Basic Networking

We will go over how basic networking works, how to configure it, and how to troubleshoot some common issues we may run into.

Introduction

One of the basic functions of Defensive Cyber Operations (DCO) is a general understanding of how data travels between networked systems. In order to do this, there are a few key pieces of information you will need to know to configure a very basic switch or router and how to integrate those devices with a customer network.

This document will demonstrate from the perspective of Cisco Networking Devices

Switching

Switch> Non-privileged mode

Swtich# Privileged EXEC mode (Elevated Privileges)

Switch(config)# Global Configuration Mode

Please take note of the mode the terminal is in when performing actions

Setting your hostname

Switch> enable
Switch# conf t
Switch(config)# hostname Test-Switch
Test-Switch(config)#

Setting your password

Switch(config)# enable secret <password>

Creating a VLAN and Setting the Name

A VLAN is a way to logically break up networks that share the same physical LAN. Such as if you had two completely different networks communicating over the same switch, you would configure two VLANS and perform Inter-VLAN routing.

Switch(config)# int vlan <#>
Switch(config-vlan)# name <name>

Assign an Interface to a VLAN

Switch(config)# interface <int>
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan <#>

Assigning an IP to a VLAN

Switch(config)# int vlan <#>
Switch(config-if)# ip address <ip> <net-mask>

Inter-VLAN Routing

There are two primary methods of performing Inter-VLAN routing. The first is the easiest but requires a layer 3 Switch. The second is slightly more complex and requires a layer 2 switch and a router. Method two is typically used on legacy kits.

Method 1 - Layer 3 Switching

Switch(config)# ip routing

Method 2 - Router on a Stick

# Step 1 is to configure the port on the switch that is connected to the router
Switch(config)# int <switch_interface>
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk encapsulation dot1q

# Step 2 is to configure vlans and ports on the switch. See earlier
# portions of this document for instructions on how to do that.

# Step 3 Create Sub-Interfaces on the router
Router(config)# int <router_interface>.<vlan>
Router(config-subif)# encapsulation dot1q <vlan>
Router(config-subif(# ip address <vlan-ip> <netmask>

Clearing a Switch

Switch(config)# write erase
Switch(config)# reload
Switch(config)# delete flash:vlan.dat
#the above line deletes VLAN data
Switch(config)# reload

#OR

Switch(config)# clear config all
Switch(config)# reload

# Each option works on different switches. I have the most luck with option 1

Port Security

Switch(config)# int <access_interface>
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security violation {restrict | shutdown}
Switch(config-if)# switchport port-security mac-address {sticky | <value>}
# Sticky will pull the next plugged-in MAC and make that the only allowed one.
# Inserting the value will only allow that specific MAC

# To verify Port security worked
Switch(config)# show port-security

# To Clear Port security
Switch(config-if)# shutdown
Switch(config-if)# no switchport port-security mac-address sticky <mac>
Switch(config-if)# no shutdown

DHCP

# Create A Pool
Switch(config)# ip dhcp excluded-address <any_address>
Switch(config)# ip dhcp pool <name>
Switch(dhcp-config)# network <ip>
Switch(dhcp-config)# default-router <gateway>
Switch(dhcp-config)# dns-server <dns>

# Then place a vlan and interface inside the range of this dhcp pool and it will
# automatically apply

Remote Access

Switch(config)# username <user> secret <pass>
Switch(config)# crypto key generate rsa encryption modules 2048
Switch(config)# line vty 0 10
Switch(config)# transport input ssh
Switch(config)# ip ssh version 2
Switch(config)# login local
# You can then SSH to your default gateway when plugged into the switch

Spanning

Switch(config)# monitor session <#> source interface <#>
Switch(config)# monitor session <#> destination interface <#>

PreviousCertification Roadmap NextBasic Gigamon Configuration

Last updated 2 years ago