Objectives
Part 1: Configure the Network Topology and Initiate Devices
Adapting cable equipment to the network's topology.
Restart and initialise the router and switch.
Configure Devices and Verify Connectivity in Part 2
Assign IPv4 and IPv6 information that is static to the PC interfaces.
Configure the router's basic settings.
Configure SSH on the router.
Verify connection to the network.
Display Router Information in Section 3
Retrieve the router's hardware and software details.
Interpret the starting configuration's output.
Determine how to interpret the routing table's output.
Verify the interfaces' current status.
Context / Scenario
This is a full lab review for IOS router commands previously studied. In Parts 1 and 2, you will connect the equipment and configure the router's interface and basic settings.
In Part 3, you will use SSH to establish a remote connection to the router using IOS commands to get information from the device in order to answer questions about the router.
This lab contains the essential instructions for particular router settings for review purposes.
Note: Cisco 4221 routers running Cisco IOS XE Release 16.9.4 are used in CCNA hands-on labs (universalk9 image). The lab switches are Cisco Catalyst 2960s running Cisco IOS Release 15.2(2). (lanbasek9 image). Other routers, switches, and versions of Cisco IOS may be used. Depending on the model and Cisco IOS version, the available commands and output may differ from what is shown in the labs. For the right interface IDs, see the Router Interface Summary Table at the conclusion of the lab.
Note: Ensure that the router and switch have no starting settings and have been cleared. Refer to your Answers for the initialization and reloading procedures for a router and switch.
Essential Resources
one router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
1 Switch (Cisco 2960 equipped with Cisco IOS Release 15.2(2) lanbasek9 image or equivalent)
2 PCs (Windows with a terminal emulation application, such as Tera Term) (Windows with a terminal emulation program, such as Tera Term)
Console cables used to configure Cisco IOS devices using their console ports.
Ethernet wires as seen in the network topology
Note: The Gigabit Ethernet interfaces on Cisco 4221 routers are auto-detecting, therefore an Ethernet straight-through connection may be utilised between the router and PC-B. If utilising a different Cisco router model, an Ethernet crossover connection may be required.
Instructions
Part 1: Configure the Network and Initialize Devices
Step one is to cable the network according to the topology.
Connect the devices according to the topology diagram and with the appropriate cabling.
Turn on all devices inside the topology.
Step 2: Reload and initialise the router and switch.
Configure Devices and Validate Connection
Configure the PC interfaces in Step 1.
Configure PC-A with an IP address, subnet mask, and default gateway.
Configure PC-B with an IP address, subnet mask, and default gateway.
Configure the router in Step 2.
Launch configuration display
Enter the router's console and activate privileged EXEC mode.
router> enable
Enter configuration mode.
router# configuration console
Assign the router a device identifier.
R1 is the hostname of the router configured using the command: router(config)# hostname
Set the domain name of the router to ccna-lab.com.
R1(config)# ip domain name ccna-lab.com
Disable DNS lookup to prevent the router from misinterpreting instructions given improperly as host names.
R1(config)# no ip domain lookup
Encrypt the passwords in plaintext.
R1(config)# password-encryption service
Configure the system to demand a minimum password length of 12 characters.
R1(config)# minimum password length of 12 characters
Configure the SSHadmin account with the encrypted password 55Hadm!
n2020.
R1(config)# login SSHadmin password 55Hadm!
n2020
Generate a set of 1024-bit cryptographic keys.
R1(config)# rsa modulus 1024 create cryptographic key
Assign $cisco the privileged EXEC password!
PRIV*
R1(config)# activate secret $cisco!
PRIV*
Assign $cisco!!
CON* is the password for the console, sessions are configured to disconnect after four minutes of inactivity, and login is enabled.
R1(config)# line console 0
R1(config-line)# password $cisco!!
CON*
R1(config-line)# exec-timeout 4 0
R1(config-line)# login
Assign $cisco!!
Set VTY* as the vty password, configure the vty lines to permit only SSH connections, set sessions to terminate after four minutes of inactivity, and enable login using the local database.
R1(config)# vty 0 line 4
R1(config-line)# password $cisco!!
VTY*
R1(config-line)# exec-timeout 4 0
R1(config-line)# input transport ssh
R1(config-line)# login local
Create a banner indicating that unauthorised access to the device is banned.
R1(config)# banner motd $ Restricted to Authorized Users $
Configure IPv6 Routing
# ipv6 unicast-routing on interface R1.
Configure the router's three interfaces with the IPv4 and IPv6 addressing information from the preceding addressing table. Configure descriptions on each of the three interfaces. Engage each of the three interfaces.
R1(config)# g0/0/0 interface
R1(config-if)# ip address 192.168.0.1 255.255.255.0
R1(config-if)# ipv6 link-local address fe80::1
R1(config-if)# ipv6 address 2001:db8:acad::1/64
R1(config-if)# description of PCB connection
R1(config-if)# there will be no shutdown
R1(config-if)# terminate
R1(config)# g0/0/1 interface
# ip address 192.168.1.1 255.255.255.0 R1(config-if)
R1(config-if)# ipv6 link-local address fe80::1
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
Description of the R1(config-if)# connection to S1
R1(config-if)# there will be no shutdown
R1(config-if)# terminate
R1(config)# loopback0 interface
10.0.0.1 255.255.255.0 R1(config-if)# ip address 10.0.0.1
R1(config-if)# ipv6 link-local address fe80::1
R1(config-if)# ipv6 address 2001:db8:acad:2::1/64
#description R1(config-if) loopback adapter
R1(config-if)# there will be no shutdown
R1(config-if)# terminate
If three unsuccessful login attempts occur within 60 seconds, the router should disallow vty logins for two minutes.
R1(config)# login block-for 120 tries three within sixty seconds
R1(config)# exit
Configure the time on the router.
R1# time is 15:20:00 on 5 September 2019
Save the settings currently in use to the startup configuration file.
R1# clone running-config startup-config
Question:
What would happen if the router was reloaded before the copy running-config startup-config command was executed?
During reload, the RAM contents of the running configuration would be cleared. The router would then boot up without a starting configuration, and the user would be prompted to input initial setup dialogue.
Close window for configuration
Verify network connection in step 3.
Using the command prompt on PC-A, ping PC-IPv4 B's and IPv6 addresses.
It may be essential to deactivate the firewall on the PC.
Question:
Were the pings effective?
Yes
Access R1 remotely from PC-A via the Tera Term SSH client.
Open an SSH connection to the IPv4 address of the R1 Loopback interface using Tera Term on PC-A. Select the SSH radio option, and then click the OK button to connect to the router. Enter the password 55Hadm to log in as SSHadmin. n2020.
Question:
Was remote access successful?
Yes
Open an SSH connection using Tera Term on PC-A to the IPv6 address of the R1 Loopback interface. Select the SSH radio option, and then click the OK button to connect to the router. Enter the password 55Hadm to log in as SSHadmin. n2020. Note: The IPv6 address must be included in square brackets ([IPv6 address]).
Questions:
Was remote access effective?
Yes
Why is Telnet considered a security threat?
A Telnet session is seen as plaintext. There is no encryption. Using a packet sniffer, passwords are readily observable.
Display Router Information in Section 3
In Part 3, you will get router information through an SSH connection using display commands.
First, establish an SSH connection to R1.
Open an SSH connection using Tera Term on PC-B to the IPv6 address of the R1 Loopback interface and log in as SSHadmin with the password 55Hadm!
n2020.
Step 2: Obtain essential hardware and software details.
Use the show version command to answer router-related inquiries.
R1# display version
Cisco IOS XE Version 16.09.04 Software
Release Software for Cisco IOS Software [Fuji], ISR Software (X86 64 LINUX IOSD-UNIVERSALK9 IAS-M), Version 16.9.4 (fc2)
Technical Support: http://techsupport.cisco.com
Cisco Systems, Inc. has copyright from 1986 to 2019.
compiled by mcpre on Wed, 20-Mar-19 at 08:01
Software Cisco IOS-XE, Copyright (c) 2005-2019 Cisco Systems, Inc.
Certain components of Cisco IOS-XE software are reservable.
released under the GNU General Public License (GPL) Version 2.0.The software is available for free.
free software licenced under GNU General Public License Version 2.0
absolutely NO WARRANTY WHATSOEVER. You may redistribute and/or modify this work.
GPL code under the rules of GPL Version 2.0.For further information, go to the
associated documentation or "License Notice" file for the IOS-XE software.
or the relevant URL shown on the pamphlet that accompanies the IOS-XE
software.
ROM: IOS-XE ROMMON
R1 uptime is 32 minutes
This control processor has a 35-minute uptime.
PowerOn restored the system to ROM.
System restarted at Thu Sep 5 14:49:40 UTC
The filename of the system image is "flash:isr4200-universalk9 ias.16.09.04.SPA.bin."
Previous reload cause: PowerOn
This product has cryptographic features and is subject to United States export controls.
States and local nation laws regulate import, export, and transfer.
use. Cisco cryptographic product delivery does not imply
A third-party authorization is required to import, export, distribute, or use encryption.
Responsible parties include importers, exporters, distributors, and users.
accordance with United States and local regulations. By use this product
comply with all current laws and regulations If you are unable
To comply with U.S. and local regulations, promptly return this merchandise.
A overview of the U.S. statutes that regulate Cisco's cryptographic products is available at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you need additional support, please contact us by email at
export@cisco.com.
Suite License Information for Module:'esg'
——————————————————————————–
SuiteSuite CurrentTypeSuite Next reboot
——————————————————————————–
FoundationSuiteK9NoneNoneNone
securityk9
appxk9
License Information for Technology Bundles:
—————————————————————–
TechnologyTechnology-packageTechnology-package
CurrentTypeNext power cycle
——————————————————————
appxk9NoneNoneNone
securityk9securityk9Permanentsecurityk9
ipbaseipbasek9Permanentipbasek9
Current throughput capacity is 35,000 kbps
Status of Smart Licensing: Smart Licensing is DISABLED
Processor cisco ISR4221/K9 (1RU) with 1784656K/6147K bytes of RAM.
Processor board identification number FGL221693BV
2 Ethernet Gigabit interfaces
Two Serial connections
32768K bytes of configuration memory that is not volatile.
There are 4194304K bytes of physical memory space.
6598655K bytes of flash memory are present at bootflash:
0K bytes of WebUI ODM Files may be found at webui:.
Register configuration is 0x2142 (will be 0x2102 at next reload)
Questions:
What is the name of the IOS image that is running on the router?
In this lab, the image version is isr4200-universalk9 ias.16.09.04.SPA.bin.
How much random-access memory that is not volatile does the router have?
In this laboratory, the answer is 32768K bytes of NVRAM.
What much of Flash memory does the router possess?
In this lab, 6598655K bytes of flash memory are available.
display commands often give numerous output screens. By filtering the output, the user is able to view just certain areas of the report. Enter a pipe (|) character after a display command, followed by a filtering parameter and a filtering expression to activate the filtering command. You may show all lines from the output that include the filtering expression by using the include keyword to match the output to the filtering statement. To respond to the following question, filter the show version command using show version | include register.
R1# display version | include register
Register configuration is 0x2142 (will be 0x2102 at next reload)
What is the router's startup procedure upon its next reload?
Answers may vary. In the majority of instances (0x2102), the router will launch normally, load the IOS from the Flash memory, and, if present, load the startup settings from the NVRAM. If the config register value is 0x2142, the router will skip the initial configuration and enter user mode. If the router's first startup fails, it enters ROMMON mode.
Display the starting configuration in Step 3.
Use the router's display startup-config command to respond to the following questions.
R1# signify start
Using 1997 bytes out of 33554432
!
!
Last configuration update at Thu, 5 Sep 2019 15:20:18 UTC.
! NVRAM configuration was last updated at Thu, 5 Sep 2019 15:25:25 UTC.
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password ciphering
monitoring platform qfp utilisation load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
Minimum security password length of 12 characters
enable secret 5 $1$b2iA$/7Hj3HRmBXTbOESxm1yiG0
!
no aaa new-model
!
no ip domain lookup
ip domain name ccna-lab.com
!
login blocked after 120 failed tries 3 in 60
Login success record
!
Subscribing to a template
!
Unicast-routing in IPv6
authenticated multilink bundle-name
!
licence udi pid ISR4221/K9 sn FGL221693BV
no licence smart enable
diagnostic bootup level minimum
!
spanning-tree extend system-id
!
SSHadministrator username secret 5 $1$6HtR$T0QPZWbzp6bz3g6wrZrP1
!
redundancy
mode none
!
Loopback interface Loopback0
description loopback adapter
Internet Protocol address 10.0.0.1 255.255.255.0
address FE80::1 is a link-local
ipv6 address 2001:DB8:ACAD:2::1/64
!
Gigabit Ethernet interface GigabitEthernet0/0/0
description Connection to PC-B
192.168.0.1 255.255.255.0 is the IP address and subnet mask.
negotiation auto
address FE80::1 is a link-local
ipv6 address 2001:DB8:ACAD::1/64
!
Gigabit Ethernet interface GigabitEthernet0/0/1
description Connection to S1
192.168.1.1 255.255.255.0 is the IP address for the network.
negotiation auto
address FE80::1 is a link-local
ipv6 address 2001:DB8:ACAD:1::1/64
!
serial interface Serial0/1
no ip address
!
serial port Serial0/1/1
no ip address
!
nd ip forward-protocol
no HTTP IP server
IP Secure HTTP Server
!
control-plane
!
C Only Authorized Users Allowed! ^C
!
line con 0
exec-timeout 4 0
equivalent
logging synchronous
login
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 4 0
password 7 15560805172924656905011B59
login local
transport ssh input
!
end
How are passwords displayed in output?
As a result of the service password-encryption command, passwords are encrypted.
Use the command show startup-config | section vty.
R1# display startup-config | vty
line vty 0 4
exec-timeout 4 0
password 7 15560805172924656905011B59
login local
transport ssh input
What effect does this command have?
The output of the startup configuration is provided to the user beginning with the line containing the first instance of the filtering expression.
Display the routing table on the router in Step 4.
Use the router's show ip route command to respond to the following questions.
R1# ip route show
L stands for local, C for connected, S for static, R for RIP, M for mobile, and B for BGP.
D is EIGRP, EX is EIGRP external, O is OSPF, and IA is OSPF inter area.
N1 – Type 1 OSPF NSSA external, N2 – Type 2 OSPF NSSA external
E1 – External OSPF type 1, E2 – External OSPF type 2
I – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o represents ODR, P represents periodic downloaded static route, H represents NHRP, and l represents LISP.
a – mode of application
+ – route replication, % – next hop override, p – PfR overrides
Gateway of last resort has not been determined.
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
Loopback0 is directly connected to subnet C10.0.0.0/24.
Loopback0 is directly connected to L10.0.0.1/32.
192.168.0.0/24 is subnetted variably, with 2 subnets and 2 masks.
GigabitEthernet0/0/0 is directly connected to the subnet C192.168.0.0/24.
GigabitEthernet0/0/0 is directly connected to the subnet L192.168.0.1/32.
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
GigabitEthernet0/0/1 is directly connected to the subnet C192.168.1.0/24.
L192.168.1.1/32 is connected directly to GigabitEthernet0/0/1.
Questions:
What code is used to indicate a directly connected network in the routing table?
The C indicates a subnet with a direct connection. An L designates a local interface. Both responses are accurate.
How many route entries in the routing table are encoded with a C code?
3
Step 5: Display a summary of the router's interfaces.
Use the show ip interface brief command to answer the following question on the router.
R1# display IP interface summary
InterfaceIP-AddressOK? StatusProtocolMethod
manual upup of GigabitEthernet0/0/0192.168.0.1YES
Yes, GigabitEthernet0/0/1192.168.1.1 is manually configured
Serial0/1/0unassignedYES unsetupup
Serial0/1/1unassignedYES unsetupup
Loopback010.0.0.1YES manual upup
Question:
What command changed the administrative status of the Gigabit Ethernet ports from down to up?
no suspension
Check IPv6 settings on R1 using the show ipv6 int brief command.
R1# display ipv6 interface summary
GigabitEthernet0/0/0[up/up]
FE80::1
2001:DB8:ACAD::1
GigabitEthernet0/0/1[up/up]
FE80::1
2001:DB8:ACAD:1::1
Serial0/1/0[up/up]
unassigned
Serial0/1/1[up/up]
unassigned
Loopback0[up/up]
FE80::1
2001:DB8:ACAD:2::1
Question:
What does the [up/up] portion of the output mean?
The [up/up] status reflects the Layer 1 and Layer 2 status of the interface and is independent of the status of Layer 3.
Change the configuration of PC-B so that it does not have a static IPv6 address. You may need to restart the system. Then, on PC-B, execute the ipconfig command to inspect the IPv6 configuration.
Questions:
What IPv6 address has PC-B been assigned?
Answers will vary. IPv6 address of 2001:db8:acad:a:d428:7de2:997c:b05a
What is PC-default B's gateway address?
fe80::1
Ping the default gateway link local address on R1 from PC-B. Was there success?
Yes
Ping the IPv6 unicast address 2001:db8:acad:: on R1 from PC-B. Was there success?
Yes
Reflection Questions
A technician investigating a network connectivity issue suspects that an interface was not enabled. What show command could the technician use to diagnose this problem?
Answers may vary. show IP interface brief, show interfaces, or show startup-config would provide the required information.
A technician investigating a network connectivity issue suspects an interface was assigned an incorrect subnet mask. What show command could the technician use to diagnose this problem?
Answers may differ. show startup-config or show running-config or show interfaces or show protocols will provide the information.
Comments
Post a Comment