1) 2.1.4.6 Packet Tracer - Navigating the IOS
Objectives
Part 1: Establish Basic Connections, Access the CLI, and Explore Help
Part 2: Explore EXEC Modes
Part 3: Set the Clock
Background
In this activity, you will practice skills necessary for navigating the Cisco IOS, such as different user access modes, various configuration modes, and common commands used on a regular basis. You will also practice accessing the context-sensitive Help by configuring the clock command.
Part 1: Establish Basic Connections, Access the CLI, and Explore Help
In Part 1 of this activity, you will connect a PC to a switch using a console connection and explore various command modes and Help features.
Step 1: Connect PC1 to S1 using a console cable.
a. Click the Connections icon (the one that looks like a lightning bolt) in the lower left corner of the Packet Tracer window.
b. Select the light blue Console cable by clicking it. The mouse pointer will change to what appears to be a connector with a cable dangling from it.
c. Click PC1. A window displays an option for an RS-232 connection.
d. Drag the other end of the console connection to the S1 switch and click the switch to access the connection list.
e. Select the Console port to complete the connection.
Step 2: Establish a terminal session with S1.
a. Click PC1 and then select the Desktop tab.
b. Click the Terminal application icon. Verify that the Port Configuration default settings are correct.
What is the setting for bits per second? 9600_____________________
c. Click OK.
d. The screen that appears may have several messages displayed. Somewhere on the screen there should be a Press RETURN to get started! message. Press ENTER.
What is the prompt displayed on the screen? S1__________________
Step 3: Explore the IOS Help.
a. The IOS can provide help for commands depending on the level accessed. The prompt currently displayed is called User EXEC, and the device is waiting for a command. The most basic form of help is to type a question mark (?) at the prompt to display a list of commands.
S1> ?
Which command begins with the letter ‘C’? Connect________________
b. At the prompt, type t and then a question mark (?).
S1> t?
Which commands are displayed? telnet terminal traceroute__________
c. At the prompt, type te and then a question mark (?).
S1> te?
Which commands are displayed? telnet terminal___________________
This type of help is known as context-sensitive Help. It provides more information as the commands are expanded.
Part 2: Explore EXEC Modes
In Part 2 of this activity, you will switch to privileged EXEC mode and issue additional commands.
Step 1: Enter privileged EXEC mode.
a. At the prompt, type the question mark (?).
S1> ?
What information is displayed that describes the enable command? Turn on privileged commands_________________________________
b. Type en and press the Tab key.
S1> en<Tab>
What displays after pressing the Tab key? Enable is displayed_______
This is called command completion (or tab completion). When part of a command is typed, the Tab key can be used to complete the partial command. If the characters typed are enough to make the command unique, as in the case of the enable command, the remaining portion of the command is displayed.
What would happen if you typed te<Tab> at the prompt?
Answer : It wouldn’t be able to be completed as multiple commands begin with “te”.
c. Enter the enable command and press ENTER. How does the prompt change?
Answer : it now contains a#.
d. When prompted, type the question mark (?).
S1# ?
One command starts with the letter ‘C’ in user EXEC mode. How many commands are displayed now that privileged EXEC mode is active? (Hint: you could type c? to list just the commands beginning with ‘C’.)
Answer : 5 command now begin with C.
Step 2: Enter Global Configuration mode.
a. When in privileged EXEC mode, one of the commands starting with the letter ‘C’ is configure. Type either the full command or enough of the command to make it unique. Press the <Tab> key to issue the command and press ENTER.
S1# configure
What is the message that is displayed?
Answer : Configuring from terminal, memory, or network [terminal]?
Press Enter to accept the default parameter that is enclosed in brackets [terminal].
How does the prompt change? S1(config)#_______________________
b. This is called global configuration mode. This mode will be explored further in upcoming activities and labs. For now, return to privileged EXEC mode by typing end, exit, or Ctrl-Z.
S1(config)# exit
S1#
Part 3: Set the Clock
Step 1: Use the clock command.
a. Use the clock command to further explore Help and command syntax. Type show clock at the privileged EXEC prompt.
S1# show clock
What information is displayed? What is the year that is displayed?
Answer : *0:26:59.171 UTC Mon Mar 1 1993
b. context-sensitive Help and the clock command to set the time on the switch to the current time. Enter the command clock and press ENTER.
S1# clock<ENTER>
What information is displayed? % Incomplete command.____________
c. The “% Incomplete command” message is returned by the IOS. This indicates that the clock command needs more parameters. Any time more information is needed, help can be provided by typing a space after the command and the question mark (?).
S1# clock ?
What information is displayed? set Set the time and date___________
d. Set the clock using the clock set command. Proceed through the command one step at a time.
S1# clock set ?
What information is being requested? hh:mm:ss Current Time______
What would have been displayed if only the clock set command had been entered, and no request for help was made by using the question mark? The hours, minutes, and seconds text wouldn’t appear_______
e. Based on the information requested by issuing the clock set ? command, enter a time of 3:00 p.m. by using the 24-hour format of 15:00:00. Check to see if more parameters are needed.
S1# clock set 15:00:00 ?
The output returns a request for more information:
<1-31> Day of the month
MONTH Month of the year
f. Attempt to set the date to 01/31/2035 using the format requested. It may be necessary to request additional help using the context-sensitive Help to complete the process. When finished, issue the show clock command to display the clock setting. The resulting command output should display as:
S1# show clock
*15:0:4.869 UTC Tue Jan 31 2035
g. If you were not successful, try the following command to obtain the output above:
S1# clock set 15:00:00 31 Jan 2035
Step 2: Explore additional command messages.
a. The IOS provides various outputs for incorrect or incomplete commands. Continue to use the clock command to explore additional messages that may be encountered as you learn to use the IOS.
b. Issue the following command and record the messages:
S1# cl
What information was returned? % Ambiguous command: " cl".______
S1# clock
What information was returned? % Incomplete command.__________
S1# clock set 25:00:00
What information was returned?
Answer : % Invalid input detected at '^' marker.
S1# clock set 15:00:00 32
What information was returned?
Answer : % Invalid input detected at '^' marker.
2) 2.2.3.4 Packet Tracer - Configuring Initial Switch Settings
Objectives
Part 1: Verify the Default Switch Configuration
Part 2: Configure a Basic Switch Configuration
Part 3: Configure a MOTD Banner
Part 4: Save Configuration Files to NVRAM
Part 5: Configure S2
Background
In this activity, you will perform basic switch configurations. You will secure access to the command-line interface (CLI) and console ports using encrypted and plain text passwords. You will also learn how to configure messages for users logging into the switch. These banners are also used to warn unauthorized users that access is prohibited.
Part 1: Verify the Default Switch Configuration
Step 1: Enter privileged EXEC mode.
You can access all switch commands from privileged EXEC mode. However, because many of the privileged commands configure operating parameters, privileged access should be password-protected to prevent unauthorized use.
The privileged EXEC command set includes those commands contained in user EXEC mode, as well as the configure command through which access to the remaining command modes are gained.
a. Click S1 and then the CLI tab. Press Enter.
b. Enter privileged EXEC mode by entering the enable command:
Switch> enable
Switch#
Notice that the prompt changed in the configuration to reflect privileged EXEC mode.
Step 2: Examine the current switch configuration.
a. Enter the show running-config command.
Switch# show running-config
b. Answer the following questions:
1) How many FastEthernet interfaces does the switch have? 24_____
2) How many Gigabit Ethernet interfaces does the switch have? 2___
3) What is the range of values shown for the vty lines? 0 to 15______
4) Which command will display the current contents of non-volatile random-access memory (NVRAM)?
Answer : Switch# more
5) Why does the switch respond with startup-config is not present?
Answer : startup-config has not yet been addressed.
Part 2: Create a Basic Switch Configuration
Step 1: Assign a name to a switch.
To configure parameters on a switch, you may be required to move between various configuration modes. Notice how the prompt changes as you navigate through the switch.
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# exit
S1#
Step 2: Secure access to the console line.
To secure access to the console line, access config-line mode and set the console password to letmein.
S1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)# line console 0
S1(config-line)# password letmein
S1(config-line)# login
S1(config-line)# exit
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Why is the login command required?
Answer : To make sure the password was entered correctly and that the console line is accessible.
Step 3: Verify that console access is secured.
Exit privileged mode to verify that the console port password is in effect.
S1# exit
Switch con0 is now available
Press RETURN to get started.
User Access Verification
Password:
S1>
Note: If the switch did not prompt you for a password, then you did not configure the login parameter in Step 2.
Step 4: Secure privileged mode access.
Set the enable password to c1$c0. This password protects access to privileged mode.
Note: The 0 in c1$c0 is a zero, not a capital O. This password will not grade as correct until after you encrypt it in Step 8.
S1> enable
S1# configure terminal
S1(config)# enable password c1$c0
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
Step 5: Verify that privileged mode access is secure.
a. Enter the exit command again to log out of the switch.
b. Press <Enter> and you will now be asked for a password:
User Access Verification
Password:
c. The first password is the console password you configured for line con 0. Enter this password to return to user EXEC mode.
d. Enter the command to access privileged mode.
e. Enter the second password you configured to protect privileged EXEC mode.
f. Verify your configurations by examining the contents of the running-configuration file:
S1# show running-config
Notice how the console and enable passwords are both in plain text. This could pose a security risk if someone is looking over your shoulder.
Step 6: Configure an encrypted password to secure access to privileged mode.
The enable password should be replaced with the newer encrypted secret password using the enable secret command. Set the enable secret password to itsasecret.
S1# config t
S1(config)# enable secret itsasecret
S1(config)# exit
S1#
Note: The enable secret password overrides the enable password. If both are configured on the switch, you must enter the enable secret password to enter privileged EXEC mode.
Step 7: Verify that the enable secret password is added to the configuration file.
a. Enter the show running-config command again to verify the new enable secret password is configured.
Note: You can abbreviate show running-config as
S1# show run
b. What is displayed for the enable secret password? $1$mERr$ILwq/b7kc.7X/ejA4Aosn0____________________________
c. Why is the enable secret password displayed differently from what we configured?
Answer : It is encrypted.
Step 8: Encrypt the enable and console passwords.
As you noticed in Step 7, the enable secret password was encrypted, but the enable and console passwords were still in plain text. We will now encrypt these plain text passwords using the service password-encryption command.
S1# config t
S1(config)# service password-encryption
S1(config)# exit
If you configure any more passwords on the switch, will they be displayed in the configuration file as plain text or in encrypted form? Explain.
Answer : They will be encrypted because they’ve been configured, just like the enable secret password
Part 3: Configure a MOTD Banner
Step 1: Configure a message of the day (MOTD) banner.
The Cisco IOS command set includes a feature that allows you to configure messages that anyone logging onto the switch sees. These messages are called message of the day, or MOTD banners. Enclose the banner text in quotations or use a delimiter different from any character appearing in the MOTD string.
S1# config t
S1(config)# banner motd "This is a secure system. Authorized Access Only!"
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#
1) When will this banner be displayed?
Answer : When someone attempts to log onto the switch
2) Why should every switch have a MOTD banner?
Answer : So that it can display important messages to clients.
Part 4: Save Configuration Files to NVRAM
Step 1: Verify that the configuration is accurate using the show run command.
Step 2: Save the configuration file.
You have completed the basic configuration of the switch. Now back up the running configuration file to NVRAM to ensure that the changes made are not lost if the system is rebooted or loses power.
S1# copy running-config startup-config
Destination filename [startup-config]?[Enter]
Building configuration...
[OK]
What is the shortest, abbreviated version of the copy running-config startup-config command? run-con start-con________________________
Step 3: Examine the startup configuration file.
Which command will display the contents of NVRAM? Switch# copy running-config startup-config _____________________________________
Are all the changes that were entered recorded in the file? yes__________________________________________________________
Part 5: Configure S2
You have completed the configuration on S1. You will now configure S2. If you cannot remember the commands, refer to Parts 1 to 4 for assistance.
Configure S2 with the following parameters:
a. Name device: S2
b. Protect access to the console using the letmein password.
c. Configure an enable password of c1$c0 and an enable secret password of itsasecret.
d. Configure a message to those logging into the switch with the following message:
Authorized access only. Unauthorized access is prohibited and violators will be prosecuted to the full extent of the law.
e. Encrypt all plain text passwords.
f. Ensure that the configuration is correct.
g. Save the configuration file to avoid loss if the switch is powered down.
3) 6.4.1.3 Packet Tracer - Configure Initial Router Settings
Objectives
Part 1: Verify the Default Router Configuration
Part 2: Configure and Verify the Initial Router Configuration
Part 3: Save the Running Configuration File
Background
In this activity, you will perform basic router configurations. You will secure access to the CLI and console port using encrypted and plain text passwords. You will also configure messages for users logging into the router. These banners also warn unauthorized users that access is prohibited. Finally, you will verify and save your running configuration.
Part 1: Verify the Default Router Configuration
Step 1: Establish a console connection to R1.
a. Choose a Console cable from the available connections.
b. Click PCA and select RS 232.
c. Click R1 and select Console.
d. Click PCA > Desktop tab > Terminal.
e. Click OK and press ENTER. You are now able to configure R1.
Step 2: Enter privileged mode and examine the current configuration.
You can access all the router commands from privileged EXEC mode. However, because many of the privileged commands configure operating parameters, privileged access should be password-protected to prevent unauthorized use.
a. Enter privileged EXEC mode by entering the enable command.
Router> enable
Router#
Notice that the prompt changed in the configuration to reflect privileged EXEC mode.
b. Enter the show running-config command:
Router# show running-config
c. Answer the following questions:
What is the router’s hostname? Router__________________________
How many Fast Ethernet interfaces does the Router have? 4________
How many Gigabit Ethernet interfaces does the Router have? 2 _____
How many Serial interfaces does the router have? 2_______________
What is the range of values shown for the vty lines? 0-4____________
d. Display the current contents of NVRAM.
Router# show startup-config
startup-config is not present
Why does the router respond with the startup-config is not present message?
Answer : It displays this message because the configuration file was not saved to NVRAM. Currently it is only located in RAM
Part 2: Configure and Verify the Initial Router Configuration
To configure parameters on a router, you may be required to move between various configuration modes. Notice how the prompt changes as you navigate through the router.
Step 1: Configure the initial settings on R1.
Note: If you have difficulty remembering the commands, refer to the content for this topic. The commands are the same as you configured on a switch.
a. R1 as the hostname.
b. Use the following passwords:
1) Console: letmein
2) Privileged EXEC, unencrypted: cisco
3) Privileged EXEC, encrypted: itsasecret
c. Encrypt all plain text passwords.
d. Message of the day text: Unauthorized access is strictly prohibited.
Step 2: Verify the initial settings on R1.
a. Verify the initial settings by viewing the configuration for R1. What command do you use?
Answer : show-running config
b. Exit the current console session until you see the following message:
R1 con0 is now available
Press RETURN to get started.
c. Press ENTER; you should see the following message:
Unauthorized access is strictly prohibited.
User Access Verification
Password:
Why should every router have a message-of-the-day (MOTD) banner?
Answer : Every router should have a banner to warn unauthorized users that access is prohibited but can also be used for sending messages to network personnel/tecnicians (such as impending system shutdowns or who to contact for access).
If you are not prompted for a password, what console line command did you forget to configure?
Answer : R1(config-line)# login
d. Enter the passwords necessary to return to privileged EXEC mode.
Why would the enable secret password allow access to the privileged EXEC mode and the enable password no longer be valid?
Answer : The enable secret password overrides the enable password. If both are configure on the Router, you must enter the enable secret password to enter privileged EXEC mode.
If you configure any more passwords on the router, are they displayed in the configuration file as plain text or in encrypted form? Explain.
Answer : The service password-encryption command encrypts all current and future passwords.
Part 3: Save the Running Configuration File
Step 1: Save the configuration file to NVRAM.
a. You have configured the initial settings for R1. Now back up the running configuration file to NVRAM to ensure that the changes made are not lost if the system is rebooted or loses power.
What command did you enter to save the configuration to NVRAM?
Answer : copy running-config startup-config
What is the shortest, unambiguous version of this command? copy r s
Which command displays the contents of the NVRAM?
Answer : show startup-configuration or show start
b. Verify that all of the parameters configured are recorded. If not, analyze the output and determine which commands were not done or were entered incorrectly. You can also click Check Results in the instruction window.
Step 2: Optional bonus: Save the startup configuration file to flash.
Although you will be learning more about managing the flash storage in a router in later chapters, you may be interested to know now that —, as an added backup procedure —, you can save your startup configuration file to flash. By default, the router still loads the startup configuration from NVRAM, but if NVRAM becomes corrupt, you can restore the startup configuration by copying it over from flash.
Complete the following steps to save the startup configuration to flash.
a. Examine the contents of flash using the show flash command:
R1# show flash
How many files are currently stored in flash? 3____________________
Which of these files would you guess is the IOS image? C1900-universalk9-mz.SPA.151-4.M4.bin _____________________________
Why do you think this file is the IOS image?
Answer may vary, but two clues are the file length compared to the others and the .bin at the end of the file name.
b. Save the startup configuration file to flash using the following commands:
R1# copy startup-config flash
Destination filename [startup-config]
The router prompts to store the file in flash using the name in brackets. If the answer is yes, then press ENTER; if not, type an appropriate name and press ENTER.
c. Use the show flash command to verify the startup configuration file is now stored in flash.
4) 6.4.3.3 Packet Tracer - Connect a Router to a LAN
Background
In this activity, you will use various show commands to display the current state of the router. You will then use the Addressing Table to configure router Ethernet interfaces. Finally, you will use commands to verify and test your configurations.
Note: The routers in this activity are partially configured. Some of the configurations are not covered in this course, but are provided to assist you in using verification commands.
Part 1: Display Router Information
Step 1: Display interface information on R1.
Note: Click a device and then click the CLI tab to access the command line directly. The console password is cisco. The privileged EXEC password is class.
a. Which command displays the statistics for all interfaces configured on a router? show interface _______________________________________
b. Which command displays the information about the Serial 0/0/0 interface only? Show interface serial 0/0/0_______________________
c. Enter the command to display the statistics for the Serial 0/0/0 interface on R1 and answer the following questions:
1) What is the IP address configured on R1? 209.165.200.225/30_
2) What is the bandwidth on the Serial 0/0/0 interface? 1544 kbits_
d. Enter the command to display the statistics for the GigabitEthernet 0/0 interface and answer the following questions:
1) What is the IP address on R1? There is no IP address configured on the GigabitEthernet 0/0 interface
2) What is the MAC address of the GigabitEthernet 0/0 interface? 000d.bd6c.7d01 ______________________________________
3) What is the bandwidth on the GigabitEthernet 0/0 interface? 1000000 kbits________________________________________
Step 2: Display a summary list of the interfaces on R1.
a. Which command displays a brief summary of the current interfaces, statuses, and IP addresses assigned to them?
Answer : show ip interface brief
b. Enter the command on each router and answer the following questions:
1) How many serial interfaces are there on R1 and R2? Each router has 2 serial interface
2) How many Ethernet interfaces are there on R1 and R2? R1 has 6 Ethernet interface and R2 has 2
3) Are all the Ethernet interfaces on R1 the same? If no, explain the difference(s).
Answer : No they are not. There are two Gigabit Ethernet interface and 4 fast Ethernet interface. Gigabit Ethernet interface support speeds of up 1.000.000.000 bits and fast Ethernet interface support speeds of up to 1.000.000 bit
Step 3: Display the routing table on R1.
a. What command displays the content of the routing table? Show ip route _________________________________________________________
b. Enter the command on R1 and answer the following questions:
1) How many connected routes are there (uses the C code)? 1 __
2) Which route is listed? 209.165.200.224/30__________________
3) How does a router handle a packet destined for a network that is not listed in the routing table?
Answer : A router will only send packets to a network listed in the routing table. If a network is not listed, the packet will be dropped
Part 2: Configure Router Interfaces
Step 1: Configure the GigabitEthernet 0/0 interface on R1.
a. Enter the following commands to address and activate the GigabitEthernet 0/0 interface on R1:
R1(config)# interface gigabitethernet 0/0
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# no shutdown
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
b. It is good practice to configure a description for each interface to help document the network information. Configure an interface description indicating to which device it is connected.
R1(config-if)# description LAN connection to S1
c. R1 should now be able to ping PC1.
R1(config-if)# end
%SYS-5-CONFIG_I: Configured from console by console
R1# ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/2/8 ms
Step 2: Configure the remaining Gigabit Ethernet Interfaces on R1 and R2.
a. Use the information in the Addressing Table to finish the interface configurations for R1 and R2. For each interface, do the following:
1) Enter the IP address and activate the interface.
2) Configure an appropriate description.
b. Verify interface configurations.
Step 3: Back up the configurations to NVRAM.
Save the configuration files on both routers to NVRAM. What command did you use?
Answer : copy run start
Part 3: Verify the Configuration
Step 1: Use verification commands to check your interface configurations.
a. Use the show ip interface brief command on both R1 and R2 to quickly verify that the interfaces are configured with the correct IP address and active.
How many interfaces on R1 and R2 are configured with IP addresses and in the “up” and “up” state?
Answer : 3 on each router
What part of the interface configuration is NOT displayed in the command output? The subnet mask____________________________
What commands can you use to verify this part of the configuration? Show rum, show interfaces, show ip protocols
b. Use the show ip route command on both R1 and R2 to view the current routing tables and answer the following questions:
1) How many connected routes (uses the C code) do you see on each router? 3________________________________________
2) How many EIGRP routes (uses the D code) do you see on each router? 2____________________________________________
3) If the router knows all the routes in the network, then the number of connected routes and dynamically learned routes (EIGRP) should equal the total number of LANs and WANs. How many LANs and WANs are in the topology? 5___________
4) Does this number match the number of C and D routes shown in the routing table? yes________________________________
Note: If your answer is “no”, then you are missing a required configuration. Review the steps in Part 2.
Step 2: Test end-to-end connectivity across the network.
You should now be able to ping from any PC to any other PC on the network. In addition, you should be able to ping the active interfaces on the routers. For example, the following should tests should be successful:
· From the command line on PC1, ping PC4.
· From the command line on R2, ping PC2.
Note: For simplicity in this activity, the switches are not configured; you will not be able to ping them.
video
No comments:
Post a Comment