11.5.1 Packet Tracer – Basic Cisco Device Configuration Answers
Topology
Addressing Table
| IP Address: | Subnet Mask | |||
|---|---|---|---|---|
| # | Subnet | First Host Address | Last Host Address | Broadcast |
| 0 | ||||
Learning Objectives
- Configure Cisco router global configuration settings
- Configure Cisco router password access
- Configure Cisco router interfaces
- Save the router configuration file
- Configure a Cisco switch
Introduction:
In this lab students will configure common settings on a Cisco Router and Cisco Switch.
Given an IP address of 198.133.219.0/24, with 4 bits borrowed for subnets, fill in the following information in the table above in your notebook or on a separate sheet of paper. (Hint: fill in the subnet number, then the host address. Address information will be easy to compute with the subnet number filled in first)
Maximum number of usable subnets (including the 0th subnet)?
Number of usable hosts per subnet?
Task 1: Configure Cisco Router Global Configuration Settings
Step 1. Physically connect devices.
Connect the console or rollover cable to the console port on the router. Connect the crossover cable between the host computer’s network interface card (NIC) and Router interface Fa0/0. Connect a straight-through cable between the Router interface Fa0/1 and any of the switch’s interfaces
Ensure that power has been applied to the host computer, switch and router.
Step 2. Connect host computer to router through PT Terminal.
Start the PT Terminal program by clicking on Host1 | Desktop Tab | Terminal
Leave all values at default when you click terminal.
Step 3. Configure global configuration hostname setting.
What two commands may be used to leave the privileged exec mode?
What shortcut command can be used to enter the privileged exec mode?
Examine the different configuration modes that can be entered with the command configure?
Write down the list of configuration modes and description. From the privileged exec mode, enter global configuration mode:
router# configuration terminal router(config)#
What three commands may be used to leave the global configuration mode and return to the privileged exec mode?
What shortcut command can be used to enter the global configuration mode?
Set the device hostname to Router1:
router(config)# hostname Router1 Router1(config)#
How can the hostname be removed?
Step 4. Configure a MOTD banner.
In production networks, banner content may have a significant legal impact on the organization. For example, a friendly “Welcome” message may be interpreted by a court that an attacker has been granted permission to hack into the router. A banner should include information about authorization, penalties for unauthorized access, connection logging, and applicable local laws. The corporate security policy should provide policy on all banner messages. Create a suitable MOTD banner. Only system administrators of the ABC Company are authorized access, unauthorized access will be prosecuted, and all connection information will be logged.
Examine the different banner modes that can be entered. Write down the list of banner modes and description.
Router1(config)# banner ?
Choose a terminating character that will not be used in the message text. Configure the MOTD banner. The MOTD banner is displayed on all connections before the login prompt. Use the terminating character on a blank line to end the MOTD entry:
Router1(config)# banner motd % Enter TEXT message. End with the character '%' *** Unauthorized access is prohibited and will be prosecuted. *** % Router1(config)#
What is the global configuration command to remove the MOTD banner?
Task 2: Configure Cisco router password access
Access passwords are set for the privileged exec mode and user entry point such as console, aux, and virtual lines. The privileged exec mode password is the most critical password, since it controls access to the configuration mode.
Step 1: Configure the privileged exec password.
Cisco IOS supports two commands that set access to the privileged exec mode. One command, enable password, contains weak cryptography and should never be used if the enable secret command is available. The enable secret command uses a very secure MD5 cryptographic hash algorithm. Cisco says “As far as anyone at Cisco knows, it is impossible to recover an enable secret based on the contents of a configuration file (other than by obvious dictionary attacks).” Password security relies on the password algorithm, and the password. In production environments, strong passwords should be used at all times. A strong password consists of at least nine characters of upper and lower case letters, numbers, and symbols. In a lab environment, we will use weak passwords. Set the privileged exec password to class.
Router1(config)# enable secret class Router1(config)#
Step 2: Configure the console password.
Set the console access password to cisco. The console password controls console access to the router.
Router1(config)# line console 0 Router1(config-line)# password cisco Router1(config-line)# login
What is the command to remove the console password?
Step 3: Configure the virtual line password.
Set the virtual line access password to cisco. The virtual line password controls Telnet access to the router. In early Cisco IOS versions, only five virtual lines could be set, 0 through 4. In newer Cisco IOS versions, the number has been expanded. Unless a telnet password is set, access on that virtual line is blocked.
Router1(config-line)# line vty 0 4 Router1(config-line)# password cisco Router1(config-line)# login
Issue the command exit. What is the router prompt? What is the mode?
Router1(config-line)# exit
Issue the command end. What is the router prompt? What is the mode?
Task 3: Configure Cisco Router Interfaces
Step 1: Configure the router fa0/0 interface with the last usable address in the second subnet. (Subnet 1 in the address chart.)
Router1(config)# interface fa0/0 Router1(config-if)# description Connection to Host1 with crossover cable Router1(config-if)# ip address address mask Router1(config-if)# no shutdown Router1(config-if)# end Router1# Look for the interface to become active: *Mar 24 19:58:59.602: %LINEPROTO- 5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Step 2: Configure the router Fa0/1 interface with the last usable address in the third subnet. (Subnet 2 in the address chart.)
Router1(config)# interface fa0/1 Router1(config-if)# description Connection to switch with straight-through cable Router1(config-if)# ip address address mask Router1(config-if)# no shutdown Router1(config-if)# end Router1# Look for the interface to become active: *Mar 24 19:58:59.602: %LINEPROTO- 5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Step 3: Configure the host computer.
Configure the host computer for LAN connectivity. Recall that the LAN configuration window is accessed by clicking the PC going to the Desktop tab and then clicking IP configurations. Fill in the following fields:
IP Address: The first host address in the second subnet. (Subnet 1 in the address chart.)
Subnet Mask: The subnet mask
Default Gateway: The FastEthernet 0/0 IP Address on Router1
Step 4: Verify network connectivity.
Use the ping command to verify network connectivity with the router. If ping replies are not successful troubleshoot the connection:
What Cisco IOS command can be used to verify the interface status?
What Windows command can be used to verify host computer configuration?
What is the correct LAN cable between host1 and Router1?
Task 4: Save the Router Configuration File
Cisco IOS refers to RAM configuration storage as running-configuration, and NVRAM configuration storage as startup-configuration. For configurations to survive rebooting or power restarts, the RAM configuration must be copied into non-volatile RAM (NVRAM). This does not occur automatically, NVRAM must be manually updated after any changes are made.
Step 1: Compare router RAM and NVRAM configurations.
Use the Cisco IOS show command to view RAM and NVRAM configurations.
Write down one possible shortcut command that will display the contents of NVRAM. Display the contents of NVRAM. If the output of NVRAM is missing, it is because there is no saved configuration.:
Router1# show startup-config startup-config is not present Router1# Display the contents of RAM. Router1#show running-config
Use the output to answer the following questions:
How large is the configuration file?
What is the enable secret password?
Does your MOTD banner contain the information you entered earlier?
Do your interface descriptions contain the information you entered earlier?
Write down one possible shortcut command that will display the contents of RAM.
Step 2: Save RAM configuration to NVRAM.
For a configuration to be used the next time the router is powered on or reloaded, it must be manually saved in NVRAM. Save the RAM configuration to NVRAM:
Router1# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router1#
Write down one possible shortcut command that will copy the RAM configuration to NVRAM. Review the contents of NVRAM, and verify that the configuration is the same as the configuration in RAM.
Task 5: Configure a Cisco Switch
Cisco IOS switch configuration is (thankfully) similar to configuring a Cisco IOS router. The benefit of learning IOS commands is that they are similar to many different devices and IOS versions.
Step 1: Connect the host to the switch.
Move the console, or rollover, cable to the console port on the switch. Ensure power has been applied to the switch. In Hyperterminal, press Enter until the switch responds.
Step 2. Configure global configuration hostname setting.
Depending on router model and IOS version, your configuration may look slightly different. However, there should be no configured passwords. If your router does not have a default configuration, ask the instructor to remove the configuration. From the user exec mode, enter global configuration mode:
Switch> en Switch# config t Switch(config)# Set the device hostname to Switch1. Switch(config)# hostname Switch1 Switch1(config)#
Step 3: Configure the MOTD banner.
Create a suitable MOTD banner. Only system administrators of the ABC company are authorized access, unauthorized access will be prosecuted, and all connection information will be logged. Configure the MOTD banner. The MOTD banner is displayed on all connections before the login prompt. Use the terminating character on a blank line to end the MOTD entry. For assistance, review the similar step for configuring a router MOTD banner.
Switch1(config)# banner motd % Warning authorized access only.%
Step 4: Configure the privileged exec password.
Set the privileged exec password to class.
Switch1(config)# enable secret class Switch1(config)#
Step 5: Configure the console password.
Set the console access password to cisco.
Switch1(config)# line console 0 Switch1(config-line)# password cisco Switch1(config-line)# login
Step 6: Configure the virtual line password.
Set the virtual line access password to cisco. There are 16 virtual lines that can be configured on a Cisco IOS switch, 0 through 15.
Switch1(config-line)# line vty 0 15 Switch1(config-line)# password cisco Switch1(config-line)# login
