Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,006 --> 00:00:00,386 [Inaudible Remark] 2 00:00:00,386 --> 00:00:08,596 >> You run to the door 'cause you know that that sound means a delivery truck 3 00:00:08,896 --> 00:00:11,486 and they're bringing the Cisco switches that you ordered. 4 00:00:11,486 --> 00:00:15,386 And sure enough, there's the delivery guy unloading them from the truck, 5 00:00:15,386 --> 00:00:19,236 bring them in on a little push cart and you got them in your organization. 6 00:00:19,466 --> 00:00:20,926 You pull them out of the box and you look at them, 7 00:00:20,926 --> 00:00:24,106 they smell great, they look good, now what? 8 00:00:24,106 --> 00:00:26,376 That's going to be where we pick up here. 9 00:00:26,656 --> 00:00:28,026 Two things I want to discuss, 10 00:00:28,026 --> 00:00:33,316 one is understanding the physical connections then we'll get into the base IOS configurations 11 00:00:33,316 --> 00:00:35,566 to optimize how these switches operate. 12 00:00:36,046 --> 00:00:41,746 So the first thing that you want to do with that switch is get it physically connected. 13 00:00:42,356 --> 00:00:48,416 Okay, now this is a piece that is actually not much of the CCNA certification at all. 14 00:00:48,716 --> 00:00:52,386 And I still I'm not completely sure as to why. 15 00:00:52,386 --> 00:00:55,346 I have some ideas but for the most part, 16 00:00:55,516 --> 00:00:59,956 Cisco assume somebody else does all the physical connections which sometimes is true, 17 00:00:59,956 --> 00:01:03,716 sometimes you have a cabling company that comes in and does all this. 18 00:01:03,716 --> 00:01:06,646 But if you're new into the network world and you haven't seen, 19 00:01:06,756 --> 00:01:09,966 at least seen how old this stuff physically connects together, 20 00:01:10,196 --> 00:01:13,336 this is a hugely valuable piece to understand. 21 00:01:13,846 --> 00:01:15,906 A lot of you may have started here. 22 00:01:15,906 --> 00:01:19,346 This is where you first got your feet wet in the network world is doing cabling. 23 00:01:19,416 --> 00:01:24,196 So, the computers in your organizations, and servers, and printers, 24 00:01:24,196 --> 00:01:27,056 and fill in the device here that connects to the network, 25 00:01:27,056 --> 00:01:30,776 everything all eventually terminates to an Ethernet wire. 26 00:01:30,966 --> 00:01:36,766 Even if you have a wireless device, you know, here's you're iPad where you're scribbling 27 00:01:36,766 --> 00:01:41,076 on the screen, it's going Wi-Fi, well, that Wi-Fi eventually terminates 28 00:01:41,076 --> 00:01:45,146 to a wireless access point which is physically plugged into the network. 29 00:01:45,146 --> 00:01:49,736 So it's essentially converting your wireless communication down to some form of wire. 30 00:01:50,066 --> 00:01:54,496 Now, if you look in an organization, you'll see, you know, physically and walk around, 31 00:01:54,496 --> 00:01:59,756 you will see Cat5, Cat6 cabling wall jacks that are everywhere. 32 00:01:59,756 --> 00:02:04,066 Now, inside of-- if you were to, you know, I don't want to get down to this level 33 00:02:04,066 --> 00:02:08,776 but you could actually take those jacks out and physically look at them. 34 00:02:08,776 --> 00:02:11,246 Actually, let me just bring up a picture from MonoPrice. 35 00:02:11,246 --> 00:02:13,646 This is what a wall jack looks like. 36 00:02:13,936 --> 00:02:17,156 You have the play tray here where this little widget, 37 00:02:17,156 --> 00:02:19,596 the little connector just snaps right into it. 38 00:02:19,836 --> 00:02:20,996 This is what it looks like. 39 00:02:20,996 --> 00:02:26,306 So, really, this is kind of a small little punch down block and what that means is if you look 40 00:02:26,306 --> 00:02:30,596 at the back of this right here are all the little punch down connection. 41 00:02:30,596 --> 00:02:33,826 So, you take a cable which an Ethernet cable, 42 00:02:33,826 --> 00:02:36,646 if you strip back the shielding is eight individual wires 43 00:02:36,646 --> 00:02:39,376 with specific color code, and you line them up. 44 00:02:39,376 --> 00:02:41,326 You put wire 1, I can't draw. 45 00:02:41,436 --> 00:02:44,526 You put wire 1 right there, wire 2 right there, wire 3, 46 00:02:44,736 --> 00:02:47,086 and you actually use something called a punch down tool. 47 00:02:47,086 --> 00:02:53,136 Actually, let me just-- make sure I get all the pieces in place. 48 00:02:53,356 --> 00:02:54,126 So let's see. 49 00:02:54,126 --> 00:02:56,216 We've got-- there's-- there we are. 50 00:02:56,216 --> 00:03:02,086 So, a punch down tool which this little guy has a blade on-- man, I need my arrows. 51 00:03:02,286 --> 00:03:07,926 This little guy has a blade on it where he will actually take that little wire 52 00:03:07,926 --> 00:03:14,746 and punch it down, thus the name, kind of push it down into this slot and kind 53 00:03:14,746 --> 00:03:15,926 of move that where all the way down. 54 00:03:15,926 --> 00:03:19,246 Now, inside of the there, if you were to somehow see the view inside, 55 00:03:19,246 --> 00:03:23,966 you would see that there's very sharp metal connectors in there that when the cable that-- 56 00:03:23,966 --> 00:03:28,336 or I shouldn't say the cable, the wire, the individual wire from the cable gets pushed 57 00:03:28,336 --> 00:03:33,276 down in there, it's strips off the shielding of the wire and makes a physical metal 58 00:03:33,276 --> 00:03:36,006 to metal connection allowing the communication to flow. 59 00:03:36,006 --> 00:03:38,716 So you do that with each one of the eight wires. 60 00:03:38,716 --> 00:03:41,556 And you can see down at the bottom, depending on the wall jack, 61 00:03:41,556 --> 00:03:45,606 it will actually give you a little color code of what that is and then this is just showing, 62 00:03:45,876 --> 00:03:49,976 when you're done putting all the wires in there's, you usually, I actually don't, 63 00:03:49,976 --> 00:03:52,986 I'm kind of lazy, but you will usually put these little protectors on there 64 00:03:53,266 --> 00:03:55,986 that will peel off your fingernails if you try and get them off, 65 00:03:56,096 --> 00:03:58,506 to keep the wires from popping back out 66 00:03:58,506 --> 00:04:02,606 and then you take this little widget and push it on the wall jack. 67 00:04:02,606 --> 00:04:06,576 So you physically have cabling that are all running through the walls 68 00:04:06,826 --> 00:04:09,436 that terminate those wall jacks and those wall jacks are what plugged 69 00:04:09,436 --> 00:04:12,346 in to your actual computer or whatever device you want to do. 70 00:04:12,616 --> 00:04:17,926 Now, if you were to follow it up the wall, it would go up the dry wall through the ceiling 71 00:04:17,926 --> 00:04:20,816 or whatever kind of environment you have, however you're running that wire, 72 00:04:21,006 --> 00:04:25,256 and eventually come down and terminate into your IT room. 73 00:04:25,686 --> 00:04:31,406 Now, not shown here and I got to give these guys props, this is a beautiful looking network. 74 00:04:31,406 --> 00:04:40,986 I always love seeing just a nice clean cabling, you now, the spaghetti string, I loathe just so, 75 00:04:40,986 --> 00:04:42,976 you know, I'm like I just want to clean it up. 76 00:04:42,976 --> 00:04:43,966 I want to fix it. 77 00:04:44,136 --> 00:04:49,126 You know, it's like, you know, some people like the scenery, you know, you're like, "Oh, 78 00:04:49,126 --> 00:04:53,596 the beautiful sunset," you know, shed a tear, for me, I'm like, "Oh, look at that cabling." 79 00:04:53,886 --> 00:04:57,926 You know, I'm going to cry, tear, it's beautiful. 80 00:04:57,926 --> 00:05:01,896 So, the cable comes out of the wall and you're actually going to-- 81 00:05:01,986 --> 00:05:05,516 it's not shown here 'cause it's probably not as pretty but you got a big old bundle 82 00:05:05,516 --> 00:05:08,806 of cable coming out of the ceiling or whatever usually wire-tied or whatever. 83 00:05:09,126 --> 00:05:11,926 Bring it back down to behind of these guys. 84 00:05:11,926 --> 00:05:14,026 Now these, these are not switches. 85 00:05:15,026 --> 00:05:17,066 These are patch panels. 86 00:05:17,386 --> 00:05:21,006 What the patch panels do is act as a little termination point 87 00:05:21,006 --> 00:05:25,256 where I can bring all the cable out of the ceiling, you know, so it's running from the wall 88 00:05:25,436 --> 00:05:27,526 through the ceiling, it comes out right here and I actually, 89 00:05:27,526 --> 00:05:30,056 if you were to flip these guys around, here, I'll show you. 90 00:05:31,366 --> 00:05:35,886 Okay, so here is a example of a little 12 port patch panel, you know. 91 00:05:35,886 --> 00:05:38,856 The ones that are on there are 24 port, but if you flip that guy around actually, 92 00:05:38,856 --> 00:05:42,776 let's do them in here, if you flip that guy around, this is actually a whole bunch 93 00:05:42,776 --> 00:05:48,176 of those little like, you know, if we go back here or a whole bunch of these things. 94 00:05:48,816 --> 00:05:53,596 It's not as zoomed in so we can't see it quite as well but really, that's all these are. 95 00:05:53,596 --> 00:05:54,666 It's a bunch of a little punch down. 96 00:05:54,666 --> 00:05:57,556 So, all of that cabling, all that cabling comes out of the ceiling 97 00:05:57,716 --> 00:05:59,336 and gets punched into the magnets. 98 00:05:59,336 --> 00:06:00,226 Does it take a long time? 99 00:06:00,226 --> 00:06:01,876 Yeah. Does it hurt your fingers? 100 00:06:01,876 --> 00:06:07,006 Yeah. So using that little punch down tool effectively, what that tool does 101 00:06:07,006 --> 00:06:10,506 that I showed you will actually punch that wire in there and then if as long 102 00:06:10,506 --> 00:06:13,006 as the blade is sharp enough, we'll actually cut it off. 103 00:06:13,006 --> 00:06:15,556 Like this one actually comes with a small little punch 104 00:06:15,556 --> 00:06:17,726 down tool right here that's probably not going to work as well 105 00:06:17,726 --> 00:06:19,756 but hey, it's free, might as well. 106 00:06:19,756 --> 00:06:22,756 So this will push those wires into the-- 107 00:06:22,756 --> 00:06:27,516 each one of those little openings and now you have all the wires connected a patch panel. 108 00:06:27,516 --> 00:06:31,896 Now, patch panels are optional kind of. 109 00:06:31,896 --> 00:06:36,736 You might say, "Well, can I just bring all of these wires out of the ceiling and instead 110 00:06:36,736 --> 00:06:42,766 of punching them into here, just put little Cat5 or Cat6 ends on them to where you got the wire 111 00:06:42,766 --> 00:06:48,236 and now you clip a little end on them with-- that's actually backwards but put the little tip 112 00:06:48,236 --> 00:06:49,336 on them that plugs in the computer. 113 00:06:49,546 --> 00:06:50,116 Yes, you could. 114 00:06:50,316 --> 00:06:53,686 You could actually bring those and then plug those directly into the switch. 115 00:06:54,216 --> 00:06:57,956 However, now you're stuck, if you ever want to move your switches 116 00:06:57,956 --> 00:07:01,496 around like let's say you put your switches right here, that's where you mounted them 117 00:07:01,496 --> 00:07:03,106 and that's where you cut the wires too. 118 00:07:03,436 --> 00:07:06,456 And then you go, "Oh man, because of, you know, something, 119 00:07:06,456 --> 00:07:08,526 we have to move our switches over to this one." 120 00:07:08,776 --> 00:07:13,936 Now you're stuck because you've got all these wires with tips on them that are terminated 121 00:07:13,936 --> 00:07:17,356 at that point and you can't, you know, make them longer easily anyway. 122 00:07:17,836 --> 00:07:18,866 So, you're stuck. 123 00:07:18,866 --> 00:07:21,726 You have to leave your switches there where if you've got patch panels, 124 00:07:21,886 --> 00:07:23,616 patch panels are just dummy devices. 125 00:07:23,616 --> 00:07:24,736 There's no power to them. 126 00:07:24,736 --> 00:07:28,776 They're just kind of a coupler that take the wire from the wall and move to a jack. 127 00:07:28,776 --> 00:07:33,236 And then you can buy however long cables you want to connect from the patch panel. 128 00:07:33,236 --> 00:07:38,366 Now, these cables actually go up, you know, through the nicely wire-tied conduit 129 00:07:38,366 --> 00:07:41,256 that they have here and then run down into the individual switches. 130 00:07:41,256 --> 00:07:43,116 So down here are the switches. 131 00:07:44,246 --> 00:07:48,856 The ones that came from the delivery truck and you mounted into your rack so you take the cable 132 00:07:49,036 --> 00:07:53,546 from the patch panel and plug it into here and now you have full communication. 133 00:07:53,816 --> 00:08:00,896 So that's a view of the physical connections of the switch infrastructure. 134 00:08:00,896 --> 00:08:03,606 Again, it's not typically covered too much in the CCNA. 135 00:08:03,606 --> 00:08:05,746 You probably won't to see it on the exam. 136 00:08:05,746 --> 00:08:09,416 There-- Cisco of course, since they don't really manufacture patch panels, 137 00:08:09,586 --> 00:08:11,966 they're more interested in do you know the switch itself. 138 00:08:11,966 --> 00:08:14,256 So, here's what the Cisco switch looks like. 139 00:08:14,256 --> 00:08:17,166 Now this one I can tell just because I've owned a number of those, 140 00:08:17,416 --> 00:08:21,526 that's a Cisco 3550 switch which is a great switch. 141 00:08:21,526 --> 00:08:26,796 It's a 10/100, it's not gigabit, but it's a 10/100 switch great for a lab environment 142 00:08:26,796 --> 00:08:28,446 because it actually does layer three switching. 143 00:08:28,446 --> 00:08:30,146 It does all kinds of stuff. 144 00:08:30,146 --> 00:08:34,186 So, this switch a lot of times, I put a little arrow here 'cause many 145 00:08:34,186 --> 00:08:35,426 of them will have a mode button. 146 00:08:36,456 --> 00:08:39,266 And the mode button depending on the switch will do different things. 147 00:08:39,266 --> 00:08:42,996 So, not all switches have mode buttons but it can switch between status 148 00:08:42,996 --> 00:08:46,306 like is there something connected to utilization to where you'll-- 149 00:08:46,306 --> 00:08:49,636 it's kind of like a radio equalizer where you kind of get levels based 150 00:08:49,636 --> 00:08:53,706 on how much the switch is being utilized to duplex where you see different colors. 151 00:08:53,706 --> 00:08:57,416 If one is full duplex, one is half duplex into speed. 152 00:08:57,416 --> 00:08:58,116 That's the bottom line. 153 00:08:58,116 --> 00:09:02,776 Or you can see 10 megabit or a hundred megabit or nowadays in more recent switches, 154 00:09:02,776 --> 00:09:06,916 you get the gigabit connections or even 10 or 40 gigabit per second connection. 155 00:09:06,916 --> 00:09:09,676 I mean, the speed just continues to increase more and more and more and more. 156 00:09:10,136 --> 00:09:12,636 So you can click that button and go through those. 157 00:09:12,906 --> 00:09:17,076 Also, something to be aware of is if a Cisco switch has a button, 158 00:09:17,296 --> 00:09:21,536 it may support a feature that can erase the entire thing. 159 00:09:21,626 --> 00:09:25,946 If you hold down that button for somewhere around 10 seconds, just hold it down, 160 00:09:26,056 --> 00:09:30,726 you'll actually see a blink a number of times and the switch will reboot itself. 161 00:09:30,806 --> 00:09:35,956 That will flush all configurations that you have on the switch and reset it to factory default. 162 00:09:36,646 --> 00:09:41,496 Wow! What does that tell you about physical location of these switches? 163 00:09:41,806 --> 00:09:43,226 Can we say locked door? 164 00:09:43,536 --> 00:09:44,346 Yes, absolutely. 165 00:09:44,346 --> 00:09:49,356 This room is behind a locked door because if somebody can get to that, they can really mess 166 00:09:49,356 --> 00:09:54,836 up your entire network just by holding down a button for 10 seconds or so. 167 00:09:54,836 --> 00:09:56,936 So this is the physical world. 168 00:09:57,726 --> 00:10:02,336 Now, I want to reinforce that Cisco doesn't usually focus on the physical connections 169 00:10:02,336 --> 00:10:05,906 because normally, other companies come in there and do that all for you. 170 00:10:06,046 --> 00:10:09,646 They can do it faster, cheaper than a Cisco engineer could 'cause they've got all the right 171 00:10:09,826 --> 00:10:13,736 tools and all the right expertise to run the cables to the wall and solve the patch panels 172 00:10:13,736 --> 00:10:15,836 and essentially leave you at that point. 173 00:10:15,836 --> 00:10:19,616 They'll say, "Okay, there you go, install your switches right there and you're good. 174 00:10:19,616 --> 00:10:21,246 Thanks. Bye-bye." 175 00:10:21,246 --> 00:10:25,696 So, we pick up in the Cisco world from an initial switch configuration. 176 00:10:25,966 --> 00:10:31,576 Now, I've got behind the scenes, my Cisco switch loading up so it's actually booting right now, 177 00:10:31,576 --> 00:10:33,646 going through all its power and self-test. 178 00:10:33,646 --> 00:10:34,956 So we'll let it do that. 179 00:10:35,236 --> 00:10:38,626 In the meanwhile, I want to first off re-emphasize, 180 00:10:38,626 --> 00:10:42,786 I said this in the previous nugget, switches will work out of the box. 181 00:10:43,936 --> 00:10:46,916 So you pull those switches out of box, you connect the cables to them 182 00:10:46,916 --> 00:10:50,106 and they will do what a switch does which is learn MAC addresses 183 00:10:50,106 --> 00:10:52,156 and allow devices to communicate. 184 00:10:52,396 --> 00:10:56,936 However, if you're going to leave it at that, you might as well go by any switch. 185 00:10:56,936 --> 00:11:01,596 I mean, there's no real advantage other than getting the support in good, 186 00:11:01,596 --> 00:11:05,396 really solid hardware from Cisco, there's no real advantage to having Cisco 187 00:11:05,396 --> 00:11:09,176 and the advantage comes in when you start configuring it and enabling features. 188 00:11:09,176 --> 00:11:14,076 So what you see on the screen right now is a base configuration, meaning, 189 00:11:14,276 --> 00:11:19,126 this will get you started to where you can enable a lot more features on the Cisco switch. 190 00:11:19,246 --> 00:11:20,866 So we'll work through this one by one. 191 00:11:20,866 --> 00:11:22,916 Let's see if the switches booted. 192 00:11:22,916 --> 00:11:24,116 Okay, good, it is. 193 00:11:24,116 --> 00:11:27,386 Now, by the way, when the switch boots, initially it might be-- 194 00:11:27,386 --> 00:11:31,996 a lot of times you will just sit there staring at this going, okay, is it done, 195 00:11:31,996 --> 00:11:34,046 you know, expecting this screen to clear. 196 00:11:34,376 --> 00:11:37,766 There is no fear in pressing the Enter key, right? 197 00:11:37,766 --> 00:11:43,396 The Enter key is pretty much going to always call up a new line in the Cisco device. 198 00:11:43,396 --> 00:11:46,356 I guess there's fear of you type the Enter key after the wrong command 199 00:11:46,356 --> 00:11:48,956 but just enter on a blank line is harmless. 200 00:11:48,956 --> 00:11:53,396 So, it's asking us, do you want to enter the initial config dialog, you might remember 201 00:11:53,396 --> 00:11:58,806 from the IOS basics nugget, the answer to that is always no because it's going 202 00:11:58,806 --> 00:12:02,146 to have you configure all kinds of legacy old stuff 203 00:12:02,146 --> 00:12:03,976 and we don't want to waste our time with that. 204 00:12:04,136 --> 00:12:06,206 We just want to get into what we need to do. 205 00:12:06,676 --> 00:12:08,866 The first thing is to name the switch. 206 00:12:09,736 --> 00:12:11,506 So I'm sitting in privilege mode. 207 00:12:11,746 --> 00:12:16,986 You remember, again, just some fly by review from IOS basics, question mark gives me a list 208 00:12:16,986 --> 00:12:20,666 of commands and the first thing I need to do is to get into enable mode. 209 00:12:20,836 --> 00:12:24,706 Now, if I want to finish the partially typed command, you guys remember, tab key, right? 210 00:12:25,016 --> 00:12:27,546 Enable now takes me straight over to enable mode. 211 00:12:27,546 --> 00:12:29,616 I know I'm there because of the pound symbol. 212 00:12:29,976 --> 00:12:33,346 There was no password because the switch has no configuration. 213 00:12:33,346 --> 00:12:35,006 That's can be one of the things that we do here. 214 00:12:35,136 --> 00:12:41,446 So I'm sitting at the switch with a pound symbol and from here I can view all the configuration. 215 00:12:41,446 --> 00:12:42,436 You remember the modes? 216 00:12:42,506 --> 00:12:46,686 We start off in the user mode that was the little right angle bracket. 217 00:12:47,086 --> 00:12:52,576 We type in Enable and that will take us to privilege mode where we have the pound symbol. 218 00:12:52,696 --> 00:12:56,076 Now, from there we can view all the configurations of the Cisco device 219 00:12:56,076 --> 00:13:01,476 but we still can't configure anything unless we move into global configuration mode. 220 00:13:01,806 --> 00:13:06,066 So I'll put GC, global config, and we do that by typing in configure terminal 221 00:13:06,066 --> 00:13:10,096 or the shortcut is CONF T. So I'll type in C-O-N-F-- 222 00:13:11,656 --> 00:13:17,576 I drop my pen, C-O-N-F T using the tab key to finish that and hit the Enter key. 223 00:13:17,576 --> 00:13:19,856 I'm now in global configuration mode. 224 00:13:19,856 --> 00:13:26,686 Okay, great starting point because anything that I type here globally affects the whole switch 225 00:13:26,686 --> 00:13:30,326 and that does mean things like the name of the device 226 00:13:30,326 --> 00:13:32,396 which is the first thing that I have, host name. 227 00:13:32,826 --> 00:13:35,386 Host name is the command that will name the device. 228 00:13:35,516 --> 00:13:38,526 So I'm sitting here, I can just type in host name and I'll hit the question mark, 229 00:13:38,526 --> 00:13:40,566 it says, "What is the system's name?" 230 00:13:40,946 --> 00:13:45,126 And you might remember, I said anytime you see something at all capitals where it says word, 231 00:13:45,486 --> 00:13:49,946 it's saying there's no syntax for this other than just type a word. 232 00:13:49,946 --> 00:13:51,876 We don't know what you want to name your device. 233 00:13:51,876 --> 00:13:53,266 So fill it in right here. 234 00:13:53,626 --> 00:13:55,256 So we can type in the host name. 235 00:13:55,256 --> 00:13:57,976 Now, different companies will do different things. 236 00:13:57,976 --> 00:14:01,306 You'll see some companies that are like host name, Neo, you know, 237 00:14:01,306 --> 00:14:03,666 and they start picking a theme for their devices. 238 00:14:03,666 --> 00:14:06,026 Then the next switch will be Trinity and Morpheus and all that, 239 00:14:06,246 --> 00:14:08,616 and then that's fine for smaller company. 240 00:14:08,966 --> 00:14:14,496 But before long, it becomes paginal because there's only one guy meaning you, 241 00:14:14,586 --> 00:14:18,996 the network admin, who knows what's going on, you know, a consulting coming in. 242 00:14:18,996 --> 00:14:21,766 They're like, "I am on Morpheus right now." 243 00:14:21,766 --> 00:14:24,286 What does that mean? 244 00:14:24,286 --> 00:14:27,386 And they need the other guy to come in and go, "Well, I'm Morpheus, 245 00:14:27,386 --> 00:14:28,376 that's actually that switch over there." 246 00:14:28,696 --> 00:14:32,076 So as you move into larger companies, you'll find they start coming up with schemes. 247 00:14:32,286 --> 00:14:37,826 It starts out simple to where some of them will say, you know, third floor, 248 00:14:39,576 --> 00:14:42,376 switch one, you know, something like that. 249 00:14:42,376 --> 00:14:46,206 You can't use spaces in the name but, you know, that way, you know, as the company grows, 250 00:14:46,206 --> 00:14:49,206 they're like, "Okay, oh, so that's the switch one on the third floor." 251 00:14:49,206 --> 00:14:49,876 That makes sense. 252 00:14:49,876 --> 00:14:53,226 And as you start getting into the enormous companies, you know, 253 00:14:53,226 --> 00:14:57,926 start talking about companies, the size of Intel, Motorola, American Express, you know, 254 00:14:57,926 --> 00:15:02,416 all these giant enterprise companies, they'll have names, you'll see host names like, 255 00:15:02,416 --> 00:15:13,386 you know, XJ500-L or X-LL1-, you know, BB9 or, you know, I'm just making that up 256 00:15:13,616 --> 00:15:15,216 but there's literally, you know a-- 257 00:15:15,486 --> 00:15:21,046 and so there's going to be a white paper that they've produced where literally every character 258 00:15:21,046 --> 00:15:25,236 of that host name means something like the first letter might represent what region 259 00:15:25,236 --> 00:15:26,296 of the world it's in. 260 00:15:26,296 --> 00:15:31,586 X stands for an exciting place, you know, whatever. 261 00:15:31,586 --> 00:15:35,356 So, they'll actually have different definitions so the technicians are trained 262 00:15:35,356 --> 00:15:38,866 when they see these names, they're able to quickly identify exactly 263 00:15:38,866 --> 00:15:40,586 where the switch fits into the scheme. 264 00:15:40,586 --> 00:15:47,486 So, just for this series, let's just call this the CVT switch, right? 265 00:15:47,486 --> 00:15:48,566 This will be our first switch. 266 00:15:48,566 --> 00:15:50,686 So that's the host name of the switch. 267 00:15:50,686 --> 00:15:51,996 You can see it's just a prompt. 268 00:15:51,996 --> 00:15:53,796 It's just an identifier of what it is. 269 00:15:54,076 --> 00:15:59,166 Now, before we go anywhere, I want to also show you how to negate commands because a lot 270 00:15:59,166 --> 00:16:01,786 of times, I mean, you saw me, I type in host name Neo 271 00:16:01,906 --> 00:16:03,876 and then I type in this and it overwrites that. 272 00:16:03,876 --> 00:16:07,826 And then I type in this and it overwrites that, it kind of replaces my old host name. 273 00:16:08,016 --> 00:16:09,206 Well, not all commands are that way. 274 00:16:09,696 --> 00:16:14,136 Sometimes when you type a command, it'll stay there until you remove that command. 275 00:16:14,476 --> 00:16:18,376 So, there's always the ability to negate a command. 276 00:16:18,646 --> 00:16:20,126 Cisco makes it really easy. 277 00:16:20,566 --> 00:16:26,146 You just type in no and whatever command you want to negate, and negate meaning remove. 278 00:16:26,146 --> 00:16:32,456 So for instance, if I were to type in No Host name, I don't even have to type in CVT switch, 279 00:16:32,576 --> 00:16:37,976 I just hit Enter and notice the switch goes back to its normal configuration of switch 280 00:16:37,976 --> 00:16:40,886 because I've said, "Oh, nope, there's no more host name anymore." 281 00:16:41,256 --> 00:16:43,016 Hit the up arrow a few times in the key board, 282 00:16:43,246 --> 00:16:46,116 recall that host name CVT switch and I put that back in. 283 00:16:46,366 --> 00:16:52,086 So the no command can be use for a lot of stuff, a lot of stuff on the Cisco device. 284 00:16:52,086 --> 00:16:53,776 You'll see it all over the place. 285 00:16:53,776 --> 00:16:57,236 So, now let's start getting into the pass-- I should be checking this, right? 286 00:16:57,236 --> 00:16:58,656 Let's get in to the passwords. 287 00:16:59,016 --> 00:17:02,716 There are three different passwords that I want to show you on the device. 288 00:17:03,106 --> 00:17:05,676 The first one is the console password. 289 00:17:06,956 --> 00:17:11,066 Now, when we get into this device, when we physically come up 290 00:17:11,066 --> 00:17:12,376 and that's how I'm connected right now. 291 00:17:12,376 --> 00:17:13,236 I've gone in. 292 00:17:13,476 --> 00:17:18,106 If I were to go into-- let's see, set up do the-- what would it be? 293 00:17:18,106 --> 00:17:22,006 General, is that where it's-- yeah, so there we are. 294 00:17:22,006 --> 00:17:23,336 I've got my general set up. 295 00:17:23,336 --> 00:17:30,316 I'm using COM4 which is my serial port right now attached to a USB to a serial adapter to connect 296 00:17:30,316 --> 00:17:31,426 to the console port of the device. 297 00:17:31,426 --> 00:17:34,646 So I'm configuring it through the console board, and you saw when I got in here, 298 00:17:34,646 --> 00:17:36,776 I booted the switch and poof, there I am. 299 00:17:36,846 --> 00:17:40,946 Now if I-- let me exit out, and I said, "Okay, you're logged out." 300 00:17:41,146 --> 00:17:46,476 I hit Enter and I'm in, I'm in to at least user mode and then I can get into privilege mode, 301 00:17:46,746 --> 00:17:51,256 the global config mode, you know, it's very easy for me to navigate 'cause there is no passwords. 302 00:17:51,256 --> 00:17:57,316 So to set a console password, what I need to do is go into the console configuration mode. 303 00:17:58,056 --> 00:18:00,066 That's where we're going to start seeing the different modes. 304 00:18:00,066 --> 00:18:03,426 So we've gone in from user to privilege, right? 305 00:18:03,426 --> 00:18:06,156 So here we have limited show commands, all show commands. 306 00:18:06,476 --> 00:18:10,516 We've gone from privilege to global config where we can now configure global options, 307 00:18:10,856 --> 00:18:14,436 but now we can start going to some of the individual configuration modes. 308 00:18:14,686 --> 00:18:22,436 The first one I want to show you is called line console, a line con or line console. 309 00:18:22,736 --> 00:18:27,096 Essentially, Cisco has created a console mode of configuration. 310 00:18:27,096 --> 00:18:27,716 Let me show you. 311 00:18:28,136 --> 00:18:33,096 I can go in here and type in line, let me just do a space question mark, it says, "Okay, 312 00:18:33,096 --> 00:18:36,936 do you wan to configure VTY lines," which we're going to talk about in just a second, 313 00:18:36,936 --> 00:18:39,366 "or do you want to configure the console line." 314 00:18:39,366 --> 00:18:42,466 So I'm going to say, "Console line" and I hit the question mark. 315 00:18:42,466 --> 00:18:44,836 And it says, "Well, which console port are you talking about?" 316 00:18:45,176 --> 00:18:49,486 Now, Cisco is just being kind of trivial here because they know as well 317 00:18:49,486 --> 00:18:53,816 as we know all Cisco devices only have one console port. 318 00:18:54,046 --> 00:18:56,706 You're never going to find one that has multiple console ports 319 00:18:56,706 --> 00:18:57,886 for redundancy or anything like that. 320 00:18:57,886 --> 00:18:59,326 But nonetheless, they make you type it. 321 00:18:59,326 --> 00:19:02,086 They say, "Okay, well, the first line number is zero." 322 00:19:02,086 --> 00:19:07,336 And by the way, you might-- 'cause numbering in Cisco often starts from zero. 323 00:19:07,486 --> 00:19:10,406 So the very first line, instead of being one will be the number zero. 324 00:19:10,406 --> 00:19:16,476 So the very first or essentially the only console port is blank console zero. 325 00:19:16,476 --> 00:19:18,146 So, now notice what happened here. 326 00:19:18,526 --> 00:19:19,416 My mode changed. 327 00:19:19,416 --> 00:19:22,826 I'm now-- I've gone from config to config dash line. 328 00:19:23,706 --> 00:19:28,076 Every command that I type right now, right now I'm in this mode, 329 00:19:28,326 --> 00:19:32,546 every single one of these commands deal specifically with the console port. 330 00:19:32,546 --> 00:19:35,556 If I were to exit out of this mode, those commands would disappear. 331 00:19:35,746 --> 00:19:37,336 They're no longer valid. 332 00:19:37,336 --> 00:19:44,806 So inside of here is where I want to use the command password and I type 333 00:19:44,806 --> 00:19:46,396 in whatever I want my password to be. 334 00:19:46,396 --> 00:19:50,906 So in this case, let's just-- I'm going to make not a good practice but for a lab, hey, why not. 335 00:19:50,906 --> 00:19:55,336 I want to make all of the passwords Cisco, so all lower case password Cisco. 336 00:19:55,336 --> 00:19:58,016 Now you notice, when I hit question mark, initially it's going, 337 00:19:58,016 --> 00:19:58,976 wow, this looks kind of confusing. 338 00:19:59,186 --> 00:20:04,696 It says, I can put a zero here to specify an unencrypted password will follow 339 00:20:04,906 --> 00:20:09,856 or I can type a seven here to specify that a hidden password will follow or I can type 340 00:20:09,856 --> 00:20:14,906 in line, notice all capitals, where it says the unencrypted clear text pass-- line password. 341 00:20:14,906 --> 00:20:16,586 Now, what does all that mean? 342 00:20:17,206 --> 00:20:22,766 Well, I typed in password Cisco but notice, I could have typed in password space 343 00:20:22,766 --> 00:20:29,426 and type the number zero space and then typed in the unencrypted clear text line password. 344 00:20:29,536 --> 00:20:31,686 So, huh? What? 345 00:20:31,886 --> 00:20:32,726 Huh? What? 346 00:20:32,726 --> 00:20:33,886 What's going on? 347 00:20:33,886 --> 00:20:37,996 So, can I type in password zero Cisco and enter? 348 00:20:37,996 --> 00:20:38,596 Yes I can. 349 00:20:38,836 --> 00:20:42,536 Now, wait a sec, can I type in password Cisco and hit enter? 350 00:20:42,906 --> 00:20:43,466 Yes, you can. 351 00:20:43,466 --> 00:20:45,866 There's actually two ways of doing the same thing here. 352 00:20:45,866 --> 00:20:47,736 You might be going, what's the difference? 353 00:20:47,936 --> 00:20:54,106 Well, this just explicitly tells the device, this will be in unencrypted password. 354 00:20:54,106 --> 00:20:55,106 I'm going to paste it in. 355 00:20:55,486 --> 00:20:59,786 A lot of times, if somebody copies and pastes the config from a different Cisco device 356 00:20:59,786 --> 00:21:03,096 and says here, it just kind of copy these commands and paste them into your device. 357 00:21:03,096 --> 00:21:03,886 It'll do it for you. 358 00:21:03,886 --> 00:21:08,236 A lot of times, they'll specify zero here because they know it's unencrypted, whereas, 359 00:21:08,236 --> 00:21:10,826 they can also copy and paste a configuration 360 00:21:11,056 --> 00:21:14,856 where they have an encrypted flavor of the password. 361 00:21:15,716 --> 00:21:20,016 Do you notice if I type in password space seven like it's telling me to, it says, "Okay, 362 00:21:20,016 --> 00:21:24,706 now you can type in word where the word represents a hidden line password string?" 363 00:21:24,706 --> 00:21:29,056 Meaning, if maybe-- maybe somebody didn't feel really good about giving you configuration 364 00:21:29,056 --> 00:21:30,856 with all their passwords and clear text. 365 00:21:30,856 --> 00:21:34,326 So they said here, "I'm going to give you an encrypted version of this password 366 00:21:34,326 --> 00:21:37,516 that you can copy and paste in the config and it'll still understand it." 367 00:21:37,776 --> 00:21:39,416 So, that's where that comes in. 368 00:21:39,416 --> 00:21:43,106 I'm getting a little deep a little early but I just wanted to comfort you 369 00:21:43,106 --> 00:21:46,056 if you are wondering what that all meant when I hit question mark. 370 00:21:46,326 --> 00:21:47,486 But Cisco realized this. 371 00:21:47,486 --> 00:21:47,886 You know what? 372 00:21:48,176 --> 00:21:50,226 People don't really want to type a number. 373 00:21:50,226 --> 00:21:51,486 Let's just give them a shortcut. 374 00:21:51,486 --> 00:21:53,206 You know what, if you just want to type in password 375 00:21:53,206 --> 00:21:55,026 and what your password is, you can do that. 376 00:21:55,316 --> 00:21:57,866 It's the same thing as typing password zero in your password but, 377 00:21:57,966 --> 00:21:59,296 you know, we'll let you do it either way. 378 00:21:59,296 --> 00:22:01,156 So I can type in password Cisco and that. 379 00:22:01,156 --> 00:22:05,156 So what I've done at this point is assign a password to the console port. 380 00:22:05,336 --> 00:22:08,986 Let me type an end which will drop me back out and then I'll type in exit to log out. 381 00:22:09,106 --> 00:22:09,676 Watch this. 382 00:22:10,326 --> 00:22:16,126 I'll hit the enter key and [laughter] never mind. 383 00:22:16,276 --> 00:22:16,846 Scratch that. 384 00:22:16,846 --> 00:22:17,866 I forgot to do something. 385 00:22:18,156 --> 00:22:21,346 Oh, yes. We did set of console password but I want to show you something. 386 00:22:21,346 --> 00:22:23,696 I want to do a show-- I'm actually going to do a show command 387 00:22:23,696 --> 00:22:25,396 where I'm going to do a show running config. 388 00:22:25,736 --> 00:22:29,036 At first I was like, "Wow, that was one of the most basic commands I could've done." 389 00:22:29,036 --> 00:22:31,486 I'm going to scroll down and you can just see there's all kinds 390 00:22:31,486 --> 00:22:32,826 of stuff in this configuration. 391 00:22:32,826 --> 00:22:34,736 This is its running configuration. 392 00:22:34,736 --> 00:22:38,306 What's actually running and you can see that underline console zero, 393 00:22:38,306 --> 00:22:42,416 I have the password Cisco but it's actually missing a command. 394 00:22:43,196 --> 00:22:49,446 It's missing a command that is underneath a few of these other ports which actually is log in. 395 00:22:49,886 --> 00:22:50,726 Now, look at this. 396 00:22:51,126 --> 00:22:52,446 I'll show it to you and then I'll explain it. 397 00:22:52,446 --> 00:22:59,386 I'll do line console zero and I'm going to type in log in and hit enter. 398 00:23:00,306 --> 00:23:01,756 So, what did that do? 399 00:23:01,756 --> 00:23:05,136 Let me exit back out here and I'll do a show running config. 400 00:23:05,316 --> 00:23:06,156 Now, what did that do? 401 00:23:06,156 --> 00:23:08,066 Hang on, scroll down, show me that command. 402 00:23:08,476 --> 00:23:09,206 Is it there now? 403 00:23:09,286 --> 00:23:11,896 I hit the wrong button, stop the output. 404 00:23:12,316 --> 00:23:13,186 Is it there now? 405 00:23:13,496 --> 00:23:14,536 Yes it is. 406 00:23:14,996 --> 00:23:17,386 It's underneath the counts for-- what's it do? 407 00:23:17,826 --> 00:23:18,766 Let's find out. 408 00:23:19,236 --> 00:23:25,106 Hit the enter key and now it's asking me for a password, Cisco. 409 00:23:26,096 --> 00:23:26,846 Okay, okay. 410 00:23:26,846 --> 00:23:28,386 And then I get in and I'm in. 411 00:23:28,386 --> 00:23:32,106 Okay, so now I have this password prompt which was not previously there. 412 00:23:33,076 --> 00:23:35,466 And what I did was type in log in. 413 00:23:36,246 --> 00:23:38,176 Let me do a short run. 414 00:23:38,336 --> 00:23:43,536 Let me just-- I'm going to do a begin with line con, of course, 415 00:23:43,896 --> 00:23:45,686 line con so I don't have to scroll through all that. 416 00:23:45,686 --> 00:23:50,316 So it's showing line console 0, password Cisco log in, that command is there. 417 00:23:50,316 --> 00:23:51,246 So wait a sec. 418 00:23:51,246 --> 00:23:58,926 If I were to go in into the console port and type in line console 0 and type in no log in, 419 00:24:00,156 --> 00:24:02,616 to remove that command, now what happens? 420 00:24:03,126 --> 00:24:03,956 Let's go back. 421 00:24:03,956 --> 00:24:05,196 Let's look at the config and verify. 422 00:24:05,506 --> 00:24:06,936 Let me do that again. 423 00:24:07,126 --> 00:24:11,296 Verify, we've got password Cisco is under the console port, exit back out, 424 00:24:11,576 --> 00:24:14,916 enter the enter key, no log in required. 425 00:24:15,706 --> 00:24:17,576 Is that-- is this starting to put the pieces together? 426 00:24:17,706 --> 00:24:21,766 So what-- let me ask you, if you were to give a definition, what does the log in command do? 427 00:24:22,646 --> 00:24:28,986 The log in command requires log-ins to that port, meaning, I can type in passwords all day. 428 00:24:28,986 --> 00:24:31,606 Let me do a show run begin line console. 429 00:24:31,916 --> 00:24:37,596 I can type in passwords all day long under that console port but they won't take affect 430 00:24:37,596 --> 00:24:39,946 until I'm requiring somebody to log in. 431 00:24:40,276 --> 00:24:44,446 So I'm going to go into global config, line console 0, and let's just hit the question mark. 432 00:24:44,586 --> 00:24:50,686 You can see that log in if we look at the definition L log in, enable password checking. 433 00:24:50,686 --> 00:24:52,356 That's the definition that they give it 434 00:24:52,356 --> 00:24:56,016 and essentially enable this console port to check the password. 435 00:24:56,016 --> 00:25:01,156 So, let me type in log in, hit enter, and now we are requiring console password, good. 436 00:25:01,826 --> 00:25:03,526 Now, what about the telnet password? 437 00:25:04,406 --> 00:25:09,576 Setting a telnet password is what allows you to manage the switch remotely. 438 00:25:10,116 --> 00:25:16,166 Meaning right now, I am connected if you were to look at me right now, I have a cable plugged 439 00:25:16,166 --> 00:25:20,636 in to that switch and, you know, I got my laptop or whatever device I'm using. 440 00:25:20,636 --> 00:25:22,606 I've got this console connected. 441 00:25:22,606 --> 00:25:29,066 I'm looking down, I'm literally three feet away from the switch standing here and that's great 442 00:25:29,066 --> 00:25:31,626 for an initial configuration, that's how we have to configure it. 443 00:25:31,626 --> 00:25:34,716 But eventually, I want to get out of this cold IT room and I walk back 444 00:25:34,716 --> 00:25:36,846 to my desk or fly back to my office. 445 00:25:36,846 --> 00:25:40,606 It could be thousands of miles away and manage this switch remotely. 446 00:25:40,896 --> 00:25:46,066 That is where the telnet password or you should-- could also look at more modern, 447 00:25:46,066 --> 00:25:50,026 more secure is an SSH password comes into play. 448 00:25:50,646 --> 00:25:58,956 Now, these are also configured under the line but the line is actually called VTY. 449 00:25:59,446 --> 00:26:00,746 Let me get back to the problem. 450 00:26:00,746 --> 00:26:02,706 So we're under the console part right now. 451 00:26:02,706 --> 00:26:04,236 We don't want to do anything else from here. 452 00:26:04,236 --> 00:26:05,376 For now, we'll come back here. 453 00:26:05,756 --> 00:26:08,266 I'm going to exit out of the console port. 454 00:26:08,376 --> 00:26:14,976 I'm going to type in line VTY space, well, let me just question mark through the whole thing. 455 00:26:14,976 --> 00:26:17,366 So line VTY that sends for a virtual terminal. 456 00:26:17,366 --> 00:26:20,626 It's virtually as if I was standing there next to the switch, right? 457 00:26:20,626 --> 00:26:26,166 So virtual term, a VTY space and then it says, okay, what is the first line number. 458 00:26:27,216 --> 00:26:27,746 What's that mean? 459 00:26:28,366 --> 00:26:32,216 Well, depending on your iOS version, 460 00:26:32,906 --> 00:26:37,966 you will see different Cisco devices supporting multiple telnet connections at a time. 461 00:26:38,086 --> 00:26:43,766 So that means I can be remotely telnetted in managing the switch, so can Bob, so can Sue, 462 00:26:43,766 --> 00:26:49,536 so can Mary, so can Neil, you know, everybody can actually be on that switch at the same time. 463 00:26:49,536 --> 00:26:52,916 Whoa, wait a second, does that mean we could make conflicting changes? 464 00:26:53,296 --> 00:26:55,536 It does and you have to be careful about that. 465 00:26:55,536 --> 00:26:58,246 But usually, you know, technicians communicate. 466 00:26:58,646 --> 00:27:00,646 [laughter] Did I just say "technicians communicate"? 467 00:27:00,816 --> 00:27:02,166 Scratch that. 468 00:27:02,166 --> 00:27:05,546 Policies dictate that technicians are supposed to communicate 469 00:27:05,546 --> 00:27:08,076 so that they don't make those kind of conflicting changes. 470 00:27:08,076 --> 00:27:11,626 But nonetheless, the Cisco device supports everybody getting 471 00:27:11,626 --> 00:27:12,986 on that device at the same time. 472 00:27:13,216 --> 00:27:17,546 Now when I say everybody, I mean, however many line numbers you configure. 473 00:27:17,546 --> 00:27:21,666 Now this iOS version, this Cisco device supports-- 474 00:27:21,666 --> 00:27:24,726 you can just by hitting the question mark, it says, what is the first line number? 475 00:27:24,926 --> 00:27:30,006 So I type in zero, that's going to be the first one we commit on and I hit the question mark, 476 00:27:30,006 --> 00:27:31,846 it says, "Well, what is the last line number?" 477 00:27:32,026 --> 00:27:33,666 And I can go up to 15. 478 00:27:34,066 --> 00:27:40,456 So what this allows me to do is configure a whole bunch of VTY ports at the same time? 479 00:27:40,726 --> 00:27:46,786 So if I were to type in 15, that now puts me into the configuration mode for 16 total, 480 00:27:46,786 --> 00:27:52,536 'cause I started counting from zero, right, so that adds one more, so 16 total VTY ports 481 00:27:52,536 --> 00:27:54,006 that I'm configuring all at the same time. 482 00:27:54,306 --> 00:27:59,666 And then I can come under here and say password and whatever I want my password to be. 483 00:27:59,666 --> 00:28:02,656 We'll say password Cisco and hit the enter key. 484 00:28:02,656 --> 00:28:09,286 And now I've created a password that says whenever somebody accesses device remotely, 485 00:28:09,556 --> 00:28:13,646 they're going to have to type in the password Cisco before they are able to get to user mode. 486 00:28:13,846 --> 00:28:16,646 Now, let me show you a couple quick things. 487 00:28:17,016 --> 00:28:21,846 I'm going to bail out of this mode and just do a show run. 488 00:28:21,846 --> 00:28:24,936 And by the way, I've been typing this in a couple of times just to get us straight there. 489 00:28:25,156 --> 00:28:28,616 You can actually do a show running config, this is how we verify. 490 00:28:28,906 --> 00:28:33,096 It's saying, show me what configuration is on this device that's running right now 491 00:28:33,296 --> 00:28:36,826 and you can type in the pipe, it's the character right above the enter key, 492 00:28:37,176 --> 00:28:39,116 and then you can do some filtering commands. 493 00:28:39,116 --> 00:28:43,726 You can say, I want to begin with the line, I want to include the lines, 494 00:28:43,726 --> 00:28:46,806 I want to exclude the line, so what I have been typing all along, 495 00:28:46,806 --> 00:28:49,076 I've been putting B there which are like, what is that? 496 00:28:49,076 --> 00:28:53,166 That's actually begin with the line where I type in line and I just hit enter. 497 00:28:53,236 --> 00:28:57,216 Begin with a line that says line because that will move me down to the bottom so I don't have 498 00:28:57,216 --> 00:29:02,476 to hit the spacebar through all that config and I can just look directly at these ports. 499 00:29:02,476 --> 00:29:05,756 So, I see my console port configuration, right, everybody good with that, 500 00:29:06,596 --> 00:29:10,476 and then below, I see my VTY configuration. 501 00:29:10,986 --> 00:29:14,676 Now, a couple of things worth mentioning, first off, 502 00:29:15,036 --> 00:29:18,976 what's up with the 0 through 4 and then 515? 503 00:29:19,176 --> 00:29:21,786 You know, and I also want to talk about the syntax. 504 00:29:21,786 --> 00:29:24,796 When you see 0 space 4, mentally put a little dash in there. 505 00:29:24,976 --> 00:29:27,926 They give it like 0 through 4 'cause that's really what it means. 506 00:29:28,076 --> 00:29:30,286 So why did it break it into two? 507 00:29:30,816 --> 00:29:34,876 Well, to understand it, you have to go back into long, long history of Cisco. 508 00:29:35,086 --> 00:29:40,266 Cisco has always had five telnet ports, 0 through 4 on their devices. 509 00:29:40,496 --> 00:29:45,556 Only recently and I say "recent" within the last decade, it's been a long time. 510 00:29:45,736 --> 00:29:50,676 But, you know, for as long as Cisco has been around, I'd say recently, have they expanded 511 00:29:50,676 --> 00:29:56,186 that to allow more to where you can go up to 15 or I guess 16 total VTY ports. 512 00:29:56,186 --> 00:30:00,306 But a lot of times people would take configurations from one device and send it 513 00:30:00,306 --> 00:30:02,876 over to another device and, you know, kind of-- it's very common. 514 00:30:03,556 --> 00:30:08,166 When you get a good base configuration with Cisco to say, "Okay, I've got it," you know, 515 00:30:08,166 --> 00:30:10,096 that's what we're doing right now is a base configuration. 516 00:30:10,276 --> 00:30:13,316 'Cause I've got it, let me now copy and paste that into all my devices 517 00:30:13,316 --> 00:30:14,746 so I don't have to do them all individually. 518 00:30:15,156 --> 00:30:20,676 Well, if you have some older devices, they might only support five telnet ports at the same time. 519 00:30:21,346 --> 00:30:26,286 Whereas some newer devices might also expand and support up to, you know, 16 telnet ports, 520 00:30:26,286 --> 00:30:28,116 you know, for essentially 0 through 15. 521 00:30:28,116 --> 00:30:30,026 So Cisco said, "Well, why don't we do this?" 522 00:30:30,026 --> 00:30:36,006 We'll break it into two sections so that way if you copy and paste a config from a new device 523 00:30:36,136 --> 00:30:40,786 into an older device, so the new device supporting all these telnet ports 524 00:30:40,786 --> 00:30:45,696 and the older device supporting this, at least it will take the commands for this piece of it. 525 00:30:45,696 --> 00:30:49,516 You know, when it gets to this, the older device would be like "I don't know what that means. 526 00:30:49,516 --> 00:30:53,696 I don't have 16 telnet ports" and it'll ignore those commands 527 00:30:53,696 --> 00:30:57,346 but at least it will take this whereas if we would have put them all as one big chunk, 528 00:30:57,796 --> 00:31:02,436 if we were to put 0 space 15, then the older device would say, "Well, I can't support that," 529 00:31:02,436 --> 00:31:03,906 and it would forget the commands completely. 530 00:31:03,906 --> 00:31:08,356 At least by doing this, it gets most of the configuration in there 531 00:31:08,356 --> 00:31:10,116 and ignores the stuff that doesn't support. 532 00:31:10,316 --> 00:31:16,606 So, I know a little longer explanation but you we're to believe, how many times I have people 533 00:31:16,706 --> 00:31:19,096 when I explain that to them and they've been in Cisco for a while, 534 00:31:19,096 --> 00:31:22,526 they're like, "Oh, that always confuse me." 535 00:31:22,646 --> 00:31:24,146 So, I wanted to take the time right there. 536 00:31:24,266 --> 00:31:29,246 So, second thing worth mentioning, notice when I got under the VTY ports right here, 537 00:31:29,586 --> 00:31:35,896 I typed in password Cisco, I never typed the word log in and yet it's there. 538 00:31:36,876 --> 00:31:40,626 Why? Well, if we back up, if we look at the configuration before 539 00:31:40,626 --> 00:31:45,876 when I was doing the console port, we saw that the console port didn't have the log in command 540 00:31:46,156 --> 00:31:48,836 and the VTY lines did before I even got in there. 541 00:31:49,076 --> 00:31:51,636 Well, that's Cisco's form of security. 542 00:31:51,956 --> 00:31:55,266 They don't want you to be setting up your switch and then you give it an IP address 543 00:31:55,266 --> 00:31:58,946 and all of a sudden someone behind the scene is like [laughs], you know, dives in there 544 00:31:58,946 --> 00:32:01,496 and telnet is in before you have the chance to set a password. 545 00:32:01,716 --> 00:32:05,926 No. So what they do is they say, "Require log-ins to this port." 546 00:32:06,816 --> 00:32:10,596 But notice there's no password set underneath the port, right? 547 00:32:10,806 --> 00:32:14,816 So if somebody does happen to try and sneak in there before you have the chance 548 00:32:14,816 --> 00:32:17,666 to set a password, they'll actually get the message 549 00:32:17,666 --> 00:32:19,626 from the Cisco device and here's the exact message. 550 00:32:19,626 --> 00:32:21,436 I don't know why I remember this verbatim. 551 00:32:21,586 --> 00:32:27,656 It will say, "Password required but none set," click and it will disconnect them. 552 00:32:28,366 --> 00:32:30,576 "Password acquired but none set." 553 00:32:30,576 --> 00:32:35,496 What that's saying is "Hey, this log in command is telling me, me being a Cisco device, 554 00:32:35,596 --> 00:32:37,516 I need to require log-ins for this port." 555 00:32:37,616 --> 00:32:40,496 So when somebody connects, it's like I need to log you in but then it looks and it goes, 556 00:32:41,216 --> 00:32:44,696 wait a second, I don't have a password, thus the message. 557 00:32:44,936 --> 00:32:49,976 Sorry, password required but there's none set so you can't log in case I'm requiring. 558 00:32:49,976 --> 00:32:52,486 Now, let me show you, let me show you a bad thing to do. 559 00:32:52,486 --> 00:32:58,566 If I were to go underline VTY 0 space 15 and type in the command, no log in, 560 00:32:58,716 --> 00:33:02,366 hit the enter key, what do you think that does? 561 00:33:03,066 --> 00:33:08,846 Careful, sometimes you're like, "Oh, okay," so I'm not letting anyone log in, right, right? 562 00:33:09,196 --> 00:33:13,806 That's a lot of times the initial feeling is like, well, it says no log in so that-- 563 00:33:13,806 --> 00:33:16,606 well, careful, careful, remember the language. 564 00:33:16,906 --> 00:33:18,976 No is the negating command. 565 00:33:19,316 --> 00:33:22,766 So we're not saying no log in like we're speaking English to each other, 566 00:33:22,766 --> 00:33:24,116 like oh no, no, you can't log in. 567 00:33:24,336 --> 00:33:28,736 What we're saying is no, the log in is not required. 568 00:33:29,356 --> 00:33:33,246 So before I was requiring log ins and now I'm not, oh my goodness, 569 00:33:33,456 --> 00:33:37,076 what this means is somebody can type in telnet and the IP address of the switch 570 00:33:37,076 --> 00:33:38,846 which thankfully we haven't given it one yet. 571 00:33:39,086 --> 00:33:42,776 But they could type that in and bam, they're immediately sitting in user mode 572 00:33:43,116 --> 00:33:45,696 and then they type in enable and now they're into the privilege mode. 573 00:33:45,696 --> 00:33:46,546 It's creepy. 574 00:33:46,856 --> 00:33:50,076 There is a few, there is minor security mechanisms 575 00:33:50,076 --> 00:33:53,426 like if you don't have an enabled password, it might restrict you from doing that. 576 00:33:53,426 --> 00:33:55,236 But oh my goodness, that's not something you want to do. 577 00:33:55,236 --> 00:33:57,786 So no log in does not say you can't log in. 578 00:33:57,786 --> 00:34:01,756 It means no log in is required so that's why you absolutely want to keep that one on there. 579 00:34:01,756 --> 00:34:03,356 See how dangerous those commands can be. 580 00:34:03,356 --> 00:34:06,536 Okay. So, are you feeling good so far? 581 00:34:06,776 --> 00:34:08,936 I'm looking at the amount of time. 582 00:34:08,936 --> 00:34:10,186 I'm like, good grief. 583 00:34:10,186 --> 00:34:11,376 I'm spending a lot of time on this. 584 00:34:11,376 --> 00:34:13,416 I thought I'd be able to just blaze through this. 585 00:34:13,416 --> 00:34:15,536 But then as I started talking, I'm like, you know what, 586 00:34:15,536 --> 00:34:19,036 this is really our first real config of a Cisco device. 587 00:34:19,306 --> 00:34:21,116 I want to spend the time with you. 588 00:34:21,116 --> 00:34:24,536 I want to spend some time just to talk and brainstorm and just think through a lot 589 00:34:24,536 --> 00:34:27,656 of the questions that I know I've been asked when I have explained this previously. 590 00:34:27,656 --> 00:34:30,676 So, I'm probably-- here's what-- I'm going to kind of divide this in half. 591 00:34:30,676 --> 00:34:32,696 This will be part 1, this will be part 2. 592 00:34:32,696 --> 00:34:34,596 We'll do all that in another nugget. 593 00:34:34,596 --> 00:34:39,026 But let's-- that's the last one I want to do is to set a password. 594 00:34:39,226 --> 00:34:42,426 I want to set the enable password. 595 00:34:42,426 --> 00:34:45,436 So, so far, we've now set it up to where when I plug 596 00:34:45,436 --> 00:34:47,996 in with the console port, it's asking me for a password. 597 00:34:47,996 --> 00:34:49,276 That's good to get into user mode. 598 00:34:50,266 --> 00:34:55,036 If telnet or SSH which we'll talk about SSH later, if I get into the switch that way, 599 00:34:55,036 --> 00:34:57,696 it's going to ask me for a password which is good. 600 00:34:57,696 --> 00:35:03,986 So I'm kind of protecting it but now there's this transition from virtually no access 601 00:35:03,986 --> 00:35:08,896 or very limited access into full access which is not protected at all. 602 00:35:09,996 --> 00:35:12,636 And that's where the enable password comes into play. 603 00:35:13,256 --> 00:35:18,086 Now, the way that we do this is very similar to the way that we've done everything. 604 00:35:18,086 --> 00:35:18,946 I'm going to exit back out. 605 00:35:19,116 --> 00:35:22,546 Now, there's no line for this, I don't have to go under a line config 606 00:35:22,546 --> 00:35:26,786 because the enable password is something that applies to the whole switch. 607 00:35:26,786 --> 00:35:30,546 It doesn't matter how you get on that switch whether you've console in, telnet in, SSH in, 608 00:35:30,546 --> 00:35:33,616 doesn't matter how you get there, 609 00:35:33,616 --> 00:35:37,606 it has one global enable password to protect that transition. 610 00:35:37,796 --> 00:35:39,696 So it's something that we do from global config. 611 00:35:40,086 --> 00:35:45,666 And the way that we do that is typing in enable, there's actually two ways. 612 00:35:46,006 --> 00:35:50,256 You can type in enable password or enable secret. 613 00:35:51,966 --> 00:35:56,826 Okay. So these two commands do exactly the same thing. 614 00:35:57,446 --> 00:36:01,346 They protect the privilege mode with a password. 615 00:36:01,536 --> 00:36:03,966 So let me show you the first one first. 616 00:36:03,966 --> 00:36:08,366 Let's do enable password and similar to the console port, it says, you know, 617 00:36:08,426 --> 00:36:12,036 what mode or anything and I would just say, hey, at this point type it in, type in the line. 618 00:36:12,036 --> 00:36:17,826 So I type in, the enable password is Cisco, right? 619 00:36:17,986 --> 00:36:20,476 So now when I exit out, what happens? 620 00:36:21,256 --> 00:36:26,566 I hit the enter key, it's prompting me for a console password which I type that in, Cisco. 621 00:36:26,966 --> 00:36:31,966 I'm now in user mode, I'm like okay, great, I've got limited access here so I type in enable, 622 00:36:32,506 --> 00:36:34,166 hit the enter key, and now look at that. 623 00:36:34,166 --> 00:36:38,966 Now we're prompted for a second password which normally best practice, 624 00:36:38,966 --> 00:36:42,086 you should make that a different password than what your telnet password is. 625 00:36:42,086 --> 00:36:45,286 Not everybody does but it is much better security if you do. 626 00:36:45,286 --> 00:36:46,976 And I'm in the privilege mode. 627 00:36:46,976 --> 00:36:48,746 So okay, that's great. 628 00:36:48,746 --> 00:36:52,276 You're probably thinking, well, what could be different about the enable secret. 629 00:36:52,406 --> 00:36:53,256 Well, let me show you. 630 00:36:53,256 --> 00:36:57,826 I'm going to go back and verify my commands that I've typed in the switch and I'm like, "Okay, 631 00:36:57,826 --> 00:37:03,186 well, I'll just do a show run and whoa, hey, stop looking over my shoulder. 632 00:37:03,346 --> 00:37:04,626 Hey, no, no, yeah. 633 00:37:04,626 --> 00:37:06,886 Look at that. 634 00:37:07,306 --> 00:37:08,496 It's clear text." 635 00:37:08,986 --> 00:37:13,286 Enable password means if somebody is looking over your shoulder when you're doing a show run 636 00:37:13,286 --> 00:37:15,506 or you happened to send your running config to somebody, 637 00:37:15,806 --> 00:37:19,146 right there is essentially the key to your Cisco device. 638 00:37:19,146 --> 00:37:22,316 The password is Cisco, that's scary. 639 00:37:22,316 --> 00:37:31,186 So let's go back in here and type in enable, hit the question mark, secret. 640 00:37:31,626 --> 00:37:36,186 And let's-- I'm going to use a different password and I'll explain why in a second. 641 00:37:36,186 --> 00:37:41,056 So let's just do enable secrets CBT nuggets, enter. 642 00:37:41,206 --> 00:37:43,086 So I'm going to exit back out. 643 00:37:43,086 --> 00:37:45,996 Let's do a show running config. 644 00:37:46,566 --> 00:37:51,006 That's got to make you feel better. 645 00:37:51,566 --> 00:37:53,156 Enable secret is [inaudible]. 646 00:37:53,156 --> 00:37:56,266 And it's just garbling moosh moosh. 647 00:37:56,526 --> 00:37:59,596 And then underneath right there is enable password Cisco, 648 00:38:00,046 --> 00:38:02,936 okay, okay, that can't be good, right? 649 00:38:03,096 --> 00:38:04,736 Okay, so what happens? 650 00:38:04,936 --> 00:38:07,126 I type in exit and I'm here. 651 00:38:07,416 --> 00:38:11,946 I type in Cisco and I'm in 'cause that's the console password, right? 652 00:38:11,946 --> 00:38:16,616 So now when I type in enable and I'm going to say, okay, I'm going to try the password 653 00:38:16,616 --> 00:38:23,106 of Cisco, wait, wait, maybe I mistyped in Cisco. 654 00:38:24,806 --> 00:38:27,246 No, Cisco, no. 655 00:38:27,486 --> 00:38:31,956 Enable is no longer allowing me to use the password of Cisco anymore. 656 00:38:32,136 --> 00:38:36,466 I actually have to use the password of CBT nuggets and that will get me right in. 657 00:38:36,466 --> 00:38:40,926 See, using the enable secret, the Cisco device realizes, whoa, that's way better, 658 00:38:41,006 --> 00:38:43,566 that's way more secure than the enable password. 659 00:38:43,646 --> 00:38:44,616 I'm going to prefer that. 660 00:38:44,616 --> 00:38:47,516 As a matter of fact, I'm going to disable the enable password 661 00:38:47,756 --> 00:38:54,396 because you have a more secure password typed in that's enable secret and that's completely hash. 662 00:38:54,396 --> 00:38:56,626 It's totally, think of it as encrypted. 663 00:38:56,626 --> 00:38:59,436 They're like people can't get to that password just by looking over your shoulder. 664 00:38:59,486 --> 00:39:03,396 So, I know, if you're like me, the questions are rattling your mind. 665 00:39:03,396 --> 00:39:08,916 Okay, number 1, why does that enable password exist, why is it there? 666 00:39:08,916 --> 00:39:12,996 And then why do you have-- why does it even let you type two of them in? 667 00:39:12,996 --> 00:39:16,286 It seems like it would, you know, it would just remove the other or something, right? 668 00:39:16,286 --> 00:39:17,846 That's like our brainstorming [inaudible]. 669 00:39:18,186 --> 00:39:19,516 Well, let's go back. 670 00:39:19,756 --> 00:39:21,616 Go back to the old devices. 671 00:39:22,186 --> 00:39:27,426 Old devices, again, old being, again, more than a decade old since they've come 672 00:39:27,426 --> 00:39:33,736 out with enable secret, but long, long ago, devices had only the enable password. 673 00:39:33,736 --> 00:39:37,356 There was no enable secret command on some of the original Cisco devices. 674 00:39:37,356 --> 00:39:39,416 So Cisco said, "Let's keep it around. 675 00:39:39,816 --> 00:39:40,926 Let's keep this in here." 676 00:39:40,926 --> 00:39:46,636 Again, that way if somebody copy and paste their configuration from a new device and they put it 677 00:39:46,636 --> 00:39:50,426 in the old device, well, the old device when it sees this command if you're copying and pasting, 678 00:39:50,426 --> 00:39:52,676 it's going to be like, I don't know what that command is. 679 00:39:52,846 --> 00:39:56,566 I don't support that command but it will support this. 680 00:39:57,076 --> 00:39:59,976 And so you'll see this theme, you get that feel, right? 681 00:40:00,046 --> 00:40:04,346 So there are legacy commands that still work on newer devices 682 00:40:04,636 --> 00:40:07,336 but really Cisco has long since developed better ways. 683 00:40:07,336 --> 00:40:12,156 The only reason they keep those command around is if you were to apply that configuration 684 00:40:12,156 --> 00:40:17,526 to an older device or for example, maybe I downgrade this iOS version, you know, 685 00:40:17,526 --> 00:40:21,266 right now I'm running, you know, whatever version, 12.2 on the Cisco switch, 686 00:40:21,396 --> 00:40:25,816 what if I downgraded this iOS version 2, really old version. 687 00:40:26,216 --> 00:40:29,736 Well, when it boots up, it's going to start seeing all these commands and it's like, 688 00:40:29,736 --> 00:40:33,926 I don't get that, I don't understand this 'cause my iOS version doesn't support that command. 689 00:40:33,976 --> 00:40:37,006 So these commands will automatically disappear from the config 690 00:40:37,006 --> 00:40:41,406 because the switch doesn't support it and all the old commands, the legacy commands will stay. 691 00:40:41,526 --> 00:40:44,546 So, that will at least give you some level of protection by doing that. 692 00:40:44,546 --> 00:40:48,896 With all that being said, let me just say this, Cisco nowadays recommends, 693 00:40:48,896 --> 00:40:50,696 don't even worry about the enable password. 694 00:40:51,156 --> 00:40:55,426 Enable secret has been out for a long time and that's the way that you should probably go. 695 00:40:55,426 --> 00:40:58,426 As a matter of fact, how would we get rid of that enable password? 696 00:40:58,536 --> 00:41:02,766 There's your pop quiz, no enable password. 697 00:41:04,076 --> 00:41:04,976 It's gone, right? 698 00:41:05,206 --> 00:41:07,806 Show running config, that negating command removes everything 699 00:41:07,976 --> 00:41:10,886 and now all I see that's left is the enable secret. 700 00:41:12,316 --> 00:41:13,616 Wow! What a good start. 701 00:41:14,066 --> 00:41:17,456 So we can check this off thinking of this as like core security if you will 702 00:41:17,646 --> 00:41:20,136 on the left hand side to get our device configured. 703 00:41:20,136 --> 00:41:24,426 And I would say just getting really familiar with kind of the feel of this Cisco switch. 704 00:41:24,426 --> 00:41:28,276 So I'm going to put that dividing line right there, line in the sand for now. 705 00:41:28,676 --> 00:41:33,136 I'll start off the next nugget right off-- right where we finished this one. 706 00:41:33,136 --> 00:41:37,256 I'll kind of do a fly by review of where we're at and then we'll dive into part 2 707 00:41:37,526 --> 00:41:40,356 which will be setting up the rest of the management of this device. 708 00:41:40,406 --> 00:41:44,116 For now, I hope this has been informative for you and I'd like to thank you for viewing. 70975