.
334
00:19:46,396 --> 00:19:50,906
So in this case, let's just-- I'm going to make
not a good practice but for a lab, hey, why not.
335
00:19:50,906 --> 00:19:55,336
I want to make all of the passwords
Cisco, so all lower case password Cisco.
336
00:19:55,336 --> 00:19:58,016
Now you notice, when I hit
question mark, initially it's going,
337
00:19:58,016 --> 00:19:58,976
wow, this looks kind of confusing.
338
00:19:59,186 --> 00:20:04,696
It says, I can put a zero here to specify
an unencrypted password will follow
339
00:20:04,906 --> 00:20:09,856
or I can type a seven here to specify that
a hidden password will follow or I can type
340
00:20:09,856 --> 00:20:14,906
in line, notice all capitals, where it says the
unencrypted clear text pass-- line password.
341
00:20:14,906 --> 00:20:16,586
Now, what does all that mean?
342
00:20:17,206 --> 00:20:22,766
Well, I typed in password Cisco but notice,
I could have typed in password space
343
00:20:22,766 --> 00:20:29,426
and type the number zero space and then typed
in the unencrypted clear text line password.
344
00:20:29,536 --> 00:20:31,686
So, huh? What?
345
00:20:31,886 --> 00:20:32,726
Huh? What?
346
00:20:32,726 --> 00:20:33,886
What's going on?
347
00:20:33,886 --> 00:20:37,996
So, can I type in password zero Cisco and enter?
348
00:20:37,996 --> 00:20:38,596
Yes I can.
349
00:20:38,836 --> 00:20:42,536
Now, wait a sec, can I type in
password Cisco and hit enter?
350
00:20:42,906 --> 00:20:43,466
Yes, you can.
351
00:20:43,466 --> 00:20:45,866
There's actually two ways of
doing the same thing here.
352
00:20:45,866 --> 00:20:47,736
You might be going, what's the difference?
353
00:20:47,936 --> 00:20:54,106
Well, this just explicitly tells the device,
this will be in unencrypted password.
354
00:20:54,106 --> 00:20:55,106
I'm going to paste it in.
355
00:20:55,486 --> 00:20:59,786
A lot of times, if somebody copies and pastes
the config from a different Cisco device
356
00:20:59,786 --> 00:21:03,096
and says here, it just kind of copy these
commands and paste them into your device.
357
00:21:03,096 --> 00:21:03,886
It'll do it for you.
358
00:21:03,886 --> 00:21:08,236
A lot of times, they'll specify zero here
because they know it's unencrypted, whereas,
359
00:21:08,236 --> 00:21:10,826
they can also copy and paste a configuration
360
00:21:11,056 --> 00:21:14,856
where they have an encrypted
flavor of the password.
361
00:21:15,716 --> 00:21:20,016
Do you notice if I type in password space
seven like it's telling me to, it says, "Okay,
362
00:21:20,016 --> 00:21:24,706
now you can type in word where the word
represents a hidden line password string?"
363
00:21:24,706 --> 00:21:29,056
Meaning, if maybe-- maybe somebody didn't feel
really good about giving you configuration
364
00:21:29,056 --> 00:21:30,856
with all their passwords and clear text.
365
00:21:30,856 --> 00:21:34,326
So they said here, "I'm going to give
you an encrypted version of this password
366
00:21:34,326 --> 00:21:37,516
that you can copy and paste in the
config and it'll still understand it."
367
00:21:37,776 --> 00:21:39,416
So, that's where that comes in.
368
00:21:39,416 --> 00:21:43,106
I'm getting a little deep a little
early but I just wanted to comfort you
369
00:21:43,106 --> 00:21:46,056
if you are wondering what that all
meant when I hit question mark.
370
00:21:46,326 --> 00:21:47,486
But Cisco realized this.
371
00:21:47,486 --> 00:21:47,886
You know what?
372
00:21:48,176 --> 00:21:50,226
People don't really want to type a number.
373
00:21:50,226 --> 00:21:51,486
Let's just give them a shortcut.
374
00:21:51,486 --> 00:21:53,206
You know what, if you just
want to type in password
375
00:21:53,206 --> 00:21:55,026
and what your password is, you can do that.
376
00:21:55,316 --> 00:21:57,866
It's the same thing as typing
password zero in your password but,
377
00:21:57,966 --> 00:21:59,296
you know, we'll let you do it either way.
378
00:21:59,296 --> 00:22:01,156
So I can type in password Cisco and that.
379
00:22:01,156 --> 00:22:05,156
So what I've done at this point is
assign a password to the console port.
380
00:22:05,336 --> 00:22:08,986
Let me type an end which will drop me back
out and then I'll type in exit to log out.
381
00:22:09,106 --> 00:22:09,676
Watch this.
382
00:22:10,326 --> 00:22:16,126
I'll hit the enter key and
[laughter] never mind.
383
00:22:16,276 --> 00:22:16,846
Scratch that.
384
00:22:16,846 --> 00:22:17,866
I forgot to do something.
385
00:22:18,156 --> 00:22:21,346
Oh, yes. We did set of console password
but I want to show you something.
386
00:22:21,346 --> 00:22:23,696
I want to do a show-- I'm
actually going to do a show command
387
00:22:23,696 --> 00:22:25,396
where I'm going to do a show running config.
388
00:22:25,736 --> 00:22:29,036
At first I was like, "Wow, that was one of
the most basic commands I could've done."
389
00:22:29,036 --> 00:22:31,486
I'm going to scroll down and you
can just see there's all kinds
390
00:22:31,486 --> 00:22:32,826
of stuff in this configuration.
391
00:22:32,826 --> 00:22:34,736
This is its running configuration.
392
00:22:34,736 --> 00:22:38,306
What's actually running and you can
see that underline console zero,
393
00:22:38,306 --> 00:22:42,416
I have the password Cisco but
it's actually missing a command.
394
00:22:43,196 --> 00:22:49,446
It's missing a command that is underneath a few
of these other ports which actually is log in.
395
00:22:49,886 --> 00:22:50,726
Now, look at this.
396
00:22:51,126 --> 00:22:52,446
I'll show it to you and then I'll explain it.
397
00:22:52,446 --> 00:22:59,386
I'll do line console zero and I'm
going to type in log in and hit enter.
398
00:23:00,306 --> 00:23:01,756
So, what did that do?
399
00:23:01,756 --> 00:23:05,136
Let me exit back out here and
I'll do a show running config.
400
00:23:05,316 --> 00:23:06,156
Now, what did that do?
401
00:23:06,156 --> 00:23:08,066
Hang on, scroll down, show me that command.
402
00:23:08,476 --> 00:23:09,206
Is it there now?
403
00:23:09,286 --> 00:23:11,896
I hit the wrong button, stop the output.
404
00:23:12,316 --> 00:23:13,186
Is it there now?
405
00:23:13,496 --> 00:23:14,536
Yes it is.
406
00:23:14,996 --> 00:23:17,386
It's underneath the counts for-- what's it do?
407
00:23:17,826 --> 00:23:18,766
Let's find out.
408
00:23:19,236 --> 00:23:25,106
Hit the enter key and now it's
asking me for a password, Cisco.
409
00:23:26,096 --> 00:23:26,846
Okay, okay.
410
00:23:26,846 --> 00:23:28,386
And then I get in and I'm in.
411
00:23:28,386 --> 00:23:32,106
Okay, so now I have this password
prompt which was not previously there.
412
00:23:33,076 --> 00:23:35,466
And what I did was type in log in.
413
00:23:36,246 --> 00:23:38,176
Let me do a short run.
414
00:23:38,336 --> 00:23:43,536
Let me just-- I'm going to do a
begin with line con, of course,
415
00:23:43,896 --> 00:23:45,686
line con so I don't have
to scroll through all that.
416
00:23:45,686 --> 00:23:50,316
So it's showing line console 0, password
Cisco log in, that command is there.
417
00:23:50,316 --> 00:23:51,246
So wait a sec.
418
00:23:51,246 --> 00:23:58,926
If I were to go in into the console port and
type in line console 0 and type in no log in,
419
00:24:00,156 --> 00:24:02,616
to remove that command, now what happens?
420
00:24:03,126 --> 00:24:03,956
Let's go back.
421
00:24:03,956 --> 00:24:05,196
Let's look at the config and verify.
422
00:24:05,506 --> 00:24:06,936
Let me do that again.
423
00:24:07,126 --> 00:24:11,296
Verify, we've got password Cisco is
under the console port, exit back out,
424
00:24:11,576 --> 00:24:14,916
enter the enter key, no log in required.
425
00:24:15,706 --> 00:24:17,576
Is that-- is this starting
to put the pieces together?
426
00:24:17,706 --> 00:24:21,766
So what-- let me ask you, if you were to give
a definition, what does the log in command do?
427
00:24:22,646 --> 00:24:28,986
The log in command requires log-ins to that
port, meaning, I can type in passwords all day.
428
00:24:28,986 --> 00:24:31,606
Let me do a show run begin line console.
429
00:24:31,916 --> 00:24:37,596
I can type in passwords all day long under
that console port but they won't take affect
430
00:24:37,596 --> 00:24:39,946
until I'm requiring somebody to log in.
431
00:24:40,276 --> 00:24:44,446
So I'm going to go into global config, line
console 0, and let's just hit the question mark.
432
00:24:44,586 --> 00:24:50,686
You can see that log in if we look at the
definition L log in, enable password checking.
433
00:24:50,686 --> 00:24:52,356
That's the definition that they give it
434
00:24:52,356 --> 00:24:56,016
and essentially enable this
console port to check the password.
435
00:24:56,016 --> 00:25:01,156
So, let me type in log in, hit enter, and
now we are requiring console password, good.
436
00:25:01,826 --> 00:25:03,526
Now, what about the telnet password?
437
00:25:04,406 --> 00:25:09,576
Setting a telnet password is what allows
you to manage the switch remotely.
438
00:25:10,116 --> 00:25:16,166
Meaning right now, I am connected if you were
to look at me right now, I have a cable plugged
439
00:25:16,166 --> 00:25:20,636
in to that switch and, you know, I got
my laptop or whatever device I'm using.
440
00:25:20,636 --> 00:25:22,606
I've got this console connected.
441
00:25:22,606 --> 00:25:29,066
I'm looking down, I'm literally three feet away
from the switch standing here and that's great
442
00:25:29,066 --> 00:25:31,626
for an initial configuration,
that's how we have to configure it.
443
00:25:31,626 --> 00:25:34,716
But eventually, I want to get out
of this cold IT room and I walk back
444
00:25:34,716 --> 00:25:36,846
to my desk or fly back to my office.
445
00:25:36,846 --> 00:25:40,606
It could be thousands of miles away
and manage this switch remotely.
446
00:25:40,896 --> 00:25:46,066
That is where the telnet password or you
should-- could also look at more modern,
447
00:25:46,066 --> 00:25:50,026
more secure is an SSH password comes into play.
448
00:25:50,646 --> 00:25:58,956
Now, these are also configured under the
line but the line is actually called VTY.
449
00:25:59,446 --> 00:26:00,746
Let me get back to the problem.
450
00:26:00,746 --> 00:26:02,706
So we're under the console part right now.
451
00:26:02,706 --> 00:26:04,236
We don't want to do anything else from here.
452
00:26:04,236 --> 00:26:05,376
For now, we'll come back here.
453
00:26:05,756 --> 00:26:08,266
I'm going to exit out of the console port.
454
00:26:08,376 --> 00:26:14,976
I'm going to type in line VTY space, well, let
me just question mark through the whole thing.
455
00:26:14,976 --> 00:26:17,366
So line VTY that sends for a virtual terminal.
456
00:26:17,366 --> 00:26:20,626
It's virtually as if I was standing
there next to the switch, right?
457
00:26:20,626 --> 00:26:26,166
So virtual term, a VTY space and then it
says, okay, what is the first line number.
458
00:26:27,216 --> 00:26:27,746
What's that mean?
459
00:26:28,366 --> 00:26:32,216
Well, depending on your iOS version,
460
00:26:32,906 --> 00:26:37,966
you will see different Cisco devices supporting
multiple telnet connections at a time.
461
00:26:38,086 --> 00:26:43,766
So that means I can be remotely telnetted in
managing the switch, so can Bob, so can Sue,
462
00:26:43,766 --> 00:26:49,536
so can Mary, so can Neil, you know, everybody
can actually be on that switch at the same time.
463
00:26:49,536 --> 00:26:52,916
Whoa, wait a second, does that mean
we could make conflicting changes?
464
00:26:53,296 --> 00:26:55,536
It does and you have to be careful about that.
465
00:26:55,536 --> 00:26:58,246
But usually, you know, technicians communicate.
466
00:26:58,646 --> 00:27:00,646
[laughter] Did I just say
"technicians communicate"?
467
00:27:00,816 --> 00:27:02,166
Scratch that.
468
00:27:02,166 --> 00:27:05,546
Policies dictate that technicians
are supposed to communicate
469
00:27:05,546 --> 00:27:08,076
so that they don't make those
kind of conflicting changes.
470
00:27:08,076 --> 00:27:11,626
But nonetheless, the Cisco
device supports everybody getting
471
00:27:11,626 --> 00:27:12,986
on that device at the same time.
472
00:27:13,216 --> 00:27:17,546
Now when I say everybody, I mean,
however many line numbers you configure.
473
00:27:17,546 --> 00:27:21,666
Now this iOS version, this
Cisco device supports--
474
00:27:21,666 --> 00:27:24,726
you can just by hitting the question mark,
it says, what is the first line number?
475
00:27:24,926 --> 00:27:30,006
So I type in zero, that's going to be the first
one we commit on and I hit the question mark,
476
00:27:30,006 --> 00:27:31,846
it says, "Well, what is the last line number?"
477
00:27:32,026 --> 00:27:33,666
And I can go up to 15.
478
00:27:34,066 --> 00:27:40,456
So what this allows me to do is configure a
whole bunch of VTY ports at the same time?
479
00:27:40,726 --> 00:27:46,786
So if I were to type in 15, that now puts
me into the configuration mode for 16 total,
480
00:27:46,786 --> 00:27:52,536
'cause I started counting from zero, right,
so that adds one more, so 16 total VTY ports
481
00:27:52,536 --> 00:27:54,006
that I'm configuring all at the same time.
482
00:27:54,306 --> 00:27:59,666
And then I can come under here and say
password and whatever I want my password to be.
483
00:27:59,666 --> 00:28:02,656
We'll say password Cisco and hit the enter key.
484
00:28:02,656 --> 00:28:09,286
And now I've created a password that says
whenever somebody accesses device remotely,
485
00:28:09,556 --> 00:28:13,646
they're going to have to type in the password
Cisco before they are able to get to user mode.
486
00:28:13,846 --> 00:28:16,646
Now, let me show you a couple quick things.
487
00:28:17,016 --> 00:28:21,846
I'm going to bail out of this
mode and just do a show run.
488
00:28:21,846 --> 00:28:24,936
And by the way, I've been typing this in a
couple of times just to get us straight there.
489
00:28:25,156 --> 00:28:28,616
You can actually do a show running
config, this is how we verify.
490
00:28:28,906 --> 00:28:33,096
It's saying, show me what configuration
is on this device that's running right now
491
00:28:33,296 --> 00:28:36,826
and you can type in the pipe, it's the
character right above the enter key,
492
00:28:37,176 --> 00:28:39,116
and then you can do some filtering commands.
493
00:28:39,116 --> 00:28:43,726
You can say, I want to begin with the
line, I want to include the lines,
494
00:28:43,726 --> 00:28:46,806
I want to exclude the line, so
what I have been typing all along,
495
00:28:46,806 --> 00:28:49,076
I've been putting B there
which are like, what is that?
496
00:28:49,076 --> 00:28:53,166
That's actually begin with the line where
I type in line and I just hit enter.
497
00:28:53,236 --> 00:28:57,216
Begin with a line that says line because that
will move me down to the bottom so I don't have
498
00:28:57,216 --> 00:29:02,476
to hit the spacebar through all that config
and I can just look directly at these ports.
499
00:29:02,476 --> 00:29:05,756
So, I see my console port configuration,
right, everybody good with that,
500
00:29:06,596 --> 00:29:10,476
and then below, I see my VTY configuration.
501
00:29:10,986 --> 00:29:14,676
Now, a couple of things worth
mentioning, first off,
502
00:29:15,036 --> 00:29:18,976
what's up with the 0 through 4 and then 515?
503
00:29:19,176 --> 00:29:21,786
You know, and I also want
to talk about the syntax.
504
00:29:21,786 --> 00:29:24,796
When you see 0 space 4, mentally
put a little dash in there.
505
00:29:24,976 --> 00:29:27,926
They give it like 0 through 4
'cause that's really what it means.
506
00:29:28,076 --> 00:29:30,286
So why did it break it into two?
507
00:29:30,816 --> 00:29:34,876
Well, to understand it, you have to go
back into long, long history of Cisco.
508
00:29:35,086 --> 00:29:40,266
Cisco has always had five telnet
ports, 0 through 4 on their devices.
509
00:29:40,496 --> 00:29:45,556
Only recently and I say "recent" within
the last decade, it's been a long time.
510
00:29:45,736 --> 00:29:50,676
But, you know, for as long as Cisco has been
around, I'd say recently, have they expanded
511
00:29:50,676 --> 00:29:56,186
that to allow more to where you can go
up to 15 or I guess 16 total VTY ports.
512
00:29:56,186 --> 00:30:00,306
But a lot of times people would take
configurations from one device and send it
513
00:30:00,306 --> 00:30:02,876
over to another device and, you
know, kind of-- it's very common.
514
00:30:03,556 --> 00:30:08,166
When you get a good base configuration with
Cisco to say, "Okay, I've got it," you know,
515
00:30:08,166 --> 00:30:10,096
that's what we're doing right
now is a base configuration.
516
00:30:10,276 --> 00:30:13,316
'Cause I've got it, let me now copy
and paste that into all my devices
517
00:30:13,316 --> 00:30:14,746
so I don't have to do them all individually.
518
00:30:15,156 --> 00:30:20,676
Well, if you have some older devices, they might
only support five telnet ports at the same time.
519
00:30:21,346 --> 00:30:26,286
Whereas some newer devices might also expand
and support up to, you know, 16 telnet ports,
520
00:30:26,286 --> 00:30:28,116
you know, for essentially 0 through 15.
521
00:30:28,116 --> 00:30:30,026
So Cisco said, "Well, why don't we do this?"
522
00:30:30,026 --> 00:30:36,006
We'll break it into two sections so that way if
you copy and paste a config from a new device
523
00:30:36,136 --> 00:30:40,786
into an older device, so the new device
supporting all these telnet ports
524
00:30:40,786 --> 00:30:45,696
and the older device supporting this, at least
it will take the commands for this piece of it.
525
00:30:45,696 --> 00:30:49,516
You know, when it gets to this, the older device
would be like "I don't know what that means.
526
00:30:49,516 --> 00:30:53,696
I don't have 16 telnet ports"
and it'll ignore those commands
527
00:30:53,696 --> 00:30:57,346
but at least it will take this whereas if
we would have put them all as one big chunk,
528
00:30:57,796 --> 00:31:02,436
if we were to put 0 space 15, then the older
device would say, "Well, I can't support that,"
529
00:31:02,436 --> 00:31:03,906
and it would forget the commands completely.
530
00:31:03,906 --> 00:31:08,356
At least by doing this, it gets
most of the configuration in there
531
00:31:08,356 --> 00:31:10,116
and ignores the stuff that doesn't support.
532
00:31:10,316 --> 00:31:16,606
So, I know a little longer explanation but you
we're to believe, how many times I have people
533
00:31:16,706 --> 00:31:19,096
when I explain that to them and
they've been in Cisco for a while,
534
00:31:19,096 --> 00:31:22,526
they're like, "Oh, that always confuse me."
535
00:31:22,646 --> 00:31:24,146
So, I wanted to take the time right there.
536
00:31:24,266 --> 00:31:29,246
So, second thing worth mentioning, notice
when I got under the VTY ports right here,
537
00:31:29,586 --> 00:31:35,896
I typed in password Cisco, I never typed
the word log in and yet it's there.
538
00:31:36,876 --> 00:31:40,626
Why? Well, if we back up, if we
look at the configuration before
539
00:31:40,626 --> 00:31:45,876
when I was doing the console port, we saw that
the console port didn't have the log in command
540
00:31:46,156 --> 00:31:48,836
and the VTY lines did before
I even got in there.
541
00:31:49,076 --> 00:31:51,636
Well, that's Cisco's form of security.
542
00:31:51,956 --> 00:31:55,266
They don't want you to be setting up your
switch and then you give it an IP address
543
00:31:55,266 --> 00:31:58,946
and all of a sudden someone behind the scene
is like [laughs], you know, dives in there
544
00:31:58,946 --> 00:32:01,496
and telnet is in before you have
the chance to set a password.
545
00:32:01,716 --> 00:32:05,926
No. So what they do is they say,
"Require log-ins to this port."
546
00:32:06,816 --> 00:32:10,596
But notice there's no password
set underneath the port, right?
547
00:32:10,806 --> 00:32:14,816
So if somebody does happen to try and
sneak in there before you have the chance
548
00:32:14,816 --> 00:32:17,666
to set a password, they'll
actually get the message
549
00:32:17,666 --> 00:32:19,626
from the Cisco device and
here's the exact message.
550
00:32:19,626 --> 00:32:21,436
I don't know why I remember this verbatim.
551
00:32:21,586 --> 00:32:27,656
It will say, "Password required but none
set," click and it will disconnect them.
552
00:32:28,366 --> 00:32:30,576
"Password acquired but none set."
553
00:32:30,576 --> 00:32:35,496
What that's saying is "Hey, this log in
command is telling me, me being a Cisco device,
554
00:32:35,596 --> 00:32:37,516
I need to require log-ins for this port."
555
00:32:37,616 --> 00:32:40,496
So when somebody connects, it's like I need
to log you in but then it looks and it goes,
556
00:32:41,216 --> 00:32:44,696
wait a second, I don't have
a password, thus the message.
557
00:32:44,936 --> 00:32:49,976
Sorry, password required but there's none
set so you can't log in case I'm requiring.
558
00:32:49,976 --> 00:32:52,486
Now, let me show you, let me
show you a bad thing to do.
559
00:32:52,486 --> 00:32:58,566
If I were to go underline VTY 0 space
15 and type in the command, no log in,
560
00:32:58,716 --> 00:33:02,366
hit the enter key, what do you think that does?
561
00:33:03,066 --> 00:33:08,846
Careful, sometimes you're like, "Oh, okay," so
I'm not letting anyone log in, right, right?
562
00:33:09,196 --> 00:33:13,806
That's a lot of times the initial feeling
is like, well, it says no log in so that--
563
00:33:13,806 --> 00:33:16,606
well, careful, careful, remember the language.
564
00:33:16,906 --> 00:33:18,976
No is the negating command.
565
00:33:19,316 --> 00:33:22,766
So we're not saying no log in like
we're speaking English to each other,
566
00:33:22,766 --> 00:33:24,116
like oh no, no, you can't log in.
567
00:33:24,336 --> 00:33:28,736
What we're saying is no,
the log in is not required.
568
00:33:29,356 --> 00:33:33,246
So before I was requiring log ins
and now I'm not, oh my goodness,
569
00:33:33,456 --> 00:33:37,076
what this means is somebody can type in
telnet and the IP address of the switch
570
00:33:37,076 --> 00:33:38,846
which thankfully we haven't given it one yet.
571
00:33:39,086 --> 00:33:42,776
But they could type that in and bam,
they're immediately sitting in user mode
572
00:33:43,116 --> 00:33:45,696
and then they type in enable and
now they're into the privilege mode.
573
00:33:45,696 --> 00:33:46,546
It's creepy.
574
00:33:46,856 --> 00:33:50,076
There is a few, there is
minor security mechanisms
575
00:33:50,076 --> 00:33:53,426
like if you don't have an enabled password,
it might restrict you from doing that.
576
00:33:53,426 --> 00:33:55,236
But oh my goodness, that's
not something you want to do.
577
00:33:55,236 --> 00:33:57,786
So no log in does not say you can't log in.
578
00:33:57,786 --> 00:34:01,756
It means no log in is required so that's why
you absolutely want to keep that one on there.
579
00:34:01,756 --> 00:34:03,356
See how dangerous those commands can be.
580
00:34:03,356 --> 00:34:06,536
Okay. So, are you feeling good so far?
581
00:34:06,776 --> 00:34:08,936
I'm looking at the amount of time.
582
00:34:08,936 --> 00:34:10,186
I'm like, good grief.
583
00:34:10,186 --> 00:34:11,376
I'm spending a lot of time on this.
584
00:34:11,376 --> 00:34:13,416
I thought I'd be able to
just blaze through this.
585
00:34:13,416 --> 00:34:15,536
But then as I started talking,
I'm like, you know what,
586
00:34:15,536 --> 00:34:19,036
this is really our first real
config of a Cisco device.
587
00:34:19,306 --> 00:34:21,116
I want to spend the time with you.
588
00:34:21,116 --> 00:34:24,536
I want to spend some time just to talk and
brainstorm and just think through a lot
589
00:34:24,536 --> 00:34:27,656
of the questions that I know I've been
asked when I have explained this previously.
590
00:34:27,656 --> 00:34:30,676
So, I'm probably-- here's what-- I'm
going to kind of divide this in half.
591
00:34:30,676 --> 00:34:32,696
This will be part 1, this will be part 2.
592
00:34:32,696 --> 00:34:34,596
We'll do all that in another nugget.
593
00:34:34,596 --> 00:34:39,026
But let's-- that's the last one I
want to do is to set a password.
594
00:34:39,226 --> 00:34:42,426
I want to set the enable password.
595
00:34:42,426 --> 00:34:45,436
So, so far, we've now set
it up to where when I plug
596
00:34:45,436 --> 00:34:47,996
in with the console port,
it's asking me for a password.
597
00:34:47,996 --> 00:34:49,276
That's good to get into user mode.
598
00:34:50,266 --> 00:34:55,036
If telnet or SSH which we'll talk about SSH
later, if I get into the switch that way,
599
00:34:55,036 --> 00:34:57,696
it's going to ask me for
a password which is good.
600
00:34:57,696 --> 00:35:03,986
So I'm kind of protecting it but now there's
this transition from virtually no access
601
00:35:03,986 --> 00:35:08,896
or very limited access into full
access which is not protected at all.
602
00:35:09,996 --> 00:35:12,636
And that's where the enable
password comes into play.
603
00:35:13,256 --> 00:35:18,086
Now, the way that we do this is very similar
to the way that we've done everything.
604
00:35:18,086 --> 00:35:18,946
I'm going to exit back out.
605
00:35:19,116 --> 00:35:22,546
Now, there's no line for this, I
don't have to go under a line config
606
00:35:22,546 --> 00:35:26,786
because the enable password is something
that applies to the whole switch.
607
00:35:26,786 --> 00:35:30,546
It doesn't matter how you get on that switch
whether you've console in, telnet in, SSH in,
608
00:35:30,546 --> 00:35:33,616
doesn't matter how you get there,
609
00:35:33,616 --> 00:35:37,606
it has one global enable password
to protect that transition.
610
00:35:37,796 --> 00:35:39,696
So it's something that we do from global config.
611
00:35:40,086 --> 00:35:45,666
And the way that we do that is typing
in enable, there's actually two ways.
612
00:35:46,006 --> 00:35:50,256
You can type in enable password
or enable secret.
613
00:35:51,966 --> 00:35:56,826
Okay. So these two commands
do exactly the same thing.
614
00:35:57,446 --> 00:36:01,346
They protect the privilege mode with a password.
615
00:36:01,536 --> 00:36:03,966
So let me show you the first one first.
616
00:36:03,966 --> 00:36:08,366
Let's do enable password and similar
to the console port, it says, you know,
617
00:36:08,426 --> 00:36:12,036
what mode or anything and I would just say,
hey, at this point type it in, type in the line.
618
00:36:12,036 --> 00:36:17,826
So I type in, the enable
password is Cisco, right?
619
00:36:17,986 --> 00:36:20,476
So now when I exit out, what happens?
620
00:36:21,256 --> 00:36:26,566
I hit the enter key, it's prompting me for a
console password which I type that in, Cisco.
621
00:36:26,966 --> 00:36:31,966
I'm now in user mode, I'm like okay, great, I've
got limited access here so I type in enable,
622
00:36:32,506 --> 00:36:34,166
hit the enter key, and now look at that.
623
00:36:34,166 --> 00:36:38,966
Now we're prompted for a second
password which normally best practice,
624
00:36:38,966 --> 00:36:42,086
you should make that a different password
than what your telnet password is.
625
00:36:42,086 --> 00:36:45,286
Not everybody does but it is
much better security if you do.
626
00:36:45,286 --> 00:36:46,976
And I'm in the privilege mode.
627
00:36:46,976 --> 00:36:48,746
So okay, that's great.
628
00:36:48,746 --> 00:36:52,276
You're probably thinking, well, what could
be different about the enable secret.
629
00:36:52,406 --> 00:36:53,256
Well, let me show you.
630
00:36:53,256 --> 00:36:57,826
I'm going to go back and verify my commands that
I've typed in the switch and I'm like, "Okay,
631
00:36:57,826 --> 00:37:03,186
well, I'll just do a show run and whoa,
hey, stop looking over my shoulder.
632
00:37:03,346 --> 00:37:04,626
Hey, no, no, yeah.
633
00:37:04,626 --> 00:37:06,886
Look at that.
634
00:37:07,306 --> 00:37:08,496
It's clear text."
635
00:37:08,986 --> 00:37:13,286
Enable password means if somebody is looking
over your shoulder when you're doing a show run
636
00:37:13,286 --> 00:37:15,506
or you happened to send your
running config to somebody,
637
00:37:15,806 --> 00:37:19,146
right there is essentially
the key to your Cisco device.
638
00:37:19,146 --> 00:37:22,316
The password is Cisco, that's scary.
639
00:37:22,316 --> 00:37:31,186
So let's go back in here and type in
enable, hit the question mark, secret.
640
00:37:31,626 --> 00:37:36,186
And let's-- I'm going to use a different
password and I'll explain why in a second.
641
00:37:36,186 --> 00:37:41,056
So let's just do enable secrets
CBT nuggets, enter.
642
00:37:41,206 --> 00:37:43,086
So I'm going to exit back out.
643
00:37:43,086 --> 00:37:45,996
Let's do a show running config.
644
00:37:46,566 --> 00:37:51,006
That's got to make you feel better.
645
00:37:51,566 --> 00:37:53,156
Enable secret is [inaudible].
646
00:37:53,156 --> 00:37:56,266
And it's just garbling moosh moosh.
647
00:37:56,526 --> 00:37:59,596
And then underneath right
there is enable password Cisco,
648
00:38:00,046 --> 00:38:02,936
okay, okay, that can't be good, right?
649
00:38:03,096 --> 00:38:04,736
Okay, so what happens?
650
00:38:04,936 --> 00:38:07,126
I type in exit and I'm here.
651
00:38:07,416 --> 00:38:11,946
I type in Cisco and I'm in 'cause
that's the console password, right?
652
00:38:11,946 --> 00:38:16,616
So now when I type in enable and I'm going
to say, okay, I'm going to try the password
653
00:38:16,616 --> 00:38:23,106
of Cisco, wait, wait, maybe I mistyped in Cisco.
654
00:38:24,806 --> 00:38:27,246
No, Cisco, no.
655
00:38:27,486 --> 00:38:31,956
Enable is no longer allowing me to
use the password of Cisco anymore.
656
00:38:32,136 --> 00:38:36,466
I actually have to use the password of
CBT nuggets and that will get me right in.
657
00:38:36,466 --> 00:38:40,926
See, using the enable secret, the Cisco
device realizes, whoa, that's way better,
658
00:38:41,006 --> 00:38:43,566
that's way more secure than the enable password.
659
00:38:43,646 --> 00:38:44,616
I'm going to prefer that.
660
00:38:44,616 --> 00:38:47,516
As a matter of fact, I'm going
to disable the enable password
661
00:38:47,756 --> 00:38:54,396
because you have a more secure password typed in
that's enable secret and that's completely hash.
662
00:38:54,396 --> 00:38:56,626
It's totally, think of it as encrypted.
663
00:38:56,626 --> 00:38:59,436
They're like people can't get to that
password just by looking over your shoulder.
664
00:38:59,486 --> 00:39:03,396
So, I know, if you're like me, the
questions are rattling your mind.
665
00:39:03,396 --> 00:39:08,916
Okay, number 1, why does that enable
password exist, why is it there?
666
00:39:08,916 --> 00:39:12,996
And then why do you have-- why does
it even let you type two of them in?
667
00:39:12,996 --> 00:39:16,286
It seems like it would, you know, it would
just remove the other or something, right?
668
00:39:16,286 --> 00:39:17,846
That's like our brainstorming [inaudible].
669
00:39:18,186 --> 00:39:19,516
Well, let's go back.
670
00:39:19,756 --> 00:39:21,616
Go back to the old devices.
671
00:39:22,186 --> 00:39:27,426
Old devices, again, old being, again,
more than a decade old since they've come
672
00:39:27,426 --> 00:39:33,736
out with enable secret, but long, long
ago, devices had only the enable password.
673
00:39:33,736 --> 00:39:37,356
There was no enable secret command on
some of the original Cisco devices.
674
00:39:37,356 --> 00:39:39,416
So Cisco said, "Let's keep it around.
675
00:39:39,816 --> 00:39:40,926
Let's keep this in here."
676
00:39:40,926 --> 00:39:46,636
Again, that way if somebody copy and paste their
configuration from a new device and they put it
677
00:39:46,636 --> 00:39:50,426
in the old device, well, the old device when it
sees this command if you're copying and pasting,
678
00:39:50,426 --> 00:39:52,676
it's going to be like, I don't
know what that command is.
679
00:39:52,846 --> 00:39:56,566
I don't support that command
but it will support this.
680
00:39:57,076 --> 00:39:59,976
And so you'll see this theme,
you get that feel, right?
681
00:40:00,046 --> 00:40:04,346
So there are legacy commands
that still work on newer devices
682
00:40:04,636 --> 00:40:07,336
but really Cisco has long
since developed better ways.
683
00:40:07,336 --> 00:40:12,156
The only reason they keep those command around
is if you were to apply that configuration
684
00:40:12,156 --> 00:40:17,526
to an older device or for example, maybe
I downgrade this iOS version, you know,
685
00:40:17,526 --> 00:40:21,266
right now I'm running, you know, whatever
version, 12.2 on the Cisco switch,
686
00:40:21,396 --> 00:40:25,816
what if I downgraded this iOS
version 2, really old version.
687
00:40:26,216 --> 00:40:29,736
Well, when it boots up, it's going to start
seeing all these commands and it's like,
688
00:40:29,736 --> 00:40:33,926
I don't get that, I don't understand this 'cause
my iOS version doesn't support that command.
689
00:40:33,976 --> 00:40:37,006
So these commands will automatically
disappear from the config
690
00:40:37,006 --> 00:40:41,406
because the switch doesn't support it and all
the old commands, the legacy commands will stay.
691
00:40:41,526 --> 00:40:44,546
So, that will at least give you some
level of protection by doing that.
692
00:40:44,546 --> 00:40:48,896
With all that being said, let me just
say this, Cisco nowadays recommends,
693
00:40:48,896 --> 00:40:50,696
don't even worry about the enable password.
694
00:40:51,156 --> 00:40:55,426
Enable secret has been out for a long time and
that's the way that you should probably go.
695
00:40:55,426 --> 00:40:58,426
As a matter of fact, how would we
get rid of that enable password?
696
00:40:58,536 --> 00:41:02,766
There's your pop quiz, no enable password.
697
00:41:04,076 --> 00:41:04,976
It's gone, right?
698
00:41:05,206 --> 00:41:07,806
Show running config, that
negating command removes everything
699
00:41:07,976 --> 00:41:10,886
and now all I see that's
left is the enable secret.
700
00:41:12,316 --> 00:41:13,616
Wow! What a good start.
701
00:41:14,066 --> 00:41:17,456
So we can check this off thinking of
this as like core security if you will
702
00:41:17,646 --> 00:41:20,136
on the left hand side to
get our device configured.
703
00:41:20,136 --> 00:41:24,426
And I would say just getting really familiar
with kind of the feel of this Cisco switch.
704
00:41:24,426 --> 00:41:28,276
So I'm going to put that dividing line
right there, line in the sand for now.
705
00:41:28,676 --> 00:41:33,136
I'll start off the next nugget right
off-- right where we finished this one.
706
00:41:33,136 --> 00:41:37,256
I'll kind of do a fly by review of where
we're at and then we'll dive into part 2
707
00:41:37,526 --> 00:41:40,356
which will be setting up the rest
of the management of this device.
708
00:41:40,406 --> 00:41:44,116
For now, I hope this has been informative for
you and I'd like to thank you for viewing.
70975
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.