Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written)
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
2
Contents
14. Spanning tree behavior - mode , priority value, root bridge ---------------------------------- 59
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
3
APPENDIX
SUBNETTING AND OSI LAYER
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
4
Cisco routers have different configuration modes based on the model. Mainly two modes :
From privileged Mode we enter into the Global Configuration mode with "config ternminal" command.
To be access either User Exec or Privileged mode a password is needed if we set password. From Global
Configuration Mode (password is not needed here) we can configure interfaces, routing protocols,
access lists and many more.
Some of the specific configuration modes can be entered from Global Configuration Mode and other
from Privileged mode:
User Exec Mode ( ">" prompt) : It is used to get statistics from router, see which version IOS you're
running, check memory resources and a few more things.
Privileged Mode ( "#" prompt): Here you can enable or disable interfaces on the router, get more
detailed information on the router, for example, view the running configuration of the router, copy the
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
5
configuration, load a new configuration to the router, backup or delete the configuration, backup or
delete the IOS and a lot more.
Global Configuration Mode ("config# " prompt): It is accessible via Privileged Mode. In this mode we
can configure each interface individually, setup banners and passwords, enable secrets (encrypted
passwords), enable and configure routing protocols and a lot more. Every time we want to configure or
change something on the router, we will need to be in this mode.
Examples :
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
6
================================================================================
Objective:
hostname
login banner
enable password for accessing privilege mode
assign console password to prevent console login
assign IP for vlan 1 (Management VLAN)
configure virtual terminal for telnet session
set default gateway for the switch
hostname
login banner
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
7
5. Verification
Configuration of a switch:
1. First check the startup-config and running-config ..if there any configuration is exist
When you type a command in the global configuration mode it is stored in the running configuration. A
running configuration resides in a device’s RAM, so if a device loses power, all configured commands
will be lost.
So you need to copy your current configuration into a startup configuration. A startup configuration is
stored in the NVRAM of a device, Now all configurations are saved even if the device loses power.
or
Switch#show startup-config
startup-config is not present
Switch#show running-config
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname DU
DU(config)#
Enable password will restrict one's access to privilege mode which is like a root user's password. We can
set it in two ways : enable password / enable secret command.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
8
enable secret password provides encryption automatically using MD5 hash algorithm.
The enable password password does not encrypt the password and can be view in clear text in the
running-config. In order to encrypt the enable password password , use the service password-
encryption command. Actually, the enable secret password command provides stronger encryption
than the service password-encryption command.
A login banner is displayed whenever someone connects to the router by telnet or console connections
5. Console Password
We can protect console port of Cisco devices using console port password.
DU(config)#line console 0
DU(config-line)#password ashish123
DU(config-line)#login
DU(config-line)#exit
DU(config)#
Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices.
The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a
function of software - there is no hardware associated with them. They appear in the configuration as
line vty 0 4.
DU#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DU(config)#line vty 0 4
DU(config-line)#password ashish@123#
DU(config-line)#login
DU(config-line)#exit
DU(config)#
By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain
user traffic.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
9
By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet,
SNMP, and syslog.
DU(config)#interface vlan 1
DU(config-if)#ip address 192.168.10.10 255.255.255.0
DU(config-if)#no shutdown
DU(config-if)#exit
DU(config)#
The switch should be configured with a default gateway if the switch will be managed remotely from
networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on
the same management VLAN network to which the switch connects. The switch will forward IP packets
with destination IP addresses outside the local network to the default gateway.
----------------------------------------------------------------------------------------------------------------------------
Switch#show startup-config
startup-config is not present
Switch#show running-config
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname BUET
BUET(config)#
5. Console password
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
10
BUET(config)#line console 0
BUET(config-line)#password ashish123
BUET(config-line)#login
BUET(config-line)#exit
BUET(config)#
6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely
BUET(config)#line vty 0 4
BUET(config-line)#password ashish@123#
BUET(config-line)#login
BUET(config-line)#exit
BUET(config)#
BUET(config)#
By default, all interfaces on a Cisco router are “Administratively Down”. To bring an interface up, issue
the no shutdown command.
BUET(config-if)#no shutdown
BUET(config-if)#exit
BUET(config)#
8. Save Configuration
BUET#write memory
Building configuration...
[OK]
BUET#
DU#write memory
Building configuration...
[OK]
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
11
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
12
C:\>ping 192.168.10.2
C:\>ping 192.168.10.3
C:\>ping 192.168.10.1
C:\>telnet 192.168.10.1
Password:
Password:
BUET>
C:\>telnet 192.168.10.10
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
13
Password:
DU>
N.B. if the switch is L3 you can assign IP address to its interfaces as follows:
DU(config-if)# no switchport
DU(config-if)# no shutdown
DU(config)# ip routing
===============================================================================
Telnet was designed to work within a private network and not across a public network where
threats can appear. Because of this, all the data is transmitted in plain text, including
passwords. This is a major security issue and the developers of SSH used encryptions to make
it harder for other people to sniff the password and other relevant information.
Secure Shell (SSH) is a protocol which provides a secure remote access connection to network
devices. Communication between the client and server is encrypted in SSH. To do this, it uses
a RSA public/private keypair.
There are two versions: version 1 and 2. Version 2 is more secure and commonly used.
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
14
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.10.10 255.255.255.0
Switch(config-if)#no shutdown
The name of the RSA keypair will be the hostname and domain name of the router.
Switch(config)#hostname ASHISH-SW
ASHISH-SW(config)#ip domain-name ashish.com
Key sizes of 1024 or smaller should be avoided. Larger key sizes take longer time to calculate
and enhance more security
ASHISH-SW(config)#line vty 0 4
ASHISH-SW(config-line)#transport input ssh
ASHISH-SW(config-line)#login local
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
15
ASHISH-SW(config)#line console 0
ASHISH-SW(config-line)#logging synchronous
ASHISH-SW(config-line)#login local
Router>en
Router#conf t
Router(config)#hostname Venus
Venus(config)#interface fastEthernet 0/0
Venus(config-if)#ip address 192.168.10.1 255.255.255.0
Venus(config-if)#no shutdown
Venus(config-if)#exit
Venus(config)#ip domain-name cisco.com
Venus(config)#username ashish privilege 15 password cisco123
Venus(config)#crypto key generate rsa
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
16
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
Venus(config)#
*Mar 1 0:34:31.790: %SSH-5-ENABLED: SSH 1.99 has been enabled
Venus(config)#ip ssh version 2
Venus(config)#enable secret cisco
Venus(config)#line console 0
Venus(config-line)#logging synchronous
Venus(config-line)#login local
Venus(config-line)#exit
Venus(config)#line vty 0 4
Venus(config-line)#transport input ssh
Venus(config-line)#login local
Venus#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Venus#
Key Note:
----------------------------------------------------------------------------
"logging synchronous" prevents every logging output from immediately interrupting your console
session.
Say for example when you tried to telnet your Router or switch you will see lot of log messages before
you logged in with username and password.
---------------------------------------------------------------------------------------------------------------------------------
RSA is algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric
cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public
key cryptography, because one of them can be given to everyone.
============================================================================
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved
CCNA Routing & Switching v3 LAB Guide
17
ASHISH HALDER
UNIVERSITY OF DHAKA
EMAIL -glakh2010@gmail.com
skype: ashish.halder31
Ashish Halder (CCNA RnS, CCNP RnS, CCNA Sec, CCNP Sec, CCIE Sec-written), All rights are reserved