Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,646 --> 00:00:04,676
>> All right, it's time to continue on
in the switching base configuration.
2
00:00:05,126 --> 00:00:08,736
Before we do, I have to show something
really cool that I just discovered.
3
00:00:08,736 --> 00:00:15,286
So, so CBT Nuggets got me this, this keyboard
from Logitech which is a solar keyboard
4
00:00:15,286 --> 00:00:16,556
which is the cool in and out of it.
5
00:00:16,556 --> 00:00:21,356
So that actually has like little solar panels
on this thing, but I went for the Numlock
6
00:00:21,356 --> 00:00:23,756
and I accidentally hit this button.
7
00:00:23,756 --> 00:00:26,096
It's a little sunshine on there.
8
00:00:26,096 --> 00:00:28,676
Now, come on, that is awesome.
9
00:00:28,986 --> 00:00:33,696
I've got like a laxometer
for my keyboards that's,
10
00:00:33,696 --> 00:00:38,696
that tells me how much solar energy my
keyboard is getting and, you know, and see,
11
00:00:38,696 --> 00:00:41,766
so I'm walking around obviously
blocking my fluorescent lighting.
12
00:00:41,966 --> 00:00:45,736
So fluorescent lights apparently charge this
keyboard but look I can put my hands over,
13
00:00:45,736 --> 00:00:48,786
it's like, "Oh no, down,
look, zero, energy reserves."
14
00:00:48,786 --> 00:00:50,006
You know, you move your hands off and.
15
00:00:50,236 --> 00:00:55,246
So, so this-- this I've got
to say, thank you Logitech.
16
00:00:55,246 --> 00:00:55,996
Nice touch.
17
00:00:55,996 --> 00:00:58,736
You could have just done the solar
keyboard and that would have been cool,
18
00:00:58,996 --> 00:01:02,706
but adding the little laxometer
there, that was something.
19
00:01:04,016 --> 00:01:08,046
Okay, so before we dive into the new stuff,
let's hit what we did in the last nugget.
20
00:01:08,376 --> 00:01:11,156
We went in, global config
mode and set the host name.
21
00:01:11,486 --> 00:01:16,806
We learn about negating the command by putting
no in front of anything that we could type.
22
00:01:16,806 --> 00:01:18,806
We could type in the console password.
23
00:01:18,806 --> 00:01:21,036
We went under line console
zero and put in the password.
24
00:01:21,036 --> 00:01:24,916
And also typed in the log in to require log ins
to that port because it didn't work otherwise.
25
00:01:25,216 --> 00:01:29,036
Exactly, the opposite with Telnet
where log in is the default,
26
00:01:29,036 --> 00:01:30,956
remember that, with no password under there.
27
00:01:30,956 --> 00:01:34,316
So we need to set a password
for the remote Telnet.
28
00:01:34,316 --> 00:01:40,346
And then we learned about the enable password
and enable secret which two different things
29
00:01:40,346 --> 00:01:44,176
that do the same thing, one in an old command
which was enable password and you type
30
00:01:44,176 --> 00:01:49,046
in your password which stores it in a
clear text format in the running config.
31
00:01:49,616 --> 00:01:56,196
Also, enable-- well, actually, sorry about--
My mind just jump to another topic, I want to--
32
00:01:56,196 --> 00:01:57,246
Hey, I'm going go write something down.
33
00:01:57,296 --> 00:01:58,816
I don't want to forget about this.
34
00:01:59,136 --> 00:02:07,086
I'll just put sync, or let me just do it
S-Y-N and then what was the-- P-W-E-N-C.
35
00:02:07,266 --> 00:02:11,066
Just those would be my quick reminders
to make sure I don't forget that.
36
00:02:11,066 --> 00:02:16,266
So, enable password, clear text, enable
secret being the encrypted or hash version
37
00:02:16,266 --> 00:02:18,196
of the password that's stored
in the running config.
38
00:02:18,456 --> 00:02:23,256
If you turn on the enable secret, then
the enable password is no longer used.
39
00:02:23,256 --> 00:02:25,446
It's just there for backwards compatibility.
40
00:02:25,446 --> 00:02:28,076
So that's, that's where we've come from.
41
00:02:28,076 --> 00:02:34,086
Now before, before we-- all these things that
are coming to my mind that I want to show you.
42
00:02:34,266 --> 00:02:38,926
Before we dive into the new stuff, I actually
want to talk about this, this little junk notes
43
00:02:38,926 --> 00:02:39,946
that I'm putting down that at the bottom.
44
00:02:40,246 --> 00:02:45,026
These aren't really, I would say commands
that you would, you would say "Oh man,
45
00:02:45,026 --> 00:02:46,796
you got to know for certification."
46
00:02:46,796 --> 00:02:49,816
Or you go to know to know that for real
but man, I will tell you, they will,
47
00:02:50,056 --> 00:02:51,746
they will make it just easier to work with.
48
00:02:51,746 --> 00:02:52,476
This is good advice.
49
00:02:52,476 --> 00:02:56,676
So let me, let me first off
get back in to my switch from--
50
00:02:56,676 --> 00:03:00,716
This is, I left the config from
the last nugget, still on here.
51
00:03:00,716 --> 00:03:02,686
Now you notice that I'm logged out.
52
00:03:03,116 --> 00:03:07,106
That is because on the console
port, there is a time-out setting.
53
00:03:07,446 --> 00:03:12,086
So after you are idle for so long, it will kick
you off and put you back to the log on screen,
54
00:03:12,086 --> 00:03:15,506
that's good security, but a lot of times if
you're in a lab environment and you're trying
55
00:03:15,506 --> 00:03:18,886
to learn that kind of scene,
CBT Nuggets, that kind of thing,
56
00:03:18,886 --> 00:03:21,596
it's handy to not be kicked off the device.
57
00:03:22,136 --> 00:03:29,586
So, what I can do is I can go into global
configuration mode, go into line VTY--
58
00:03:30,246 --> 00:03:33,156
sorry, not VTY, line consoles,
that's where we are.
59
00:03:33,156 --> 00:03:38,546
Line console zero and there's a command
that is actually exact dash time-out.
60
00:03:38,896 --> 00:03:42,846
So I can type in exact time-out and
tell it how long I want to be able
61
00:03:42,846 --> 00:03:46,656
to stay idle before I will
naturally time-out the connection.
62
00:03:46,656 --> 00:03:50,446
So, I can say, you know, five minutes
or 10 minutes or whatever I want.
63
00:03:50,446 --> 00:03:54,166
I can even get, you know, if I do 5 minute,
I can get into the seconds and say 5 minutes,
64
00:03:54,246 --> 00:03:57,276
43 seconds countdown, synchronized watches.
65
00:03:57,276 --> 00:04:00,526
But for lab environments, now
this is lab environments only.
66
00:04:00,766 --> 00:04:04,246
One of the things that I commonly do
is I just, you know, it's lab switch.
67
00:04:04,246 --> 00:04:07,096
I'm not really needing to worry about security.
68
00:04:07,306 --> 00:04:09,946
So I'll type in exact time-out zero, zero.
69
00:04:10,606 --> 00:04:14,386
And what that does is set
my time-out to disabled.
70
00:04:14,596 --> 00:04:16,016
So I will always stay logged in.
71
00:04:16,016 --> 00:04:20,366
A matter of fact, a shorter way that you can
do that and this is one of my base commands
72
00:04:20,366 --> 00:04:23,976
that I type when I get on the
switch is know exact dash time-out
73
00:04:24,076 --> 00:04:25,366
and that will turn it off as well.
74
00:04:25,426 --> 00:04:28,906
It says, I'm not going to--
I'm not going to time out.
75
00:04:29,046 --> 00:04:33,946
Okay, so that's, that's kind of handy feature
number one that just popped into my head.
76
00:04:33,946 --> 00:04:37,656
Second one is the logging synchronous.
77
00:04:37,656 --> 00:04:38,526
And here's, here's what I mean.
78
00:04:38,996 --> 00:04:43,466
All throughout the series, we are going to be
getting status messages on the console port.
79
00:04:43,466 --> 00:04:47,676
So let me give you an example, let' say I want
to get out of the line config mode, right?
80
00:04:47,736 --> 00:04:48,986
And I want to do some show command.
81
00:04:48,986 --> 00:04:50,596
So, here, I'm going to do this quickly.
82
00:04:50,596 --> 00:04:54,616
So I'm going to hit control z, I dropped
out into a show-- [noise] See what I mean?
83
00:04:54,616 --> 00:04:58,116
I've kind of, I'm having deja vu.
84
00:04:58,116 --> 00:04:59,086
Did I show you this already?
85
00:04:59,426 --> 00:05:02,596
If I did, forgive me but--
So you see what I've done.
86
00:05:02,596 --> 00:05:04,386
I've kind of cut my command in half.
87
00:05:04,386 --> 00:05:07,276
I'm typing at the end of this,
backspace, I'm deleting the message.
88
00:05:07,616 --> 00:05:09,476
I mean, what's up with that?
89
00:05:09,596 --> 00:05:13,616
If I were, if I had the sense about me,
I could type in, it would work just fine.
90
00:05:13,856 --> 00:05:18,016
But the status messages will always go in line.
91
00:05:18,276 --> 00:05:22,306
Now one of the ways we can get around that
is by doing the tab key, I can do show run it
92
00:05:22,306 --> 00:05:24,076
and I'm like, "Oh man, it cut what I'm typing."
93
00:05:24,166 --> 00:05:26,446
I hit the tab key and it
kind of fixes that for me.
94
00:05:26,446 --> 00:05:30,626
That's one way but what if you could set it
up to where you don't even have to do that.
95
00:05:31,666 --> 00:05:36,276
Well, I'm going to go onto the console port and
there's a command called logging synchronous.
96
00:05:37,936 --> 00:05:38,876
Hit enter.
97
00:05:39,126 --> 00:05:45,716
What that command does is tell the
IOS to paint the, the status messages
98
00:05:45,716 --> 00:05:47,776
and then repaint what you were typing below.
99
00:05:47,776 --> 00:05:51,006
I probably could have find a better way
to say that but you get the point right?
100
00:05:51,176 --> 00:05:55,466
So I'm going to do, control z,
I'll do a show-- Oh, that was nice.
101
00:05:55,696 --> 00:05:56,476
See what it did?
102
00:05:56,646 --> 00:05:59,736
So instead of putting me at the end
of this message where I'm typing,
103
00:05:59,946 --> 00:06:01,836
it now painted my line back here which fit.
104
00:06:01,836 --> 00:06:06,026
I mean it's just make it so, so handy because
I know when people are first getting started
105
00:06:06,026 --> 00:06:07,986
in Cisco, that's the number
one question they get to ask.
106
00:06:07,986 --> 00:06:10,166
They go, how do I turn off those messages?
107
00:06:10,166 --> 00:06:13,946
Yeah, you know, you know the ones I cut when
I'm typing in half, how do I turn those off?
108
00:06:13,946 --> 00:06:16,106
Well you don't want to turn
them off because those are kind
109
00:06:16,106 --> 00:06:18,056
of your life blood of the Cisco device.
110
00:06:18,056 --> 00:06:20,836
They tell you what's going on
behind the scenes and you want
111
00:06:20,836 --> 00:06:22,606
to know, you want to see those messages.
112
00:06:22,606 --> 00:06:26,286
I mean, right now we're just seeing
this device was configured by console,
113
00:06:26,286 --> 00:06:28,356
you know, it's a little status message.
114
00:06:28,626 --> 00:06:31,156
But eventually, we're going to
see interface up, interface down.
115
00:06:31,156 --> 00:06:33,806
You know, all those kind of
messages which are key to see.
116
00:06:34,016 --> 00:06:35,816
So, that's the other thing.
117
00:06:35,816 --> 00:06:37,736
Okay, what was supposed the last thing?
118
00:06:37,736 --> 00:06:44,106
PWNC. So last nugget, let me go and add,
last nugget we removed the enabled password.
119
00:06:44,876 --> 00:06:46,006
I'm going to put it back in there.
120
00:06:46,476 --> 00:06:50,566
But one of the things that you, you may
have notice in all of the show runs,
121
00:06:50,746 --> 00:06:52,996
show running config that I
was doing in the last nugget,
122
00:06:52,996 --> 00:06:54,916
is we have this clear text passwords here.
123
00:06:54,916 --> 00:07:02,936
Not only, not only the enable password but
if I shoot down here, and I see line VTY,
124
00:07:02,936 --> 00:07:04,656
I mean password Cisco, password Cisco.
125
00:07:04,886 --> 00:07:08,806
So again, if I've got that strange
fellow looking over my shoulder,
126
00:07:09,066 --> 00:07:12,826
I'm like [noise] you know, I'm putting my
hand over the window, don't look at that.
127
00:07:13,216 --> 00:07:18,706
Well Cisco has a command that allows
you to encrypt those passwords.
128
00:07:19,016 --> 00:07:25,466
And I, if you could've see me I put encrypt in
those little, like "encrypt" those password.
129
00:07:25,466 --> 00:07:26,716
And the command is actually simple.
130
00:07:26,716 --> 00:07:28,076
It's service password encryption.
131
00:07:28,476 --> 00:07:32,006
So you type that from global
config mode and immediately,
132
00:07:32,076 --> 00:07:36,296
I go back and do a show run
and man, look at that-- bum!
133
00:07:36,326 --> 00:07:40,126
Encyptomagic, enable password is encrypted.
134
00:07:40,126 --> 00:07:44,406
I scrolled down to my VTY lines, my
console port, encrypted everywhere,
135
00:07:44,406 --> 00:07:45,596
so I'm like, "Man, that's awesome.
136
00:07:45,596 --> 00:07:46,116
That's feels good."
137
00:07:46,116 --> 00:07:50,646
Well Cisco did not design
that to be a strong algorithm.
138
00:07:50,686 --> 00:07:56,366
As a matter of fact, they've partnered up with
Cracker Jacks, remember the Cracker Jacks boxes
139
00:07:56,366 --> 00:07:58,536
with the little secret decoder ring inside?
140
00:07:58,746 --> 00:08:03,096
To come up with a shared algorithm, both
Cracker Jacks and Cisco uses the same.
141
00:08:03,096 --> 00:08:07,306
I mean, it's so incredibly weak that
you could go on to Google and type
142
00:08:07,306 --> 00:08:11,606
in let's just try crack Cisco password.
143
00:08:11,716 --> 00:08:13,096
Let's do crack Cisco password.
144
00:08:13,096 --> 00:08:13,526
There we go.
145
00:08:13,706 --> 00:08:16,926
First link on our Cisco password, crack-o-matic.
146
00:08:16,926 --> 00:08:20,856
I go in there and type in that
encrypted version and I go correct.
147
00:08:21,246 --> 00:08:22,686
There it is.
148
00:08:22,686 --> 00:08:23,916
[laughs] I know, you're like, "Seriously?!"
149
00:08:24,106 --> 00:08:30,586
Totally! All that, that, that encryption
is meant to do is-- where am I?
150
00:08:30,586 --> 00:08:33,016
All it is meant prevent to the line of site.
151
00:08:33,016 --> 00:08:36,016
Like, it's a whole lot harder
to remember 1306, 1E0--
152
00:08:36,016 --> 00:08:39,036
you know all of that than it is
to remember Cisco if you see it.
153
00:08:39,036 --> 00:08:43,226
So, it is not-- don't give that,
get that like warm and fuzzy.
154
00:08:43,226 --> 00:08:45,636
That's going to secure me
forever kind of feeling from that.
155
00:08:45,886 --> 00:08:47,516
However I will tell you this.
156
00:08:47,916 --> 00:08:52,216
They enable secret, you notice, notice the
two different, I call them encryption modes.
157
00:08:52,796 --> 00:08:56,346
So these guys used what's called type seven.
158
00:08:56,346 --> 00:09:00,776
Notice this all about type seven
Cisco password that it can do.
159
00:09:01,176 --> 00:09:05,996
The enable secret actually
uses type five right here.
160
00:09:06,416 --> 00:09:10,066
It's actually MD5 hashing is what that is.
161
00:09:10,066 --> 00:09:11,546
It's not encryption at all.
162
00:09:11,546 --> 00:09:15,756
It's a hash which-- I think I'll actually
talk about that later when we talk about SSH.
163
00:09:16,046 --> 00:09:17,346
That is very secure.
164
00:09:17,636 --> 00:09:22,646
It is, the only way to break that is through
something called a brute force attack
165
00:09:22,856 --> 00:09:25,686
which is the weakest kind of
hacking attack that you can do.
166
00:09:25,686 --> 00:09:30,016
Any password can be broken given
enough time and computing power.
167
00:09:30,316 --> 00:09:34,546
But this, this is one of the most
secure ways to set the password.
168
00:09:34,546 --> 00:09:38,006
So, that's the three little
pieces I want to add there.
169
00:09:38,006 --> 00:09:40,626
Okay, now let's get into the rest of this.
170
00:09:40,746 --> 00:09:46,766
We've got all of our password set up so we're
ready to enable and manage our switch remotely,
171
00:09:47,036 --> 00:09:49,586
however we haven't given it an IP address yet.
172
00:09:49,936 --> 00:09:52,876
Now to assign the IP address to a switch,
173
00:09:52,876 --> 00:09:56,976
you need to understand just
a little bit about VLANs.
174
00:09:57,936 --> 00:10:01,796
And that's, that's why I wanted
to break the base configuration
175
00:10:01,796 --> 00:10:04,986
into two nuggets 'cause I really wanted
to give enough time to this to where I--
176
00:10:04,986 --> 00:10:06,426
I'm not just like, okay, do this
177
00:10:06,426 --> 00:10:09,896
and nobody really understands why
they're doing what they're doing.
178
00:10:10,346 --> 00:10:16,546
So, VLANs, let me see if I can give you
the very small nutshell version right now
179
00:10:17,636 --> 00:10:20,226
and then we'll expand much more on it later
180
00:10:20,226 --> 00:10:24,436
when we do the full VLAN nuggets,
but we've got switches, right?
181
00:10:24,766 --> 00:10:29,526
And by default switches are all one network.
182
00:10:29,836 --> 00:10:34,076
So, here's our little six ports switch
if you will, they're all one networks.
183
00:10:34,076 --> 00:10:38,866
So, when I plug a computer into here and a
computer into here I know that those guys are
184
00:10:38,866 --> 00:10:43,136
on the same network, they can send a broadcast
to each other, they can send an ARP to figure
185
00:10:43,136 --> 00:10:46,816
out each other's MAC address and they can
communicate directly and all that, it's only--
186
00:10:46,816 --> 00:10:52,726
it's only once we want to get off of our network
that we need a router and the router allows us
187
00:10:52,726 --> 00:11:00,076
to leave our local area network or a LAN and get
off to the WAN or the internet, or wherever--
188
00:11:00,076 --> 00:11:03,796
whatever destination we're trying to reach
that's the job of what a router does.
189
00:11:04,036 --> 00:11:07,546
Well, VLAN's kind of been the rules
a little bit, they've say, "Well,
190
00:11:07,546 --> 00:11:14,486
I tell you what within the switch we can break
this switch into two different networks."
191
00:11:14,726 --> 00:11:18,096
We can have, well say the
red network on the left side
192
00:11:18,426 --> 00:11:21,016
and the purple network on the right side.
193
00:11:21,666 --> 00:11:27,026
So, now all of the computers that are
plugged into the red network can communicate
194
00:11:27,026 --> 00:11:31,046
with each other but they can't talk
to the purple network and same thing
195
00:11:31,046 --> 00:11:34,856
with the purple network who've got-- actually
I don't know how we just jam two ethernet ports
196
00:11:34,856 --> 00:11:37,286
in the same hole there, but we'll go with it.
197
00:11:37,536 --> 00:11:41,896
We've got the devices in the purple network
I can talk together, but they can't talk
198
00:11:41,896 --> 00:11:47,466
to the red network without a router and
that's where we could actually plug a router
199
00:11:47,816 --> 00:11:54,116
into each side of the switch one port into
the red side, one port into the purple side
200
00:11:54,286 --> 00:11:57,806
and that allows us to communicate between,
it gives you a ton of advantage to be able
201
00:11:57,806 --> 00:12:02,646
to do this, you can set up security boundaries
to where, okay, well accounting is over there,
202
00:12:02,936 --> 00:12:07,786
sales is over there, you can put up, you know,
the server is over there, it gives you a lot--
203
00:12:07,926 --> 00:12:11,146
a lot easier way of managing your IP.
204
00:12:11,146 --> 00:12:17,616
I mean there's a lot of advantages to VLANs, but
I don't want to dive pass that point right now
205
00:12:17,616 --> 00:12:20,266
because it will explode into
a giant VLAN discussion.
206
00:12:20,266 --> 00:12:23,276
So, let's get back to the point on hand.
207
00:12:23,716 --> 00:12:30,256
We've got all of these ports on a
switch that when you pull a Cisco switch
208
00:12:30,256 --> 00:12:35,616
out of the box it's doing VLANs, whether
you like or not, whether you configured them
209
00:12:35,616 --> 00:12:38,156
or not we are you're always doing VLANs
210
00:12:38,156 --> 00:12:41,776
on Cisco switches 'cause that's
the base feature that they support.
211
00:12:42,316 --> 00:12:44,266
So, what is that mean?
212
00:12:44,266 --> 00:12:50,106
That means every port when you
pull it out are all part of VLAN 1.
213
00:12:50,976 --> 00:12:54,846
It's actually the default VLAN,
VLAN 1 and that's why we don't know
214
00:12:54,846 --> 00:12:59,216
that we're doing VLANs is because if all the
ports are member of the same VLAN then it's
215
00:12:59,216 --> 00:13:00,766
like we're not doing VLANs at all, right,
216
00:13:00,766 --> 00:13:02,866
because everybody can talk
together and work together.
217
00:13:03,056 --> 00:13:09,886
Well, the Cisco switches allow you to create
these things known as VLAN interfaces,
218
00:13:11,136 --> 00:13:15,016
I don't know why I started
writing ter, let's do interfaces.
219
00:13:15,916 --> 00:13:22,906
And VLAN interfaces are virtual interfaces, as
in they don't really exist, I can't see them
220
00:13:22,906 --> 00:13:27,356
and touch them and squeeze
them, but they are there,
221
00:13:27,356 --> 00:13:30,926
they are reachable on the switch for my VLAN.
222
00:13:30,926 --> 00:13:33,526
So, for example let's say-- now VLANs,
223
00:13:33,526 --> 00:13:35,986
well I give them colors often,
they're actually numbers.
224
00:13:35,986 --> 00:13:40,696
So, let's say the red VLAN
is really VLAN 10, right?
225
00:13:40,696 --> 00:13:46,576
And the purple VLAN is really VLAN 131 you can--
226
00:13:46,576 --> 00:13:50,126
there's 4,096 numbers, so we
can just pick a number, right?
227
00:13:50,346 --> 00:13:52,326
So, that-- those are the different VLANs.
228
00:13:52,556 --> 00:13:56,696
Now, the Cisco switches give us the
ability to go into them and say,
229
00:13:56,966 --> 00:14:02,546
I want to create interface, VLAN 10.
230
00:14:03,976 --> 00:14:08,346
Now, that interface doesn't really exist
like I said I can't see it, but its there's,
231
00:14:08,346 --> 00:14:13,466
it's this virtual interface that I can reach
from anything, any port that is in VLAN 10.
232
00:14:13,806 --> 00:14:19,906
So, you know, I could give it the
IP address 10.10.1.1/24, right?
233
00:14:19,906 --> 00:14:24,226
Give it that IP address and immediately
all of the computers provided they're
234
00:14:24,226 --> 00:14:28,296
in the same network, you know, IP
address wise they will be able too reach
235
00:14:28,296 --> 00:14:31,706
that VLAN interface, now why would they do that?
236
00:14:31,706 --> 00:14:36,136
Well, they can access the switch, they can ping
the switch, I mean they can manage the switch
237
00:14:36,136 --> 00:14:40,676
that way and all that, that's kind of where
we're going here and there is actually a lot
238
00:14:40,676 --> 00:14:43,166
of bigger picture reasons why we would do that,
239
00:14:43,326 --> 00:14:47,386
it deals with something called layer 3
switching, but I'm going to save that for later
240
00:14:47,386 --> 00:14:50,496
on because right now we're just
at the basic configuration,
241
00:14:50,496 --> 00:14:55,596
but without understanding this concepts
it won't make sense what we have to do
242
00:14:55,596 --> 00:14:57,586
to assign a management IP address.
243
00:14:57,586 --> 00:15:06,106
So, what we do on a Cisco switch out of
the box is we go into interface VLAN 1
244
00:15:06,646 --> 00:15:13,736
and then we give it an IP address, whatever IP
address who want to give it 10.5.9.20, okay?
245
00:15:13,956 --> 00:15:17,256
So, or again whatever IP
address we want to give it.
246
00:15:17,256 --> 00:15:23,006
And now that IP address and that management
interface is reachable from all ports
247
00:15:23,006 --> 00:15:25,606
that are assigned or belong to VLAN 1.
248
00:15:26,196 --> 00:15:29,966
Okay, so let me clear all that
off and show you what I mean here.
249
00:15:30,456 --> 00:15:35,196
So, I've got a switch sitting next to
me at the Cisco 3550 it got 24 ports
250
00:15:35,196 --> 00:15:41,076
of 10/100 lob [phonetic], I've got a
computer plugged in here and to port 11.
251
00:15:41,446 --> 00:15:46,586
Let me give you a little view of
the nomenclature or kind of the way
252
00:15:46,586 --> 00:15:49,386
that Cisco switches refer to their ports.
253
00:15:49,386 --> 00:15:52,546
They don't just say port 11, they'll say
254
00:15:52,546 --> 00:15:58,936
for instance FastEthernet,
0/11, why do they do that?
255
00:15:59,056 --> 00:16:04,846
So, a lot of times when you deal with
Cisco devices it always uses ports
256
00:16:04,846 --> 00:16:07,336
that are based on module and port number.
257
00:16:07,336 --> 00:16:12,326
So, for example-- let me just show you a router,
you know, if I have a router I might have
258
00:16:12,606 --> 00:16:17,276
for instance I'll take a router that I
grew up with when I was working Cisco,
259
00:16:17,466 --> 00:16:22,906
Cisco 3640 was my dream router back in the day
because it had four modules where you could put
260
00:16:22,906 --> 00:16:26,236
in whatever interfaces you want,
so you could slide a card in here
261
00:16:26,436 --> 00:16:29,116
and it might have two FastEthernet ports.
262
00:16:29,116 --> 00:16:34,976
And so, this would be considered FastEthernet
0/0 because this is considered module 0
263
00:16:35,136 --> 00:16:41,246
and that's the first port on there which is 0,
and this would be considered FastEthernet 0/1
264
00:16:41,246 --> 00:16:44,896
because its again module 0 and then
that's the second port on there.
265
00:16:45,166 --> 00:16:47,436
So, you come over here, this
is considered module 1
266
00:16:47,606 --> 00:16:50,066
and let's say you put a serial port in there.
267
00:16:50,416 --> 00:16:56,436
So, this would be serial 1/0 'cause that's
the first 0 port, see kind of how that works?
268
00:16:56,436 --> 00:17:01,926
So, you get all these modules going on,
you know, maybe a FastEthernet interface
269
00:17:01,926 --> 00:17:05,346
up here would be FastEthernet
3/0, module 3 port 0.
270
00:17:05,556 --> 00:17:11,506
Well, on Cisco switches all their stackable
switches are considered module 0 and that's
271
00:17:11,506 --> 00:17:17,826
because a lot of their switches support what's
called StackWise or stacking technology.
272
00:17:17,826 --> 00:17:22,726
So, you can take Cisco switches, this
pretty cool you can take Cisco switches
273
00:17:22,726 --> 00:17:25,566
and they have these big old fat
cables that you put in the back
274
00:17:25,846 --> 00:17:28,486
and connect multiple Cisco switches together.
275
00:17:28,486 --> 00:17:34,146
So, let's say now 3550 doesn't do this, but
let's just say this is switch 1, switch 2,
276
00:17:34,496 --> 00:17:38,416
and then you've got switch 3 down here
which maybe [inaudible] change to this guy,
277
00:17:38,416 --> 00:17:41,806
and then lose back up here and plugs
in here because that way you don't want
278
00:17:41,806 --> 00:17:46,086
for instance this guy to die and
that leaves switch 1 and 3 stranded.
279
00:17:46,086 --> 00:17:48,596
So, it's always good to do that and
this creates what's called the stack.
280
00:17:49,126 --> 00:17:52,786
The beauty of having a stack is
literally the back plain of shared.
281
00:17:52,786 --> 00:17:55,826
So, you don't have, you know,
normally to connect switches together,
282
00:17:55,826 --> 00:17:59,096
you do this little connection with
a crossover cable or something
283
00:17:59,096 --> 00:18:01,286
like that to where switches are linked.
284
00:18:01,286 --> 00:18:04,856
Well, you don't have to worry about that,
you don't have to worry about bottlenecking
285
00:18:04,856 --> 00:18:08,586
on that port either because this
literally combines all of the bandwidth
286
00:18:08,586 --> 00:18:10,516
that these switches can put
out over those switches.
287
00:18:10,776 --> 00:18:14,436
And you can even, I mean some of the switches,
you can do things like redundant power to where,
288
00:18:14,626 --> 00:18:18,466
you know, they're all plugged into the
wall and let's say this power supply goes
289
00:18:18,466 --> 00:18:21,636
out he can actually pull power
from that cable, isn't that cool?
290
00:18:21,636 --> 00:18:24,116
So, that's-- that's one of
the things that you can do.
291
00:18:24,116 --> 00:18:28,826
Now, if you do that, if you use StackWise
then the first switch will be, you know,
292
00:18:28,826 --> 00:18:32,156
you'll confi-- oh I should say
it also unifies your managements,
293
00:18:32,156 --> 00:18:35,796
so I can log into this switch
and configure all three of them.
294
00:18:35,796 --> 00:18:40,186
So, this one would be for instance
FastEthernet 0/5 would be port 5 on here.
295
00:18:40,426 --> 00:18:44,726
This one would be FastEthernet 1/5 'cause
this whole switch becomes module 1,
296
00:18:45,006 --> 00:18:47,556
this one might become FastEthernet 2/5.
297
00:18:47,636 --> 00:18:52,786
Now, I'm using FastEthernet but we would
also have the G-- Gigabit Ethernet.
298
00:18:52,786 --> 00:18:56,056
So, let me get you a little
familiar with what this looks like
299
00:18:56,056 --> 00:18:57,746
and then I'll get back to my scenario.
300
00:18:58,166 --> 00:19:03,126
When you go to my switch and I'll type
in my favorite command in all Cisco,
301
00:19:04,246 --> 00:19:10,526
seriously it is always been my
favorite command show IP interface brief
302
00:19:10,526 --> 00:19:14,596
which gives you a summary view of the
interfaces on the switch and you can see
303
00:19:14,596 --> 00:19:21,316
that this 3550 switch has those 24 FastEthernet
ports that are all lined up there ready to work,
304
00:19:21,316 --> 00:19:26,126
you can see that-- I thought it was in 11 but
I'm actually in 14, I've got my computer plugged
305
00:19:26,126 --> 00:19:33,426
in to FastEthernet 0/14 because it shows
the status is up and the protocol is up if--
306
00:19:33,426 --> 00:19:37,426
we'll talk about this later, but this
is essentially layer 1of the OSI model,
307
00:19:37,736 --> 00:19:40,036
this is layer 2 of the OSI
model, we're communicating.
308
00:19:40,236 --> 00:19:46,936
I also see down at the bottom this one supports,
it has these things known as SFP modules, no--
309
00:19:47,196 --> 00:19:48,696
no this isn't SFPs, no these GBICs.
310
00:19:48,696 --> 00:19:52,146
There's different kinds of
modules depending on what kind
311
00:19:52,146 --> 00:19:56,406
of switch you have, SFP I
talked about this, right?
312
00:19:56,406 --> 00:19:58,376
I think early on in the series.
313
00:19:58,376 --> 00:20:01,836
SFP is a small-- was it small
form factor pluggable
314
00:20:01,836 --> 00:20:02,976
or something, something of that affect.
315
00:20:03,166 --> 00:20:07,636
Yeah, these switches have
these little holes in them.
316
00:20:07,806 --> 00:20:12,636
[laughs] These little holes called SFP ports
and you can get fiber optic transceivers
317
00:20:12,636 --> 00:20:15,256
or you can-- I mean, there's all
kinds of stuff that you can plug
318
00:20:15,256 --> 00:20:16,476
in there to give it functionality.
319
00:20:16,646 --> 00:20:20,006
Well, the 3550s has something called
GBICs [phonetic], these are kind of going
320
00:20:20,006 --> 00:20:23,466
by the wayside for the most part but
they're kind of big square holes,
321
00:20:23,846 --> 00:20:28,636
and you can do the same thing, you can buy fiber
optic modules for those and plug them in there
322
00:20:28,636 --> 00:20:31,696
so that's the gigabit ports
that we have on this device.
323
00:20:31,696 --> 00:20:35,106
So, I've got my computer plugged in right here.
324
00:20:35,106 --> 00:20:40,316
Now notice, when I did that show IP interface
brief, look at the very first-- what did I do?
325
00:20:41,296 --> 00:20:43,306
All right, look at the very first interface.
326
00:20:43,796 --> 00:20:45,266
The VLAN1.
327
00:20:45,716 --> 00:20:48,776
Notice, its IP address is unassigned, all the--
328
00:20:48,776 --> 00:20:50,656
you know, everything it's saying
it's down, it's down, it's down.
329
00:20:50,656 --> 00:20:53,136
Now, VLAN while knowing what
we know about VLANs,
330
00:20:53,136 --> 00:20:54,906
I'm going to type in the
command I haven't shown you yet.
331
00:20:55,066 --> 00:20:58,236
Yeah, it's called show VLAN.
332
00:20:58,516 --> 00:21:04,566
This shows me there is-- I mean, I guess you
can argue, these are VLANS but those are--
333
00:21:04,706 --> 00:21:07,256
it's kind of like this is
for token ring networks.
334
00:21:07,256 --> 00:21:11,666
I mean, these are on there juts because
of the standards but they're unsupported.
335
00:21:12,016 --> 00:21:14,586
VLAN1 is where all the action is happening
336
00:21:14,586 --> 00:21:18,416
out of the box 'cause I can see
all my ports are a member of VLAN1.
337
00:21:18,886 --> 00:21:26,696
So if I want to assign VLAN1 a management
IP address, I go in, I do interface VLAN1.
338
00:21:27,146 --> 00:21:31,826
So now, again, getting the flow
down, we got to make sure we got it,
339
00:21:31,826 --> 00:21:35,036
user mode to privilege mode is
that-- that's on through enabled.
340
00:21:35,276 --> 00:21:39,226
We go to global configuration mode,
we do that by typing in config t
341
00:21:39,536 --> 00:21:41,456
and then we can branch into all the submodes.
342
00:21:41,456 --> 00:21:47,436
Like here, we went to console, line
console zero or line VTY zero space 15.
343
00:21:47,436 --> 00:21:50,906
Or, now, we're going in to interface VLAN.
344
00:21:50,906 --> 00:21:55,826
So I mean interface configuration
mode, get back.
345
00:21:55,826 --> 00:21:58,976
So, I'm in interface configuration
mode and now all the commands
346
00:21:58,976 --> 00:22:01,616
that I have here affect this VLAN.
347
00:22:02,146 --> 00:22:07,706
So, this VLAN interface so I'm going to type
in the IP address, it's the command I do
348
00:22:08,226 --> 00:22:13,856
of this switch is going to be, let's just
do 10 dot and I'll use a question mark.
349
00:22:14,146 --> 00:22:19,096
We can either get it through DHCP like have
a DHCP give it me or I'll just say it's going
350
00:22:19,096 --> 00:22:22,356
to be static, 10.1.1.10, how is that?
351
00:22:22,786 --> 00:22:23,696
And I'll do the question mark.
352
00:22:23,696 --> 00:22:28,696
Some [inaudible] 2555, 255, 255,
0, here is the question mark.
353
00:22:28,696 --> 00:22:30,416
Do I want to make this a secondary address?
354
00:22:30,416 --> 00:22:31,856
No, this is the primary.
355
00:22:32,246 --> 00:22:32,746
Okay, enter.
356
00:22:33,186 --> 00:22:38,616
Now, I'm going to go back and do a show IP
interface brief because I want you to see now
357
00:22:39,426 --> 00:22:46,056
that now this guy has an IP address so he can
be reached on that but there's still a problem.
358
00:22:46,976 --> 00:22:52,396
Almost every switch starts with their
VLAN interface administratively down.
359
00:22:53,326 --> 00:22:58,386
That means, it's turned off and so, even though
I can configure this from the console board,
360
00:22:58,386 --> 00:23:02,736
I can't get to a remote LAN 'til I give it an
IP address and I turn on the VLAN interface.
361
00:23:02,826 --> 00:23:03,606
Well, how do I do that?
362
00:23:04,076 --> 00:23:06,406
Well, let me do a quick--
I'm going to do a show run,
363
00:23:06,406 --> 00:23:09,566
I'm going to start using some filtering
commands so we don't have to see everything.
364
00:23:09,566 --> 00:23:12,506
Now, you know, show run is the running
config, it's all the commands we've typed in.
365
00:23:12,686 --> 00:23:16,796
I'm actually going to add on show me
the running config for interface VLAN1.
366
00:23:17,616 --> 00:23:22,526
And right there, I see VLAN1, there's the
IP address and what do you see under that?
367
00:23:23,916 --> 00:23:29,586
Shutdown! This interface is shutdown, okay.
368
00:23:29,966 --> 00:23:33,216
So, I don't want that, I want it turned on.
369
00:23:33,926 --> 00:23:37,026
So now, let's put some of the
pieces together we've talked about,
370
00:23:37,296 --> 00:23:41,466
how do you negate a shutdown
state, what do you think?
371
00:23:41,906 --> 00:23:46,806
Well, go into the CISCO device, you're
probably thinking what I'm thinking.
372
00:23:47,106 --> 00:23:52,356
Interface VLAN1, no shutdown.
373
00:23:53,116 --> 00:23:56,026
And so that's kind of weird, it's
kind of a double negative if you will.
374
00:23:56,026 --> 00:24:01,306
I'm not-- you would think you would say like
enable or power on or Go-go gadget interface
375
00:24:01,306 --> 00:24:07,556
or something but we're saying, no shutdown, like
take off this shutdown status and turn it on.
376
00:24:07,556 --> 00:24:12,226
And we see our first real status messages,
the interface VLAN1 has changed you up,
377
00:24:12,366 --> 00:24:14,246
line protocol has changed you up.
378
00:24:14,466 --> 00:24:17,046
If I go back and do a show
IP interface brief again.
379
00:24:18,266 --> 00:24:23,796
And you notice, every time I do something, I'm
hitting control Z to drop back to privilege mode
380
00:24:23,796 --> 00:24:27,206
because I can't do show commands
from these submodes,
381
00:24:27,206 --> 00:24:28,886
they're not supported directly from there.
382
00:24:28,886 --> 00:24:35,786
So, I see VLAN1 is given this IP address and
I see the status up, line protocol is up.
383
00:24:35,786 --> 00:24:38,016
Okay, okay, we're getting there.
384
00:24:38,266 --> 00:24:43,786
So, I've got my computer plugged into fast
internet 0/14, well, let's do a little magic.
385
00:24:43,786 --> 00:24:47,046
I'm going to open the control
panel on my computer, actually,
386
00:24:47,046 --> 00:24:49,816
I should probably start here,
control panel, get all Windows 7.
387
00:24:49,816 --> 00:24:55,006
I'm going to click on the network status, go to
the adaptor settings and I'm actually connected,
388
00:24:55,006 --> 00:24:57,716
I've got my normal network
card so I can surf the internet
389
00:24:57,716 --> 00:25:00,366
when I have whimsical thoughts and all that.
390
00:25:00,606 --> 00:25:04,846
But right next to this, I have
the Apple USB ethernet adaptor.
391
00:25:04,846 --> 00:25:09,666
It's just that little USB ethernet adaptor
that I grab for my MacBook and plug into this.
392
00:25:09,666 --> 00:25:13,396
And so I'm going to go to properties
and give this an IP address that's
393
00:25:13,396 --> 00:25:16,436
in that same network, so 10.1.1.10.
394
00:25:16,436 --> 00:25:19,596
I'm going to put this guy in 10.1.1.--
395
00:25:20,046 --> 00:25:22,616
I don't know, what do you want
to give him, how's a hundred?
396
00:25:22,656 --> 00:25:29,566
255, 255, 255, 0, we don't even have to give
it a default gateway 'cause there is none,
397
00:25:29,566 --> 00:25:32,056
this is a simple of a network as it gets.
398
00:25:32,056 --> 00:25:35,636
So I'm going to click close on
that, let's open a command prompts.
399
00:25:35,636 --> 00:25:40,826
And by the way, you will have to know some
basic windows command prompt skills like Ping
400
00:25:41,056 --> 00:25:48,186
and telnet and NS-- no, you won't need
NSLOOKUP but that'd be a good one to know,
401
00:25:48,186 --> 00:25:50,526
trace route, we'll expand on this as we go.
402
00:25:50,526 --> 00:25:53,796
But first I'm going to do, let's
do a show IP interface brief.
403
00:25:53,946 --> 00:25:55,966
[laughs] What am I doing,
I'm in the command prompt.
404
00:25:55,966 --> 00:25:57,316
IP config.
405
00:25:57,316 --> 00:25:59,026
IP again, has been in CISCO a little too long.
406
00:25:59,026 --> 00:26:04,186
So right there, I see this is my IP
address, this is a sign of my LAN2 interface
407
00:26:04,186 --> 00:26:05,586
so let's see if we can ping the switch.
408
00:26:06,046 --> 00:26:11,266
I always ping before I telnet because if you
telnet, it will hang there for 30 seconds.
409
00:26:12,356 --> 00:26:15,606
Okay, that's not what I expect, okay, phew!
410
00:26:15,816 --> 00:26:17,816
As I-- I expected that to work.
411
00:26:17,816 --> 00:26:23,216
So, sometimes, you lost the first ping just
because the computer has to send an art message,
412
00:26:23,216 --> 00:26:25,646
wait for it to come back and by
then, the ping has timed out.
413
00:26:25,866 --> 00:26:28,486
So we are pinging, I'll hit the up
here just to prove it one more time.
414
00:26:28,486 --> 00:26:30,096
We're getting there less than a millisecond.
415
00:26:30,096 --> 00:26:37,706
So now, I can type in telnet 10.1.1.10.
416
00:26:37,706 --> 00:26:41,556
Come on Windows, why would
Microsoft remove telnet, hang on.
417
00:26:41,816 --> 00:26:48,056
We got a-- if you haven't seen this before, you
got to go into control panel, Windows features
418
00:26:48,496 --> 00:26:54,066
and nowadays, they, you know,
Microsoft, it is a new computer
419
00:26:54,066 --> 00:26:59,176
so Microsoft has disabled the telnet
clients on windows by default.
420
00:26:59,686 --> 00:27:01,746
So yeah, we'll pause it while it's doing this.
421
00:27:03,086 --> 00:27:04,096
Okay, that was fast.
422
00:27:04,366 --> 00:27:05,786
So, I'm going to close that back down.
423
00:27:06,296 --> 00:27:10,316
Now, I should be able to hit
telnet 10.1.1.10, enter, bam!
424
00:27:10,316 --> 00:27:11,786
I'm sitting there from my command prompt.
425
00:27:11,786 --> 00:27:17,036
So now, I can log in, I'm going to
type in CISCO which is my password.
426
00:27:18,976 --> 00:27:21,556
CBT nugget is my enable password and I'm there.
427
00:27:21,556 --> 00:27:24,166
Now, you can see behind the
scenes, I'm actually there
428
00:27:24,166 --> 00:27:27,536
on the console port, up here I'm on the VTY LAN.
429
00:27:27,536 --> 00:27:29,196
So actually check this out, watch this.
430
00:27:29,196 --> 00:27:32,786
When I go into global config mode, unless
just, you know, blah, I'm doing some config,
431
00:27:32,786 --> 00:27:34,156
whatever it's going to say invalid input.
432
00:27:34,156 --> 00:27:38,576
So, I'm going to exit back out and
watch what the console port does.
433
00:27:38,796 --> 00:27:43,426
Look at that, it says, somebody-- now
notice, it didn't show me anything up here
434
00:27:43,426 --> 00:27:47,976
because by default, those-- these
are actually called syslog messages.
435
00:27:47,976 --> 00:27:51,806
Those syslog messages are not sent
to anything but the console port.
436
00:27:52,176 --> 00:27:58,436
So, I look and I see now-- and so before, it
was saying configured from console by console
437
00:27:58,496 --> 00:28:03,646
like somebody is configuring the console
of this device, configuring the commands
438
00:28:03,646 --> 00:28:05,546
on this device using a console cable.
439
00:28:05,716 --> 00:28:11,566
Now down here, I see configured from
console by VTY0 as in somebody has logged
440
00:28:11,566 --> 00:28:14,326
in to that first VTY port on here.
441
00:28:14,326 --> 00:28:18,046
That's kind of want to-- that 100.
442
00:28:18,046 --> 00:28:21,396
Now, I'm just getting kind
of giddy, let's do this.
443
00:28:21,396 --> 00:28:23,936
I'm going to open a second
command prompt and I'm going
444
00:28:23,936 --> 00:28:25,726
to start another telnet message unless telnet.
445
00:28:25,726 --> 00:28:30,316
So, remember I said there were 16 telnet ports
and we could have 16 people at the same time,
446
00:28:30,636 --> 00:28:34,326
you could even have them all from
the same device if you wanted too.
447
00:28:34,326 --> 00:28:36,476
I'm going to tell that another
session of this device.
448
00:28:36,476 --> 00:28:39,166
I go to the CISCO, enable CBT nuggets.
449
00:28:39,166 --> 00:28:43,966
I'm going to go into go over config
mode, watch status message this time,
450
00:28:44,016 --> 00:28:45,826
what do you think it's going to say?
451
00:28:45,826 --> 00:28:46,646
Come on, predict with me.
452
00:28:46,776 --> 00:28:49,006
What's it going to say when
I exit out of config mode?
453
00:28:50,476 --> 00:28:58,196
Configured from console by VTY1 because
this guy came in on the second telnet port,
454
00:28:58,466 --> 00:29:02,516
this guy came in on the first telnet
port so anything that he does is VTY0,
455
00:29:02,626 --> 00:29:05,046
anything that he does is on VTY1.
456
00:29:05,046 --> 00:29:07,756
Now, I want to go back because
I know some of you--
457
00:29:07,756 --> 00:29:12,646
sometimes, I try to predict the questions
because I think like a lab, you go,
458
00:29:12,786 --> 00:29:19,476
can I set different telnet passwords
like we did that line VTY zero space 15
459
00:29:19,746 --> 00:29:21,776
and we configured all of
them with the same password.
460
00:29:22,026 --> 00:29:25,996
I know some of which probably think can
I have in line VTY0 and do one password,
461
00:29:26,206 --> 00:29:29,326
VTY1 into another password,
VTY2 and do another password?
462
00:29:29,486 --> 00:29:30,476
The answer is, yes you could.
463
00:29:30,476 --> 00:29:34,236
You could put different passwords on
every single one of those VTY ports
464
00:29:34,236 --> 00:29:37,266
when you're securing your device but,
my goodness, you won't want to do
465
00:29:37,266 --> 00:29:41,186
that because you never know, I mean,
it's good old Forrest Gump, right.
466
00:29:41,406 --> 00:29:44,776
It's like a box of chocolate, you never
know what VTY line you're going to get
467
00:29:44,776 --> 00:29:47,306
when you telling that in so you
never know which password is going
468
00:29:47,306 --> 00:29:49,436
to be required when you're doing that.
469
00:29:49,486 --> 00:29:55,566
So, good, so that's configuring the
management VLAN or IP address of the switch.
470
00:29:57,066 --> 00:29:59,106
Now, we move down to the default gateway.
471
00:29:59,746 --> 00:30:02,486
Yeah, I got to clear off a
little drawing room here.
472
00:30:03,046 --> 00:30:05,976
So, we move down to the default
gateway slash, slash, slash, slash.
473
00:30:06,096 --> 00:30:11,556
Default gateway allows you to
manage the switch remotely.
474
00:30:12,686 --> 00:30:15,386
Well, hang on, let me-- so
we already did, right?
475
00:30:15,486 --> 00:30:20,196
We're already measuring the switch remotely
but I mean, really remotely to where right now,
476
00:30:20,406 --> 00:30:25,466
the only way that we're able to manage that
switch is because we're plugged in to it
477
00:30:25,466 --> 00:30:27,276
and we happen to be on the same network.
478
00:30:27,396 --> 00:30:29,676
Now if we did a chain, another
switch to that, we could yeah,
479
00:30:29,676 --> 00:30:33,286
we could plug in there 'cause these are all
one network and I could telnet over and manage
480
00:30:33,286 --> 00:30:36,246
to switch that way, but what about
when I go home for the evening?
481
00:30:36,626 --> 00:30:44,246
What about when I'm sitting on the
sunny beach in California on a sunny day
482
00:30:44,566 --> 00:30:49,186
with my lawn chair watching the waves
crashing in over at the barrier with a laptop
483
00:30:49,186 --> 00:30:52,186
on the beach and suddenly [inaudible]
card and I want to be able to telnet
484
00:30:52,186 --> 00:30:54,806
into that switch from there, how do I do it?
485
00:30:55,136 --> 00:31:01,046
The way that I do it is by going into the switch
and telling it, yes, this is your IP address
486
00:31:01,046 --> 00:31:06,276
which we just did and this how you can get off
of your network so that you can communicate
487
00:31:06,276 --> 00:31:08,106
with people that are not on your network.
488
00:31:08,326 --> 00:31:12,576
So that's going to be the IP address
of the router or the default gateway.
489
00:31:13,006 --> 00:31:16,366
So I would go in this and so now,
this is just my sample situation.
490
00:31:16,516 --> 00:31:23,066
We created interface VLAN1 and we give it
the IP address 10.1.1.10 so let's just say
491
00:31:23,066 --> 00:31:29,496
that this default gateway, this router has
the IP address 10.1.1.10 and I want to be able
492
00:31:29,496 --> 00:31:34,096
to tell my switch, go there to get off the
network so Jeremy [phonetic] can manage you
493
00:31:34,096 --> 00:31:35,646
from the sunny beach in California.
494
00:31:35,756 --> 00:31:41,026
So the way that I do that is go to global
config mode 'cause it's actually global,
495
00:31:41,026 --> 00:31:44,666
it's not just for that VLAN
interface, it affects the whole switch.
496
00:31:45,126 --> 00:31:52,836
I'm going to type in from global IP
default gateway and then the IP address
497
00:31:52,836 --> 00:31:56,546
that I want to go to, 10.1.1.10, enter.
498
00:31:56,956 --> 00:32:00,306
And now, this switch knows how
to get off its own network.
499
00:32:00,546 --> 00:32:05,046
I can verify it-- by the way, I know at the
very bottom, I have verification commands
500
00:32:05,266 --> 00:32:08,326
which I'm doing as I'm going
along this entire time.
501
00:32:08,596 --> 00:32:12,336
But so far, I would say show run is a big one
502
00:32:12,336 --> 00:32:14,316
so you can see all your commands
that you've typed in.
503
00:32:14,316 --> 00:32:16,406
This is literally by the
way, when you do a show run,
504
00:32:16,766 --> 00:32:19,986
this is literally the commands
that are typed into the switch.
505
00:32:20,666 --> 00:32:23,256
Like we typed in IP default
gateway and that is it.
506
00:32:23,256 --> 00:32:27,356
And so, if you ever wanted to make a backup
of your configuration and all of a sudden,
507
00:32:27,356 --> 00:32:29,786
you know, boom, your switch post up, you
got to put it in a new one, you're like,
508
00:32:29,786 --> 00:32:31,116
"Oh man, I got to type all this in."
509
00:32:31,286 --> 00:32:31,966
No you don't.
510
00:32:31,966 --> 00:32:34,206
You can actually take this entire configuration,
511
00:32:34,426 --> 00:32:38,196
go into global configuration
mode and just paste it, you know.
512
00:32:38,196 --> 00:32:42,696
So select all, highlight the whole config
from notepad or whatever, control C,
513
00:32:42,696 --> 00:32:47,416
copy it to your clipboard, go into global
configuration mode on the new switch,
514
00:32:47,416 --> 00:32:51,086
the key is remember, start from
global config mode and hit paste
515
00:32:51,086 --> 00:32:52,836
and it will literally reconfigure
the whole switch
516
00:32:52,836 --> 00:32:54,546
for you just by typing in all those commands.
517
00:32:54,576 --> 00:32:57,816
So now, I've got the default gateway
which is able to go out there.
518
00:32:58,766 --> 00:33:03,736
Now, we're going to get a little bit later into
some more advanced configuration where we--
519
00:33:03,736 --> 00:33:07,246
we're going to talk about routing tables
and so on but if I do a show IP route,
520
00:33:07,546 --> 00:33:11,116
this guy is not a router yet but he will be.
521
00:33:11,406 --> 00:33:15,006
But for now, he's not and so I
can see right away, he said, no.
522
00:33:15,006 --> 00:33:20,936
Well, if I'm going to route, I'm going to send
all my packets to the default gateway 10.1.1.1.
523
00:33:21,276 --> 00:33:26,596
Okay, shutdown, this commands, we
already talked about by turning it off.
524
00:33:26,596 --> 00:33:30,066
However, there is a time where
we might want to turn it on.
525
00:33:30,556 --> 00:33:35,916
It is a best practice, you know, normally, what
usually happens is you go to that cabling room.
526
00:33:36,856 --> 00:33:42,666
Remember this guy to where people, you know, the
wiring company will wire your whole building up
527
00:33:42,666 --> 00:33:47,056
and somebody comes in, sometimes you, sometimes
somebody else and they plug in all these cables.
528
00:33:47,056 --> 00:33:51,696
You go, "Okay, will all those go to live jacks
so let's push those into the switch itself.
529
00:33:51,696 --> 00:33:56,126
Well, the problem is, some of those probably
go to jacks that you're not even think about.
530
00:33:56,126 --> 00:33:59,746
I mean, one of them might run through
the wall and come out in the lobby
531
00:33:59,936 --> 00:34:06,416
of your building underneath a chair in
the sitting area where somebody could come
532
00:34:06,416 --> 00:34:12,666
in with a laptop that is infected with who
knows what and they're like, I need to plug in.
533
00:34:12,666 --> 00:34:16,446
Look at it, I'll just run my cable and then
click death, [noise] you know, destroy.
534
00:34:16,716 --> 00:34:23,236
You've introduced evil devices onto your
network and as soon as you do that, you know,
535
00:34:23,236 --> 00:34:27,156
you're at risk or you could have, you
know, another one of these cables run
536
00:34:27,156 --> 00:34:31,326
to the break room, you know, where people
unmonitored can plug whatever they want and,
537
00:34:31,326 --> 00:34:33,266
you know, an Xbox or whatever into the network,
538
00:34:33,266 --> 00:34:37,086
maybe devices that just aren't
appropriate to be on the company.
539
00:34:37,086 --> 00:34:38,166
I mean, those all kinds of things.
540
00:34:38,256 --> 00:34:46,436
Either way, the best practice per CISCO is
to shutdown any port that is not in use.
541
00:34:46,666 --> 00:34:51,726
So, when I go back to my
switch, I'd be right here,
542
00:34:51,726 --> 00:34:55,146
sit down on the console board 'cause
it's prettier than the command line.
543
00:34:55,146 --> 00:35:00,026
So I'm going to go back on my switch, I'm
going to go, show an IP interface brief.
544
00:35:00,026 --> 00:35:03,256
I see all of these ports
right now are there, you know,
545
00:35:03,256 --> 00:35:05,806
but they're all down 'cause nothing's
plugged into him except this guy
546
00:35:05,806 --> 00:35:07,776
which is my computer and I can see he's up.
547
00:35:08,066 --> 00:35:14,206
Well, what I can do is I can go into interface
FastEthernet 0/1 and that-- by the way, we all--
548
00:35:14,436 --> 00:35:18,846
we typically abbreviate FastEthernet at FA.
549
00:35:18,996 --> 00:35:23,256
It's not some kind of acronym, right, it's
just the first two letters of fast, you know,
550
00:35:23,256 --> 00:35:27,496
because sometimes, you'll have switches
with fiber interfaces and F and most
551
00:35:27,496 --> 00:35:31,326
of the time you won't but F will config
that you won't know if it's a fiber or fast
552
00:35:31,326 --> 00:35:35,556
and so I usually type FA or hit tab key
or whatever filling in for you, port.
553
00:35:35,556 --> 00:35:38,236
0/1 and I'm going to do a shutdown.
554
00:35:38,636 --> 00:35:40,696
So that one went to the break room, right?
555
00:35:40,876 --> 00:35:42,776
And immediately, the status message comes back,
556
00:35:43,026 --> 00:35:47,086
the port has now changed
to administratively down.
557
00:35:48,006 --> 00:35:51,516
I'm going to show you a tip 'cause
I'm kind of tired of exiting.
558
00:35:51,516 --> 00:35:56,226
CISCO has a trick that they've
introduced called the do command.
559
00:35:56,376 --> 00:35:59,746
Actually, I don't know if the switch
can do it but you can type in do
560
00:35:59,746 --> 00:36:03,786
from any configuration mode and do show
commands without actually backing out.
561
00:36:03,786 --> 00:36:07,136
Let me just see if this one will do it,
this one might now, oh it does, good.
562
00:36:07,456 --> 00:36:12,386
Okay so, the do command allows you to type in,
you know, show commands or do ping commands
563
00:36:12,386 --> 00:36:16,226
from modes that you normally couldn't do it
and normally I have to exit all the way back
564
00:36:16,226 --> 00:36:18,096
out to Privileged mode but
this is kind of handy.
565
00:36:18,096 --> 00:36:24,376
So, I'm going to do a do show IP interface brief
and I can see that FastEthernet 0/1 has gone
566
00:36:24,376 --> 00:36:27,916
from a state of down to now
administratively down.
567
00:36:28,296 --> 00:36:32,586
Administratively down, anytime you see
that messages, it means it shut down,
568
00:36:32,816 --> 00:36:34,776
that's a key number one of troubleshooting.
569
00:36:34,776 --> 00:36:38,466
If a port is not working and you see
it administratively down, that's easy,
570
00:36:38,626 --> 00:36:40,766
you just need to go in and do a no shutdown.
571
00:36:41,086 --> 00:36:43,686
Now, I can even do a range, watch this.
572
00:36:44,036 --> 00:36:47,956
let's say, I know that ports 1 through 10
are not going to be used for quite some time,
573
00:36:47,956 --> 00:36:50,646
they all plug in to areas of the
building that aren't in use yet.
574
00:36:50,646 --> 00:36:53,896
So I'm going to do interface-- well
actually, not just FastEthernet,
575
00:36:53,896 --> 00:37:00,466
I'll do interface range FastEthernet
0/1, let's do through 10.
576
00:37:01,476 --> 00:37:09,176
Now, some switches make you have the spacing
exact, you need one space dash space 10.
577
00:37:09,526 --> 00:37:13,206
Most switches are flexible,
it will let you, you know,
578
00:37:13,206 --> 00:37:15,206
do something like this or whatever you want.
579
00:37:15,206 --> 00:37:18,346
This one, this one is one of the flexible
one so it's IOS version dependent.
580
00:37:18,346 --> 00:37:22,096
I just know I've run into somewhere it's
like, it's an invalid command and, you know,
581
00:37:22,096 --> 00:37:24,786
the question mark doesn't
really show spaces too well.
582
00:37:24,786 --> 00:37:30,426
So, I can do a shutdown and that will
take down 10 ports all at the same time.
583
00:37:30,476 --> 00:37:33,076
[noise] The status messages began, right.
584
00:37:33,286 --> 00:37:37,166
So, it's all those messages are starting
to flow out now administratively down.
585
00:37:38,216 --> 00:37:44,306
And I can do that do show IP interface brief
and now, I see all of those guys are shutdown.
586
00:37:45,536 --> 00:37:49,566
Okay, so last couple commands,
first off, a log on banner.
587
00:37:50,276 --> 00:37:56,136
So log on banners are just a good practice to
cover your self legally so there's a tale going
588
00:37:56,136 --> 00:37:59,666
around the internet, it could be true,
might not be, I don't know, but either way,
589
00:37:59,666 --> 00:38:06,366
it sounds true where a couple of guys
hacked into a college campus server
590
00:38:06,786 --> 00:38:08,816
and destroyed everything, destroyed the data,
591
00:38:08,816 --> 00:38:12,736
I mean caused massive data
loss for their college campus.
592
00:38:12,966 --> 00:38:19,456
They were caught and taken to court and their
lawyer found a way to get them out of trouble
593
00:38:19,456 --> 00:38:22,596
because they said, well, we logged on
to the system and it said, welcome.
594
00:38:23,256 --> 00:38:28,576
And apparently in the good old United States of
America saying welcome is enough to say, well,
595
00:38:28,576 --> 00:38:32,346
you can come on and then destroy
everything and you'll be just fine.
596
00:38:32,346 --> 00:38:36,016
So, and it's funny 'cause I've told that
story before and someone said, "Oh yeah,
597
00:38:36,016 --> 00:38:40,516
and then I also heard if you have a welcome
mat on your doormat in your doorstep,
598
00:38:40,516 --> 00:38:44,386
somebody can break in your house and
legally, they're covered because said,
599
00:38:44,386 --> 00:38:49,146
and that was like come on, come
on" but and then last I checked in,
600
00:38:49,246 --> 00:38:52,956
I don't have a welcome mat
at home so be advised.
601
00:38:52,956 --> 00:38:56,146
So, best thing to do is do a
good-- it's odd log on here.
602
00:38:56,146 --> 00:39:00,816
Doesn't have to be long, doesn't have to be
anything really fancy, I mean, you can get--
603
00:39:00,816 --> 00:39:04,436
I mean, the government publishes, you know,
the government approved the log on banner
604
00:39:04,436 --> 00:39:06,586
from the Department of Defense
if you want to Google that.
605
00:39:07,036 --> 00:39:09,166
But really, you can put whatever you want.
606
00:39:10,096 --> 00:39:15,246
The way that you do is from global config
because it affects the entire switch.
607
00:39:15,246 --> 00:39:18,946
Let me type in banner, follow
that question mark.
608
00:39:18,946 --> 00:39:21,716
You can see there's a lot of
banners that you could do.
609
00:39:21,716 --> 00:39:27,446
Really two main ones that you want to look at,
you got banner log in which is used for telnet
610
00:39:27,486 --> 00:39:33,926
and SSH sessions or you can do banner MOTD which
is used for everywhere, I mean console port,
611
00:39:33,926 --> 00:39:37,606
everything shows the message
of the day logged on banner.
612
00:39:37,606 --> 00:39:41,896
So, usually, people will configure a MOTD.
613
00:39:41,896 --> 00:39:43,946
So we hit the question mark and it says,
614
00:39:44,386 --> 00:39:47,776
this is probably the most
confusing help that exist in Cisco.
615
00:39:48,106 --> 00:39:50,746
It says, insert line, notice all capitals.
616
00:39:51,056 --> 00:39:54,736
It says, see banner tech C where
C is the delimiting character.
617
00:39:55,796 --> 00:40:00,606
What it's trying to say, put your log on
banner between this character that tells me
618
00:40:00,606 --> 00:40:02,976
where you start and where
you end your log on banner.
619
00:40:03,386 --> 00:40:07,206
And so, we can use any delimiting
character that you want.
620
00:40:07,206 --> 00:40:09,216
Let's say, I want to use the plus sign.
621
00:40:09,506 --> 00:40:15,156
I could type-- there's couple ways I could
do this, I could type in banner MOTD plus
622
00:40:15,156 --> 00:40:21,376
and I could say, unauthorized access prohibited.
623
00:40:22,816 --> 00:40:27,086
And then put a plus at the end and
now, I've entered my log on banner.
624
00:40:27,086 --> 00:40:34,146
So now, I can exit out and hit the enter key
and well, kind of got the status message.
625
00:40:34,146 --> 00:40:37,726
So I hit the enter key and we see
unauthorized access prohibited.
626
00:40:37,726 --> 00:40:41,326
Notice the plus signs aren't because the
plus signs are really just there to say,
627
00:40:41,636 --> 00:40:47,046
this is the start and the
end of the log on banner.
628
00:40:47,196 --> 00:40:51,486
I got to come out with a password that
I can talk and type at the same time.
629
00:40:51,486 --> 00:40:52,056
Okay, there we go.
630
00:40:52,056 --> 00:40:57,336
So I'm in global config mode, so, another
way to do it is I could do banner MOTD
631
00:40:57,336 --> 00:41:01,506
and I could do a plus sign and just
hit the enter key and it takes me
632
00:41:01,506 --> 00:41:04,566
into this little editor system to where it says,
633
00:41:04,566 --> 00:41:07,416
enter your text message and
with the character plus.
634
00:41:07,416 --> 00:41:10,706
Again, that delimiting character, whatever
character I use, I can use anything,
635
00:41:11,036 --> 00:41:15,076
I use the plus so I mean, this allows you
get a little fancy I can say, you know,
636
00:41:15,536 --> 00:41:20,516
log in and die, you know,
whatever you want to do.
637
00:41:20,516 --> 00:41:22,376
Now, though be careful with this.
638
00:41:22,376 --> 00:41:26,726
I've logged on the systems where it says
something like, "You can't hack this,"
639
00:41:26,726 --> 00:41:28,956
you know, and then I'm like all right.
640
00:41:28,956 --> 00:41:31,766
Like, I'm not even a hacker.
641
00:41:31,766 --> 00:41:36,466
There's not a malicious bone in my body but when
I saw that message I'm like, "I bet you I can,"
642
00:41:36,466 --> 00:41:39,226
you know, so you don't want
to inspire people to hack you.
643
00:41:39,226 --> 00:41:44,036
So, you know, something nice and
simple but a lot times again,
644
00:41:44,036 --> 00:41:47,156
just Google what the government uses and
you'll be-- you'll be pretty much covered.
645
00:41:47,156 --> 00:41:50,996
But, that will now display a log on
banner every single time somebody logs
646
00:41:50,996 --> 00:41:53,626
in so, pretty straightforward.
647
00:41:54,806 --> 00:41:59,856
All right, so last one is saving your
configuration so we've got everything, right.
648
00:42:00,306 --> 00:42:05,606
Saving your configuration probably the
biggest piece of this all because all of this,
649
00:42:05,606 --> 00:42:09,976
every single commands that we've typed
on this device is sitting in RAM.
650
00:42:10,296 --> 00:42:14,866
Now, RAM, if, you know, if you've dealt with
computers, it's great because it's fast,
651
00:42:14,866 --> 00:42:18,006
it's extremely fast and efficient
however, it's volatile.
652
00:42:18,126 --> 00:42:20,796
So if the power goes out, you'll loss all of it.
653
00:42:21,036 --> 00:42:24,916
Well, in the CISCO world, you actually
have two different places to store things.
654
00:42:24,916 --> 00:42:30,636
Well, there's actually a number but two big
ones, running config and startup config.
655
00:42:31,546 --> 00:42:36,636
So running config is in RAM and we'll be
lost every single time you power down,
656
00:42:36,636 --> 00:42:39,056
startup config is in NVRAM.
657
00:42:39,746 --> 00:42:43,946
Let me guess what NV stands
for, Non-Volatile, you got it.
658
00:42:44,106 --> 00:42:48,656
So Non-Volatile RAM is saved so
when the switch power is down,
659
00:42:49,146 --> 00:42:51,656
you can still keep that configuration.
660
00:42:51,656 --> 00:42:55,616
Now, there's an advantage to having this and,
you know, I've had a lot of people say, "Well,
661
00:42:55,616 --> 00:42:58,806
why not-- how come just like as you type
commands, it doesn't save it NVRAM?"
662
00:42:59,026 --> 00:43:03,856
Well, there's a lot of times where you'll
be in the midst of doing some configuration
663
00:43:04,956 --> 00:43:08,156
and you really mess things up,
I mean, it happens, you know,
664
00:43:08,156 --> 00:43:10,736
when you configuring you're
like, "Oh man, I've gone so far,
665
00:43:10,736 --> 00:43:13,496
I don't even know what I've
done to undo it anymore."
666
00:43:13,776 --> 00:43:17,886
Well, as long as you don't save your
configuration, you can just restart the device
667
00:43:18,016 --> 00:43:21,336
and you get the old configuration
back before you made all your changes.
668
00:43:21,336 --> 00:43:26,166
So, it's good to have the two configurations
but you do want to remember to save it.
669
00:43:26,166 --> 00:43:34,936
Command is very simple, we type in copy running
config, startup config, hit the enter key.
670
00:43:35,596 --> 00:43:40,196
Now, it comes up, I don't event know why
the Cisco device ask through this question
671
00:43:40,196 --> 00:43:43,926
for this one because it says,
destination file name, startup config.
672
00:43:44,276 --> 00:43:48,496
I've seen biggest mistake you can make is
say, "Well, yes, yes that's what I want."
673
00:43:48,496 --> 00:43:54,356
No, you don't want that because those switch
only looks for one file when it's booting
674
00:43:54,356 --> 00:43:56,086
and that's a file name startup config.
675
00:43:56,186 --> 00:44:00,426
So if you want whatever is in the
brackets there to be your name,
676
00:44:00,426 --> 00:44:05,046
all you have to do is press the enter
key and it will use that file name.
677
00:44:05,046 --> 00:44:09,896
If you put Y there, it will save the
configuration in NVRAM as a file named Y
678
00:44:09,896 --> 00:44:13,106
and the switch doesn't know
what to do with that file.
679
00:44:13,376 --> 00:44:21,186
A shortcut that has been around since Cisco
begin is also, you can type in write memory.
680
00:44:21,276 --> 00:44:25,096
I like that because it doesn't
even ask you a file name.
681
00:44:25,096 --> 00:44:26,356
It just says, I'm going to save it.
682
00:44:26,356 --> 00:44:29,166
Or even a shorter shortcut is just WR.
683
00:44:29,166 --> 00:44:31,646
So we can trim it down shorter
and shorter and shorter.
684
00:44:31,646 --> 00:44:36,986
Now, the write memory does not work on all
devices, Cisco has been slowly fading that away
685
00:44:37,356 --> 00:44:42,236
but it will work on I would say, 99
percent of Cisco devices that you run into.
686
00:44:43,576 --> 00:44:46,826
If you ever want to see what's
in these configurations,
687
00:44:46,826 --> 00:44:49,786
you can do show start and a show run.
688
00:44:49,786 --> 00:44:51,316
Matter of fact, let me show you this.
689
00:44:51,396 --> 00:44:52,386
Let's just make a difference.
690
00:44:52,386 --> 00:44:54,556
Let's do a host name, Lalala [phonetic].
691
00:44:54,696 --> 00:45:02,276
All right, host name Lalala and
that I'm going to do a show run
692
00:45:02,896 --> 00:45:08,366
and there's my host name Lalala,
right there that's in RAM, the memory.
693
00:45:08,596 --> 00:45:13,556
Or I can do a show start-- show
startup config and you can see
694
00:45:13,556 --> 00:45:17,206
that the original name is CBT
switch so that's what's an NVRAM.
695
00:45:17,206 --> 00:45:21,776
So if I rebooted the device right now, it
reverse back to that original configuration
696
00:45:22,086 --> 00:45:26,436
where as right now, what's running was
actually active is the host name Lalala.
697
00:45:26,436 --> 00:45:31,636
So all these commands that I've typed without
saving the configuration will exist only in RAM.
698
00:45:32,596 --> 00:45:37,216
That now puts a base configuration
in place on our Cisco switch.
699
00:45:37,496 --> 00:45:40,326
Now keep in mind, in all of
that configuration that we did,
700
00:45:40,486 --> 00:45:45,926
we didn't really configure any features as in
the switch isn't operating any differently,
701
00:45:46,216 --> 00:45:51,636
all it is is having the ability to be
securely managed from a remote location
702
00:45:51,636 --> 00:45:55,606
so that we can do whatever we need that we can
enable some of the features that we're going
703
00:45:55,606 --> 00:45:59,166
to be talk about a little bit later
but this provides a foundation.
704
00:45:59,516 --> 00:46:08,236
So, what I would do is I would really encourage
you to flip back to that slide that I just was--
705
00:46:08,236 --> 00:46:11,156
I've been working through with the check box
that's showing here's the base configuration.
706
00:46:11,406 --> 00:46:15,986
If you have access to a Cisco
switch, let that be your test guide.
707
00:46:15,986 --> 00:46:18,826
So if you're preparing for
certification, you know that on the exam,
708
00:46:18,826 --> 00:46:24,166
there are going to be simulation questions
where you are working through, you know,
709
00:46:24,166 --> 00:46:28,026
practical examples of configuring
Cisco devices that feels real.
710
00:46:28,066 --> 00:46:32,086
And what I just showed you that base
configuration would be an example
711
00:46:32,086 --> 00:46:36,046
of one simulation where the simulation
question comes in and says, "Hey,
712
00:46:36,286 --> 00:46:38,176
this is what you need to configure it, now go."
713
00:46:38,176 --> 00:46:41,766
So, staring at that checklist not
really looking at any commands,
714
00:46:41,976 --> 00:46:44,376
see if you're able to configure a Cisco switch.
715
00:46:44,376 --> 00:46:47,076
If you don't have access to
a Cisco switch, that's okay,
716
00:46:47,076 --> 00:46:49,326
it will just be a little more difficult
'cause you don't have the help.
717
00:46:49,566 --> 00:46:53,146
Maybe just open Notepad or
Microsoft Word or something like that
718
00:46:53,146 --> 00:46:55,806
and just start typing the
commands that you would enter
719
00:46:55,806 --> 00:46:57,656
if you were in a simulated environment.
720
00:46:58,136 --> 00:47:01,846
That will get your base foundation
config ready for the upcoming nuggets.
721
00:47:02,136 --> 00:47:05,006
I hope this been informative for you
and like that thank you for viewing.
74924
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.