19.4.4 Packet Tracer – Build a Switch and Router Network Answers
Addressing Table
| Device | Interface | IP Address | Subnet Mask | Default Gateway |
|---|---|---|---|---|
| R1 | G0/0/0 | 192.168.0.1 | 255.255.255.0 | N/A |
| G0/0/1 | 192.168.1.1 | 255.255.255.0 | N/A | |
| S1 | VLAN 1 | 192.168.1.2 | 255.255.255.0 | 192.168.1.1 |
| PC-A | NIC | 192.168.1.3 | 255.255.255.0 | 192.168.1.1 |
| PC-B | NIC | 192.168.0.3 | 255.255.255.0 | 192.168.0.1 |
Objectives
Part 1: Configure Devices and Verify Connectivity
- Assign static IP information to the PC interfaces.
- Configure the router and switch.
- Verify network connectivity.
Part 2: Display Device Information
- Retrieve hardware and software information from the network devices.
- Interpret the output from the routing table.
- Display interface information on the router.
- Display a summary list of the interfaces on the router and switch.
Part 3: Secure Remote Access to the Router
- Set the IP domain name and generate secure keys.
- Create an SSH user and configure VTY lines for SSH-only access.
- Verify SSH Implementation.
Background / Scenario
In this lab, you will cable the equipment and configure the devices to match the Addressing Table. After the configurations have been saved, you will verify your configurations by testing for network connectivity.
After the devices have been configured and network connectivity has been verified, you will use IOS commands to retrieve information from the devices to answer questions about your network equipment. You will also access the router remotely via SSH.
Instructions
Part 1: Configure Devices and Verify Connectivity
In Part 1, you will set up the network topology and configure basic settings, such as the interface IP addresses, device access, and passwords. Refer to the Addressing Table at the beginning of this activity for device names and address information.
Step 1: Connect the devices.
The devices are already deployed in the workspace. You will connect them using the correct cables between the devices as listed below:
- • Connect PCA F0 to S1 F0/1.
- • Connect S1 G0/1 to R1 G0/0/1.
- • Connect R1 G0/0/0 to PCB F0.
Step 2: Assign static IP information to the PC interfaces.
1. Configure the IP address, subnet mask, and default gateway settings on PC-A.
2. Configure the IP address, subnet mask, and default gateway settings on PC-B.
3. Ping PC-B from a command prompt window on PC-A.
Why were the pings not successful?
The router interfaces (default gateways) have not been configured yet so the traffic is not being routed between subnets.
Step 3: Configure R1.
1. Console into the router and enable privileged EXEC mode. (Hint: Use console cable and terminal on a PC)
2. Enter configuration mode.
3. Assign a device name to the router according to the Addressing Table.
4. Assign class as the privileged EXEC encrypted password.
5. Assign cisco as the console password and enable login.
6. Encrypt the plaintext passwords.
7. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
8. Configure the IP addresses according to the Addressing Table and activate both Ethernet interfaces on the router.
9. Save the running configuration to the startup configuration file.
Were the pings successful? Explain.
Yes. The router is routing the ping traffic across the two subnets. The default settings for the 2960 switch will automatically enable the interfaces that are connected to devices.
Step 4: Configure S1.
Note: Most of the commands on the switch are similar to the commands on the router in this step. Use the help (?) context as necessary.
1. Console into the switch and enable privileged EXEC mode.
2. Enter configuration mode.
3. Assign a device name to the switch according to the Addressing Table.
4. Assign class as the privileged EXEC encrypted password.
5. Assign cisco as the console password and enable login.
6. Encrypt the plaintext passwords.
7. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
8. Configure the IP address for the SVI for VLAN 1 according to the Addressing Table and activate the interface.
9. Configure the default gateway according to the Addressing Table.
10. Save the running configuration to the startup configuration file.
Part 2: Display Device Information
Step 1: Retrieve hardware and software information from the network devices.
1. Use the show version command to answer the following questions about the router.
R1# show version Cisco IOS XE Software, Version 03.16.05.S – Extended Support Release Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5 (3)S5, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Thu 19-Jan-17 11:24 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2017 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License (“GPL”) Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or “License Notice” file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: IOS-XE ROMMON Router uptime is 1 hours, 23 minutes, 33 seconds Uptime for this control processor is 1 hours, 23 minutes, 33 seconds System returned to ROM by power-on System image file is “bootflash:/isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin” Last reload reason: PowerOn <output omitted>
What is the name of the IOS image that the router is running?
isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin.
2. Use the show version command to answer the following questions about the switch.
S1# show version Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 12-Oct-05 22:05 by pt_team ROM: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4) System returned to ROM by power-on Cisco WS-C2960-24TT (RC32300) processor (revision C0) with 21039K bytes of memory. 24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) <output omitted> Switch Ports Model SW Version SW Image —— —– —– ———- ———- * 1 26 WS-C2960-24TT 12.2 C2960-LANBASE-M Configuration register is 0xF
What is IOS software image and version running on the switch?
Software image is c2960-lanbase–m and software version is12.2.
What is the model number of the switch?
WS-C2960-24TT.
Step 2: Display the routing table on the router.
Use the show ip route command on the router to answer the following questions.
R1# show ip route
<output omitted>
Gateway of last resort is not set
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.0.1/32 is directly connected, GigabitEthernet0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0/1
What code is used in the routing table to indicate a directly connected network?
The C designates a directly connected network. An L designates a local interface. Both answers are correct.
How many route entries are coded with a C code in the routing table?
2
What interface types are associated to the C coded routes?
G0/0/0 and G0/0/1
Step 3: Display interface information on the router.
Use the show interface g0/1 to answer the following questions.
R1# show interfaces g0/0/1 GigabitEthernet0/0/1 is up, line protocol is up (connected) Hardware is Lance, address is 00d0.bcaa.5702 (bia 00d0.bcaa.5702) Internet address is 192.168.1.1/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Full-duplex, 100Mb/s, media type is RJ45 ARP type: ARPA, ARP Timeout 04:00:00, Last input 00:00:08, output 00:00:05, output hang never Last clearing of “show interface” counters never Input queue: 0/75/0 (size/max/drops); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) <output omitted>
What is the operational status of the G0/0/1 interface?
GigabitEthernet0/1 is up, line protocol is up
What is the Media Access Control (MAC) address of the G0/01 interface?
MAC address will appear in the form of: xxxx.xxxx.xxxx, where each x will be replaced with a hexadecimal number. In this example, it is 00d0.bcaa.5702.
How is the Internet address displayed in this command?
Internet address is 192.168.1.1/24.
Step 4: Display a summary list of the interfaces on the router and switch.
There are several commands that can be used to verify an interface configuration. One of the most useful of these is the show ip interface brief command. The command output displays a summary list of the interfaces on the device and provides immediate feedback to the status of each interface.
1. Enter the show ip interface brief command on the router.
R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 192.168.0.1 YES NVRAM up up GigabitEthernet0/0/1 192.168.1.1 YES NVRAM up up Serial0/1/0 unassigned YES unset down down Serial0/1/1 unassigned YES unset down down Vlan1 unassigned YES NVRAM administratively down down
2. Enter the show ip interface brief command on the switch.
S1# show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES unset down down FastEthernet0/2 unassigned YES unset down down <output omitted> GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/2 unassigned YES unset down down Vlan1 192.168.1.2 YES manual up up
Part 3: Secure Remote Access to the Router
Step 1: Set the IP domain name and generate secure keys.
1. On R1, configure the domain name as academy.net.
R1(config)# ip domain-name academy.net
2. Generate RSA keys with a 1024 key length.
R1(config)# crypto key generate rsa The name for the keys will be: R1.academy.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
Step 2: Create an SSH user and configure VTY lines for SSH-only access.
1. Create a user with SSHuser as the username and cisco as the secret password.
R1(config)# username SSHuser secret cisco
2. Configure the VTY lines to use the local username database for login credentials.
R1(config)# line vty 0 4 R1(config-line)# login local
3. The VTY lines should only allow SSH for remote access.
R1(config-line)# transport input ssh
Step 3: Verify SSH Implementation.
1. Click PCA, select Command Prompt in the Desktop tab.
2. At the prompt, enter ssh -l SSHuser 192.168.1.1.
3. Enter cisco when prompted for the password.
What is the displayed message?
The configured banner MOTD is displayed.
You should be at the prompt of R1. If you are not successful, verify the configurations are correct and the credentials were entered correctly.
Reflection
1. If the G0/0/1 interface showed administratively down, what interface configuration command would you use to turn the interface up?
R1(config-if)# no shutdown
2. What would happen if you had incorrectly configured interface G0/0/1 on the router with an IP address of 192.168.1.2?
PC-A would not be able to ping PC-B. This is because PC-B is on a different network than PC-A which requires the default-gateway router to route these packets. PC-A is configured to use the IP address of 192.168.1.1 for the default-gateway router, but this address is not assigned to any device on the LAN. Any packets that need to be sent to the default-gateway for routing will never reach their destination.
Script
Router R1 hostname R1 enable secret class username SSHuser secret cisco interface GigabitEthernet0/0/0 ip address 192.168.0.1 255.255.255.0 no shutdown interface GigabitEthernet0/0/1 ip address 192.168.1.1 255.255.255.0 no shutdown banner motd “Unauthorized access prohibited!“ service password-encryption line con 0 password cisco login line vty 0 4 login local transport input ssh ip domain-name academy.net crypto key generate rsa 1024 Switch S1 hostname S1 enable secret class interface Vlan1 ip address 192.168.1.2 255.255.255.0 no shutdown service password-encryption ip default-gateway 192.168.1.1 banner motd “Unauthorized Access is Prohibited.“ line con 0 password cisco login
