Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,646 --> 00:00:04,676 >> All right, it's time to continue on in the switching base configuration. 2 00:00:05,126 --> 00:00:08,736 Before we do, I have to show something really cool that I just discovered. 3 00:00:08,736 --> 00:00:15,286 So, so CBT Nuggets got me this, this keyboard from Logitech which is a solar keyboard 4 00:00:15,286 --> 00:00:16,556 which is the cool in and out of it. 5 00:00:16,556 --> 00:00:21,356 So that actually has like little solar panels on this thing, but I went for the Numlock 6 00:00:21,356 --> 00:00:23,756 and I accidentally hit this button. 7 00:00:23,756 --> 00:00:26,096 It's a little sunshine on there. 8 00:00:26,096 --> 00:00:28,676 Now, come on, that is awesome. 9 00:00:28,986 --> 00:00:33,696 I've got like a laxometer for my keyboards that's, 10 00:00:33,696 --> 00:00:38,696 that tells me how much solar energy my keyboard is getting and, you know, and see, 11 00:00:38,696 --> 00:00:41,766 so I'm walking around obviously blocking my fluorescent lighting. 12 00:00:41,966 --> 00:00:45,736 So fluorescent lights apparently charge this keyboard but look I can put my hands over, 13 00:00:45,736 --> 00:00:48,786 it's like, "Oh no, down, look, zero, energy reserves." 14 00:00:48,786 --> 00:00:50,006 You know, you move your hands off and. 15 00:00:50,236 --> 00:00:55,246 So, so this-- this I've got to say, thank you Logitech. 16 00:00:55,246 --> 00:00:55,996 Nice touch. 17 00:00:55,996 --> 00:00:58,736 You could have just done the solar keyboard and that would have been cool, 18 00:00:58,996 --> 00:01:02,706 but adding the little laxometer there, that was something. 19 00:01:04,016 --> 00:01:08,046 Okay, so before we dive into the new stuff, let's hit what we did in the last nugget. 20 00:01:08,376 --> 00:01:11,156 We went in, global config mode and set the host name. 21 00:01:11,486 --> 00:01:16,806 We learn about negating the command by putting no in front of anything that we could type. 22 00:01:16,806 --> 00:01:18,806 We could type in the console password. 23 00:01:18,806 --> 00:01:21,036 We went under line console zero and put in the password. 24 00:01:21,036 --> 00:01:24,916 And also typed in the log in to require log ins to that port because it didn't work otherwise. 25 00:01:25,216 --> 00:01:29,036 Exactly, the opposite with Telnet where log in is the default, 26 00:01:29,036 --> 00:01:30,956 remember that, with no password under there. 27 00:01:30,956 --> 00:01:34,316 So we need to set a password for the remote Telnet. 28 00:01:34,316 --> 00:01:40,346 And then we learned about the enable password and enable secret which two different things 29 00:01:40,346 --> 00:01:44,176 that do the same thing, one in an old command which was enable password and you type 30 00:01:44,176 --> 00:01:49,046 in your password which stores it in a clear text format in the running config. 31 00:01:49,616 --> 00:01:56,196 Also, enable-- well, actually, sorry about-- My mind just jump to another topic, I want to-- 32 00:01:56,196 --> 00:01:57,246 Hey, I'm going go write something down. 33 00:01:57,296 --> 00:01:58,816 I don't want to forget about this. 34 00:01:59,136 --> 00:02:07,086 I'll just put sync, or let me just do it S-Y-N and then what was the-- P-W-E-N-C. 35 00:02:07,266 --> 00:02:11,066 Just those would be my quick reminders to make sure I don't forget that. 36 00:02:11,066 --> 00:02:16,266 So, enable password, clear text, enable secret being the encrypted or hash version 37 00:02:16,266 --> 00:02:18,196 of the password that's stored in the running config. 38 00:02:18,456 --> 00:02:23,256 If you turn on the enable secret, then the enable password is no longer used. 39 00:02:23,256 --> 00:02:25,446 It's just there for backwards compatibility. 40 00:02:25,446 --> 00:02:28,076 So that's, that's where we've come from. 41 00:02:28,076 --> 00:02:34,086 Now before, before we-- all these things that are coming to my mind that I want to show you. 42 00:02:34,266 --> 00:02:38,926 Before we dive into the new stuff, I actually want to talk about this, this little junk notes 43 00:02:38,926 --> 00:02:39,946 that I'm putting down that at the bottom. 44 00:02:40,246 --> 00:02:45,026 These aren't really, I would say commands that you would, you would say "Oh man, 45 00:02:45,026 --> 00:02:46,796 you got to know for certification." 46 00:02:46,796 --> 00:02:49,816 Or you go to know to know that for real but man, I will tell you, they will, 47 00:02:50,056 --> 00:02:51,746 they will make it just easier to work with. 48 00:02:51,746 --> 00:02:52,476 This is good advice. 49 00:02:52,476 --> 00:02:56,676 So let me, let me first off get back in to my switch from-- 50 00:02:56,676 --> 00:03:00,716 This is, I left the config from the last nugget, still on here. 51 00:03:00,716 --> 00:03:02,686 Now you notice that I'm logged out. 52 00:03:03,116 --> 00:03:07,106 That is because on the console port, there is a time-out setting. 53 00:03:07,446 --> 00:03:12,086 So after you are idle for so long, it will kick you off and put you back to the log on screen, 54 00:03:12,086 --> 00:03:15,506 that's good security, but a lot of times if you're in a lab environment and you're trying 55 00:03:15,506 --> 00:03:18,886 to learn that kind of scene, CBT Nuggets, that kind of thing, 56 00:03:18,886 --> 00:03:21,596 it's handy to not be kicked off the device. 57 00:03:22,136 --> 00:03:29,586 So, what I can do is I can go into global configuration mode, go into line VTY-- 58 00:03:30,246 --> 00:03:33,156 sorry, not VTY, line consoles, that's where we are. 59 00:03:33,156 --> 00:03:38,546 Line console zero and there's a command that is actually exact dash time-out. 60 00:03:38,896 --> 00:03:42,846 So I can type in exact time-out and tell it how long I want to be able 61 00:03:42,846 --> 00:03:46,656 to stay idle before I will naturally time-out the connection. 62 00:03:46,656 --> 00:03:50,446 So, I can say, you know, five minutes or 10 minutes or whatever I want. 63 00:03:50,446 --> 00:03:54,166 I can even get, you know, if I do 5 minute, I can get into the seconds and say 5 minutes, 64 00:03:54,246 --> 00:03:57,276 43 seconds countdown, synchronized watches. 65 00:03:57,276 --> 00:04:00,526 But for lab environments, now this is lab environments only. 66 00:04:00,766 --> 00:04:04,246 One of the things that I commonly do is I just, you know, it's lab switch. 67 00:04:04,246 --> 00:04:07,096 I'm not really needing to worry about security. 68 00:04:07,306 --> 00:04:09,946 So I'll type in exact time-out zero, zero. 69 00:04:10,606 --> 00:04:14,386 And what that does is set my time-out to disabled. 70 00:04:14,596 --> 00:04:16,016 So I will always stay logged in. 71 00:04:16,016 --> 00:04:20,366 A matter of fact, a shorter way that you can do that and this is one of my base commands 72 00:04:20,366 --> 00:04:23,976 that I type when I get on the switch is know exact dash time-out 73 00:04:24,076 --> 00:04:25,366 and that will turn it off as well. 74 00:04:25,426 --> 00:04:28,906 It says, I'm not going to-- I'm not going to time out. 75 00:04:29,046 --> 00:04:33,946 Okay, so that's, that's kind of handy feature number one that just popped into my head. 76 00:04:33,946 --> 00:04:37,656 Second one is the logging synchronous. 77 00:04:37,656 --> 00:04:38,526 And here's, here's what I mean. 78 00:04:38,996 --> 00:04:43,466 All throughout the series, we are going to be getting status messages on the console port. 79 00:04:43,466 --> 00:04:47,676 So let me give you an example, let' say I want to get out of the line config mode, right? 80 00:04:47,736 --> 00:04:48,986 And I want to do some show command. 81 00:04:48,986 --> 00:04:50,596 So, here, I'm going to do this quickly. 82 00:04:50,596 --> 00:04:54,616 So I'm going to hit control z, I dropped out into a show-- [noise] See what I mean? 83 00:04:54,616 --> 00:04:58,116 I've kind of, I'm having deja vu. 84 00:04:58,116 --> 00:04:59,086 Did I show you this already? 85 00:04:59,426 --> 00:05:02,596 If I did, forgive me but-- So you see what I've done. 86 00:05:02,596 --> 00:05:04,386 I've kind of cut my command in half. 87 00:05:04,386 --> 00:05:07,276 I'm typing at the end of this, backspace, I'm deleting the message. 88 00:05:07,616 --> 00:05:09,476 I mean, what's up with that? 89 00:05:09,596 --> 00:05:13,616 If I were, if I had the sense about me, I could type in, it would work just fine. 90 00:05:13,856 --> 00:05:18,016 But the status messages will always go in line. 91 00:05:18,276 --> 00:05:22,306 Now one of the ways we can get around that is by doing the tab key, I can do show run it 92 00:05:22,306 --> 00:05:24,076 and I'm like, "Oh man, it cut what I'm typing." 93 00:05:24,166 --> 00:05:26,446 I hit the tab key and it kind of fixes that for me. 94 00:05:26,446 --> 00:05:30,626 That's one way but what if you could set it up to where you don't even have to do that. 95 00:05:31,666 --> 00:05:36,276 Well, I'm going to go onto the console port and there's a command called logging synchronous. 96 00:05:37,936 --> 00:05:38,876 Hit enter. 97 00:05:39,126 --> 00:05:45,716 What that command does is tell the IOS to paint the, the status messages 98 00:05:45,716 --> 00:05:47,776 and then repaint what you were typing below. 99 00:05:47,776 --> 00:05:51,006 I probably could have find a better way to say that but you get the point right? 100 00:05:51,176 --> 00:05:55,466 So I'm going to do, control z, I'll do a show-- Oh, that was nice. 101 00:05:55,696 --> 00:05:56,476 See what it did? 102 00:05:56,646 --> 00:05:59,736 So instead of putting me at the end of this message where I'm typing, 103 00:05:59,946 --> 00:06:01,836 it now painted my line back here which fit. 104 00:06:01,836 --> 00:06:06,026 I mean it's just make it so, so handy because I know when people are first getting started 105 00:06:06,026 --> 00:06:07,986 in Cisco, that's the number one question they get to ask. 106 00:06:07,986 --> 00:06:10,166 They go, how do I turn off those messages? 107 00:06:10,166 --> 00:06:13,946 Yeah, you know, you know the ones I cut when I'm typing in half, how do I turn those off? 108 00:06:13,946 --> 00:06:16,106 Well you don't want to turn them off because those are kind 109 00:06:16,106 --> 00:06:18,056 of your life blood of the Cisco device. 110 00:06:18,056 --> 00:06:20,836 They tell you what's going on behind the scenes and you want 111 00:06:20,836 --> 00:06:22,606 to know, you want to see those messages. 112 00:06:22,606 --> 00:06:26,286 I mean, right now we're just seeing this device was configured by console, 113 00:06:26,286 --> 00:06:28,356 you know, it's a little status message. 114 00:06:28,626 --> 00:06:31,156 But eventually, we're going to see interface up, interface down. 115 00:06:31,156 --> 00:06:33,806 You know, all those kind of messages which are key to see. 116 00:06:34,016 --> 00:06:35,816 So, that's the other thing. 117 00:06:35,816 --> 00:06:37,736 Okay, what was supposed the last thing? 118 00:06:37,736 --> 00:06:44,106 PWNC. So last nugget, let me go and add, last nugget we removed the enabled password. 119 00:06:44,876 --> 00:06:46,006 I'm going to put it back in there. 120 00:06:46,476 --> 00:06:50,566 But one of the things that you, you may have notice in all of the show runs, 121 00:06:50,746 --> 00:06:52,996 show running config that I was doing in the last nugget, 122 00:06:52,996 --> 00:06:54,916 is we have this clear text passwords here. 123 00:06:54,916 --> 00:07:02,936 Not only, not only the enable password but if I shoot down here, and I see line VTY, 124 00:07:02,936 --> 00:07:04,656 I mean password Cisco, password Cisco. 125 00:07:04,886 --> 00:07:08,806 So again, if I've got that strange fellow looking over my shoulder, 126 00:07:09,066 --> 00:07:12,826 I'm like [noise] you know, I'm putting my hand over the window, don't look at that. 127 00:07:13,216 --> 00:07:18,706 Well Cisco has a command that allows you to encrypt those passwords. 128 00:07:19,016 --> 00:07:25,466 And I, if you could've see me I put encrypt in those little, like "encrypt" those password. 129 00:07:25,466 --> 00:07:26,716 And the command is actually simple. 130 00:07:26,716 --> 00:07:28,076 It's service password encryption. 131 00:07:28,476 --> 00:07:32,006 So you type that from global config mode and immediately, 132 00:07:32,076 --> 00:07:36,296 I go back and do a show run and man, look at that-- bum! 133 00:07:36,326 --> 00:07:40,126 Encyptomagic, enable password is encrypted. 134 00:07:40,126 --> 00:07:44,406 I scrolled down to my VTY lines, my console port, encrypted everywhere, 135 00:07:44,406 --> 00:07:45,596 so I'm like, "Man, that's awesome. 136 00:07:45,596 --> 00:07:46,116 That's feels good." 137 00:07:46,116 --> 00:07:50,646 Well Cisco did not design that to be a strong algorithm. 138 00:07:50,686 --> 00:07:56,366 As a matter of fact, they've partnered up with Cracker Jacks, remember the Cracker Jacks boxes 139 00:07:56,366 --> 00:07:58,536 with the little secret decoder ring inside? 140 00:07:58,746 --> 00:08:03,096 To come up with a shared algorithm, both Cracker Jacks and Cisco uses the same. 141 00:08:03,096 --> 00:08:07,306 I mean, it's so incredibly weak that you could go on to Google and type 142 00:08:07,306 --> 00:08:11,606 in let's just try crack Cisco password. 143 00:08:11,716 --> 00:08:13,096 Let's do crack Cisco password. 144 00:08:13,096 --> 00:08:13,526 There we go. 145 00:08:13,706 --> 00:08:16,926 First link on our Cisco password, crack-o-matic. 146 00:08:16,926 --> 00:08:20,856 I go in there and type in that encrypted version and I go correct. 147 00:08:21,246 --> 00:08:22,686 There it is. 148 00:08:22,686 --> 00:08:23,916 [laughs] I know, you're like, "Seriously?!" 149 00:08:24,106 --> 00:08:30,586 Totally! All that, that, that encryption is meant to do is-- where am I? 150 00:08:30,586 --> 00:08:33,016 All it is meant prevent to the line of site. 151 00:08:33,016 --> 00:08:36,016 Like, it's a whole lot harder to remember 1306, 1E0-- 152 00:08:36,016 --> 00:08:39,036 you know all of that than it is to remember Cisco if you see it. 153 00:08:39,036 --> 00:08:43,226 So, it is not-- don't give that, get that like warm and fuzzy. 154 00:08:43,226 --> 00:08:45,636 That's going to secure me forever kind of feeling from that. 155 00:08:45,886 --> 00:08:47,516 However I will tell you this. 156 00:08:47,916 --> 00:08:52,216 They enable secret, you notice, notice the two different, I call them encryption modes. 157 00:08:52,796 --> 00:08:56,346 So these guys used what's called type seven. 158 00:08:56,346 --> 00:09:00,776 Notice this all about type seven Cisco password that it can do. 159 00:09:01,176 --> 00:09:05,996 The enable secret actually uses type five right here. 160 00:09:06,416 --> 00:09:10,066 It's actually MD5 hashing is what that is. 161 00:09:10,066 --> 00:09:11,546 It's not encryption at all. 162 00:09:11,546 --> 00:09:15,756 It's a hash which-- I think I'll actually talk about that later when we talk about SSH. 163 00:09:16,046 --> 00:09:17,346 That is very secure. 164 00:09:17,636 --> 00:09:22,646 It is, the only way to break that is through something called a brute force attack 165 00:09:22,856 --> 00:09:25,686 which is the weakest kind of hacking attack that you can do. 166 00:09:25,686 --> 00:09:30,016 Any password can be broken given enough time and computing power. 167 00:09:30,316 --> 00:09:34,546 But this, this is one of the most secure ways to set the password. 168 00:09:34,546 --> 00:09:38,006 So, that's the three little pieces I want to add there. 169 00:09:38,006 --> 00:09:40,626 Okay, now let's get into the rest of this. 170 00:09:40,746 --> 00:09:46,766 We've got all of our password set up so we're ready to enable and manage our switch remotely, 171 00:09:47,036 --> 00:09:49,586 however we haven't given it an IP address yet. 172 00:09:49,936 --> 00:09:52,876 Now to assign the IP address to a switch, 173 00:09:52,876 --> 00:09:56,976 you need to understand just a little bit about VLANs. 174 00:09:57,936 --> 00:10:01,796 And that's, that's why I wanted to break the base configuration 175 00:10:01,796 --> 00:10:04,986 into two nuggets 'cause I really wanted to give enough time to this to where I-- 176 00:10:04,986 --> 00:10:06,426 I'm not just like, okay, do this 177 00:10:06,426 --> 00:10:09,896 and nobody really understands why they're doing what they're doing. 178 00:10:10,346 --> 00:10:16,546 So, VLANs, let me see if I can give you the very small nutshell version right now 179 00:10:17,636 --> 00:10:20,226 and then we'll expand much more on it later 180 00:10:20,226 --> 00:10:24,436 when we do the full VLAN nuggets, but we've got switches, right? 181 00:10:24,766 --> 00:10:29,526 And by default switches are all one network. 182 00:10:29,836 --> 00:10:34,076 So, here's our little six ports switch if you will, they're all one networks. 183 00:10:34,076 --> 00:10:38,866 So, when I plug a computer into here and a computer into here I know that those guys are 184 00:10:38,866 --> 00:10:43,136 on the same network, they can send a broadcast to each other, they can send an ARP to figure 185 00:10:43,136 --> 00:10:46,816 out each other's MAC address and they can communicate directly and all that, it's only-- 186 00:10:46,816 --> 00:10:52,726 it's only once we want to get off of our network that we need a router and the router allows us 187 00:10:52,726 --> 00:11:00,076 to leave our local area network or a LAN and get off to the WAN or the internet, or wherever-- 188 00:11:00,076 --> 00:11:03,796 whatever destination we're trying to reach that's the job of what a router does. 189 00:11:04,036 --> 00:11:07,546 Well, VLAN's kind of been the rules a little bit, they've say, "Well, 190 00:11:07,546 --> 00:11:14,486 I tell you what within the switch we can break this switch into two different networks." 191 00:11:14,726 --> 00:11:18,096 We can have, well say the red network on the left side 192 00:11:18,426 --> 00:11:21,016 and the purple network on the right side. 193 00:11:21,666 --> 00:11:27,026 So, now all of the computers that are plugged into the red network can communicate 194 00:11:27,026 --> 00:11:31,046 with each other but they can't talk to the purple network and same thing 195 00:11:31,046 --> 00:11:34,856 with the purple network who've got-- actually I don't know how we just jam two ethernet ports 196 00:11:34,856 --> 00:11:37,286 in the same hole there, but we'll go with it. 197 00:11:37,536 --> 00:11:41,896 We've got the devices in the purple network I can talk together, but they can't talk 198 00:11:41,896 --> 00:11:47,466 to the red network without a router and that's where we could actually plug a router 199 00:11:47,816 --> 00:11:54,116 into each side of the switch one port into the red side, one port into the purple side 200 00:11:54,286 --> 00:11:57,806 and that allows us to communicate between, it gives you a ton of advantage to be able 201 00:11:57,806 --> 00:12:02,646 to do this, you can set up security boundaries to where, okay, well accounting is over there, 202 00:12:02,936 --> 00:12:07,786 sales is over there, you can put up, you know, the server is over there, it gives you a lot-- 203 00:12:07,926 --> 00:12:11,146 a lot easier way of managing your IP. 204 00:12:11,146 --> 00:12:17,616 I mean there's a lot of advantages to VLANs, but I don't want to dive pass that point right now 205 00:12:17,616 --> 00:12:20,266 because it will explode into a giant VLAN discussion. 206 00:12:20,266 --> 00:12:23,276 So, let's get back to the point on hand. 207 00:12:23,716 --> 00:12:30,256 We've got all of these ports on a switch that when you pull a Cisco switch 208 00:12:30,256 --> 00:12:35,616 out of the box it's doing VLANs, whether you like or not, whether you configured them 209 00:12:35,616 --> 00:12:38,156 or not we are you're always doing VLANs 210 00:12:38,156 --> 00:12:41,776 on Cisco switches 'cause that's the base feature that they support. 211 00:12:42,316 --> 00:12:44,266 So, what is that mean? 212 00:12:44,266 --> 00:12:50,106 That means every port when you pull it out are all part of VLAN 1. 213 00:12:50,976 --> 00:12:54,846 It's actually the default VLAN, VLAN 1 and that's why we don't know 214 00:12:54,846 --> 00:12:59,216 that we're doing VLANs is because if all the ports are member of the same VLAN then it's 215 00:12:59,216 --> 00:13:00,766 like we're not doing VLANs at all, right, 216 00:13:00,766 --> 00:13:02,866 because everybody can talk together and work together. 217 00:13:03,056 --> 00:13:09,886 Well, the Cisco switches allow you to create these things known as VLAN interfaces, 218 00:13:11,136 --> 00:13:15,016 I don't know why I started writing ter, let's do interfaces. 219 00:13:15,916 --> 00:13:22,906 And VLAN interfaces are virtual interfaces, as in they don't really exist, I can't see them 220 00:13:22,906 --> 00:13:27,356 and touch them and squeeze them, but they are there, 221 00:13:27,356 --> 00:13:30,926 they are reachable on the switch for my VLAN. 222 00:13:30,926 --> 00:13:33,526 So, for example let's say-- now VLANs, 223 00:13:33,526 --> 00:13:35,986 well I give them colors often, they're actually numbers. 224 00:13:35,986 --> 00:13:40,696 So, let's say the red VLAN is really VLAN 10, right? 225 00:13:40,696 --> 00:13:46,576 And the purple VLAN is really VLAN 131 you can-- 226 00:13:46,576 --> 00:13:50,126 there's 4,096 numbers, so we can just pick a number, right? 227 00:13:50,346 --> 00:13:52,326 So, that-- those are the different VLANs. 228 00:13:52,556 --> 00:13:56,696 Now, the Cisco switches give us the ability to go into them and say, 229 00:13:56,966 --> 00:14:02,546 I want to create interface, VLAN 10. 230 00:14:03,976 --> 00:14:08,346 Now, that interface doesn't really exist like I said I can't see it, but its there's, 231 00:14:08,346 --> 00:14:13,466 it's this virtual interface that I can reach from anything, any port that is in VLAN 10. 232 00:14:13,806 --> 00:14:19,906 So, you know, I could give it the IP address 10.10.1.1/24, right? 233 00:14:19,906 --> 00:14:24,226 Give it that IP address and immediately all of the computers provided they're 234 00:14:24,226 --> 00:14:28,296 in the same network, you know, IP address wise they will be able too reach 235 00:14:28,296 --> 00:14:31,706 that VLAN interface, now why would they do that? 236 00:14:31,706 --> 00:14:36,136 Well, they can access the switch, they can ping the switch, I mean they can manage the switch 237 00:14:36,136 --> 00:14:40,676 that way and all that, that's kind of where we're going here and there is actually a lot 238 00:14:40,676 --> 00:14:43,166 of bigger picture reasons why we would do that, 239 00:14:43,326 --> 00:14:47,386 it deals with something called layer 3 switching, but I'm going to save that for later 240 00:14:47,386 --> 00:14:50,496 on because right now we're just at the basic configuration, 241 00:14:50,496 --> 00:14:55,596 but without understanding this concepts it won't make sense what we have to do 242 00:14:55,596 --> 00:14:57,586 to assign a management IP address. 243 00:14:57,586 --> 00:15:06,106 So, what we do on a Cisco switch out of the box is we go into interface VLAN 1 244 00:15:06,646 --> 00:15:13,736 and then we give it an IP address, whatever IP address who want to give it 10.5.9.20, okay? 245 00:15:13,956 --> 00:15:17,256 So, or again whatever IP address we want to give it. 246 00:15:17,256 --> 00:15:23,006 And now that IP address and that management interface is reachable from all ports 247 00:15:23,006 --> 00:15:25,606 that are assigned or belong to VLAN 1. 248 00:15:26,196 --> 00:15:29,966 Okay, so let me clear all that off and show you what I mean here. 249 00:15:30,456 --> 00:15:35,196 So, I've got a switch sitting next to me at the Cisco 3550 it got 24 ports 250 00:15:35,196 --> 00:15:41,076 of 10/100 lob [phonetic], I've got a computer plugged in here and to port 11. 251 00:15:41,446 --> 00:15:46,586 Let me give you a little view of the nomenclature or kind of the way 252 00:15:46,586 --> 00:15:49,386 that Cisco switches refer to their ports. 253 00:15:49,386 --> 00:15:52,546 They don't just say port 11, they'll say 254 00:15:52,546 --> 00:15:58,936 for instance FastEthernet, 0/11, why do they do that? 255 00:15:59,056 --> 00:16:04,846 So, a lot of times when you deal with Cisco devices it always uses ports 256 00:16:04,846 --> 00:16:07,336 that are based on module and port number. 257 00:16:07,336 --> 00:16:12,326 So, for example-- let me just show you a router, you know, if I have a router I might have 258 00:16:12,606 --> 00:16:17,276 for instance I'll take a router that I grew up with when I was working Cisco, 259 00:16:17,466 --> 00:16:22,906 Cisco 3640 was my dream router back in the day because it had four modules where you could put 260 00:16:22,906 --> 00:16:26,236 in whatever interfaces you want, so you could slide a card in here 261 00:16:26,436 --> 00:16:29,116 and it might have two FastEthernet ports. 262 00:16:29,116 --> 00:16:34,976 And so, this would be considered FastEthernet 0/0 because this is considered module 0 263 00:16:35,136 --> 00:16:41,246 and that's the first port on there which is 0, and this would be considered FastEthernet 0/1 264 00:16:41,246 --> 00:16:44,896 because its again module 0 and then that's the second port on there. 265 00:16:45,166 --> 00:16:47,436 So, you come over here, this is considered module 1 266 00:16:47,606 --> 00:16:50,066 and let's say you put a serial port in there. 267 00:16:50,416 --> 00:16:56,436 So, this would be serial 1/0 'cause that's the first 0 port, see kind of how that works? 268 00:16:56,436 --> 00:17:01,926 So, you get all these modules going on, you know, maybe a FastEthernet interface 269 00:17:01,926 --> 00:17:05,346 up here would be FastEthernet 3/0, module 3 port 0. 270 00:17:05,556 --> 00:17:11,506 Well, on Cisco switches all their stackable switches are considered module 0 and that's 271 00:17:11,506 --> 00:17:17,826 because a lot of their switches support what's called StackWise or stacking technology. 272 00:17:17,826 --> 00:17:22,726 So, you can take Cisco switches, this pretty cool you can take Cisco switches 273 00:17:22,726 --> 00:17:25,566 and they have these big old fat cables that you put in the back 274 00:17:25,846 --> 00:17:28,486 and connect multiple Cisco switches together. 275 00:17:28,486 --> 00:17:34,146 So, let's say now 3550 doesn't do this, but let's just say this is switch 1, switch 2, 276 00:17:34,496 --> 00:17:38,416 and then you've got switch 3 down here which maybe [inaudible] change to this guy, 277 00:17:38,416 --> 00:17:41,806 and then lose back up here and plugs in here because that way you don't want 278 00:17:41,806 --> 00:17:46,086 for instance this guy to die and that leaves switch 1 and 3 stranded. 279 00:17:46,086 --> 00:17:48,596 So, it's always good to do that and this creates what's called the stack. 280 00:17:49,126 --> 00:17:52,786 The beauty of having a stack is literally the back plain of shared. 281 00:17:52,786 --> 00:17:55,826 So, you don't have, you know, normally to connect switches together, 282 00:17:55,826 --> 00:17:59,096 you do this little connection with a crossover cable or something 283 00:17:59,096 --> 00:18:01,286 like that to where switches are linked. 284 00:18:01,286 --> 00:18:04,856 Well, you don't have to worry about that, you don't have to worry about bottlenecking 285 00:18:04,856 --> 00:18:08,586 on that port either because this literally combines all of the bandwidth 286 00:18:08,586 --> 00:18:10,516 that these switches can put out over those switches. 287 00:18:10,776 --> 00:18:14,436 And you can even, I mean some of the switches, you can do things like redundant power to where, 288 00:18:14,626 --> 00:18:18,466 you know, they're all plugged into the wall and let's say this power supply goes 289 00:18:18,466 --> 00:18:21,636 out he can actually pull power from that cable, isn't that cool? 290 00:18:21,636 --> 00:18:24,116 So, that's-- that's one of the things that you can do. 291 00:18:24,116 --> 00:18:28,826 Now, if you do that, if you use StackWise then the first switch will be, you know, 292 00:18:28,826 --> 00:18:32,156 you'll confi-- oh I should say it also unifies your managements, 293 00:18:32,156 --> 00:18:35,796 so I can log into this switch and configure all three of them. 294 00:18:35,796 --> 00:18:40,186 So, this one would be for instance FastEthernet 0/5 would be port 5 on here. 295 00:18:40,426 --> 00:18:44,726 This one would be FastEthernet 1/5 'cause this whole switch becomes module 1, 296 00:18:45,006 --> 00:18:47,556 this one might become FastEthernet 2/5. 297 00:18:47,636 --> 00:18:52,786 Now, I'm using FastEthernet but we would also have the G-- Gigabit Ethernet. 298 00:18:52,786 --> 00:18:56,056 So, let me get you a little familiar with what this looks like 299 00:18:56,056 --> 00:18:57,746 and then I'll get back to my scenario. 300 00:18:58,166 --> 00:19:03,126 When you go to my switch and I'll type in my favorite command in all Cisco, 301 00:19:04,246 --> 00:19:10,526 seriously it is always been my favorite command show IP interface brief 302 00:19:10,526 --> 00:19:14,596 which gives you a summary view of the interfaces on the switch and you can see 303 00:19:14,596 --> 00:19:21,316 that this 3550 switch has those 24 FastEthernet ports that are all lined up there ready to work, 304 00:19:21,316 --> 00:19:26,126 you can see that-- I thought it was in 11 but I'm actually in 14, I've got my computer plugged 305 00:19:26,126 --> 00:19:33,426 in to FastEthernet 0/14 because it shows the status is up and the protocol is up if-- 306 00:19:33,426 --> 00:19:37,426 we'll talk about this later, but this is essentially layer 1of the OSI model, 307 00:19:37,736 --> 00:19:40,036 this is layer 2 of the OSI model, we're communicating. 308 00:19:40,236 --> 00:19:46,936 I also see down at the bottom this one supports, it has these things known as SFP modules, no-- 309 00:19:47,196 --> 00:19:48,696 no this isn't SFPs, no these GBICs. 310 00:19:48,696 --> 00:19:52,146 There's different kinds of modules depending on what kind 311 00:19:52,146 --> 00:19:56,406 of switch you have, SFP I talked about this, right? 312 00:19:56,406 --> 00:19:58,376 I think early on in the series. 313 00:19:58,376 --> 00:20:01,836 SFP is a small-- was it small form factor pluggable 314 00:20:01,836 --> 00:20:02,976 or something, something of that affect. 315 00:20:03,166 --> 00:20:07,636 Yeah, these switches have these little holes in them. 316 00:20:07,806 --> 00:20:12,636 [laughs] These little holes called SFP ports and you can get fiber optic transceivers 317 00:20:12,636 --> 00:20:15,256 or you can-- I mean, there's all kinds of stuff that you can plug 318 00:20:15,256 --> 00:20:16,476 in there to give it functionality. 319 00:20:16,646 --> 00:20:20,006 Well, the 3550s has something called GBICs [phonetic], these are kind of going 320 00:20:20,006 --> 00:20:23,466 by the wayside for the most part but they're kind of big square holes, 321 00:20:23,846 --> 00:20:28,636 and you can do the same thing, you can buy fiber optic modules for those and plug them in there 322 00:20:28,636 --> 00:20:31,696 so that's the gigabit ports that we have on this device. 323 00:20:31,696 --> 00:20:35,106 So, I've got my computer plugged in right here. 324 00:20:35,106 --> 00:20:40,316 Now notice, when I did that show IP interface brief, look at the very first-- what did I do? 325 00:20:41,296 --> 00:20:43,306 All right, look at the very first interface. 326 00:20:43,796 --> 00:20:45,266 The VLAN1. 327 00:20:45,716 --> 00:20:48,776 Notice, its IP address is unassigned, all the-- 328 00:20:48,776 --> 00:20:50,656 you know, everything it's saying it's down, it's down, it's down. 329 00:20:50,656 --> 00:20:53,136 Now, VLAN while knowing what we know about VLANs, 330 00:20:53,136 --> 00:20:54,906 I'm going to type in the command I haven't shown you yet. 331 00:20:55,066 --> 00:20:58,236 Yeah, it's called show VLAN. 332 00:20:58,516 --> 00:21:04,566 This shows me there is-- I mean, I guess you can argue, these are VLANS but those are-- 333 00:21:04,706 --> 00:21:07,256 it's kind of like this is for token ring networks. 334 00:21:07,256 --> 00:21:11,666 I mean, these are on there juts because of the standards but they're unsupported. 335 00:21:12,016 --> 00:21:14,586 VLAN1 is where all the action is happening 336 00:21:14,586 --> 00:21:18,416 out of the box 'cause I can see all my ports are a member of VLAN1. 337 00:21:18,886 --> 00:21:26,696 So if I want to assign VLAN1 a management IP address, I go in, I do interface VLAN1. 338 00:21:27,146 --> 00:21:31,826 So now, again, getting the flow down, we got to make sure we got it, 339 00:21:31,826 --> 00:21:35,036 user mode to privilege mode is that-- that's on through enabled. 340 00:21:35,276 --> 00:21:39,226 We go to global configuration mode, we do that by typing in config t 341 00:21:39,536 --> 00:21:41,456 and then we can branch into all the submodes. 342 00:21:41,456 --> 00:21:47,436 Like here, we went to console, line console zero or line VTY zero space 15. 343 00:21:47,436 --> 00:21:50,906 Or, now, we're going in to interface VLAN. 344 00:21:50,906 --> 00:21:55,826 So I mean interface configuration mode, get back. 345 00:21:55,826 --> 00:21:58,976 So, I'm in interface configuration mode and now all the commands 346 00:21:58,976 --> 00:22:01,616 that I have here affect this VLAN. 347 00:22:02,146 --> 00:22:07,706 So, this VLAN interface so I'm going to type in the IP address, it's the command I do 348 00:22:08,226 --> 00:22:13,856 of this switch is going to be, let's just do 10 dot and I'll use a question mark. 349 00:22:14,146 --> 00:22:19,096 We can either get it through DHCP like have a DHCP give it me or I'll just say it's going 350 00:22:19,096 --> 00:22:22,356 to be static, 10.1.1.10, how is that? 351 00:22:22,786 --> 00:22:23,696 And I'll do the question mark. 352 00:22:23,696 --> 00:22:28,696 Some [inaudible] 2555, 255, 255, 0, here is the question mark. 353 00:22:28,696 --> 00:22:30,416 Do I want to make this a secondary address? 354 00:22:30,416 --> 00:22:31,856 No, this is the primary. 355 00:22:32,246 --> 00:22:32,746 Okay, enter. 356 00:22:33,186 --> 00:22:38,616 Now, I'm going to go back and do a show IP interface brief because I want you to see now 357 00:22:39,426 --> 00:22:46,056 that now this guy has an IP address so he can be reached on that but there's still a problem. 358 00:22:46,976 --> 00:22:52,396 Almost every switch starts with their VLAN interface administratively down. 359 00:22:53,326 --> 00:22:58,386 That means, it's turned off and so, even though I can configure this from the console board, 360 00:22:58,386 --> 00:23:02,736 I can't get to a remote LAN 'til I give it an IP address and I turn on the VLAN interface. 361 00:23:02,826 --> 00:23:03,606 Well, how do I do that? 362 00:23:04,076 --> 00:23:06,406 Well, let me do a quick-- I'm going to do a show run, 363 00:23:06,406 --> 00:23:09,566 I'm going to start using some filtering commands so we don't have to see everything. 364 00:23:09,566 --> 00:23:12,506 Now, you know, show run is the running config, it's all the commands we've typed in. 365 00:23:12,686 --> 00:23:16,796 I'm actually going to add on show me the running config for interface VLAN1. 366 00:23:17,616 --> 00:23:22,526 And right there, I see VLAN1, there's the IP address and what do you see under that? 367 00:23:23,916 --> 00:23:29,586 Shutdown! This interface is shutdown, okay. 368 00:23:29,966 --> 00:23:33,216 So, I don't want that, I want it turned on. 369 00:23:33,926 --> 00:23:37,026 So now, let's put some of the pieces together we've talked about, 370 00:23:37,296 --> 00:23:41,466 how do you negate a shutdown state, what do you think? 371 00:23:41,906 --> 00:23:46,806 Well, go into the CISCO device, you're probably thinking what I'm thinking. 372 00:23:47,106 --> 00:23:52,356 Interface VLAN1, no shutdown. 373 00:23:53,116 --> 00:23:56,026 And so that's kind of weird, it's kind of a double negative if you will. 374 00:23:56,026 --> 00:24:01,306 I'm not-- you would think you would say like enable or power on or Go-go gadget interface 375 00:24:01,306 --> 00:24:07,556 or something but we're saying, no shutdown, like take off this shutdown status and turn it on. 376 00:24:07,556 --> 00:24:12,226 And we see our first real status messages, the interface VLAN1 has changed you up, 377 00:24:12,366 --> 00:24:14,246 line protocol has changed you up. 378 00:24:14,466 --> 00:24:17,046 If I go back and do a show IP interface brief again. 379 00:24:18,266 --> 00:24:23,796 And you notice, every time I do something, I'm hitting control Z to drop back to privilege mode 380 00:24:23,796 --> 00:24:27,206 because I can't do show commands from these submodes, 381 00:24:27,206 --> 00:24:28,886 they're not supported directly from there. 382 00:24:28,886 --> 00:24:35,786 So, I see VLAN1 is given this IP address and I see the status up, line protocol is up. 383 00:24:35,786 --> 00:24:38,016 Okay, okay, we're getting there. 384 00:24:38,266 --> 00:24:43,786 So, I've got my computer plugged into fast internet 0/14, well, let's do a little magic. 385 00:24:43,786 --> 00:24:47,046 I'm going to open the control panel on my computer, actually, 386 00:24:47,046 --> 00:24:49,816 I should probably start here, control panel, get all Windows 7. 387 00:24:49,816 --> 00:24:55,006 I'm going to click on the network status, go to the adaptor settings and I'm actually connected, 388 00:24:55,006 --> 00:24:57,716 I've got my normal network card so I can surf the internet 389 00:24:57,716 --> 00:25:00,366 when I have whimsical thoughts and all that. 390 00:25:00,606 --> 00:25:04,846 But right next to this, I have the Apple USB ethernet adaptor. 391 00:25:04,846 --> 00:25:09,666 It's just that little USB ethernet adaptor that I grab for my MacBook and plug into this. 392 00:25:09,666 --> 00:25:13,396 And so I'm going to go to properties and give this an IP address that's 393 00:25:13,396 --> 00:25:16,436 in that same network, so 10.1.1.10. 394 00:25:16,436 --> 00:25:19,596 I'm going to put this guy in 10.1.1.-- 395 00:25:20,046 --> 00:25:22,616 I don't know, what do you want to give him, how's a hundred? 396 00:25:22,656 --> 00:25:29,566 255, 255, 255, 0, we don't even have to give it a default gateway 'cause there is none, 397 00:25:29,566 --> 00:25:32,056 this is a simple of a network as it gets. 398 00:25:32,056 --> 00:25:35,636 So I'm going to click close on that, let's open a command prompts. 399 00:25:35,636 --> 00:25:40,826 And by the way, you will have to know some basic windows command prompt skills like Ping 400 00:25:41,056 --> 00:25:48,186 and telnet and NS-- no, you won't need NSLOOKUP but that'd be a good one to know, 401 00:25:48,186 --> 00:25:50,526 trace route, we'll expand on this as we go. 402 00:25:50,526 --> 00:25:53,796 But first I'm going to do, let's do a show IP interface brief. 403 00:25:53,946 --> 00:25:55,966 [laughs] What am I doing, I'm in the command prompt. 404 00:25:55,966 --> 00:25:57,316 IP config. 405 00:25:57,316 --> 00:25:59,026 IP again, has been in CISCO a little too long. 406 00:25:59,026 --> 00:26:04,186 So right there, I see this is my IP address, this is a sign of my LAN2 interface 407 00:26:04,186 --> 00:26:05,586 so let's see if we can ping the switch. 408 00:26:06,046 --> 00:26:11,266 I always ping before I telnet because if you telnet, it will hang there for 30 seconds. 409 00:26:12,356 --> 00:26:15,606 Okay, that's not what I expect, okay, phew! 410 00:26:15,816 --> 00:26:17,816 As I-- I expected that to work. 411 00:26:17,816 --> 00:26:23,216 So, sometimes, you lost the first ping just because the computer has to send an art message, 412 00:26:23,216 --> 00:26:25,646 wait for it to come back and by then, the ping has timed out. 413 00:26:25,866 --> 00:26:28,486 So we are pinging, I'll hit the up here just to prove it one more time. 414 00:26:28,486 --> 00:26:30,096 We're getting there less than a millisecond. 415 00:26:30,096 --> 00:26:37,706 So now, I can type in telnet 10.1.1.10. 416 00:26:37,706 --> 00:26:41,556 Come on Windows, why would Microsoft remove telnet, hang on. 417 00:26:41,816 --> 00:26:48,056 We got a-- if you haven't seen this before, you got to go into control panel, Windows features 418 00:26:48,496 --> 00:26:54,066 and nowadays, they, you know, Microsoft, it is a new computer 419 00:26:54,066 --> 00:26:59,176 so Microsoft has disabled the telnet clients on windows by default. 420 00:26:59,686 --> 00:27:01,746 So yeah, we'll pause it while it's doing this. 421 00:27:03,086 --> 00:27:04,096 Okay, that was fast. 422 00:27:04,366 --> 00:27:05,786 So, I'm going to close that back down. 423 00:27:06,296 --> 00:27:10,316 Now, I should be able to hit telnet 10.1.1.10, enter, bam! 424 00:27:10,316 --> 00:27:11,786 I'm sitting there from my command prompt. 425 00:27:11,786 --> 00:27:17,036 So now, I can log in, I'm going to type in CISCO which is my password. 426 00:27:18,976 --> 00:27:21,556 CBT nugget is my enable password and I'm there. 427 00:27:21,556 --> 00:27:24,166 Now, you can see behind the scenes, I'm actually there 428 00:27:24,166 --> 00:27:27,536 on the console port, up here I'm on the VTY LAN. 429 00:27:27,536 --> 00:27:29,196 So actually check this out, watch this. 430 00:27:29,196 --> 00:27:32,786 When I go into global config mode, unless just, you know, blah, I'm doing some config, 431 00:27:32,786 --> 00:27:34,156 whatever it's going to say invalid input. 432 00:27:34,156 --> 00:27:38,576 So, I'm going to exit back out and watch what the console port does. 433 00:27:38,796 --> 00:27:43,426 Look at that, it says, somebody-- now notice, it didn't show me anything up here 434 00:27:43,426 --> 00:27:47,976 because by default, those-- these are actually called syslog messages. 435 00:27:47,976 --> 00:27:51,806 Those syslog messages are not sent to anything but the console port. 436 00:27:52,176 --> 00:27:58,436 So, I look and I see now-- and so before, it was saying configured from console by console 437 00:27:58,496 --> 00:28:03,646 like somebody is configuring the console of this device, configuring the commands 438 00:28:03,646 --> 00:28:05,546 on this device using a console cable. 439 00:28:05,716 --> 00:28:11,566 Now down here, I see configured from console by VTY0 as in somebody has logged 440 00:28:11,566 --> 00:28:14,326 in to that first VTY port on here. 441 00:28:14,326 --> 00:28:18,046 That's kind of want to-- that 100. 442 00:28:18,046 --> 00:28:21,396 Now, I'm just getting kind of giddy, let's do this. 443 00:28:21,396 --> 00:28:23,936 I'm going to open a second command prompt and I'm going 444 00:28:23,936 --> 00:28:25,726 to start another telnet message unless telnet. 445 00:28:25,726 --> 00:28:30,316 So, remember I said there were 16 telnet ports and we could have 16 people at the same time, 446 00:28:30,636 --> 00:28:34,326 you could even have them all from the same device if you wanted too. 447 00:28:34,326 --> 00:28:36,476 I'm going to tell that another session of this device. 448 00:28:36,476 --> 00:28:39,166 I go to the CISCO, enable CBT nuggets. 449 00:28:39,166 --> 00:28:43,966 I'm going to go into go over config mode, watch status message this time, 450 00:28:44,016 --> 00:28:45,826 what do you think it's going to say? 451 00:28:45,826 --> 00:28:46,646 Come on, predict with me. 452 00:28:46,776 --> 00:28:49,006 What's it going to say when I exit out of config mode? 453 00:28:50,476 --> 00:28:58,196 Configured from console by VTY1 because this guy came in on the second telnet port, 454 00:28:58,466 --> 00:29:02,516 this guy came in on the first telnet port so anything that he does is VTY0, 455 00:29:02,626 --> 00:29:05,046 anything that he does is on VTY1. 456 00:29:05,046 --> 00:29:07,756 Now, I want to go back because I know some of you-- 457 00:29:07,756 --> 00:29:12,646 sometimes, I try to predict the questions because I think like a lab, you go, 458 00:29:12,786 --> 00:29:19,476 can I set different telnet passwords like we did that line VTY zero space 15 459 00:29:19,746 --> 00:29:21,776 and we configured all of them with the same password. 460 00:29:22,026 --> 00:29:25,996 I know some of which probably think can I have in line VTY0 and do one password, 461 00:29:26,206 --> 00:29:29,326 VTY1 into another password, VTY2 and do another password? 462 00:29:29,486 --> 00:29:30,476 The answer is, yes you could. 463 00:29:30,476 --> 00:29:34,236 You could put different passwords on every single one of those VTY ports 464 00:29:34,236 --> 00:29:37,266 when you're securing your device but, my goodness, you won't want to do 465 00:29:37,266 --> 00:29:41,186 that because you never know, I mean, it's good old Forrest Gump, right. 466 00:29:41,406 --> 00:29:44,776 It's like a box of chocolate, you never know what VTY line you're going to get 467 00:29:44,776 --> 00:29:47,306 when you telling that in so you never know which password is going 468 00:29:47,306 --> 00:29:49,436 to be required when you're doing that. 469 00:29:49,486 --> 00:29:55,566 So, good, so that's configuring the management VLAN or IP address of the switch. 470 00:29:57,066 --> 00:29:59,106 Now, we move down to the default gateway. 471 00:29:59,746 --> 00:30:02,486 Yeah, I got to clear off a little drawing room here. 472 00:30:03,046 --> 00:30:05,976 So, we move down to the default gateway slash, slash, slash, slash. 473 00:30:06,096 --> 00:30:11,556 Default gateway allows you to manage the switch remotely. 474 00:30:12,686 --> 00:30:15,386 Well, hang on, let me-- so we already did, right? 475 00:30:15,486 --> 00:30:20,196 We're already measuring the switch remotely but I mean, really remotely to where right now, 476 00:30:20,406 --> 00:30:25,466 the only way that we're able to manage that switch is because we're plugged in to it 477 00:30:25,466 --> 00:30:27,276 and we happen to be on the same network. 478 00:30:27,396 --> 00:30:29,676 Now if we did a chain, another switch to that, we could yeah, 479 00:30:29,676 --> 00:30:33,286 we could plug in there 'cause these are all one network and I could telnet over and manage 480 00:30:33,286 --> 00:30:36,246 to switch that way, but what about when I go home for the evening? 481 00:30:36,626 --> 00:30:44,246 What about when I'm sitting on the sunny beach in California on a sunny day 482 00:30:44,566 --> 00:30:49,186 with my lawn chair watching the waves crashing in over at the barrier with a laptop 483 00:30:49,186 --> 00:30:52,186 on the beach and suddenly [inaudible] card and I want to be able to telnet 484 00:30:52,186 --> 00:30:54,806 into that switch from there, how do I do it? 485 00:30:55,136 --> 00:31:01,046 The way that I do it is by going into the switch and telling it, yes, this is your IP address 486 00:31:01,046 --> 00:31:06,276 which we just did and this how you can get off of your network so that you can communicate 487 00:31:06,276 --> 00:31:08,106 with people that are not on your network. 488 00:31:08,326 --> 00:31:12,576 So that's going to be the IP address of the router or the default gateway. 489 00:31:13,006 --> 00:31:16,366 So I would go in this and so now, this is just my sample situation. 490 00:31:16,516 --> 00:31:23,066 We created interface VLAN1 and we give it the IP address 10.1.1.10 so let's just say 491 00:31:23,066 --> 00:31:29,496 that this default gateway, this router has the IP address 10.1.1.10 and I want to be able 492 00:31:29,496 --> 00:31:34,096 to tell my switch, go there to get off the network so Jeremy [phonetic] can manage you 493 00:31:34,096 --> 00:31:35,646 from the sunny beach in California. 494 00:31:35,756 --> 00:31:41,026 So the way that I do that is go to global config mode 'cause it's actually global, 495 00:31:41,026 --> 00:31:44,666 it's not just for that VLAN interface, it affects the whole switch. 496 00:31:45,126 --> 00:31:52,836 I'm going to type in from global IP default gateway and then the IP address 497 00:31:52,836 --> 00:31:56,546 that I want to go to, 10.1.1.10, enter. 498 00:31:56,956 --> 00:32:00,306 And now, this switch knows how to get off its own network. 499 00:32:00,546 --> 00:32:05,046 I can verify it-- by the way, I know at the very bottom, I have verification commands 500 00:32:05,266 --> 00:32:08,326 which I'm doing as I'm going along this entire time. 501 00:32:08,596 --> 00:32:12,336 But so far, I would say show run is a big one 502 00:32:12,336 --> 00:32:14,316 so you can see all your commands that you've typed in. 503 00:32:14,316 --> 00:32:16,406 This is literally by the way, when you do a show run, 504 00:32:16,766 --> 00:32:19,986 this is literally the commands that are typed into the switch. 505 00:32:20,666 --> 00:32:23,256 Like we typed in IP default gateway and that is it. 506 00:32:23,256 --> 00:32:27,356 And so, if you ever wanted to make a backup of your configuration and all of a sudden, 507 00:32:27,356 --> 00:32:29,786 you know, boom, your switch post up, you got to put it in a new one, you're like, 508 00:32:29,786 --> 00:32:31,116 "Oh man, I got to type all this in." 509 00:32:31,286 --> 00:32:31,966 No you don't. 510 00:32:31,966 --> 00:32:34,206 You can actually take this entire configuration, 511 00:32:34,426 --> 00:32:38,196 go into global configuration mode and just paste it, you know. 512 00:32:38,196 --> 00:32:42,696 So select all, highlight the whole config from notepad or whatever, control C, 513 00:32:42,696 --> 00:32:47,416 copy it to your clipboard, go into global configuration mode on the new switch, 514 00:32:47,416 --> 00:32:51,086 the key is remember, start from global config mode and hit paste 515 00:32:51,086 --> 00:32:52,836 and it will literally reconfigure the whole switch 516 00:32:52,836 --> 00:32:54,546 for you just by typing in all those commands. 517 00:32:54,576 --> 00:32:57,816 So now, I've got the default gateway which is able to go out there. 518 00:32:58,766 --> 00:33:03,736 Now, we're going to get a little bit later into some more advanced configuration where we-- 519 00:33:03,736 --> 00:33:07,246 we're going to talk about routing tables and so on but if I do a show IP route, 520 00:33:07,546 --> 00:33:11,116 this guy is not a router yet but he will be. 521 00:33:11,406 --> 00:33:15,006 But for now, he's not and so I can see right away, he said, no. 522 00:33:15,006 --> 00:33:20,936 Well, if I'm going to route, I'm going to send all my packets to the default gateway 10.1.1.1. 523 00:33:21,276 --> 00:33:26,596 Okay, shutdown, this commands, we already talked about by turning it off. 524 00:33:26,596 --> 00:33:30,066 However, there is a time where we might want to turn it on. 525 00:33:30,556 --> 00:33:35,916 It is a best practice, you know, normally, what usually happens is you go to that cabling room. 526 00:33:36,856 --> 00:33:42,666 Remember this guy to where people, you know, the wiring company will wire your whole building up 527 00:33:42,666 --> 00:33:47,056 and somebody comes in, sometimes you, sometimes somebody else and they plug in all these cables. 528 00:33:47,056 --> 00:33:51,696 You go, "Okay, will all those go to live jacks so let's push those into the switch itself. 529 00:33:51,696 --> 00:33:56,126 Well, the problem is, some of those probably go to jacks that you're not even think about. 530 00:33:56,126 --> 00:33:59,746 I mean, one of them might run through the wall and come out in the lobby 531 00:33:59,936 --> 00:34:06,416 of your building underneath a chair in the sitting area where somebody could come 532 00:34:06,416 --> 00:34:12,666 in with a laptop that is infected with who knows what and they're like, I need to plug in. 533 00:34:12,666 --> 00:34:16,446 Look at it, I'll just run my cable and then click death, [noise] you know, destroy. 534 00:34:16,716 --> 00:34:23,236 You've introduced evil devices onto your network and as soon as you do that, you know, 535 00:34:23,236 --> 00:34:27,156 you're at risk or you could have, you know, another one of these cables run 536 00:34:27,156 --> 00:34:31,326 to the break room, you know, where people unmonitored can plug whatever they want and, 537 00:34:31,326 --> 00:34:33,266 you know, an Xbox or whatever into the network, 538 00:34:33,266 --> 00:34:37,086 maybe devices that just aren't appropriate to be on the company. 539 00:34:37,086 --> 00:34:38,166 I mean, those all kinds of things. 540 00:34:38,256 --> 00:34:46,436 Either way, the best practice per CISCO is to shutdown any port that is not in use. 541 00:34:46,666 --> 00:34:51,726 So, when I go back to my switch, I'd be right here, 542 00:34:51,726 --> 00:34:55,146 sit down on the console board 'cause it's prettier than the command line. 543 00:34:55,146 --> 00:35:00,026 So I'm going to go back on my switch, I'm going to go, show an IP interface brief. 544 00:35:00,026 --> 00:35:03,256 I see all of these ports right now are there, you know, 545 00:35:03,256 --> 00:35:05,806 but they're all down 'cause nothing's plugged into him except this guy 546 00:35:05,806 --> 00:35:07,776 which is my computer and I can see he's up. 547 00:35:08,066 --> 00:35:14,206 Well, what I can do is I can go into interface FastEthernet 0/1 and that-- by the way, we all-- 548 00:35:14,436 --> 00:35:18,846 we typically abbreviate FastEthernet at FA. 549 00:35:18,996 --> 00:35:23,256 It's not some kind of acronym, right, it's just the first two letters of fast, you know, 550 00:35:23,256 --> 00:35:27,496 because sometimes, you'll have switches with fiber interfaces and F and most 551 00:35:27,496 --> 00:35:31,326 of the time you won't but F will config that you won't know if it's a fiber or fast 552 00:35:31,326 --> 00:35:35,556 and so I usually type FA or hit tab key or whatever filling in for you, port. 553 00:35:35,556 --> 00:35:38,236 0/1 and I'm going to do a shutdown. 554 00:35:38,636 --> 00:35:40,696 So that one went to the break room, right? 555 00:35:40,876 --> 00:35:42,776 And immediately, the status message comes back, 556 00:35:43,026 --> 00:35:47,086 the port has now changed to administratively down. 557 00:35:48,006 --> 00:35:51,516 I'm going to show you a tip 'cause I'm kind of tired of exiting. 558 00:35:51,516 --> 00:35:56,226 CISCO has a trick that they've introduced called the do command. 559 00:35:56,376 --> 00:35:59,746 Actually, I don't know if the switch can do it but you can type in do 560 00:35:59,746 --> 00:36:03,786 from any configuration mode and do show commands without actually backing out. 561 00:36:03,786 --> 00:36:07,136 Let me just see if this one will do it, this one might now, oh it does, good. 562 00:36:07,456 --> 00:36:12,386 Okay so, the do command allows you to type in, you know, show commands or do ping commands 563 00:36:12,386 --> 00:36:16,226 from modes that you normally couldn't do it and normally I have to exit all the way back 564 00:36:16,226 --> 00:36:18,096 out to Privileged mode but this is kind of handy. 565 00:36:18,096 --> 00:36:24,376 So, I'm going to do a do show IP interface brief and I can see that FastEthernet 0/1 has gone 566 00:36:24,376 --> 00:36:27,916 from a state of down to now administratively down. 567 00:36:28,296 --> 00:36:32,586 Administratively down, anytime you see that messages, it means it shut down, 568 00:36:32,816 --> 00:36:34,776 that's a key number one of troubleshooting. 569 00:36:34,776 --> 00:36:38,466 If a port is not working and you see it administratively down, that's easy, 570 00:36:38,626 --> 00:36:40,766 you just need to go in and do a no shutdown. 571 00:36:41,086 --> 00:36:43,686 Now, I can even do a range, watch this. 572 00:36:44,036 --> 00:36:47,956 let's say, I know that ports 1 through 10 are not going to be used for quite some time, 573 00:36:47,956 --> 00:36:50,646 they all plug in to areas of the building that aren't in use yet. 574 00:36:50,646 --> 00:36:53,896 So I'm going to do interface-- well actually, not just FastEthernet, 575 00:36:53,896 --> 00:37:00,466 I'll do interface range FastEthernet 0/1, let's do through 10. 576 00:37:01,476 --> 00:37:09,176 Now, some switches make you have the spacing exact, you need one space dash space 10. 577 00:37:09,526 --> 00:37:13,206 Most switches are flexible, it will let you, you know, 578 00:37:13,206 --> 00:37:15,206 do something like this or whatever you want. 579 00:37:15,206 --> 00:37:18,346 This one, this one is one of the flexible one so it's IOS version dependent. 580 00:37:18,346 --> 00:37:22,096 I just know I've run into somewhere it's like, it's an invalid command and, you know, 581 00:37:22,096 --> 00:37:24,786 the question mark doesn't really show spaces too well. 582 00:37:24,786 --> 00:37:30,426 So, I can do a shutdown and that will take down 10 ports all at the same time. 583 00:37:30,476 --> 00:37:33,076 [noise] The status messages began, right. 584 00:37:33,286 --> 00:37:37,166 So, it's all those messages are starting to flow out now administratively down. 585 00:37:38,216 --> 00:37:44,306 And I can do that do show IP interface brief and now, I see all of those guys are shutdown. 586 00:37:45,536 --> 00:37:49,566 Okay, so last couple commands, first off, a log on banner. 587 00:37:50,276 --> 00:37:56,136 So log on banners are just a good practice to cover your self legally so there's a tale going 588 00:37:56,136 --> 00:37:59,666 around the internet, it could be true, might not be, I don't know, but either way, 589 00:37:59,666 --> 00:38:06,366 it sounds true where a couple of guys hacked into a college campus server 590 00:38:06,786 --> 00:38:08,816 and destroyed everything, destroyed the data, 591 00:38:08,816 --> 00:38:12,736 I mean caused massive data loss for their college campus. 592 00:38:12,966 --> 00:38:19,456 They were caught and taken to court and their lawyer found a way to get them out of trouble 593 00:38:19,456 --> 00:38:22,596 because they said, well, we logged on to the system and it said, welcome. 594 00:38:23,256 --> 00:38:28,576 And apparently in the good old United States of America saying welcome is enough to say, well, 595 00:38:28,576 --> 00:38:32,346 you can come on and then destroy everything and you'll be just fine. 596 00:38:32,346 --> 00:38:36,016 So, and it's funny 'cause I've told that story before and someone said, "Oh yeah, 597 00:38:36,016 --> 00:38:40,516 and then I also heard if you have a welcome mat on your doormat in your doorstep, 598 00:38:40,516 --> 00:38:44,386 somebody can break in your house and legally, they're covered because said, 599 00:38:44,386 --> 00:38:49,146 and that was like come on, come on" but and then last I checked in, 600 00:38:49,246 --> 00:38:52,956 I don't have a welcome mat at home so be advised. 601 00:38:52,956 --> 00:38:56,146 So, best thing to do is do a good-- it's odd log on here. 602 00:38:56,146 --> 00:39:00,816 Doesn't have to be long, doesn't have to be anything really fancy, I mean, you can get-- 603 00:39:00,816 --> 00:39:04,436 I mean, the government publishes, you know, the government approved the log on banner 604 00:39:04,436 --> 00:39:06,586 from the Department of Defense if you want to Google that. 605 00:39:07,036 --> 00:39:09,166 But really, you can put whatever you want. 606 00:39:10,096 --> 00:39:15,246 The way that you do is from global config because it affects the entire switch. 607 00:39:15,246 --> 00:39:18,946 Let me type in banner, follow that question mark. 608 00:39:18,946 --> 00:39:21,716 You can see there's a lot of banners that you could do. 609 00:39:21,716 --> 00:39:27,446 Really two main ones that you want to look at, you got banner log in which is used for telnet 610 00:39:27,486 --> 00:39:33,926 and SSH sessions or you can do banner MOTD which is used for everywhere, I mean console port, 611 00:39:33,926 --> 00:39:37,606 everything shows the message of the day logged on banner. 612 00:39:37,606 --> 00:39:41,896 So, usually, people will configure a MOTD. 613 00:39:41,896 --> 00:39:43,946 So we hit the question mark and it says, 614 00:39:44,386 --> 00:39:47,776 this is probably the most confusing help that exist in Cisco. 615 00:39:48,106 --> 00:39:50,746 It says, insert line, notice all capitals. 616 00:39:51,056 --> 00:39:54,736 It says, see banner tech C where C is the delimiting character. 617 00:39:55,796 --> 00:40:00,606 What it's trying to say, put your log on banner between this character that tells me 618 00:40:00,606 --> 00:40:02,976 where you start and where you end your log on banner. 619 00:40:03,386 --> 00:40:07,206 And so, we can use any delimiting character that you want. 620 00:40:07,206 --> 00:40:09,216 Let's say, I want to use the plus sign. 621 00:40:09,506 --> 00:40:15,156 I could type-- there's couple ways I could do this, I could type in banner MOTD plus 622 00:40:15,156 --> 00:40:21,376 and I could say, unauthorized access prohibited. 623 00:40:22,816 --> 00:40:27,086 And then put a plus at the end and now, I've entered my log on banner. 624 00:40:27,086 --> 00:40:34,146 So now, I can exit out and hit the enter key and well, kind of got the status message. 625 00:40:34,146 --> 00:40:37,726 So I hit the enter key and we see unauthorized access prohibited. 626 00:40:37,726 --> 00:40:41,326 Notice the plus signs aren't because the plus signs are really just there to say, 627 00:40:41,636 --> 00:40:47,046 this is the start and the end of the log on banner. 628 00:40:47,196 --> 00:40:51,486 I got to come out with a password that I can talk and type at the same time. 629 00:40:51,486 --> 00:40:52,056 Okay, there we go. 630 00:40:52,056 --> 00:40:57,336 So I'm in global config mode, so, another way to do it is I could do banner MOTD 631 00:40:57,336 --> 00:41:01,506 and I could do a plus sign and just hit the enter key and it takes me 632 00:41:01,506 --> 00:41:04,566 into this little editor system to where it says, 633 00:41:04,566 --> 00:41:07,416 enter your text message and with the character plus. 634 00:41:07,416 --> 00:41:10,706 Again, that delimiting character, whatever character I use, I can use anything, 635 00:41:11,036 --> 00:41:15,076 I use the plus so I mean, this allows you get a little fancy I can say, you know, 636 00:41:15,536 --> 00:41:20,516 log in and die, you know, whatever you want to do. 637 00:41:20,516 --> 00:41:22,376 Now, though be careful with this. 638 00:41:22,376 --> 00:41:26,726 I've logged on the systems where it says something like, "You can't hack this," 639 00:41:26,726 --> 00:41:28,956 you know, and then I'm like all right. 640 00:41:28,956 --> 00:41:31,766 Like, I'm not even a hacker. 641 00:41:31,766 --> 00:41:36,466 There's not a malicious bone in my body but when I saw that message I'm like, "I bet you I can," 642 00:41:36,466 --> 00:41:39,226 you know, so you don't want to inspire people to hack you. 643 00:41:39,226 --> 00:41:44,036 So, you know, something nice and simple but a lot times again, 644 00:41:44,036 --> 00:41:47,156 just Google what the government uses and you'll be-- you'll be pretty much covered. 645 00:41:47,156 --> 00:41:50,996 But, that will now display a log on banner every single time somebody logs 646 00:41:50,996 --> 00:41:53,626 in so, pretty straightforward. 647 00:41:54,806 --> 00:41:59,856 All right, so last one is saving your configuration so we've got everything, right. 648 00:42:00,306 --> 00:42:05,606 Saving your configuration probably the biggest piece of this all because all of this, 649 00:42:05,606 --> 00:42:09,976 every single commands that we've typed on this device is sitting in RAM. 650 00:42:10,296 --> 00:42:14,866 Now, RAM, if, you know, if you've dealt with computers, it's great because it's fast, 651 00:42:14,866 --> 00:42:18,006 it's extremely fast and efficient however, it's volatile. 652 00:42:18,126 --> 00:42:20,796 So if the power goes out, you'll loss all of it. 653 00:42:21,036 --> 00:42:24,916 Well, in the CISCO world, you actually have two different places to store things. 654 00:42:24,916 --> 00:42:30,636 Well, there's actually a number but two big ones, running config and startup config. 655 00:42:31,546 --> 00:42:36,636 So running config is in RAM and we'll be lost every single time you power down, 656 00:42:36,636 --> 00:42:39,056 startup config is in NVRAM. 657 00:42:39,746 --> 00:42:43,946 Let me guess what NV stands for, Non-Volatile, you got it. 658 00:42:44,106 --> 00:42:48,656 So Non-Volatile RAM is saved so when the switch power is down, 659 00:42:49,146 --> 00:42:51,656 you can still keep that configuration. 660 00:42:51,656 --> 00:42:55,616 Now, there's an advantage to having this and, you know, I've had a lot of people say, "Well, 661 00:42:55,616 --> 00:42:58,806 why not-- how come just like as you type commands, it doesn't save it NVRAM?" 662 00:42:59,026 --> 00:43:03,856 Well, there's a lot of times where you'll be in the midst of doing some configuration 663 00:43:04,956 --> 00:43:08,156 and you really mess things up, I mean, it happens, you know, 664 00:43:08,156 --> 00:43:10,736 when you configuring you're like, "Oh man, I've gone so far, 665 00:43:10,736 --> 00:43:13,496 I don't even know what I've done to undo it anymore." 666 00:43:13,776 --> 00:43:17,886 Well, as long as you don't save your configuration, you can just restart the device 667 00:43:18,016 --> 00:43:21,336 and you get the old configuration back before you made all your changes. 668 00:43:21,336 --> 00:43:26,166 So, it's good to have the two configurations but you do want to remember to save it. 669 00:43:26,166 --> 00:43:34,936 Command is very simple, we type in copy running config, startup config, hit the enter key. 670 00:43:35,596 --> 00:43:40,196 Now, it comes up, I don't event know why the Cisco device ask through this question 671 00:43:40,196 --> 00:43:43,926 for this one because it says, destination file name, startup config. 672 00:43:44,276 --> 00:43:48,496 I've seen biggest mistake you can make is say, "Well, yes, yes that's what I want." 673 00:43:48,496 --> 00:43:54,356 No, you don't want that because those switch only looks for one file when it's booting 674 00:43:54,356 --> 00:43:56,086 and that's a file name startup config. 675 00:43:56,186 --> 00:44:00,426 So if you want whatever is in the brackets there to be your name, 676 00:44:00,426 --> 00:44:05,046 all you have to do is press the enter key and it will use that file name. 677 00:44:05,046 --> 00:44:09,896 If you put Y there, it will save the configuration in NVRAM as a file named Y 678 00:44:09,896 --> 00:44:13,106 and the switch doesn't know what to do with that file. 679 00:44:13,376 --> 00:44:21,186 A shortcut that has been around since Cisco begin is also, you can type in write memory. 680 00:44:21,276 --> 00:44:25,096 I like that because it doesn't even ask you a file name. 681 00:44:25,096 --> 00:44:26,356 It just says, I'm going to save it. 682 00:44:26,356 --> 00:44:29,166 Or even a shorter shortcut is just WR. 683 00:44:29,166 --> 00:44:31,646 So we can trim it down shorter and shorter and shorter. 684 00:44:31,646 --> 00:44:36,986 Now, the write memory does not work on all devices, Cisco has been slowly fading that away 685 00:44:37,356 --> 00:44:42,236 but it will work on I would say, 99 percent of Cisco devices that you run into. 686 00:44:43,576 --> 00:44:46,826 If you ever want to see what's in these configurations, 687 00:44:46,826 --> 00:44:49,786 you can do show start and a show run. 688 00:44:49,786 --> 00:44:51,316 Matter of fact, let me show you this. 689 00:44:51,396 --> 00:44:52,386 Let's just make a difference. 690 00:44:52,386 --> 00:44:54,556 Let's do a host name, Lalala [phonetic]. 691 00:44:54,696 --> 00:45:02,276 All right, host name Lalala and that I'm going to do a show run 692 00:45:02,896 --> 00:45:08,366 and there's my host name Lalala, right there that's in RAM, the memory. 693 00:45:08,596 --> 00:45:13,556 Or I can do a show start-- show startup config and you can see 694 00:45:13,556 --> 00:45:17,206 that the original name is CBT switch so that's what's an NVRAM. 695 00:45:17,206 --> 00:45:21,776 So if I rebooted the device right now, it reverse back to that original configuration 696 00:45:22,086 --> 00:45:26,436 where as right now, what's running was actually active is the host name Lalala. 697 00:45:26,436 --> 00:45:31,636 So all these commands that I've typed without saving the configuration will exist only in RAM. 698 00:45:32,596 --> 00:45:37,216 That now puts a base configuration in place on our Cisco switch. 699 00:45:37,496 --> 00:45:40,326 Now keep in mind, in all of that configuration that we did, 700 00:45:40,486 --> 00:45:45,926 we didn't really configure any features as in the switch isn't operating any differently, 701 00:45:46,216 --> 00:45:51,636 all it is is having the ability to be securely managed from a remote location 702 00:45:51,636 --> 00:45:55,606 so that we can do whatever we need that we can enable some of the features that we're going 703 00:45:55,606 --> 00:45:59,166 to be talk about a little bit later but this provides a foundation. 704 00:45:59,516 --> 00:46:08,236 So, what I would do is I would really encourage you to flip back to that slide that I just was-- 705 00:46:08,236 --> 00:46:11,156 I've been working through with the check box that's showing here's the base configuration. 706 00:46:11,406 --> 00:46:15,986 If you have access to a Cisco switch, let that be your test guide. 707 00:46:15,986 --> 00:46:18,826 So if you're preparing for certification, you know that on the exam, 708 00:46:18,826 --> 00:46:24,166 there are going to be simulation questions where you are working through, you know, 709 00:46:24,166 --> 00:46:28,026 practical examples of configuring Cisco devices that feels real. 710 00:46:28,066 --> 00:46:32,086 And what I just showed you that base configuration would be an example 711 00:46:32,086 --> 00:46:36,046 of one simulation where the simulation question comes in and says, "Hey, 712 00:46:36,286 --> 00:46:38,176 this is what you need to configure it, now go." 713 00:46:38,176 --> 00:46:41,766 So, staring at that checklist not really looking at any commands, 714 00:46:41,976 --> 00:46:44,376 see if you're able to configure a Cisco switch. 715 00:46:44,376 --> 00:46:47,076 If you don't have access to a Cisco switch, that's okay, 716 00:46:47,076 --> 00:46:49,326 it will just be a little more difficult 'cause you don't have the help. 717 00:46:49,566 --> 00:46:53,146 Maybe just open Notepad or Microsoft Word or something like that 718 00:46:53,146 --> 00:46:55,806 and just start typing the commands that you would enter 719 00:46:55,806 --> 00:46:57,656 if you were in a simulated environment. 720 00:46:58,136 --> 00:47:01,846 That will get your base foundation config ready for the upcoming nuggets. 721 00:47:02,136 --> 00:47:05,006 I hope this been informative for you and like that thank you for viewing. 74924