1.6.2 Packet Tracer – Configure Basic Router Settings – Physical Mode Answers

1.6.2 Packet Tracer – Configure Basic Router Settings – Physical Mode Answers

Topology

Addressing Table

Objectives

• Part 1: Set Up the Topology and Initialize Devices
• Part 2: Configure Devices and Verify Connectivity
• Part 3: Display Router Information

Background / Scenario

This is a comprehensive Packet Tracer Physical Mode (PTPM) activity to review previously covered IOS router commands. In Parts 1 and 2, you will cable the equipment and complete basic configurations and interface settings on the router.

In Part 3, you will use SSH to connect to the router remotely and use the IOS commands to retrieve information from the device to answer questions about the router.

For review purposes, this activity provides the commands necessary for specific router configurations.

Instructions

Part 1: Set Up the Topology and Initialize Devices

Step 1: Cable the network as shown in the topology.

a. Click and drag the Cisco 4321 ISR, the Cisco 2960 Switch, and the Server from the Shelf to the Rack.

b. Click and drag the PC from the Shelf to the Table.

c. Cable the devices as specified in the topology diagram. Use Copper Straight-through cables for network connections.

d. From the PC, connect a Console Cable to the Cisco 4321 ISR.

e. Power on the Cisco 4321 ISR, PC-A, and Server. The power button for Server is on the bottom right. The 2960 switch should power on automatically.

Part 2: Configure Devices and Verify Connectivity

Step 1: Configure the PC interfaces.

a. Configure the IP address, subnet mask, and default gateway settings on PC-A.

b. Configure the IP address, subnet mask, and default gateway settings on Server.

Step 2: Configure the router.

a. Console into the router and enable privileged EXEC mode.

Router> enable

b. Enter configuration mode.

Router# config terminal

c. Assign a device name to the router.

Router(config)# hostname R1

d. Set the router’s domain name as ccna-lab.com.

R1(config)# ip domain-name ccna-lab.com

e. Encrypt the plaintext passwords.

R1(config)# service password-encryption

f. Configure the system to require a minimum 12-character password.

R1(config)# security passwords min-length 12

g. Configure the username SSHadmin with an encrypted password of 55Hadm!n2020.

R1(config)# username SSHadmin secret 55Hadm!n2020

h. Generate a set of crypto keys with a 1024 bit modulus.

R1(config)# crypto key generate rsa general-keys modulus 1024

i. Assign $cisco!PRIV* as the privileged EXEC password.

R1(config)# enable secret $cisco!PRIV*

j. Assign $cisco!!CON* as the console password. Configure sessions to disconnect after four minutes of inactivity, and enable login.

R1(config)# line console 0
R1(config-line)# password $cisco!!CON*
R1(config-line)# exec-timeout 4 0
R1(config-line)# login

k. Assign $cisco!!VTY* as the vty password. Configure the vty lines to accept SSH connections only. Configure sessions to disconnect after four minutes of inactivity, and enable login using the local database.

R1(config)# line vty 0 4
R1(config-line)# password $cisco!!VTY*
R1(config-line)# exec-timeout 4 0
R1(config-line)# transport input ssh
R1(config-line)# login local

l. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.

R1(config)# banner motd $ Authorized Users Only! $

m. Enable IPv6 routing.

R1(config)# ipv6 unicast-routing

n. Configure all three interfaces on the router with the IPv4 and IPv6 addressing information from the addressing table above. Configure all three interfaces with descriptions. Activate all three interfaces.

R1(config)# interface g0/0/0
R1(config-if)# ip address 192.168.0.1 255.255.255.0
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# ipv6 address 2001:db8:acad::1/64
R1(config-if)# description Connection to Server
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface g0/0/1
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# description Connection to S1
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# interface loopback0
R1(config-if)# ip address 10.0.0.1 255.255.255.0
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# ipv6 address 2001:db8:acad:2::1/64
R1(config-if)# description loopback adapter
R1(config-if)# no shutdown
R1(config-if)# exit

The router should not allow vty logins for two minutes if three failed login attempts occur within 60 seconds.

R1(config)# login block-for 120 attempts 3 within 60
R1(config)# exit

o. Set the clock on the router.

R1# clock set 15:20:00 12 Nov 2020

p. Save the running configuration to the startup configuration file.

R1# copy running-config startup-config

What would be the result of reloading the router prior to completing the copy running-config startup-config command?
The contents of the running configuration in RAM would be erased during reload. As a result, the router would boot up without a startup configuration and the user would be asked if they would like to enter initial configuration dialog.

Step 3: Verify network connectivity.

a. Using the command line at PC-A, ping the IPv4 and IPv6 addresses for Server.

Were the pings successful? Yes

b. From PC-A, remotely access R1 using the Telnet / SSH client.

Using the Telnet / SSH client on PC-A, open an SSH session to the R1 Loopback interface IPv4 address. Ensure that the Connection Type is set to SSH and use SSHadmin as the username. When prompted, enter the password 55Hadm!n2020.

Was remote access successful? Yes

c. Using the Telnet / SSH client on PC-A, open an SSH session to the R1 Loopback interface IPv6 address. Ensure that the Connection Type is set to SSH and use SSHadmin as the username. When prompted, enter the password 55Hadm!n2020.

Was remote access successful? Yes

Why is the Telnet protocol considered to be a security risk?
A Telnet session can be seen in plaintext. It is not encrypted. Passwords can easily be seen using a packet sniffer.

Part 3: Display Router Information

In Part 3, you will use show commands from an SSH session to retrieve information from the router.

Step 1: Establish an SSH session to R1.

Using Telnet / SSH client on PC-A, open an SSH session to the R1 Loopback interface IPv6 address and log in as SSHadmin with the password 55Hadm!n2020.

Step 2: Retrieve important hardware and software information.

a. Use the show version command to answer questions about the router.

R1# show version
Cisco IOS XE Software, Version 03.16.05.S – Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version Version 15.5 (3)S5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Thu 19-Jan-17 11:24 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2017 by cisco Systems, Inc.
All rights reserved.Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License (“GPL”) Version 2.0.The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.For more details, see the
documentation or “License Notice” file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
Router uptime is 1 days, 23 hours, 24 minutes, 3 seconds
Uptime for this control processor is 1 days, 23 hours, 24 minutes, 3 seconds
System returned to ROM by power-on
System image file is “bootflash:/isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin”
Last reload reason: PowerOn
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Suite License Information for Module:’esg’
——————————————————————————–
SuiteSuite CurrentTypeSuite Next reboot
——————————————————————————–
FoundationSuiteK9NoneNoneNone
securityk9
appxk9
AdvUCSuiteK9NoneNoneNone
uck9
cme – srst
cube
Technology Package License Information:
————————————————————————
TechnologyTechnology-packageTechnology-package
CurrentTypeNext reboot
————————————————————————
appxk9NoneNoneNone
uck9NoneNoneNone
securityk9securityk9Permanentsecurityk9
ipbaseipbasek9Permanentipbasek9
securitysecurityk9Permanentsecurityk9
ipbaseipbasek9Permanentipbasek9
cisco ISR4321/K9 (1RU) processor with 1687137K/6147K bytes of memory.
Processor board ID FLM2041W2HD
2 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3223551K bytes of flash memory at bootflash:.
Configuration register is 0x2102

What is the name of the IOS image that the router is running?
Image version may vary but in this PTLC, it is isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin.

How much non-volatile random-access memory (NVRAM) does the router have?
Answers may vary, but in this PTLC, it is 32768K bytes of NVRAM.

How much Flash memory does the router have?
Answers may vary but in this PTLC, it has 3223551K bytes of flash memory.

b. The show commands often provide multiple screens of outputs. Filtering the output lets you display certain sections of the output. To enable the filtering command, enter a pipe (|) character after a show command, followed by a filtering parameter and a filtering expression. You can match the output to the filtering statement by using the include keyword to display all lines from the output that contain the filtering expression. Filter the show version command, using show version | include register to answer the following question.

R1# show version | include register
Configuration register is 0x2102

What would be the boot process for the router on the next reload if the configuration register was 0x2142?
In most cases the configuration register will have a value of 0x2102 signifying that the router will undergo a normal boot, load the IOS from the Flash memory, and load the startup configuration from the NVRAM if present. If the config register is 0x2142, the router will bypass the startup config and begin at the user-mode command prompt. If the initial boot fails, the router goes into ROMMON mode.

Step 3: Display the startup configuration.

a. Use the show startup-config command on the router to answer the following question.

R1# show start
Using 1520 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
security passwords min-length 12
!
hostname R1
!
login block-for 120 attempts 3 within 60
!
!
enable secret 5 $1$mERr$2q6B19eTeuK92k7m8Bhgz/
!
!
no ip cef
ipv6 unicast-routing
!
no ipv6 cef
!
!
username SSHadmin secret 5 $1$mERr$fuFUxOtVJZMfnQOcoB7vt/
!
!
no ip domain-lookup
ip domain-name ccna-lab.com
!
!
spanning-tree mode pvst
!
!
interface Loopback0
description loopback adapter
ip address 10.0.0.1 255.255.255.0
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:ACAD:2::1/64
!
interface GigabitEthernet0/0/0
description Connection to Server
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:ACAD::1/64
!
interface GigabitEthernet0/0/1
description Connection to S1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
ipv6 address FE80::1 link-local
ipv6 address 2001:DB8:ACAD:1::1/64
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
ip access-list extended sl_def_acl
deny tcp any any eq telnet
deny tcp any any eq www
deny tcp any any eq 22
permit tcp any any eq 22
!
banner motd ^C Authorized Users Only! ^C
!
!
line con 0
exec-timeout 4 0
password 7 08654F471A1A0A565328232A60
login
!
line aux 0
!
line vty 0 4
exec-timeout 4 0
password 7 08654F471A1A0A56533D383D60
login local
transport input ssh
!
!
end
!

How are passwords presented in the output?
Passwords are encrypted because of the service password-encryption command.

b. Use the show running-config | section vty command.

R1# show running-config | section vty
line vty 0 4
exec-timeout 4 0
password 7 08654F471A1A0A56533D383D60
login local
transport input ssh

What is the result of using this command?
A user receives the startup configuration output, beginning with the line that includes the first instance of the filtering expression.

Step 4: Display the routing table on the router.

Use the show ip route command on the router to answer the following questions.

R1# show ip route
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
a – application route
+ – replicated route, % – next hop override, p – overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C10.0.0.0/24 is directly connected, Loopback0
L10.0.0.1/32 is directly connected, Loopback0
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C192.168.0.0/24 is directly connected, GigabitEthernet0/0/0
L192.168.0.1/32 is directly connected, GigabitEthernet0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L192.168.1.1/32 is directly connected, GigabitEthernet0/0/1

What code is used in the routing table to indicate a directly connected network?
The C designates a directly connected subnet. An L designates a local interface. Both answers are correct.

How many route entries are coded with a C code in the routing table? 3

Step 5: Display a summary list of the interfaces on the router.

a. Use the show ip interface brief command on the router to answer the following question.

What command changed the status of the Gigabit Ethernet ports from administratively down to up?

b. Use the show ipv6 int brief command to verify IPv6 settings on R1.

R1# show ipv6 interface brief
GigabitEthernet0/0/0 [up/up]
FE80::1
2001:DB8:ACAD::1
GigabitEthernet0/0/1 [up/up]
FE80::1
2001:DB8:ACAD:1::1
Loopback0 [up/up]
FE80::1
2001:DB8:ACAD:2::1
Vlan1 [administratively down/down]
unassigned

What is the meaning of the [up/up] part of the output?
The [up/up] status reflects the Layer 1 and Layer 2 status of the interface and does not rely on Layer 3 for status.

c. On Server, change its configuration so that it no longer has a static IPv6 address. Then, issue the ipconfig command on Server to examine the IPv6 configuration.

What is the IPv6 address assigned to Server?
Answers will vary. IPv6 address of 2001:db8:acad:a:d428:7de2:997c:b05a

What is the default gateway assigned to Server?
fe80::1

From PC-B, issue a ping to the R1 default gateway link local address. Was it successful?
Yes

From Server, issue a ping to the R1 IPv6 unicast address 2001:db8:acad::1. Was it successful?
Yes

Reflection Questions

1. In researching a network connectivity issue, a technician suspects that an interface was not enabled. What show command could the technician use to troubleshoot this issue?
Answers may vary. However, show ip interface brief or show interfaces or show startup-config would provide the information.

2. In researching a network connectivity issue, a technician suspects that an interface was assigned an incorrect subnet mask. What show command could the technician use to troubleshoot this issue?
Answers may vary. show startup-config or show running-config or show interfaces or show protocols will provide the information.

Download Packet Tracer (.pka) file:

1.6.2 Packet Tracer - Configure Basic Router Settings - Physical Mode .pka

1 file(s) 508.10 KB

Download