Time
15 hours 34 minutes
Difficulty
Intermediate
CEU/CPE
16

Video Description

Cisco IOS Lab (part 2) OS Modes Now that you've learned about router RAM, let's look at each of the modes of the Cisco Operating System and why they are each uniquely important. We'll examine what the Global Configuration Mode is and how it impacts the function and operation of the entire router, and how that differs from changes made in other modes. You'll also learn about keyboard shortcuts, which you can use to configure and should use to exit, and how to configure encrypted and unencrypted passwords.

Video Transcription

00:04
The next mood we're gonna go to is the mode that we do most of our configurations from, or
00:12
the mood that we have to go to first
00:15
before we do most of our configurations.
00:18
So to go up one mood, I'm gonna type configure
00:24
terminal.
00:25
Now I don't have to type in the whole command.
00:28
I can just type in config
00:31
and the letter t space and then the letter t
00:35
hit Enter
00:36
and it will work.
00:38
So when I type in configure terminal
00:41
and hit enter, it takes me to global configuration mode. I repeat,
00:47
this mode is called the Global Configuration mode.
00:52
Any changes made to the router or the switch or the Cisco device from this mode
00:59
will affect the device as a whole.
01:03
Later on,
01:06
today or tomorrow you will see that I can change or make configuration changes two parts off a router
01:15
from the other modes. However,
01:18
any changes I make to the Cisco device from this mode or the router in this case from this mode will affect the router as a whole.
01:29
Now to go back
01:30
from config mode
01:32
to prove mode,
01:34
I can type in exit
01:38
Okay, So I showed you that I can type exit and go back.
01:42
Now let's go back to convict mode. So as I said, I can just type c o N f I g and then the letter t
01:51
It will take me back to CONFIG mode
01:53
or I could type end.
01:57
That too will take me back to privilege mode.
02:00
Once again, I'm gonna go back to config mode
02:07
or Global Configuration mode.
02:09
So the two commands that take me back are either exit
02:15
or end
02:16
or control Z
02:20
So this is control Z right here.
02:23
Control Z will do the same.
02:27
It will take me back all the way
02:30
to prison mode.
02:30
Now what is the difference between exit
02:34
and end? I will show you in a little bit
02:37
Control Z, however, is the same as end
02:40
control Z
02:43
and end
02:46
Take me no matter where I am back all the way to prove mode
02:52
So let me go back to config mode or contribute global config mode.
02:58
And the first command I'm going to show you is how to assign the router a name.
03:05
So I'm going to assign.
03:07
Since this is rather one
03:09
we see this is our one
03:12
This is
03:14
I'm gonna sign it.
03:15
A name of router one. So the command is
03:20
host name,
03:21
followed by whatever you're gonna name the device.
03:24
I'm gonna say lower case R and then one.
03:29
And when I hit enter, you notice that the prompt change from router config pound sign to our one config pound sign. So at this point, I have changed the router name.
03:45
Now
03:46
I'm gonna exit out,
03:51
go back to prove mode
03:53
because I want to show you something and type in some gibberish. Let's let's
03:58
let's say I was gonna type in configure Terminal
04:10
and I misspell it.
04:14
So for some reason, I misspelled configure terminal and I hit Enter.
04:23
It actually did not do what I was expecting you to do. So let's just type in gibberish and
04:28
we will see that Just pretend that this is a miss type.
04:31
Okay, so that's what I wanted it to do.
04:34
You see
04:36
that?
04:38
This 255255255255 We haven't covered i p address ing yet, but I'm telling you right now and take it. Take my word for it. This is a broadcast message. Ah, broadcast message is set to from one device to everybody, as I mentioned earlier,
04:55
and here it says, Domain server.
04:58
So what this device or this router is actually doing when you fat finger command or when you
05:03
miss type a command?
05:09
The router actually thinks that it is a domain name.
05:13
Now. What is the domain?
05:15
If I were to ask, you, give me the I P address and again keeping in mind you don't know how I p address ING works. But
05:26
give me the idea, and I p address is an address that
05:30
routers used to get you places to get you to
05:33
websites to get you to servers to get you to other networks. So let's say I ask you, what is the I p address for google dot com?
05:43
You wouldn't know because you have never had to type in the i p Address for google dot com in your browser to get to google dot com,
05:50
you simply know the words Google
05:54
or www dot google dot com
05:58
that those words www dot google dot com is a domain name,
06:04
and when you type in www dot google dot com in your browser, your PC actually sends out a request
06:14
on the network
06:15
looking for a server
06:18
that has in it in its database stored. Www dot google dot com and the i p address. Associate ID with that domain name.
06:30
So your PC actually sends out a request called a domain name request
06:34
to the domain name server, which is holding the binding between google dot com and its i p address. And it asks the domain name server Hey, I need to go to google dot com. Could you please return me back? The I pee once that server turns you back the I. P or your machine that i p
06:55
then you go to google dot com.
06:58
Now, when a fat finger command or a type in some gibberish which is supposed to simulate me, Miss typing
07:04
your router actually sends out
07:08
a domain server request asking, Hey, who is the guy on this network here that is holding all the bindings between domain names and I P addresses?
07:19
This guy actually is looking for a domain server.
07:25
Now, in this lab, we don't have a domain server, so
07:30
we need to turn this feature off. Otherwise, every time I'm sitting here and I miss type of command. We're gonna see this. And this doesn't go away for a while about I think, 60 seconds. I'm not going to sit here in 60 seconds of silence to make this go away.
07:46
But just in case out of frustration, you hit enter a few times and you can hear me hitting. Enter.
07:51
This will do a domain server search for every enter key that you have pressed.
07:58
Which 60 seconds perky is really annoying.
08:03
So what we do is weak press control shift and six
08:07
once again, that is control shift and six
08:13
at the same time.
08:15
And look what it says.
08:16
That is the brake sequence. It says his name. Look up aborted.
08:20
However, how about we not have this happen in the first place? That would be nice. So all configuration changes that apply to the whole router are done from conflict mode to go toe config Modi type and configure terminal
08:35
I hit Enter
08:37
now I'm in config mode
08:39
because my prop changed to config
08:43
and I'm going to say no,
08:46
I p
08:48
I don't mean
08:52
dash
08:54
Look up!
08:54
So no, I p domain hyphen Look up
08:58
and I hit. Enter
09:01
and that should have turned off
09:03
my domain
09:05
server search for when I miss type of command.
09:07
Let's test it out,
09:09
exit out back to privilege mode,
09:13
type some gibberish again
09:16
and hit. Enter.
09:18
And we find that this time, instead of doing
09:22
a domain look up or sending out a broadcast looking for a domain name server,
09:28
it just simply states
09:30
unknown commander, computer name or unable to find computer address. It just simply does not do the domain server search.
09:41
Okay, I'm gonna go back to Mike and FIG mode.
09:46
The next command we're going to see
09:50
is how to set a password.
09:52
Now these devices
09:54
control traffic between organizations. These devices control traffic between that, say your organization and a bank or to hospitals.
10:01
And it is very easy for somebody to log into this device and just simply erase it
10:09
and take that lead link between Let's, say, two hospitals that could spell disaster for a lot of doctors and a lot of patients. So these devices need to be password protected.
10:22
The first password we're going to set
10:28
is the password required
10:31
to go from
10:31
user mode to privilege mode called the Enable password.
10:37
So the command for that is
10:39
enable
10:41
space password
10:45
space. If I say a question mark, if I used the help feature at this point, it is asking me, Do I need to set a level? Don't worry about this.
10:56
This is asking me if I want to set a password for privilege mode 10 for example, or John Privileged level that we were talking about for mode. 15 14. We're not going to go into that.
11:09
The next thing is asking for me for his line.
11:13
So a clear text password.
11:16
So let's go ahead and type in the password, and we'll keep it simple. Will say Cisco
11:22
and hit Enter.
11:24
So at this point, the enable password or the password to go from privilege mode to enable mode should be set to Sisko.
11:35
Let's test it out.
11:37
A good rule of thumb guys.
11:39
When you make a change on a Cisco device
11:43
immediately, make sure that change works.
11:48
So one change followed by one test.
11:52
Another change, followed by another test. Don't make 10 changes to a router and then go start testing because then you don't know which one of those changes caused for the test to fail.
12:05
then you basically have to one by one. Remove all the changes until it fixes itself. You're creating more work for yourself. Test the change immediately after you make it. So if it doesn't work, you know what command caused the problem.
12:20
It was the one you did right before he started testing.
12:24
So I'm going to test this. Go to say, exit, but exit out
12:28
back to prison mode.
12:30
Then I'm going to say Disable,
12:33
which gets me back to
12:35
user mode. So keep track
12:39
as you watch this video off the prompt. When I said exit took me from CONFIG mode
12:45
to prep mode when I said disable
12:48
took me from
12:48
prove mode, which would the pound sign to the greater than sign, which is user mode,
12:54
as I worked through these labs with you
12:58
Always, always keep track of the prompt. That's how you know where you are.
13:05
No,
13:07
we set a password right here.
13:11
Enable password Cisco.
13:13
So when I tried to
13:15
execute the enable Command, or when I try to go from user mode to privilege mode,
13:20
it should ask me for a password
13:26
and I say enable
13:30
and I hit enter and has a
13:33
it asked me for a password, which I set to the word Cisco.
13:37
So let's type and Cisco
13:39
and hit Enter
13:43
now
13:45
a word of warning.
13:46
When you're typing in your passwords
13:48
tie pins that say it Cisco type and C I s c o n er
13:54
If you by accident say C I s C o space, enter your password is going to be Cisco Space Center.
14:03
And when you later on are looking at your passwords, you can't see that enter or that space and you assume your password it Cisco. And for some reason, you cannot log into your outer because Cisco won't work.
14:15
Be careful with that. If you hit, Enter that space Key
14:20
is part of the password.
14:22
So once again disabled, go back to prove mode. When I try and enable and go back to user mode. It asked me for a password
14:31
and I said it to Sisko,
14:33
which we did with the command enable password Cisco
14:37
moving up
14:41
now. Remember, I said
14:43
around her has three types of memories.
14:46
The 1st 1 I covered was your
14:50
random access memory or your ram,
14:52
and in your ram, you store your current running config or you're running configuration. The configuration changes that you have made. Right now,
15:03
I haven't saved the changes I've made yet. I made two changes. I've created a password for the enable approved mode. And I have changed the router host name to our one
15:13
from just router from the word router.
15:16
These changes are reflected in your running configuration.
15:20
If, at this point, I power cycle, the router,
15:24
these these passwords and this host name will be gone
15:28
because they only reside in my running configuration, which is in my ram.
15:35
So shall we test this out? Well, why not?
15:39
I'm going to polish cycle my router
15:41
with the reload command
15:45
and I'm going to confirm
15:50
now, remember, I haven't said it to my password, and I haven't saved my post name.
15:54
What happened?
15:56
I had nothing in my startup config, which is envy, Ram. I had not transferred the contents of
16:03
my running config or ram to my start of config or envy Ram or non volatile Ram. Since I had not done the transfer or the save, I come back with a blank router.
16:15
I'm going to quickly bring it back to where we were, so I had control C to pop out of
16:22
the initial dialogue.
16:23
Okay.
16:25
And I'm going to give it a host name. Are one
16:30
enable
16:32
password Cisco and no, I d
16:37
domain. Look up. So these are the changes we had made up until now,
16:42
and we're back to where we were.
16:45
Oops, I named it are two. Let me fix that.
16:48
Whose name? See, I don't have to type in the whole command the least amount of letters that makes a command unique.
16:56
We'll work. So the only command that starts with the letters H U S t is a command hosting even H O s, I believe works.
17:03
So the letters h us make the command host named unique. Since it's the only command
17:10
that exists with the 1st 3 letters at us and I can see are one and are too if you keep your eye on, it will change to our one.
17:21
All right. So let's look at our running configuration or our ramp
17:25
show
17:26
running config. I could have just said Sure, ru n and it would've worked just the same because once again, to ram the point home.
17:37
If I say show, run and question mark the only command that exists with the 1st 3 letters R U N is the command running config
17:48
I'm gonna hit, enter.
17:49
And here the changes we have made
17:52
say's host name are one
17:56
enable password Cisco
17:57
I believe that. No, I'd be domain. Look up commanders here. These other commands are there by default, so don't worry about them right now.
18:06
We will look at them later.
18:07
But the three changes have made close Neymar one
18:11
enable password Cisco
18:14
and no, I p Domain. Look up
18:18
now
18:19
is it a good thing
18:21
that I see my password right here on screen when I look at my running configuration
18:26
by executing the command show running convict?
18:30
Nope, that's not a good thing.
18:33
What if you're at work and you're looking at your running convict or you have executed the command show running conflict
18:38
and somebody that doesn't like you is standing behind you drinking coffee and they see that your password is Cisco
18:45
and then you walk away from
18:48
your table to go get coffee or use the restroom or whatever
18:51
and they log into your outer because they dislike you
18:55
executing your password and then they erase the router
18:59
who's in trouble.
19:00
You are because the last password used to log into the router was yours.
19:06
You are responsible for your own password, so this is not a good thing.
19:08
So we're gonna go ahead and encrypt this password.
19:11
So once again, I'm going to go into Mac and Global CONFIG mode with the command configure terminal.
19:21
And from tomorrow on, I'm going to start shortening these commands. Who config tea. Right now, these commands are new to you. So I'm making sure I taped the whole thing out,
19:30
and I'm going to execute the command, enable
19:36
Okay,
19:37
secret
19:40
and then
19:42
followed by a password.
19:45
So I'm gonna say enable secret.
19:48
Uh, let's make it
19:51
Bob White out.
19:52
We just need a word.
19:56
So enable Secret Bob.
19:57
No,
19:59
Let's look at our running conflict
20:00
and let's see if we can see Mr Bob here.
20:04
So how do we look at our running config?
20:07
We execute the command show
20:10
running conflict
20:11
and I hit Enter.
20:15
Now,
20:17
The previous password we had was Cisco, which is your un encrypted password.
20:22
We can still see that
20:26
the other password, Bob, You see this line of gibberish?
20:32
That's Bob.
20:33
Poor Bob.
20:34
Anyways,
20:37
that is our on, but that is our encrypted password. So when we executed the command enable secret we are creating an encrypted password, something that somebody standing behind you as you look at your running config can't figure out.
20:55
So I don't know anybody that can look at this line and come up with Bob on the spot.
21:03
Now this password uses the number five stands for Message Digest five or MD five uses the N B five
21:14
algorithm or encryption method,
21:17
which is a pretty strong encryption.
21:19
It take takes years to break
21:22
No
21:25
weaken. As you see, we can still see Cisco. So let's test out to see which one of these passwords actually works.
21:32
So I'm going to say disable and go back to print mode.
21:37
And now I'm going to try and get back into my Oh, I'm going to say disable sorry and go back to user mode with the greater than sign.
21:45
And now I'm going to try and get back into my privilege mode.
21:49
So to get back to privilege mood, I type in enable
21:53
hit enter
21:55
and I get prompted for a password. I'm gonna try Cisco first C I s C. o
22:02
nothing.
22:03
Let's try Bob.
22:06
And it worked.
22:08
So the fact that somebody standing behind you can visually see Cisco doesn't help them now, does it? They can type Cisco all they want to try and log into your outer.
22:19
It won't work. The one that'll work is the encrypted one.
22:25
Now, at your work, you're not actually gonna set and enable password You're just gonna set in enable secret.
22:30
The reason I showed you this is because it's part of the exam in part of the course. But the general practices you don't even set and enable password. And then the password. You just had an enable secret, and then the password.

Up Next

Cisco CCNA

Our free, online, self-paced CCNA training teaches students to install, configure, troubleshoot and operate LAN, WAN and dial access services for medium-sized networks. You'll also learn how to describe the operation of data networks.

Instructed By

Instructor Profile Image
Junaid Memon
Instructor