Ccna Virtual Lab

(1)

CCNA

Virtual Lab

T i T A N i u m E d i T i o N 3 . 0

• Work with Practice Scenarios Based on CCNA Exam Objectives

• Set Up Custom Network Configurations Easily with Drag-and-Drop Functionality • Hone Your Skills for the Exams with over

150 Hands-On Labs

• Use an Unlimited Number of Switches, Routers, and Hosts in Your Virtual Network • Get Useful Feedback with the Valuable

Net Assessment Tool

SeriouS SkillS.

®

William Tedder

Bestselling laB simulation software

(2)

(3)

Senior Acquisitions Editor: Jeff Kellum Development Editor: Tom Cirtin Technical Editor: Troy McMillan Production Editor: Christine O’Connor Editorial Manager: Pete Gaughan Production Manager: Tim Tate

Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde

Supervising Producer, Vertical Websites: Richard Graves Book Designers: Judy Fung and Bill Gibson

Compositor: Craig Woods, Happenstance Type-O-Rama Proofreader: Josh Chase, Word One New York

Project Coordinator, Cover: Katherine Crocker Cover Designer: Ryan Sneed

ISBN: 978-1-118-43199-3

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war-ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. [Insert any third-party trademark language.] All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

(4)

(5)

Lab 1.9: Setting Router Banners 57 Lab 1.10: Configuring Interfaces for the 2621 Router 59 Lab Steps 60 Lab 1.11: Configuring Interfaces for the 2811 Router 62 Lab Steps 64 Lab 1.12: Configuring Interfaces for the 3560 Switch 66 Lab Steps 68 Lab 1.13: Bringing Up an Interface 69 Lab Steps 70 Lab 1.14: Configuring an IP Address on an Interface 73 Lab Steps 73 Lab 1.15: Serial Interface Commands 75 Lab Steps 77 Lab 1.16: Setting the Router Hostnames 78 Lab Steps 78 Lab 1.17: Setting Interface Descriptions 79 Lab Steps 80 Lab 1.18: Verifying Your Configuration 81 Lab Steps 82 Lab 1.19: do Command 86 Lab Steps 87

IP Routing 91

Lab 2: Introduction to IP Routing 92 Lab 2.1: Configuring the SDM for the 2811 Router 94 Lab Steps 95 Lab 2.2: Connecting to the SDM using the 2811 Router 98 Lab Steps 99 Lab 2.3: Configuring an Interface with SDM 104 Lab Steps 106 Lab 2.4: Configuring a DHCP Pool with SDM 109 Lab Steps 111 Lab 2.5: Configuring Other Items with SDM 114 Lab Steps 116 Lab 2.6: Verifying Your Configurations with SDM 119 Lab Steps 120 Lab 2.7: Configuring the Routers 121 Lab Steps 122 Lab 2.9: Configuring Static Routing 127 Lab Steps 129 Lab 2.10: Verifying Static Routing 130 Lab Steps 131 Practice Scenario: Basic Cisco Router Operations 134 Lab 2.11: Configuring and Verifying the Hosts 137 Lab Steps 137

(7)

Contents vii

Lab 2.12: Configuring Default Routing 142 Lab Steps 143 Lab 2.13: Verifying Default Routing 145 Practice Scenario: Basic Cisco Router Operations 147 Lab 2.14: Configuring RIPv2 149 Lab Steps 151 Lab 2.16: Using Traceroute 151 Lab Steps 152 Lab 2.17: Using Debug with a RIPv2 Network 156 Lab Steps 157 Lab 2.18: Configuring and Verifying a Loopback Interface 157 Lab Steps 158 Lab 2.19: Using ARP (Address Resolution Protocol) 161 Lab Steps 162

Managing a Cisco Internetwork 165

Lab 3: Introduction to Managing a Cisco Internetwork 166 Lab 3.1: Password Recovery Techniques 168 Lab Steps 169 Lab 3.11: Configuring IGRP Routing 172 Lab Steps 174 Lab 3.12: Verifying IGRP Routing 177 Lab Steps 178 Lab 3.2: Backing Up the Cisco IOS 179 Lab Steps 180 Lab 3.3: Restoring or Upgrading the Cisco Router IOS 181 Lab Steps 182 Lab 3.4: Backing Up the Cisco Configuration 182 Lab Steps 183 Lab 3.5: Restoring the Cisco Router Configuration from

a TFTP Server 185 Lab Steps 185 Lab 3.6: Using the Cisco Discovery Protocol to Gather

Information about Neighbor Devices 186 Lab Steps 187 Lab 3.7: Using Telnet 191 Lab Steps 192 Lab 3.8: Using Secure Shell in Place of Telnet 197 Lab Steps 198 Lab 3.9: Verifying Secure Shell in Place of Telnet 200 Lab Steps 201 Lab 3.10: Creating a Hosts Table on a Router and Resolve Host

Names to IP Addresses 202 Lab Steps 202

(8)

Configuring the Catalyst Switch 205

Lab 4: Introduction to Configuring the Catalyst Switch 206 Lab 4.1: Connecting to the 1900 Switch and Setting Passwords 207 Lab Steps 207 Lab 4.2: Configuring the 1900 Switch 212 Set the Hostname 212 Lab Step 213 Configure the IP Address 213 Configure Interfaces 214 Configure Interface Descriptions 216 View Interface Descriptions 217 Lab 4.3: Configuring the 1900 Switch Port Duplex 218 Lab Steps 219 Lab 4.4: Verifying 1900 Switch IP Connectivity 220 Lab Steps 221 Lab 4.5: Erasing the 1900 Switch Configuration 222 Lab Steps 223 Lab 4.6: Utilizing the 2950 and 2960 Switch 224 Lab 4.7: Setting Passwords on the 2950/2960 Switch 225 Lab Steps 227 Lab 4.8: Configuring the 2950/2960 Switch 229 Set the Hostname 230 Lab Steps 231 Configure the IP Address 231 Configure Interfaces 232 Lab 4.9: Verifying 2950/2960 Switch IP Connectivity 237 Lab 4.10: Saving and Erasing 2950/2960 Switch Configuration 239 Lab Steps 240 Lab 4.11: Utilizing the 3550 and 3560 Switch 241 Lab 4.12: Setting Passwords on the 3550/3560 Switch 241 Lab Steps 242 Lab 4.13: Configuring the 3550/3560 Switch 244 Set the Hostname 245 Lab Steps 246 Configure the IP Address 246 Configure Interfaces 247 Lab 4.14: Verifying 3550/3660 Switch IP Connectivity 253 Lab 4.15: Saving and Erasing the 3550/3560 Switch

Configuration 255

NAT 257

Lab 5: Introduction to Network Address Translation (NAT) 258 Lab 5.1: Configuring Your Routers 259 Setting up the NAT Lab creates an address pool 260 Lab Steps 261

(9)

Contents ix

Switch Security 267

Lab 6.1: Configuring Switch Security 268 Lab 6.2: Verifying Switch Security 271 Lab Steps 272 Individual Labs (Comprehensive) 275 Lab Steps 278 Launching SDM Via Host A 280 Configure IP Address Using SDM 284 Configure DHCP Pool with the SDM 288 Using the SDM to Configure Other Items 292 Verify Router Configurations 295 Individual Lab: Configuring Routers 297 Lab Steps 299 Individual Lab: Configuring the 1900 Switch 303 Lab Steps 304 Setting the Hostname 308 Configuring an IP Address 308 Configuring Interfaces 309 Configuring Interface Descriptions 311 Configuring Port Duplex 312 Grade Me 313 Erasing the Configuration 313 Individual Lab: Configuring 2950 Switch 314 Lab Steps 316 Setting the Hostname 318 Configuring IP Address Information 319 Configuring Interfaces 321 Verifying the IP Connectivity 326 Grade Me 327 Saving and Erasing Your Configurations 327 Individual Lab: Configuring the 2960 Switch 328 Lab Steps 328 Setting the Hostname 331 Configuring IP Address Information 331 Configuring Interfaces 332 Verifying the IP Connectivity 336 Grade Me 337 Saving and Erasing Your Configuration 337 Individual Lab: Static Routing 338 Lab Steps 340 Individual Lab: Telnet 346 Lab Steps 348 Individual Lab: Using the Cisco Discovery Protocol

to Gather Information about Neighbor Devices 356 Lab Steps 358

(10)

Individual Lab: Working with a Router Interface 363 Lab Steps 364 Configuring an IP Address on an Interface 366 Serial Interface 367 Setting An Interface Description 370 Individual Lab: Configuring Hosts 371 Lab Steps 372

ICND2 383

RIP - IPv6 384 Lab 1.1: Configuring RIP Routing 384 Lab Steps 385 Lab 1.2: Verifying RIP Routing 388 Lab Steps 389 Lab 1.3: Configuring IPv6 Static Routing 392 Address Types 392 Unicast Types 393 IPv6 Bits 393 Lab Steps 394 Lab 1.4: Verifying IPv6 Static Routing 397 Lab Steps 398 Practice Scenario: Basic Cisco Router Operations 401 Troubleshooting IPv6 Static Routing 401 (use Practice Scenario: … 401 Troubleshooting Ipv6 … ) 401 Turn On Hostnames 402 Scenario 403

Task 403

Lab 1.5: Configuring RIP IPv6 Routing (RIPng) 404 Lab Steps 404 Lab 1.6: Verifying RIP IPv6 Routing (RIPng) 406 Lab Steps 406

Cisco Wide Area Networks (WAN) 411

Lab 2: Introduction to Cisco Wide Area Network Support 412 Lab 2.1: Configuring PPP Encapsulation 413 Lab Steps 414 Lab 2.2: Verifying PPP Encapsulation 415 Lab Steps 416 Lab 2.3: Configuring PPP Authentication with CHAP 417 Lab Steps 419 Lab 2.4: Verifying PPP with Authentication 419 Lab Steps 420

(11)

Contents xi

Lab 2.5: Understanding Frame Relay Configuration 423 Frame Relay Uses Virtual Circuits 423 Configuring Frame Relay Encapsulation 423 Frame Relay DLCI 423 Frame Relay LMI 424 Subinterfaces with Frame Relay 424 Lab 2.6: Configuring Frame Relay Switching 425 Lab Steps 426 Lab 2.7: Configuring Frame Relay with Subinterfaces 429 Lab Steps 430 Lab 2.8: Verifying Frame Relay 431 Lab Steps 431

EIGRP 435

Lab 3: Introduction to EIGRP 436 Lab 3.1: Configuring EIGRP Routing 436 Lab Steps 437 Lab 3.2: Verifying EIGRP Routing 440 Lab 3.3: Configuring EIGRP Wild Card Masks 445 Lab Steps 445 Lab 3.4: Verifying EIGRP Wild Card Mask Configurations 446 Lab Steps 447 Lab 3.5: Configuring EIGRP Authentication 449 Lab Steps 450 Lab 3.6: Verifying EIGRP Authentication 452 Lab Steps 452 Lab 3.7: Configuring Advanced Commands with EIGRP 456

OSPF 459

Lab 4: Introduction to OSPF 460 Lab 4.1: Configuring Single Area OSPF 460 Lab Steps 462 Lab 4.2: Verifying Single Area OSPF 465 Lab 4.3: OSPF Authentication 468 Lab Steps 469 Lab 4.4: Stub Area Configuration 473 Lab Steps 474 Lab 4.5: Totally Stub 476 Lab Steps 476 Lab 4.6: OSPF DR and BDR Elections 478 Lab Steps 479

(12)

Virtual LANs (VLANs) 483

Lab 5: Introduction to Virtual LANs 484 Lab 5.1: Configuring VLANs on a 1900 Switch 485 Lab Steps 486 Lab 5.3: Configuring VLANs on a 3550 Switch 489 Lab Steps 490 Lab 5.4: Configuring Trunk Ports and VTP Domain on

a 3550 Switch 493 Lab Steps 493 Configure VTP Domain 494 Lab 5.5: Configuring VLANs on a 3560 Switch 495 Lab Steps 496 Lab 5.6: Configuring Trunk Ports and VTP Domain on

a 3550 Switch 498 Configure Trunk Ports 498 Lab Steps 498 Configure VTP Domain 499 Lab 5.7: IntraVLAN and InterVLAN Routing 500 Lab Steps 501

Access Lists 505

Lab 6: Introduction to Managing Traffic with Access Lists 506 Lab 6.1: Standard IP Access-Lists 507 Lab 6.2: Verifying Standard

IP Access-Lists 512 Lab Steps 513 Lab 6.3: Applying an Access-List to a VTY Line 514 Lab Steps 515 Lab 6.4: Extended IP Access-Lists 516 Lab Steps 517 Lab 6.5: Verifying Extended

IP Access-lists 519 Lab Steps 520 Lab 6.6: Removing Extended

IP Access-lists 521 Lab Steps 521 Practice Scenario: NAT and ACLs 522 Configuring ACLs for Telnet and SSH 522 Turn On Hostnames 524 Scenario 524

(13)

Contents xiii

NAT/PAT 525

Lab 7.1: Configuring Dynamic NAT 526 Lab Steps 527 Lab 7.2: Configuring PAT 529 Lab Steps 530 Lab 7.3: NAT/PAT Final Configuration Exercise 531 Lab Steps 532

VLSM with Summarization 537

Lab 8.1: VLSM with Summarization Lab—Configuring

Routers 538

Lab Steps 540 Lab 8.2: VLSM with Summarization

Lab—Configuring Hosts 545 Lab Steps 546 Lab 8.4: VLSM with Summarization

Lab—Configuring EIGRP with Discontiguous Networking 547 Lab Steps 549 Lab 8.5: VLSM with Summarization

Lab—Configuring Summarization 552 Lab Steps 553

Individual Labs (Comprehensive) 555

Introduction to Individual Labs 556

Grading 556

Individual Lab: RIP Routing 557 Lab Steps 559 Verify Configurations 563

RIPv2 566

Verify Configurations 567 Individual Lab: IPv6 Static Routing 568 Lab Steps 571 Verifying IPv6 Static Routing 572 Individual Lab: RIP IPv6 Routing (RIPng) 576 Lab Steps 578 Verifying RIP IPv6 Routing (RIPng) 580 Individual Lab: PPP Encapsulation 582 Lab Steps 585 Verifying PPP Encapsulation 588 Configuring PPP Authentication with CHAP 590 Verifying PPP with Authentication 591 Individual Lab: Frame Relay Switching 594 Understand Frame Relay 596

(14)

Configuring Frame-Relay 598 Lab Steps 598 Configuring Frame Relay with Subinterfaces 599 Verifying Frame Relay 600 Individual Lab: EIGRP Routing 602 Lab Steps 605 Verifying EIGRP 610 Individual Lab: Single Area OSPF 612 Lab Steps 614 Verify OSPF 619 Individual Lab: OSPF DR and BDR Elections 622 Lab Steps 625 Individual Lab: Configuring VLANs 628 Lab Steps 631 Setting Up VLANS 631 Setting Up Trunk Ports 635 Configuring VTP Domain 637 IntraVLAN and InterVLAN Routing 640 Individual Lab: Configuring VLANs on a 1900 Switch 645 Lab Steps 647 Configuring Trunk Ports 650 Configuring Inter-Switch Link (ISL) Routing 651 Grade Me 652 Individual Lab: Standard IP Access-Lists 653 Lab Steps 654 Configuring Hosts E and F 658 Configuring Switches 659 Verifying Standard IP Access-Lists 665 Applying an Access-List to a VTY Line 666 Individual Lab: Extended IP Access-Lists 668 Lab Steps 670 Configuring Hosts E and F 674 Configuring Switches 675 Verifying Extended IP Access-lists 678 Removing Extended IP Access-lists 679 Individual Lab: Network Address Translation (NAT) and

Port Address Translation 680 Setting up the NAT Lab 683 Lab Steps 684 Dynamic NAT 687 Configuring PAT 689 Individual Lab: VLSM with Summarization 691 Lab Steps 694 Configuring Hosts 700

(15)

Contents xv

Verify Configurations 701 Configuring EIGRP with Discontiguous Networking 703 Configuring Summarization 706 Verifying Summarization 707

Net Assessment 709

Lab 1.1: Introduction to Net Assessment 710 For Instructors 710 For Individuals 712 Lab 1.2: Making Changes and Inserting Instructions 712 Lab Steps 713 Lab 1.3: Loading Net Assessment 715 Lab 1.4: Creating a Net Assessment Template 717 Lab Steps 717 Lab 1.5: Net Assessment—Editing Values 722 Lab Steps 722 Lab 1.6: Net Assessment—Creating A Test Network 725 Lab Steps 725 Lab 1.7: Net Assessment—Assessing

A Test Network 726 Lab Steps 726 Lab 1.8: Advanced Values Editing 729 Lab 1.9: Edit Values—Changing A Selected Value 730 Lab 1.10: Edit Values—Randomizing

A Selected Value 732 Lab 1.11: Edit Values—Removing A Selected Value 733 Lab 1.12: Edit Values—Auto-Selecting and Randomizing

Any Value 734 Exceeding the Number of Configurations 735 Lab 1.13: Edit Values—Auto-Selecting and Removing

Any Value 735

Create Your Own Custom Labs 737

Lab 1.1: Creating a Custom Lab 738 Lab Steps 738

(16)

(17)

Introduction to CCNA Virtual Lab,

Titanium Edition 3.0 Labs

This program contains all the labs available for CCNA Virtual Lab, Titanium Edition 3.0.

Navigation

When you load the online documentation, a tree list on the left side of the screen allows you to quickly navigate from one section and lab topic to another. Click on a book to expand the list of labs for that section. You will then see a “?” icon to the left of each topic. Click a topic title to display lab content on the right side of the screen.

(18)

Types of Labs

CCNA Labs and Supporting Material

ICND1 and ICND2 Labs The presentation of CCNA™ labs has been reorganized into two

different areas. Individuals preparing for the Cisco®_{ICND (640-822) exam can easily bring}

up documentation and networks for the 75 labs that help prepare them. Those preparing for the Cisco®_{ICND 2 (640-816) exam can now find these 78 labs and networks organized in}

the same section.

Practice Scenarios Studying for the Cisco®_{CCNA™ exam is challenging. Trying to figure}

out which exam topics to study for is difficult. This program assists you by providing Practice Scenarios. We have designed our practice scenarios based on CCNA™ exam topics. Testing yourself with our practice scenarios will give you the confidence needed in preparing for the Cisco®_{CCNA™ exam. After you go through accumulative and/or Individual labs you can}

test your problem-solving and troubleshooting skills. In the lab documentation we present Practice Scenarios which are interspersed in the lab documentation. With these scenarios you are presented with partially or incorrectly configured networks and your task is to read the instructions and correct the situation. These are gradable labs.

They can be found in two places on our menu tree. They are interspersed among the accu-mulative labs. After you read about a concept and go through hands-on lab(s), you are then presented with a practice scenario that tests your problem-solving and troubleshooting skills. They can also be found in their own section so that you can quickly choose any of the labs, instead of hunting for them in the accumulative labs.

Individual Labs We also offer CCNA™ labs that stand on their own, are comprehensive

and self-contained, and do not require configurations from prior labs. These labs are typically longer than the accumulative labs because you are starting with a non-configured network each time you bring up an Individual lab. You are totally configuring the network for each lab, from beginning to finish. We provide step-by-step instructions for these labs. These are

gradable labs.

Net Assessment This feature allows you to test and evaluate your CCNA™ problem-solving

and trouble shooting network skills. This is a powerful and flexible tool for all to use, includ-ing teachers, students, individuals, etc. You can grade yourself or if you are an instructor, you can grade your students. There are eight labs that walk you through an example in utilizing Net Assessment. Net Assessment also provides you with more sophisticated and powerful methods in altering values. That is covered in seven additional labs.

Accumulative Labs We provide step-by-step labs that, for the most part, build on each

other. Fourteen different network layouts are presented within these labs. When you start working with a new section and encounter a new network layout, you are asked to save your work. It is suggested that you save your network layout with another name so that you always have a non-configured network to fall back on. An example would be saving the original network layout, Standard Layout, as My Standard Layout.

(19)

Introduction xix

Network Layouts

Loading a Network Layout

1. On the Network Visualizer screen, click on the File menu and then click Open.

2. When the dialog box appears, make sure you are in the Networks folder.

3. Find and click on the file name and then click OK.

Custom Labs

With CCNA Virtual Lab, Titanium Edition 3.0, you can create your own labs. You can then make your labs available for others to use. They will appear off the main menu of the Network Visualizer screen. You can also imbed instructions into your labs/network. Use a third-party program to create instructions. This can be a text editor, word proces-sor, HTML editor, spreadsheet program, etc.

(20)

(21)

(22)

Layout

There are three types of network layouts that you can load with this program.

Accumulative Labs In our lab documentation we provide step-by-step labs that, for the

most part, build on each other. Within the accumulative labs there are a handful of different network layouts that you will load. The network layouts are specific to the tasks you will encounter in the labs.

3. Find and click on the file name and then click Open.

Individual Labs We also offer labs that stand on their own, are self-contained, and do not

require configurations from prior labs. These labs are typically larger than the accumula-tive labs because you are starting with a non-configured network each time you bring up an Individual lab. You are totally configuring the network for each lab, from beginning to finish. We provide step-by-step instructions for these labs. Some labs require extensive configurations, Instead of manually entering the configurations, you have the ability to copy

(23)

Lab 1.1: Loading a Network Layout 3

and paste script into the console. This saves you time so that you do not have to manually type in each command if you do not care to do so.

Practice Scenarios Studying for the Cisco®_{CCNA exam is challenging. Trying to figure out}

which exam topics to study for is difficult. We assist you by providing Practice Scenarios. We have designed our practice scenarios based on the CCNA exam topics. Testing yourself with our practice scenarios will give you the confidence needed in preparing for the Cisco®_CCNA

exam. After you go through accumulative and/or Individual labs you can test your problem-solving and troubleshooting skills. In the lab documentation we present Practice Scenarios which are interspersed in the lab documentation. With these scenarios you are presented with partially or incorrectly configured networks and your task is to read the instructions and cor-rect the situation.

They can be found in two places on our menu tree. They are interspersed among the accu-mulative labs. After you read about a concept and go through hands-on lab(s), you are then presented with a practice scenario that tests your problem-solving and troubleshooting skills. They can also be found in their own section so that you can quickly choose any of the labs, instead of hunting for them in the accumulative labs.

(24)

Custom Networks With this program, you can create your own labs. You can then make

your labs available for others to use. You can distribute your custom labs to others so that they show up on their menus. They can be loaded from the Network Visualizer menu.

Lab 1.2: Adding a Device to the Network

Visualizer Screen

This program offers several devices that you can interact with in our network layouts or networks that you want to create. The following is a list of these devices and their features.

Host

1900 Switch It has 12 10BaseT switched ports and two FastEthernet switched ports. 2621 Router It has Enterprise edition 12.x software. The 2621 has two FastEthernet

interfaces and two serial interfaces.

2811 Router It has Enterprise edition 12.4 software, four serial ports and two FastEthernet

ports.

2950 Switch It has 12 FastEthernet, 10/100 ports to help you build your LANs and VLANs. 2960 Switch It has eight FastEthernet ports and one GigabitEthernet port.

3550 Switch It has 10 FastEthernet, 10/100 ports.

(25)

Lab 1.2: Adding a Device to the Network Visualizer Screen 5

These devices are represented by device buttons at the top of the Network Visualizer screen.

Description of Toolbar Buttons

New Network Visualizer screen

Load a network

Save a network

Print network layout

Clear all devices off the Network Visualizer screen

Insert a file into the network. For example, this could be a text file, Microsoft Word file, PDF file, graphic file, etc.

Insert a host onto the Network Visualizer screen

Insert a new 2621 router onto the Network Visualizer screen

Insert a new 2811 router onto the Network Visualizer screen

Insert a new 1900 switch onto the Network Visualizer screen

(26)

Description of Toolbar Buttons

Display the Net Assessment window

Display the Net Configs window

Display the Net Packet Monitor window

To add one or more of any device, click the device button that corresponds to the host, router, or switch. A new object will appear in the left corner of the Network Visualizer screen. Drag and drop it wherever you want. Devices are labeled sequentially. For example, if you click on the 2811 device button, 2811 Router A will appear on the screen. If you click the device button again, 2811 Router B will appear on the screen. The next one would be 2811 Router C, and so on.

There is an unlimited amount of devices that can be added to a Network Visualizer screen. You are only limited by your computer resources. (continued)

(27)

Lab 1.3: Connecting Devices 7

Lab 1.3: Connecting Devices

Once you have placed devices onto the Network Visualizer screen, only a couple steps are required to connect them. They need to be connected so that the program knows they are in the same network. All devices must be connected into the same network for you to both configure and test for connectivity.

In the following example, we will connect serial interface 0/0/0 of the 2811 Router A to serial interface 0/0/1 of 2811 Router B.

Lab Steps

1. Right-mouse click 2811 Router A. A graphical representation of its ports will appear. It will appear on top of 2811 Router A.

(28)

2. Place your mouse over interface serial 0/0/0 and click your left mouse key.

3. As soon as you click a port, the large graphic disappears and you will see a line attached to the cursor. Move the cursor over to 2811 Router B and click the right mouse button.

4. When the graphical representation of the ports for 2811 Router B appears, click on interface serial 0/0/1.

(29)

Lab 1.4: Network Cables 9

The large graphic will disappear and you should see 2811 Router A and 2811 Router B connected with a serial cable. You have the option of viewing interface labels. On the Network Visualizer screen click View and Hostnames.

Lab 1.4: Network Cables

This program provides three different types of cables that can be used when creating networks.

(30)

Straight-Through is GREEN in color in our program and provides connectivity from

hosts to switches and from routers to switches. This is a twisted-pair cable that uses RJ-45 connectors.

Cross-Over is WHITE in color in our program and is used to connect switch to switch

and router to router on an Ethernet port. This cannot be used to connect hosts to switches or switches to routers.

(31)

Lab 1.4: Network Cables 11

Serial WAN is RED in color in our program and is represented by a lightning bolt. This is

used to simulate a serial WAN connection and can only be connected to serial interfaces on a router. These are point-to-point only and can connect from router to router only via their serial ports. They cannot be used to connect to switches or hosts.

WAN connection

A network connection through routers which connects two geographically distanced networks together. It typically connects several local area networks (LANs), usually through the Internet.

(32)

Cable Thickness

You can change the thickness of cables used in your network. On the Network Visualizer menu, click the View menu, put your mouse over the menu item Line Thickness, and then select one of the three levels of line thickness.

(33)

Lab 1.5: Disconnecting Devices 13

Here is a network that displays the largest thickness of cables.

Lab 1.5: Disconnecting Devices

Any network cable can be disconnected. If you want to remove several cables from a device, you will need to do so, one by one. In the following example, we will disconnect the serial cable between 2811 Router A and 2811 Router B.

Lab Steps

(34)

2. Place your cursor above the cable connector for interface serial 0/0/0 and click your left mouse button.

3. You will be asked to confirm you removing the cable from the port. Click the Yes button.

(35)

Lab 1.6: Entering Configurations and Changing Console Screens 15

Lab 1.6: Entering Configurations and

Changing Console Screens

Configurations are entered through a console screen. Only one console screen displays at a time, however, you can display a separate console screen for any router or switch in your network.

1. Place a couple 2811 routers onto a Network Visualizer screen.

2. Place your cursor over 2811 Router A and double-click you left mouse button. A con-sole screen will appear.

(36)

3. When you first start out with a network you will need to press Enter to display the

User mode. From there you can change modes and enter configurations, ping, telnet,

and perform show commands.

4. Type enable and press Enter to go to the Privileged mode.

5. Type config t and press Enter so that you can enter Global Configuration mode. You will enter your configurations in this mode and in other modes such as Interface mode.

Changing Console Screens

You can use the menu system on the console screen to view the consoles for any device on the Network Visualizer screen. In the following example we have a 3550 and 3560 switch on the Network Visualizer screen.

(37)

Lab 1.7: Clearing A Network Visualizer Screen 17

In this example you want to go from the console of the 3550 Switch A, to the console of the 3560 Switch A. Click View on the menu, put your mouse over Console, go down and find the desired type of device (in this case it is Switch 3560), and then choose 3560 Switch A.

Lab 1.7: Clearing A Network

Visualizer Screen

There are two ways to clear a Network Visualizer screen.

N

(38)

N

N You can also click the trash can icon on the tool bar.

You will be asked to confirm that you want to clear the current network layout.

Lab 1.8: Network Configurations Window

You can view the configurations for all devices on your Network Visualizer screen. To view the Network Configs screen, click the Tools menu, and then Net Configs.

(39)

Lab 1.8: Network Configurations Window 19

(40)

(41)

Lab 1.9: Preferences 21

Password Lookups

You may forget passwords that you enter while configuring devices. You can look them up by clicking the Net Configs button.

You can display the console screen for any device listed in the Net Configs window. Double-click on the name of any device.

Lab 1.9: Preferences

There are two preferences that you can set for the look and feel of this program.

N Background color of the Network Visualizer screen N

(42)

The Preferences window can be displayed by clicking Tools on the Network Visualizer screen, then Preferences.

Background Color

You can easily change the background of your Network Visualizer screen. Eighteen basic colors are available in choosing the background color. If you click the Default button, your screen will display a dark Navy blue.

(43)

Lab 1.9: Preferences 23

Other colors

(44)

(45)

(46)

Cisco Devices

In this program you now have the option of also using traditional Cisco®_{graphical devices.}

You can create networks from scratch using several types of devices, however, you cannot mix them. The program will display all RouterSim devices or all Cisco®_{graphical devices.}

You can load existing network layouts and easily change their appearance.

Lab Steps

1. On the Network Visualizer menu click View and then select Cisco Devices from the drop down menu.

(47)

Lab 1.1 RouterSim and Cisco Devices 27

Network Layout

Load CiscoIOS Layout.rsm before going through the following lab.

3. Click on the file CiscoIOS Layout.rsm and click Open. You should see the following non-configured network:

By default you will see Routersim devices on any network layout that comes with this program.

(48)

The network shown at the top of lab quickly changes and Cisco®_{devices are displayed.}

If you display the device list, it will now display Cisco®_devices.

2. You can change back and display RouterSim devices. On the Network Visualizer menu click View and then select RouterSim Devices from the drop down menu.

(49)

Lab 1.2: Logging In and Out of a Cisco Router 29

Lab 1.2: Logging In and Out of a

Cisco Router

In this lab you bring up a router console and learn how to log in using the enable and

(50)

Lab Steps

1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen. You interact with each device through the console screen. You will enter all your CLI commands such as configuring a device, testing connectivity, and displaying output.

Network Layout

Load the network layout you have been working with for labs in section 1.

Connectivity

When testing for connectivity in a network, it refers to the ability of a source device such as a router to connect to a remote device, or another router. If you ping a remote router and it is unsuccessful, you have no connectivity. If your ping is successful, you have connectivity.

(51)

Lab 1.2: Logging In and Out of a Cisco Router 31

Output

Information that is displayed on the console screen after you enter a show command. For example, if you enter the command show run, you get the following output: Building configuration...

Current configuration : 874 bytes !

version 12.4

service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption !

hostname Router !

(52)

2. Press Enter and the Router> prompt will appear. You are now in the User mode. This mode is mostly used to view statistics, though it is also a stepping-stone to logging into Privileged mode. You can only view and change the configuration of a Cisco router in Privileged mode, which you enter with the enable command.

Router> Router>enable Router#

3. You now end up with a Router# prompt, which indicates you are in Privileged mode. You can both view and change the configuration in Privileged mode. You can go back from Privileged mode to user mode by using the disable command.

Router#disable Router>

4. At this point you can type logout to exit the console.

Router>logout

Router con0 is now available Press Return to get started.

5. Or you could just type logout or exit from the Privileged mode prompt to log out.

Router>enable Router#logout

Router con0 is now available Press RETURN to get started.

Lab 1.3: Overview of Router Modes

It is important to understand the different prompts you can find when configuring a router so you can know where you are at any time within Configuration mode. In this lab, the prompts that are used on a Cisco router will be demonstrated. Always check your prompts before making any changes to a router’s configuration.

(53)

Lab 1.3: Overview of Router Modes 33

Router Modes

Depending on what you want to do, you can go to different mode levels interacting with interfaces and devices. Most commands are mode specific. That means that many com-mands work in one mode but not another. That is why you have to change modes, depend-ing on what command you want to enter. However, with the do command you can now enter privileged mode commands in Global Configuration mode. This works on the 2811 router (IOS version 12.4) and the 2960 and 3560 switch (IOS version 12.2 SE). The follow-ing chart displays the different modes you will encounter.

Network Layout

(54)

Mode Prompt Typical Use

User Router> Usually the first login prompt when logged

in to a Cisco router.

Minimal, fundamental set of non configu-ration commands in this mode.

Only basic router information is given in this mode. Show commands can be given which will result in output displayed in the console screen. Only information about the device is given.

Privileged Router# This mode is accessed by using the enable

command from user mode.

You can quit privilege mode by using the

disable command.

Can be and should be protected by an

enable or enable secret password. All router functionality can be accessed from this level.

Ping interfaces. Telnet to devices.

Show commands that display routing information, interface protocols, and the systems entire running configuration. Global Configuration Router(config#) Configure or make changes that affect the

entire router.

Change your device host name. Change passwords.

Set up access lists.

Interface Router(config-if#) Allows you to configure specific interfaces. Routing-Configuration Router(config-router) Allows you to configure the routing

protocol.

Lab Steps

1. On the Network Visualizer screen, double-click on 2811 Router A. This will bring up a console screen.

(55)

Lab 1.3: Overview of Router Modes 35

3. Change to the Privileged mode.

Router> Router>enable

4. To configure a device from the CLI, you can make global changes to the router by typ-ing configure terminal (config t for short), which puts you in Global Configuration mode and changes what is known as the running-config. You can type config from the Privileged mode prompt and then just press Enter to take the default of terminal.

Router#config

Configuring from terminal, memory, or network [terminal]?enter Enter configuration commands, one per line. End with CTRL/Z. Router(config)#

At this point you make changes that affect the router as a whole, hence the term

Global Configuration mode. Notice the prompt is now Router(config)#.

5. To make changes to an interface, you use the interface command from Global

Con-figuration mode.

Router(config)#interface ?

Async Async interface

BRI ISDN Basic Rate Interface BVI Bridge-Group Virtual Interface CTunnel CTunnel interface

Dialer Dialer interface FastEthernet FastEthernet IEEE 802.3 Group-Async Async Group interface Lex Lex interface

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface Multilink Multilink-group interface

Null Null interface Tunnel Tunnel interface

Vif PGM Multicast Host interface Virtual-Template Virtual Template interface Virtual-TokenRing Virtual TokenRing

range interface range command Router(config)#interface fastethernet 0/0 Router(config-if)#

Notice the prompt changed to Router(config-if)# to tell you that you are in interface configuration.

(56)

6. Sub interfaces allow you to create virtual interfaces within the router. The prompt then changes to Router(config-subif)#.

Router(config)#int f0/0.?

<0-4294967295> FastEthernet interface number Router(config)#int f0/0.1

Router(config-subif)#

Type exit to go back to Global Configuration mode.

Router(config-subif)#exit Router(config)#

7. To configure User mode passwords, use the line command. The prompt then becomes Router(config-line)#.

Enter configuration commands, one per line. End with CTRL/Z.

Router(config)#line ?

<0-70> First Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal Router(config)#line console 0 Router(config-line)#

The line console 0 command is known as a major, or global, command, and any command typed from the (config-line) prompt is known as a subcommand.

8. Type exit to go back to Global Configuration mode.

Router(config-line)#exit Router(config)#

9. The line vty 0 1180 command is used to control inbound telnet connections. This is part of a series of commands that you use to set passwords for interfaces so that you can set up interface security and telnet from one device to another.

Router(config)#line vty 0 1180 Router(config-line)#

10. Type exit to go back to Global Configuration mode.

Router(config-line)#exit Router(config)#

11. To configure routing protocols like RIP, use the prompt (config-router)#.

Router(config)#router rip Router(config-router)#

(57)

Lab 1.4: Editing and Help Features 37

It is not important that you understand what each of these commands do at this time. These will all be explained later in greater detail. What you need to understand is the different prompts available. This program sup-ports the line console and line vty commands.

12. Type control+z to go back to Global Configuration mode. Control+z is noted as ctrl+z.

Router(config-router)#ctrl+z Router#

Lab 1.4: Editing and Help Features

You can use the Cisco®_{advanced editing features to help you configure your router or}

switch. This lab will teach you how and where to use a question mark (?) from the CLI as well as how to use keystrokes to help you edit your command strings.

Network Layout

(58)

Lab Steps

2. Press enter and the Router> prompt will appear. You are now in the User mode.

3. Change to the Privileged mode.

4. By using a question mark (?) at any prompt, you can see the list of commands available from that prompt.

Router#? Exec commands:

access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files

bfe For manual emergency modes setting cd Change current directory

clear Reset functions

clock Manage the system clock cns CNS subsystem

configure Enter configuration mode connect Open a terminal connection copy Copy from one file to another

debug Debugging functions (see also 'undebug') delete Delete a file

dir List files on a filesystem disable Turn off privileged commands

disconnect Disconnect an existing network connection enable Turn on privileged commands

erase Erase a filesystem exit Exit from the EXEC

help Description of the interactive help system

--More--At this point, you can press the spacebar to get another page of information, or you can press Enter to go one command at a time. You can also press any other key to quit and Enter to return to the prompt.

(59)

Lab 1.5 Using Shortcut Commands and Tab Completion 39

5. To find commands that start with a certain letter, use the letter and the question mark (?) with no space between them.

Router#c? clear clock cns configure connect copy cd Router#c

Notice that by typing “c?”, we receive a response of all the commands that start with “c”. Also notice that the Router# prompt appeared with our command still present. This is helpful when you have long commands and need the next possible command.

Supported Commands in CCNA Virtual Lab, Titanium Edition 3.0

Commands supported in this program were specifically chosen to represent the most important commands needed in configuring networks and in preparing for the CCNA exam. When you enter a help command such as ?, you will see a complete list of IOS commands. However, not all are available and supported in this program.

To view supported commands for CCNA Virtual Lab, Titanium Edition 3.0:

1. Bring up a console screen.

2. Click the View menu.

(60)

6. To find the next command in a string, type the first command and then a question mark. Set the router’s clock by typing clock ? and following the help screens; set the router’s time and date.

Router#clock ?

set Set the time and date Router#clock set ?

hh:mm:ss Current Time Router#clock set 10:30:10 ? <1-31> Day of the month MONTH Month of the year Router#clock set 10:30:10 28 ? MONTH Month of the year

Router#clock set 10:30:10 28 december ? <1993-2035> Year

Router#clock set 10:30:10 28 december 2007 ? <cr>

Router#

By typing the clock command, then a space and a question mark, you will get a list of the next possible commands and what they do. Notice that we just kept typing a command, a space, and then a question mark until < cr> (carriage return) was our only option.

7. Type show clock to see the time and date you have set.

8. If you are typing commands and receive this:

Router#clock set 10:30:10 % Incomplete command.

Then you know that the command string is not complete. Just press the up arrow key to view the last command entered, then continue with the command by using your question mark.

9. Also, if you receive this error:

Router#clock shut 10:30:10 28 8 ^

% Invalid input detected at '^' marker.

You have entered the command incorrectly. The caret (^) marks the point where you have entered the command incorrectly. This is very helpful.

10. You may receive an error when you type in a command that the program cannot match with any known command. For example,

Router#sh s

(61)

It means you did not enter all the keywords or values required by this command. Use the question mark to find the command you need.

Router#sh s? scp sessions slm smas smf snapshot snmp spanning-tree stacks standby startup-config subscriber-polocy subsys

11. Type show access-list 10. Don’t press Enter.

12. Notice the cursor is at the end of the line. Type Ctrl+ A. This takes you to the begin-ning of the line.

13. Type Ctrl+ E. This should take you back to the end of the line.

14. Type Ctrl+ A, then type Control+ F. This should move you forward one character.

15. Type Ctrl + B, which will move you back one character.

16. Press Enter, then type Ctrl + P. This will repeat the last command.

17. Press the up arrow on your keyboard. This will also repeat the last command.

18. Use the show history command to see the last 10 commands entered on the router.

Router#sh history

19. Use the show terminal command to verify the terminal history size.

Router#sh terminal

20. The terminal history size command, used from Privileged mode, can change the size of the history buffer.

Router#terminal history size ? <0-256> Size of history buffer Router#terminal history size 25

(62)

21. Verify the change with the show terminal command.

Router#sh terminal

22. Type terminal no editing . This turns off advanced editing. Repeat steps 9-13 to see that the shortcut editing keys have no effect.

23. Type terminal editing and press Enter to re-enable advanced editing.

24. Type sh run, then press your tab key. This will finish typing the command for you.

Editing Command Table

The following table displays the editing commands:

Command Description

? Gives you a help screen

<ctrl A> Moves your cursor to the beginning of the line <ctrl D> Deletes a single character

<ctrl E> Moves your cursor to the end of the line

<ctrl F> Moves forward one character

<ctrl-R> Redisplays a line

<ctrl-U> Erases a line

<ctrl-W> Erases a word

<ctrl-Z> Ends configuration mode and returns to EXEC

<esc B> Moves back one word

<esc F> Moves forward one word

backspace Deletes a single character

(63)

Lab 1.5: Using Shortcut Commands

and Tab Completion in Gathering Basic

Router Information

In this lab you will learn about shortcut commands and the tab completion function. You will use these concepts and commands used to gather basic information about a Cisco router.

Network Layout

(64)

Lab Steps

2. Press Enter and the Router> prompt will appear. You are now in the user mode.

3. Change to the privileged mode.

Router> Router>en

Shortcut Commands

Most Cisco IOS commands do not have to be completely spelled out. To facilitate being able to more quickly enter commands, you only have to enter part of a command, plus, each word in a command can be abbreviated. For example the command enable can be shortened to en. Another example is the command show running-configurations. You can abbreviate that and just type in sh run. A final example is when you have the com-mand show interfaces. You only need to type in sh int. The router or switch knows what you mean and correctly interprets and carries out that command.

You do need to type in enough letters for each word in a command for the router or switch to correctly understand and interpret what you are trying to do. If you do not, you will receive feedback that one or more of your words are ambiguous. The reason for that is that letters in one or more of the words in your command can be used to spell out different words. In that case the device does not know what you want to do; there are too many possibilities.

For example, type the following: Router>#s ver

I get 2811A#s ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(9) T1, RELEASE SOFTWARE (fc2)

Router>A#s v

% Ambiguous command: “show v”

(65)

Lab 1.5: Using Shortcut Commands and Tab Completion 45

Enter the following command: Router>#s v?

vc-group version vlan-range vlan-switch vlans voice voip vpdn

vrrp vsp vtemplate vtp

In this case “v” could be the first letter in 12 different words.

On a real 2800 device you would get the output with 12 different words. This program does not have 12 different words; therefore, your output will be different.

Try this: 2811A#s v? Version Router>#s ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(9) T1, RELEASE SOFTWARE (fc2)

The 2811 A router recognized “s” to mean “show” but it did not recognize “v”. Enter the following command:

Router>#s v?

% incomplete command Try this:

2811A#s ve?

Now you only have one word, so, the command s ve will work, along with sh ver,

(66)

4. The command show version will provide basic configuration for the system hardware as well as the software version, the names and sources of configuration files, and the boot images.

Router#sh ver [press the tab key] Router#sh version

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1)

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Router uptime is 4 weeks, 6 days, 18 hours, 29 minutes

System returned to ROM by power-on

System image file is "flash:c2800nm-advipservicesk9-mz.124-12.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to [email protected].

Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory. Processor board ID FTX1048A54G

2 FastEthernet interfaces 4 Serial(sync/async) interfaces

DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 62720K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102

Router#

The version number can be found on the first line of ouput ...

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(12), RELEASE SOFTWARE (fc1).

(67)

Lab 1.5: Using Shortcut Commands and Tab Completion 47

The show version command gives you how long the router has been running, how it was restarted, the IOS filename running, the model hardware and processor versions, and the amount of DRAM. Also, the configuration register value is listed last. The above router has 256 megabytes of RAM and 64 megabytes of Flash.

5. You can view the router files by typing the command show running-config or show startup-config from privileged mode. The shrun command, which is the shortcut for

show running-config, tells us that we are viewing the current configuration.

Router#sh run

Building configuration...

version 12.4

service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption !

hostname Router [cut]

6. The sh start command, which is the shortcut for the show startup-config com-mand, shows us the configuration that will be used the next time the router is reloaded and also shows us the amount of NVRAM used to store the startup-config file.

Router#sh start

version 12.4

service timestamps debug datetime msec

Tab Completion Function

Most of the time you will use shortcut commands to configure devices because they are quick and convenient. However, if for any reason you want to enter all the words in a command, there is an alternative to manually entering every character. You can use the Tab Completion function to spell out any word. Just type part of the word and then press your tab key. It will complete the word. As shown in the earlier command in this lab you can type “sh ver” and press the tab key. The word “version” will be spelled out.

(68)

service timestamps log datetime msec no service password-encryption !

hostname Router [cut]

7. You can delete the startup-config file by using the command erase startup-config. Once you perform this command, you will receive an error if you try to view the startup-config file.

Router#erase startup-config

Erasing the nvram file system will remove all configuration files! Continue? [confirm] (press Enter)

[OK]

Erase of nvram: complete Router#

00:13:30: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of ... [cut]

8. Verify that you have erased the startup configuration.

Router#sh start

startup-config is not present Router#

Lab 1.6: Setting Passwords

There are five passwords used to secure Cisco routers.

N

N The first two passwords discussed in this lab are used to set your enable password,

which is used to secure privileged mode. This will prompt a user for a password when the enable command is used.

N

N The other three are used to configure a password when user mode is accessed either

(69)

Lab 1.6: Setting Passwords 49

Lab Steps

2. Press Enter and the Router> prompt will appear. You are now in the user mode.

3. Change to the privileged mode.

4. Set the two enable passwords on your router. You set the enable passwords from

Global Configuration mode. Router(config)#enable ?

last-resort Define enable action if no TACACS servers respond

Network Layout

(70)

password Assign the privileged level password secret Assign the privileged level secret use-tacacs Use TACACS to check enable passwords

The enable secret and enable password commands are the only enable passwords that are supported in our program at this time.

Router(config)#enable secret todd Router(config)#enable password cisco

Since the enable secret supercedes the enable password, don’t bother to use the enable password since it will never be used if the enable secret is set.

5. Set your user mode passwords by using the line command.

Router(config)#line ?

<0-1502> First Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems x/y/z Slot/Subslot/Port for Modems

N

N Router(config)#line Aux is used to set the user-mode password for the auxiliary

port. This is typically used for configuring a modem on the router but can be used as a console as well.

N

N Console is used to set a console user-mode password. N

N Vty is used to set a Telnet password on the router. If the password is not set, then

Telnet cannot be used by default.

N

N This program does not support the tty and x/y and x/y/y modem line commands.

To configure the user mode passwords, you configure the line you want and use either the login or no login command to tell the router to prompt for authentication.

6. Set the auxiliary password on your router. To configure the auxiliary password, go to global configuration mode and type line aux?. Notice that you only get a choice of 0–0 because there is only one port.

Router#config t

Enter configuration commands, one per line. End with CTRL/Z. Router(config)#line aux ?

<0-0> First Line number Router(config)#line aux 0

(71)

Lab 1.6: Setting Passwords 51

Router(config-line)#login

% Login disabled on line 65, until 'password' is set Router(config-line)#password todd

It is important to remember the login command, or the auxiliary port won’t prompt for authentication. However, in the newer IOS that we are now running, the login command cannot be set until you set a password. The reason they added this feature is because if you set the login command and not a password, you are locked out from that line.

7. Set your console password on your router. To set the console password, use the line

console 0 command. However, notice that when we tried to type line console 0 ? from the aux line configuration, we got an error. You can still type line console 0 and it will accept it; however, the help screens do not work from that prompt. Type Exit to get back one level if you want to use the help option.

Router(config-line)#line console ? % Unrecognized command

Router(config-line)#exit Router(config)#line console ? <0-0> First Line number Router(config)#line console 0 Router(config-line)#login

% Login disabled on line 0, until 'password' is set Router(config-line)#password todd1

Since there is only one console port, we can only choose line console 0. The new login

feature works on the console line too.

8. Set the optional console port commands on your router. There are a few other impor-tant commands to know for the console port.

The exec-timeout 0 0 command sets the timeout for the console EXEC session to zero, or to never time out. To have fun with your friends at work, set it to 0 1, which makes the console time out in 1 second! The way to fix that is to continually press the down arrow key while changing the timeout time with your free hand.

Logging synchronous is a nice command, and I think it should be a default command, but it is not. What this command provides is to stop console messages from popping up and disrupting input you are trying to type. This command makes reading your input messages much easier.

Here is an example of how to configure both commands:

Router(config)#line con 0

Router(config-line)#exec-timeout ? <0-35791> Timeout in minutes

(72)

Router(config-line)#exec-timeout 0 ? <0-2147483> Timeout in seconds <cr>

Router(config-line)#exec-timeout 0 0 Router(config-line)#logging synchronous

9. Set your Telnet password on your router. To set the user-mode password for Telnet access into the router, use the line vty command.

Router(config)#line vty 0 ? <1-4> Last Line number <cr>

Router(config)#line vty 0 1180 Router(config-line)#password todd2

Notice we did not use the login command with this line configuration. The login com-mand is set by default on the VTY lines, which stops anyone telneting into the router until you set a password.

If you try to telnet into a router that does not have a VTY password set, you will receive an error stating that the connection is refused because the password is not set. You can tell the router to allow Telnet connections without a password by using the no login command.

By setting this next command, you will not be prompted for password when telneting into the router. This is not recommended, but this is how you would do that:

Router(config-line)#line vty 0 4 Router(config-line)#no login Router(config-line)#ctrl+z Router#

After your routers are configured with an IP address, you can use the Telnet program to configure and check your routers. You can use the Telnet program by typing telnet from any command prompt (DOS or Cisco).

Lab 1.7: Encrypting Your Passwords

Only the enable secret password is encrypted by default. You need to manually configure the user mode and enable passwords.

(73)

Lab 1.7: Encrypting Your Passwords 53

Lab Steps

2. Press Enter and the Router> prompt will appear. You are now in the user mode. Change to the privileged mode.

3. Notice that you can see all the passwords except the enable secret when performing a show running-config command on a router.

Router#sh run

Network Layout