19.4.4 Packet Tracer – Build a Switch and Router Network Answers

19.4.4 Packet Tracer – Build a Switch and Router Network Answers

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway
R1 G0/0/0 192.168.0.1 255.255.255.0 N/A
G0/0/1 192.168.1.1 255.255.255.0 N/A
S1 VLAN 1 192.168.1.2 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1
PC-B NIC 192.168.0.3 255.255.255.0 192.168.0.1

Objectives

Part 1: Configure Devices and Verify Connectivity

  • Assign static IP information to the PC interfaces.
  • Configure the router and switch.
  • Verify network connectivity.

Part 2: Display Device Information

  • Retrieve hardware and software information from the network devices.
  • Interpret the output from the routing table.
  • Display interface information on the router.
  • Display a summary list of the interfaces on the router and switch.

Part 3: Secure Remote Access to the Router

  • Set the IP domain name and generate secure keys.
  • Create an SSH user and configure VTY lines for SSH-only access.
  • Verify SSH Implementation.

Background / Scenario

In this lab, you will cable the equipment and configure the devices to match the Addressing Table. After the configurations have been saved, you will verify your configurations by testing for network connectivity.

After the devices have been configured and network connectivity has been verified, you will use IOS commands to retrieve information from the devices to answer questions about your network equipment. You will also access the router remotely via SSH.

Instructions

Part 1: Configure Devices and Verify Connectivity

In Part 1, you will set up the network topology and configure basic settings, such as the interface IP addresses, device access, and passwords. Refer to the Addressing Table at the beginning of this activity for device names and address information.

Step 1: Connect the devices.

The devices are already deployed in the workspace. You will connect them using the correct cables between the devices as listed below:

  • • Connect PCA F0 to S1 F0/1.
  • • Connect S1 G0/1 to R1 G0/0/1.
  • • Connect R1 G0/0/0 to PCB F0.
Step 2: Assign static IP information to the PC interfaces.

1. Configure the IP address, subnet mask, and default gateway settings on PC-A.

2. Configure the IP address, subnet mask, and default gateway settings on PC-B.

3. Ping PC-B from a command prompt window on PC-A.

Why were the pings not successful?

The router interfaces (default gateways) have not been configured yet so the traffic is not being routed between subnets.

Step 3: Configure R1.

1. Console into the router and enable privileged EXEC mode. (Hint: Use console cable and terminal on a PC)

2. Enter configuration mode.

3. Assign a device name to the router according to the Addressing Table.

4. Assign class as the privileged EXEC encrypted password.

5. Assign cisco as the console password and enable login.

6. Encrypt the plaintext passwords.

7. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.

8. Configure the IP addresses according to the Addressing Table and activate both Ethernet interfaces on the router.

9. Save the running configuration to the startup configuration file.

Were the pings successful? Explain.

Yes. The router is routing the ping traffic across the two subnets. The default settings for the 2960 switch will automatically enable the interfaces that are connected to devices.

Step 4: Configure S1.

Note: Most of the commands on the switch are similar to the commands on the router in this step. Use the help (?) context as necessary.

1. Console into the switch and enable privileged EXEC mode.

2. Enter configuration mode.

3. Assign a device name to the switch according to the Addressing Table.

4. Assign class as the privileged EXEC encrypted password.

5. Assign cisco as the console password and enable login.

6. Encrypt the plaintext passwords.

7. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.

8. Configure the IP address for the SVI for VLAN 1 according to the Addressing Table and activate the interface.

9. Configure the default gateway according to the Addressing Table.

10. Save the running configuration to the startup configuration file.

Part 2: Display Device Information

Step 1: Retrieve hardware and software information from the network devices.

1. Use the show version command to answer the following questions about the router.

R1# show version
Cisco IOS XE Software, Version 03.16.05.S – Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5 (3)S5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Thu 19-Jan-17 11:24 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2017 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License (“GPL”) Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or “License Notice” file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

Router uptime is 1 hours, 23 minutes, 33 seconds
Uptime for this control processor is 1 hours, 23 minutes, 33 seconds
System returned to ROM by power-on
System image file is “bootflash:/isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin”
Last reload reason: PowerOn
<output omitted>

What is the name of the IOS image that the router is running?

isr4300-universalk9.03.16.05.S.155-3.S5-ext.SPA.bin.

2. Use the show version command to answer the following questions about the switch.

S1# show version
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 22:05 by pt_team

ROM: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)

System returned to ROM by power-on

Cisco WS-C2960-24TT (RC32300) processor (revision C0) with 21039K bytes of memory.

24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

<output omitted>

Switch     Ports   Model               SW Version         SW Image
——    —–   —–           ———-            ———-
*     1    26      WS-C2960-24TT       12.2               C2960-LANBASE-M

Configuration register is 0xF

What is IOS software image and version running on the switch?

Software image is c2960-lanbase–m and software version is12.2.

What is the model number of the switch?

WS-C2960-24TT.

Step 2: Display the routing table on the router.

Use the show ip route command on the router to answer the following questions.

R1# show ip route
<output omitted>
Gateway of last resort is not set

     192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.0.0/24 is directly connected, GigabitEthernet0/0/0
L       192.168.0.1/32 is directly connected, GigabitEthernet0/0/0
     192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C       192.168.1.0/24 is directly connected, GigabitEthernet0/0/1
L       192.168.1.1/32 is directly connected, GigabitEthernet0/0/1

What code is used in the routing table to indicate a directly connected network?

The C designates a directly connected network. An L designates a local interface. Both answers are correct.

How many route entries are coded with a C code in the routing table?

2

What interface types are associated to the C coded routes?

G0/0/0 and G0/0/1

Step 3: Display interface information on the router.

Use the show interface g0/1 to answer the following questions.

R1# show interfaces g0/0/1
GigabitEthernet0/0/1 is up, line protocol is up (connected)
Hardware is Lance, address is 00d0.bcaa.5702 (bia 00d0.bcaa.5702)
Internet address is 192.168.1.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s, media type is RJ45
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
<output omitted>

What is the operational status of the G0/0/1 interface?

GigabitEthernet0/1 is up, line protocol is up

What is the Media Access Control (MAC) address of the G0/01 interface?

MAC address will appear in the form of: xxxx.xxxx.xxxx, where each x will be replaced with a hexadecimal number. In this example, it is 00d0.bcaa.5702.

How is the Internet address displayed in this command?

Internet address is 192.168.1.1/24.

Step 4: Display a summary list of the interfaces on the router and switch.

There are several commands that can be used to verify an interface configuration. One of the most useful of these is the show ip interface brief command. The command output displays a summary list of the interfaces on the device and provides immediate feedback to the status of each interface.

1. Enter the show ip interface brief command on the router.

R1# show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   192.168.0.1     YES NVRAM  up                    up
GigabitEthernet0/0/1   192.168.1.1     YES NVRAM  up                    up
Serial0/1/0            unassigned      YES unset  down                  down
Serial0/1/1            unassigned      YES unset  down                  down
Vlan1                  unassigned      YES NVRAM  administratively down down

2. Enter the show ip interface brief command on the switch.

S1# show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/1        unassigned      YES unset  down                  down   
FastEthernet0/2        unassigned      YES unset  down                  down   
<output omitted>
GigabitEthernet0/1     unassigned      YES unset  up                    up     
GigabitEthernet0/2     unassigned      YES unset  down                  down   
Vlan1                  192.168.1.2     YES manual up                    up     

Part 3: Secure Remote Access to the Router

Step 1: Set the IP domain name and generate secure keys.

1. On R1, configure the domain name as academy.net.

R1(config)# ip domain-name academy.net

2. Generate RSA keys with a 1024 key length.

R1(config)# crypto key generate rsa
The name for the keys will be: R1.academy.net
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]
Step 2: Create an SSH user and configure VTY lines for SSH-only access.

1. Create a user with SSHuser as the username and cisco as the secret password.

R1(config)# username SSHuser secret cisco

2. Configure the VTY lines to use the local username database for login credentials.

R1(config)# line vty 0 4
R1(config-line)# login local

3. The VTY lines should only allow SSH for remote access.

R1(config-line)# transport input ssh
Step 3: Verify SSH Implementation.

1. Click PCA, select Command Prompt in the Desktop tab.

2. At the prompt, enter ssh -l SSHuser 192.168.1.1.

3. Enter cisco when prompted for the password.

What is the displayed message?

The configured banner MOTD is displayed.

You should be at the prompt of R1. If you are not successful, verify the configurations are correct and the credentials were entered correctly.

Reflection

1. If the G0/0/1 interface showed administratively down, what interface configuration command would you use to turn the interface up?

R1(config-if)# no shutdown

2. What would happen if you had incorrectly configured interface G0/0/1 on the router with an IP address of 192.168.1.2?

PC-A would not be able to ping PC-B. This is because PC-B is on a different network than PC-A which requires the default-gateway router to route these packets. PC-A is configured to use the IP address of 192.168.1.1 for the default-gateway router, but this address is not assigned to any device on the LAN. Any packets that need to be sent to the default-gateway for routing will never reach their destination.

Script

Router R1
hostname R1
enable secret class
username SSHuser secret cisco
interface GigabitEthernet0/0/0
 ip address 192.168.0.1 255.255.255.0
 no shutdown
interface GigabitEthernet0/0/1
 ip address 192.168.1.1 255.255.255.0
 no shutdown
banner motd “Unauthorized access prohibited!“
service password-encryption
line con 0
 password cisco
 login
line vty 0 4
 login local
 transport input ssh
ip domain-name academy.net
crypto key generate rsa
1024
Switch S1
hostname S1
enable secret class
interface Vlan1
 ip address 192.168.1.2 255.255.255.0
 no shutdown
service password-encryption
ip default-gateway 192.168.1.1
banner motd “Unauthorized Access is Prohibited.“
line con 0
 password cisco
 login

 


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x