Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Interconnecting Cisco
Networking Devices
Part 1
Version 1.0
Lab Guide
ii Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Job Aids 86
Task 1: Remove Any Residual Configuration from Your Router 86
Task 2: Reload the Router and Observe the Startup Output 87
Lab 4-6: Performing Initial Router Configuration 90
Activity Objective 90
Visual Objective 90
Required Resources 90
Command List 90
Job Aids 91
Task 1: Enter the Initial Configuration Using the setup Command 91
Task 2: Validate the Router Configuration 95
Lab 4-7: Enhancing the Security of Initial Router Configuration 96
Activity Objective 96
Visual Objective 96
Required Resources 96
Command List 97
Job Aids 98
Task 1: Add Password Protection to Console Port 98
Task 2: Activate Password Encryption Service 100
Task 3: Apply a Login Banner 101
Task 4: Enable SSH Protocol for Remote Management 102
Lab 4-8: Using Cisco SDM to Configure DHCP Server Function 105
Activity Objective 105
Visual Objective 105
Required Resources 105
Command List 106
Job Aids 106
Task 1: Configuring the Router to Support Web-Based Applications, a User with Privilege 15,
and Telnet and SSH 107
Task 2: Use Cisco SDM to Configure a DHCP Pool 108
Task 2: Using Tools to Correlate Network Information 112
Lab 4-9: Managing Remote Access Sessions 114
Activity Objective 114
Visual Objective 114
Required Resources 114
Command List 114
Job Aids 115
Task 1: Improve the Usability of the Router CLI 115
Task 2: Connect to Your Remote Workgroup via VPN Tunnel 117
Task 3: Using the Cisco IOS CLI Commands to Control Telnet and SSH Sessions 118
Lab 5-1: Connecting to the Internet 123
Activity Objective 123
Visual Objective 123
Required Resources 123
Command List 124
Job Aids 124
Task 1: Use Cisco SDM to Configure the Ethernet Connection to the Internet 124
Task 2: Use the CLI to Verify and Observe the Operation of PAT on Your Workgroup Router 130
Lab 5-2: Connecting to the Main Office 133
Activity Objective 133
Visual Objective 133
Required Resources 133
Command List 134
Job Aids 134
Task 1: Configure Your Workgroup Router Serial 0/0/0 135
Task 2: Test Connectivity to Your Assigned Remote Network 136
Task 3: Add a Static Route Entry for Your Remote Network 137
© 2007 Cisco Systems, Inc. Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 iii
Lab 5-3: Enabling Dynamic Routing to the Main Office 139
Activity Objective 139
Visual Objective 139
Required Resources 139
Command List 140
Job Aids 140
Task 1: Configure RIP Routing Protocol on Your Workgroup Router 140
Task 2: Replace the Existing Static Route and Test Connectivity 142
Lab 6-1: Using Cisco Discovery Protocol 144
Activity Objective 144
Visual Objective 144
Required Resources 144
Command List 145
Job Aids 145
Task 1: Use and Control Cisco Discovery Protocol on Your Workgroup Router 145
Task 2: Use and Control Cisco Discovery Protocol on Your Workgroup Switch 148
Lab 6-2: Managing Router Startup Options 150
Activity Objective 150
Visual Objective 150
Required Resources 150
Command List 151
Job Aids 151
Task 1: Modify the Configuration Register 151
Task 2: Observe the Flash File System and Add Boot System Commands 154
Lab 6-3: Managing Cisco Devices 157
Activity Objective 157
Visual Objective 157
Required Resources 157
Command List 158
Job Aids 159
Task 1: Copy Configuration Files 159
Task 2: Use debug Commands 162
Lab 6-4: Confirming the Reconfiguration of the Branch Network 165
Activity Objective 165
Visual Objective 165
Required Resources 166
Command Lists 166
Job Aids 166
Task 1: Connect to the Remote Lab 170
Task 2: Prepare to Verify Your Configuration 170
Task 3: Verify Your Configuration 171
Answer Key 173
Lab 2-2 Answer Key: Performing Switch Startup and Initial Configuration 173
Lab 2-3 Answer Key: Enhancing the Security of Initial Switch Configuration 175
Lab 2-4 Answer Key: Operating and Configuring a Cisco IOS Device 179
Lab 4-1 Answer Key: Converting Decimal to Binary and Binary to Decimal 183
Task 1: Convert from Decimal Notation to Binary Format 183
Task 2: Convert from Binary Notation to Decimal Format 183
Lab 4-2 Answer Key: Classifying Network Addressing 184
Task 1: Convert from Decimal IP Address to Binary Format 184
Task 2: Convert from Binary Format to Decimal IP Address 185
Task 3: Identify IP Address Classes 186
Task 4: Identify Valid and Invalid Host IP Addresses 186
Lab 4-3 Answer Key: Computing Usable Subnetworks and Hosts 187
Task 1: Determine the Number of Bits Required to Subnet a Class C Network 187
Task 2: Determine the Number of Bits Required to Subnet a Class B Network 187
Task 3: Determine the Number of Bits Required to Subnet a Class A Network 187
Lab 4-4: Answer Key 188
Task 1: Determine the Number of Possible Network Addresses 188
Task 2: Given a Network Block, Define Subnets 188
iv Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 3: Given Another Network Block, Define Subnets 189
Task 4: Given a Network Block and Classful Address, Define Subnets 190
Task 5: Given a Network Block and Classful Address, Define Subnets 191
Task 6: Given a Network Block and Classful Address, Define Subnets 192
Lab 4-5 Answer Key: Performing Initial Router Startup 194
Lab 4-6 Answer Key: Performing Initial Router Configuration 197
Lab 4-7 Answer Key: Enhancing the Security of Initial Router Configuration 199
Lab 4-8 Answer Key: Using Cisco SDM to Configure DHCP Server Function 201
Lab 4-9 Answer Key: Managing Remote Access Sessions 204
Lab 5-1 Answer Key: Connecting to the Internet 207
Lab 5-2 Answer Key: Connecting to the Main Office 210
Lab 5-3 Answer Key: Enabling Dynamic Routing to the Main Office 213
Lab 6-1 Answer Key: Using Cisco Discovery Protocol 216
Lab 6-2 Answer Key: Managing Router Startup Options 223
Lab 6-3 Answer Key: Managing Cisco Devices 226
Lab 6-4 Answer Key: Confirming the Reconfiguration of the Branch Network 227
© 2007 Cisco Systems, Inc. Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 v
vi Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
ICND1
Lab Guide
Overview
This guide presents instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.
Outline
This guide includes these activities:
Lab 1-1: Using Windows Applications as Network Tools
Lab 1-2: Observing the TCP Three-Way Handshake
Lab 1-3: Observing Extended PC Network Information
Lab 2-1: Connecting to Remote Lab Equipment
Lab 2-2: Performing Switch Startup and Initial Configuration
Lab 2-3: Enhancing the Security of Initial Switch Configuration
Lab 2-4: Operating and Configuring a Cisco IOS Device
Lab 4-1: Converting Decimal to Binary and Binary to Decimal
Lab 4-2: Classifying Network Addressing
Lab 4-3: Computing Usable Subnetworks and Hosts
Lab 4-4: Calculating Subnet Masks
Lab 4-5: Performing Initial Router Startup
Lab 4-6: Performing Initial Router Configuration
Lab 4-7: Enhancing the Security of Initial Router Configuration
Lab 4-8: Using Cisco SDM to Configure DHCP Server Function
Lab 4-9: Managing Remote Access Sessions
Lab 5-1: Connecting to the Internet
Lab 5-2: Connecting to the Main Office
Lab 5-3: Enabling Dynamic Routing to the Main Office
Lab 6-1: Using Cisco Discovery Protocol
Lab 6-2: Managing Router Startup Options
Lab 6-3: Managing Cisco Devices
Lab 6-4: Confirming the Reconfiguration of the Branch Network
Answer Key
2 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 1-1: Using Windows Applications as Network
Tools
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will be able to use Windows applications and commands to investigate the
IP configuration of your PC, and your local network. After completing this activity, you will be
able to meet these objectives:
Using the Windows command ipconfig, determine the current network addressing
information of a PC.
Using the Windows command ping, determine test connectivity to the default gateway
router.
Using the Windows command arp –a, view the ARP table of the local PC and determine
the association between the IP address and the MAC address of the default-gateway
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC connected to a functioning network, with connectivity to the Internet
Windows Commands
Command Description
Job Aids
These job aids are available to help you complete the lab activity.
There are no job aids for this lab.
Activity Procedure
Complete these steps:
Step 1 From the Windows desktop, click start.
Step 2 Choose run, and enter cmd in the Run window dialog box. Click OK to continue.
Step 3 From the Command window prompt, enter ipconfig. It is not necessary to capitalize
the command.
Step 4 Your output should resemble one of the four examples below.
Nonworking example 1: The output indicates no connectivity; probably the Ethernet cable is
not physically connected.
Windows IP Configuration
Nonworking example 2: The output indicates the PC is waiting to obtain its IP address
information automatically. This will be a transient output; it will either successfully get an
address or retry the ipconfig command periodically until it changes to one of the remaining
examples below.
4 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
C:\Documents and Settings>ipconfig
Windows IP Configuration
Nonworking example 3: The output indicates the PC network adapter was unable to obtain an
IP address automatically, so the PC will use a generated link local address. Getting an address
may seem like success, but it really indicates that there is no connectivity to an IP address
server. This address will not be useful for network connectivity. If you see an IP address
beginning with 169.254.x.x, you do not have a valid address.
Windows IP Configuration
Working example 1: The output indicates that the PC either has a preconfigured IP address or
it successfully obtained its IP address automatically. Your IP address, subnet mask, or default
gateway will most likely be different than what is shown.
Windows IP Configuration
Step 1 If you have a problem, ask your instructor for assistance. Continue only if you have
a valid IP address.
Step 2 Write the values you obtained from the ipconfig command in the spaces below, as
you will be using them in later tasks:
PC IP address
Activity Procedure
Complete these steps:
Step 1 From the Windows desktop, click the Local Area Connection shortcut on your
desktop.
Step 2 From the Local Area Connection status window, click the Properties button.
6 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 At the Local Area Connection Properties window scroll down to the bottom and left-
click the Internet Protocol(TCP/IP) to highlight it. Then click the Properties
button.
Step 4 At the Internet Protocol (TCP/IP) Properties window, you might find the Obtain an
IP Address Automatically radio button already set, with all the fields blank, as
shown below.
Step 5 Alternatively, you might see the Use the Following IP Address radio button chosen,
and the fields configured with IP address information matching the output you
obtained from the ipconfig command.
Step 6 Close all the dialog boxes and return to the Windows desktop.
Activity Verification
You have completed this task when you attain these results:
You used the Windows TCP/IP properties to view the current configuration for the local
area connection.
The values set in the TCP/IP properties were consistent with the information you obtained
using the ipconfig command.
Activity Procedure
Complete these steps:
Step 1 From the Command window prompt, enter ping followed by the address of your
default gateway that you obtained in Task 1.
Step 2 The first example below is an unsuccessful ping. Should you get this output you
should ask your instructor for assistance.
Nonworking example: The output indicates that no reply was received from the target IP
address.
C:\Documents and Settings>ping 192.168.1.1
Working example: This indicates successful receipt of replies from the target IP address.
C:\Documents and Settings>ping 192.168.1.1
Step 3 Notice that by default the Windows command sends four ping packets (ICMP echo
requests).
Activity Verification
You have completed this task when you attain these results:
You used the Windows ping command to test the connectivity to your default gateway
router.
The round trip time should be very low.
8 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 4: View the ARP Bindings of IP Address to MAC Address
The Windows command arp –a allows you to view the binding of the logical IP address and
the physical MAC address.
Activity Procedure
Complete these steps:
Step 1 From the Command window prompt, enter arp –a. It is necessary to use the –a
parameter to get the output of the ARP table.
C:\Documents and Settings>arp -a
Step 2 Your output should resemble the output in Step 1. If you did not get any values, it
may be that the ARP table has timed-out the entry and you need to repeat Step 1 of
the previous task.
Step 3 Close your open Command window by typing exit at the prompt.
Activity Verification
You have completed this task when you attain this result:
You were able to view the binding of the IP address to the MAC address.
Activity Objective
In this activity, you will use a packet sniffer software application to view the TCP initial
three-way handshake. After completing this activity, you will be able to meet these objectives:
Start the packet sniffer software application, to monitor the appropriate Ethernet interface
for recording the packet flow
Generate a TCP connection using a web browser
Observe the initial packets of the TCP flow, especially the SYN packet, SYN ACK packet,
and finally the ACK packet
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC with access to the Internet
The Wireshark packet sniffer Windows application
Student Guide Module 1, Lesson 1
10 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Command List
The table describes the applications that are used in this activity.
PC Applications
Caution Installing and or using a packet sniffer application may be considered a breach of an
organization’s security policy, leading to serious legal and financial consequences. It is
recommended that before downloading, installing, or running such an application, you obtain
permission to do so.
Job Aids
These job aids are available to help you complete the lab activity.
There are no job aids for this lab.
Activity Procedure
Complete these steps:
Step 1 Open the Wireshark application by double-clicking its icon, which should be visible on your
desktop.
Step 3 Choose your local network Ethernet interface adapter. If this process is unclear, ask your
instructor for assistance. Click the Start button associated with the chosen interface. Make a
note of the IP address associated with your chosen Ethernet adapter, because it will be the
source IP address you will look for when examining captured packets.
12 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 4 The capture windows will now be active.
Step 5 You will look more closely at the capture windows after you have captured the TCP flow.
Step 6 You may see some packets filling up the uppermost window. This will depend on the level of
background activity on the network you are attached to.
Activity Verification
You have completed this task when you attain this result:
You have an open packet-capture window, associated with the Ethernet interface connected
to your default router.
Activity Procedure
Complete these steps:
Step 1 At the PC desktop double-click the Internet Explorer icon to launch the web
browser.
Step 2 Enter the destination name or address. Your instructor may provide you with a name
or address different from “www.cisco.com.” If so, write down this information in
the space provided: ___________________________________________________
Step 4 If you have many TCP packets that are unrelated to your TCP connection, you may
need to use the filter capability of Wireshark.
Step 5 To use a preconfigured filter, click the Analyze tab. Then click Display Filters.
Step 6 In the Wireshark: Display Filter window, click TCP only then click the OK
button.
14 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 7 In the top window of the Wireshark application, use the scroll bar to place the first
captured TCP packet at the top of the window. This should be the first packet in the
flow.
Step 8 Observe the Info column of the captured packets in the top window; look for three
packets similar to those shown below. Two groups of three packets are shown
highlighted as an example.
Step 9 Note the first packet number in the sequence you have identified in your capture
window. There is no need to find more than one sequence of packets. In the example
above, packet 1 and packet 12 both begin a sequence. You will observe the contents
of these packets in detail in the next task.
Write down the packet number of first packet in TCP sequence in the space provided:
________________________________________________________________________
Activity Procedure
Complete these steps:
Step 1 In the top window of the Wireshark application click (anywhere) on the line
containing the first packet identified in the previous task. This will highlight the line
and make the two lower windows fill with the decoded information from that packet.
Step 2 In the example that follows. the Wireshark windows were adjusted to allow the
information to be viewed in a compact size. The middle window contains the
detailed decoding of the packet.
Step 3 Clicking the “+” icon on the left side will expand the view of the TCP information.
The view can be contracted by clicking the “–” icon.
Step 4 Notice in this example that the (forward) sequence number is set to zero, and the
SYN bit is 1 (set) in the Flags field.
16 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 5 Click the next packet in the sequence (top window) and the detailed information will
change to match the new values.
Step 6 Notice in the reply packet that the (backward) sequence number is set to 0, and that
the acknowledgment number appears and is set to 1. Also in the Flags field, the
acknowledgment bit and the SYN bit are 1 (set).
Step 7 Click the next packet in the sequence (top window) and the detailed information will
change to match the new values.
Step 9 Close the Wireshark application and all other open windows.
Activity Verification
You have completed this task when you attain this result:
You have selected and decoded your three identified captured packets, and the values
match those shown and discussed in the examples within the task.
18 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 1-3: Observing Extended PC Network
Information
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will use PC tools to gather network-related information. After completing
this activity, you will be able to meet these objectives:
Using the Windows command ipconfig /all, determine IP addresses of the DNS servers
available to your PC
Using the IP address of one of the DNS servers from Task 1, test connectivity to the DNS
servers using the Windows ping command
Using the Windows command tracert /d, obtain the IP addresses of the routers traversed to
reach the DNS server tested in Task 2
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
A PC connected to a functioning network, with connectivity to the Internet
Windows Commands
Command Description
tracert /d <ip Address> Displays the IP address of the router at each hop as a
packet traverses the network towards the destination IP
address.
Job Aids
These job aids are available to help you complete the lab activity.
There are no job aids for this lab.
Activity Procedure
Complete these steps:
Step 1 From the Windows desktop, click start.
Step 2 Choose run, and enter cmd in the run window dialog box; click OK to continue.
Step 3 From the Command window prompt, enter ipconfig /all. It is necessary to add the
/all to get the full output.
20 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 4 You will see from your own output that some extra, useful information is now
visible.
Step 5 Note the IP address of the first DNS server from the output of the prior step in the
space provided.
_________________________________________________________________
Activity Verification
You have completed this task when you attain this result:
You have obtained the IP address of a DNS server from the output of the ipconfig /all
command on your PC.
Activity Procedure
Complete these steps:
Step 1 From the Command window prompt, enter ping <DNS IP Address>. Your output
should be similar to the example below (which uses a fictitious IP address).
Step 2 A successful ping indicates both that the packets are being received and that the
return packets are being routed back to your PC successfully.
Activity Verification
You have completed this task when you attain this result:
You have used the Windows ping command to successfully test connectivity to the IP
address of the DNS server you noted in Task 1.
Activity Procedure
Complete these steps:
Step 1 Below is an example of an unsuccessful trace attempt to the DNS server. The
sequence would have continued until 30 hops had been tried. You will see that ^C
<ctrl-C> was used to terminate the command earlier than the default number.
Step 2 From the Command window prompt, enter tracert /d <DNS IP Address>. Your
output should be similar to the example below (which uses fictitious IP addresses).
22 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 Now that you have seen that the route to the DNS server is working, use the
command without the /d parameter to see what the output looks like when symbolic
names are available. Your output should be similar to the example below (which
uses fictitious IP addresses).
Step 4 Close the Command window by clicking the X button in the top right corner.
Activity Verification
You have completed this task when you attain these results:
You have used the tracert /d command on your PC to suppress DNS lookup during the
trace to the destination address.
You have used the tracert command without the /d parameter on your PC to display the
symbolic names associated with specific IP addresses discovered during the trace to the
destination address.
Activity Objective
In this activity, you will begin preparations for subsequent labs by testing and practicing the
connectivity for your assigned workgroup equipment, which you will use for the remaining lab
practice exercises in the course. After completing this activity, you will be able to meet these
objectives:
Connect to your assigned workgroup equipment using a console (terminal) server so that
switches and routers may be configured via the console ports.
Connect to your assigned workgroup equipment using the VPN client software so your PC
will be connected through an interface on your workgroup switch. This will allow the
configuration of your workgroup router using Cisco Router and Security Device Manager
(SDM).
Visual Objective
The figures illustrate what you will accomplish in this activity.
Your lab equipment is located remotely and will be accessed in two distinct ways.
The first method is by connecting using SSH connectivity. This provides access to a console
server (also known as a terminal server). The console server has serial connections to the
console ports of the Cisco switches and routers used in the labs. This first method sends packets
across the Internet. In these packets, the data is individually protected by encryption.
24 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
The second method is by connecting using a VPN. This provides access via a VPN router to the
same network that your workgroup switch is connected to. This second method sends packets
via an encrypted tunnel across the Internet.
Required Resources
These are the resources and equipment required to complete this activity:
Lab topology configured for the this course
Student pod consisting of one Cisco Catalyst 2960 switch and one Cisco 2811 router (or
functionally equivalent Cisco devices)
Command List
The table describes the applications and command used in this activity.
PC Application
Putty SSH Client Terminal emulation application which supports SSH protocol
Windows Command
ipconfig /all Command that outputs all the current IP network information
Job Aid
This job aid is available to help you complete the lab activity:
Fill in this table of class-dependent network and connection information, using the values
provided by your instructor.
A 10.2.2.1 E 10.6.6.1
B 10.3.3.1 F 10.7.7.1
C 10.4.4.1 G 10.8.8.1
D 10.5.5.1 H 10.9.9.1
Activity Procedure
Complete these steps:
Step 1 From the desktop of your PC, double-click the icon of the terminal emulator. In the
example, PuTTY is being used.
26 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 2 Ensure that the SSH radio button is selected. Enter the IP address of the console
server in the Host Name field and click Open.
Step 3 Enter the SSH login name and password at the prompts, using those you have noted
in Table 1. You may see a PuTTY security warning if PuTTY does not have the host
key cached; answer Yes to proceed.
28 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 6 You are now at the Workgroup menu. Your choices are to choose 1 to connect to the
router, 2 to connect to the switch type, or exit to return to the previous menu. Type
exit to return to the previous menu. Type exit followed by the Enter key.
Step 7 Now type exit followed by the Enter key to end the SSH session.
Step 8 Depending on the terminal emulator used, the window may close, go blank, or
appear unchanged. However, the session has ended, and any keystrokes will be
ignored.
Step 9 Close the terminal emulation application, if it did not close automatically.
Activity Verification
You have completed this task when you attain these results:
You were able to access the remote console server using the information provided in Table
1.
Activity Procedure
Complete these steps:
Step 1 From your PC desktop, open the Cisco VPN client by clicking the VPN Client icon.
Step 2 Choose the connection entry associated with your assigned workgroup.
Step 3 Click the Connect icon on top left of the application window.
30 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 4 The Connect icon changes and a User Authentication window opens.
Step 5 Type the VPN username and password you recorded in Table 1, and press Enter.
After a momentary pause, the VPN windows close. A small Padlock icon that was
placed in the system tray at the bottom right side of the screen goes from an open
padlock to a closed padlock. If the window does NOT close, manually minimize it.
Step 6 In order to view the changes to the IP addressing of the PC, it is necessary to open a
Command window and use the IPCONFIG command.
Step 7 When you do this you will observe that a second Ethernet adapter now has an IP
address and mask. Your output may be different, however this address and mask is
specific to the workgroup addressing used in the labs which follow. The VPN
adapter does NOT have a default gateway specified, as the packet forwarding
behavior has been modified such that networks that have been configured on the
VPN router will be forwarded through the tunnel. This will occur automatically, and
any not matching will be sent to the configured default gateway associated with the
other Ethernet adapter.
Step 8 You should be able to ping successfully the address 10.x.x.1, where x = 2 for WG A,
3 for WG B, and so forth, with x = 9 for WG H. If you are unsuccessful, you should
ask your instructor for assistance. Your output should be similar to the example
below.
C:\Documents and Settings>ping 10.10.10.1
Step 11 Click the Disconnect icon in the top right of the VPN application window. This will
close the tunnel connection and remove the IP addressing changes to the PC.
Step 12 Close the VPN application window.
Step 13 Confirm that the PC has its original network IP address by using the IPCONFIG
command in the Command window.
Step 14 Having confirmed that the connection information has been removed, close any
remaining Windows applications.
32 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
You were able to access the remote lab network, using the VPN client application and the
information recorded in Table 1.
You were able to confirm access using ping and web connectivity.
Activity Objective
In this activity, you will connect to your workgroup switch and complete the initial device
configuration. After completing this activity, you will be able to meet these objectives:
Restart the switch and verify the initial configuration messages
Complete the initial configuration of the Cisco Catalyst switch
Visual Objective
The figure illustrates what you will accomplish in this activity.
Workgroup Switch IP
Hostname Address Subnet Mask
SwitchA 10.2.2.11 255.255.255.0
SwitchB 10.3.3.11 255.255.255.0
SwitchC 10.4.4.11 255.255.255.0
SwitchD 10.5.5.11 255.255.255.0
SwitchE 10.6.6.11 255.255.255.0
SwitchF 10.7.7.11 255.255.255.0
SwitchG 10.8.8.11 255.255.255.0
SwitchH 10.9.9.11 255.255.255.0
Required Resources
These resources and equipment are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod information from Lab 2-1
Command List
The table describes the commands that are used in this activity.
34 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Switch Cisco IOS Commands
Command Description
enable password password The enable password protects access to the enable mode.
However this password is stored in cleartext in the
configuration.
enable secret secret_password The encrypted enable password protects access to the
enable mode. An enable secret password overrides the
cleartext enable password, should both be configured.
hostname hostname Sets the system name, which forms part of the prompt.
interface vlan 1 Enters the interface configuration mode for VLAN 1 to set
the switch management IP address.
ip address ip-address mask Sets the IP address and mask of the interface.
ip default-gateway ip-address Sets the default gateway of the switch. The default
gateway is the router, which will forward IP packets that are
not destined for the local network.
line vty 0 15 Enters the virtual terminal line configuration mode. Vty lines
allow access to the switch for remote network
management. The number of vty line available is
dependant on the Cisco IOS Software version. Typical
values are 0-4 and 0-15 (inclusive).
reload Restarts the switch and reloads the Cisco IOS operating
system and configuration.
show interface vlan 1 Displays the switch IP address information (Cisco Catalyst
2950).
Job Aids
These job aids are available to help you complete the lab activity. The table contains the
required information to be entered during initial switch configuration.
IP default gateway 10.x.x.3 (where x.x is your workgroup’s second- and third-
octet address)
Activity Procedure
Complete these steps:
Step 1 Connect via SSH to your workgroup switch using the information from Lab 2-1.
Step 2 At the first menu enter the item number that corresponds to your assigned
workgroup. This will be a number from between 1 and 8.
Step 3 At the workgroup menu, enter cls2. When you are prompted to confirm, press the
Enter key. This clears any previous open connection; you may need to do this in
later labs if your connection is terminated unexpectedly. Your display should be
similar to the example below.
36 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
************************ ICND WG_Z **************************
************************ MENU **************************
To exit ssh session and return to the menu press
<CTRL>+<SHFT>+<6> then <X>. To clear a connection to begin
a new console session type cls# (where # = the menu item number)
Type "exit" to return to main menu.
*****************************************************************
ITEM# DEVICE NAME
-----------------------------------------------------------------
1 WorkGroup Z Router
2 WorkGroup Z Switch
Step 4 Connect to your workgroup switch by entering the menu number 2 and then pressing
Enter. Your display should be similar to this example.
************************ ICND WG_Z **************************
************************ MENU **************************
To exit ssh session and return to the menu press
<CTRL>+<SHFT>+<6> then <X>. To clear a connection to begin
a new console session type cls# (where # = the menu item number)
Type "exit" to return to main menu.
*****************************************************************
ITEM# DEVICE NAME
-----------------------------------------------------------------
1 WorkGroup Z Router
2 WorkGroup Z Switch
Activity Verification
You have completed this task when you attain this result:
You were able to access your assigned workgroup switch on the remote lab network, using
the SSH client application and the information recorded in Table 1 of Lab 2-1.
Activity Procedure
Complete these steps:
Step 1 You will need to press Enter several times to get the switch to display the prompt. If
you see the output “Switch>” proceed to Step 3. If not, proceed to Step 2.
Switch>
Switch>
Step 3 You are currently in the user mode. To see the effect of entering a privileged
command in the user mode, enter the command erase startup-config. Your display
should be similar to the example below.
Switch>erase startup-config
^
% Invalid input detected at '^' marker.
Step 4 The output is the response to entering a privileged EXEC command when in user
mode. Enter the command enable. Your display should be similar to the example
below.
Switch>enable
Switch#
Step 5 Notice that the switch prompt changed from Switch> to Switch#. This indicates that
you are in enable EXEC mode. When you now enter the erase startup-config
command, it is accepted. Press the Enter key to confirm and press Enter again to get
the switch prompt. Your display should be similar to the example below.
Switch#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]<ENTER>
[OK]
Erase of nvram: complete
00:18:46: %SYS-7-NV_BLOCK_INIT: Initalized the geometry of nvram <ENTER>
Switch#
Step 6 Enter the reload command. The switch will prompt for confirmation. Confirm that
you want to proceed with the reload. You will then be presented with a lot of output,
giving the status of the switch during the reload process. Your display should be
similar to the example below. Some repeating text has been omitted to reduce the
output length.
Switch#reload
Proceed with reload? [confirm]<ENTER>
38 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Boot Sector Filesystem (bs) installed, fsid: 3
done.
Loading "flash:c2960-lanbasek9-mz.122-25.SEE2/c2960-lanbasek9-mz.122-
25.SEE2.bin"...@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
..
.. text omitted
..
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
File "flash:c2960-lanbasek9-mz.122-25.SEE2/c2960-lanbasek9-mz.122-25.SEE2.bin"
uncompressed and installed, entry point: 0x3000
executing...
Initializing flashfs...
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
40 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
00:01:04: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state
to up
00:01:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Step 7 At the prompt, to terminate AutoInstall, press Enter to accept the default, which is
yes—you do want to terminate AutoInstall.
Would you like to terminate autoinstall? [yes]:<ENTER>
Step 8 Now you are at the prompt to enter the initial configuration dialog. At this point you
have completed this task. Note that you will answer the question in Step 1 of next task.
--- System Configuration Dialog ---
Activity Verification
You have completed this task when you attain these results:
You were able to erase any existing configuration.
You were able to obtain the output similar that that given in Steps 6 through 8.
Activity Procedure
Complete these steps:
Step 1 You are ready to complete the initial configuration. At the prompt (from the last step
of the previous task repeated below), Enter yes and then press Enter. To continue
with the switch configuration. Throughout the following configuration, your entries
are shown in bolded text.
--- System Configuration Dialog ---
First, would you like to see the current interface summary? [yes]: no
Step 5 Enter all the passwords using the information in Lab 2-2, Table 1.
The enable secret is a password used to protect access to privileged EXEC and
configuration modes. This password, after entered, becomes encrypted in the
configuration.
Enter enable secret: sanfran
Step 6 The enable password is used when you do not specify an enable secret password, with
some older software versions and some boot images.
Step 7 The virtual terminal password is used to protect access to the router over a network
interface.
Step 9 Answer yes to “Do You Want to Configure Vlan1 Interface?” Your IP address
information can be obtained Table 2.
42 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Do you want to configure FastEthernet0/11 interface? [yes]: no
Step 12 The setup process now outputs the Cisco IOS commands, which you should verify are
correct. Press the Spacebar when prompted with --More-- to get additional output.
The following configuration command script was created:
hostname SwitchX
enable secret 5 $1$3PTL$CG2pEpzgAJO3pkB7If4P9.
enable password cisco
line vty 0 15
password sanjose
no snmp-server
!
!
interface Vlan1
no shutdown
ip address 10.10.10.11 255.255.255.0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
Step 13 If the initial configuration displayed is correct, enter 2 to save this configuration to the
startup configuration in NVRAM and exit the setup mode.
Activity Verification
You have completed this task when you attain these results:
Your initial configuration output accurately matched the values assigned to your
workgroup switch.
You chose option 2 to save to NVRAM and exit the setup mode.
44 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 4: Add Default Gateway to Initial Configuration
Having used the setup mode to configure your switch, it is necessary to add the IP of the default
gateway router. The default gateway will be used when packets need to be forwarded via the
Vlan 1 management interface to a non-directly-connected network. You will be configuring the
router in a later lab.
Activity Procedure
Complete these steps:
Step 1 To go from user EXEC mode to enable mode, enter the enable command. Then enter
the password when prompted.
Note Remember that you set the enable password to “sanfran” in the previous task.
Step 2 From the enable mode, enter configure terminal command. This command is often
abbreviated to conf t. Your display should be similar to the example below.
SwitchX#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SwitchX(config)#
Step 3 Enter the command ip default-gateway 10.x.x.3, where x.x represents the second and
third octets of the address assigned to your switch interface VLAN 1. Your display
should be similar to the example below.
SwitchX(config)#ip default-gateway 10.10.10.3
SwitchX(config)#
Step 4 Leave the configuration mode by entering the command end. Your display should be
similar to the example below.
SwitchX(config)#end
SwitchX#
1d00h: %SYS-5-CONFIG_I: Configured from console by console
Step 5 Enter the command copy running-config startup-config to save the running
configuration to NVRAM. You will be prompted to confirm the destination filename.
Confirm it by pressing the Enter key. Your display should be similar to the example
below.
SwitchX#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
SwitchX#
Note A common shorthand entry for copy running-config startup-config is copy run start.
Activity Verification
You have completed this task when you attain these results:
You have added the default gateway IP address to the running configuration
You saved the running configuration to the startup-config file
Activity Objective
In this activity, you will increase the security of the initial switch configuration. After
completing this activity, you will be able to meet these objectives:
Add password protection to the console and vty lines
Use the Cisco IOS configuration command to encrypt all passwords
Add a banner message to the login process
Increase the security of remote management of the switch by adding the SSH protocol to
the vty lines
Increase the security of the physical interfaces by configuring various methods of MAC
address security
Disable unused interfaces
Visual Objective
The figure illustrates what you will accomplish in this activity.
Workgroup Switch IP
Hostname Address Subnet Mask
SwitchA 10.2.2.11 255.255.255.0
SwitchB 10.3.3.11 255.255.255.0
SwitchC 10.4.4.11 255.255.255.0
SwitchD 10.5.5.11 255.255.255.0
SwitchE 10.6.6.11 255.255.255.0
SwitchF 10.7.7.11 255.255.255.0
SwitchG 10.8.8.11 255.255.255.0
SwitchH 10.9.9.11 255.255.255.0
46 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod information from Lab 2-1
Successful completion of Lab 2-2
Command List
The table describes the commands that are used in this activity.
Command Description
? or help In user EXEC mode, Cisco IOS Software lists the subset of commands
available at that privilege level.
banner login Allows the configuration of a message which will be displayed at the
time of the login process.
clear mac-address-table dynamic Clears the dynamically learned MAC addresses associated with the
interface int-id interface specified.
clear port-security sticky Clears the secure MAC addresses associated with the interface
interface int-id access specified. The access parameter ensures that trunk ports are not
affected.
copy running-config destination Copies the switch running configuration file to another destination.
Typical destination is the startup configuration.
copy running-config startup- Copies the switch running configuration file to the startup configuration
config file that is held in local NVRAM.
crypto key generate rsa Generates the RSA key pairs to be used.
enable Activates the privileged EXEC mode. In privileged EXEC mode, more
commands are available. This command requires you to enter the
enable password if an enable password is configured.
interface range int-id - last-port- Allows the grouping of interfaces, such that following interface
number configuration commands will be applied to all the interfaces specified
simultaneously.
ip domain-name name Supplies an IP domain name, which is required by the crypto key
generation process.
ip ssh version [1 | 2] Specifies the version of SSH to be run. To disable the version of SSH
that was configured and to return to compatibility mode, use the no
form of this command.
login local Activates the login process on the console or vty lines to require using
the local authentication database
ping ip-address Common tool used to troubleshoot the accessibility of devices. It uses
ICMP path echo requests and ICMP path echo replies to determine
whether a remote host is active. The ping command also measures
the amount of time it takes to receive the echo reply.
reload Restarts the switch, reloads the Cisco IOS operating system
service password-encryption Enable the service which will encrypt all passwords in the running
configuration.
show ip arp Display the IP address resolution table, which hold the binding
between IP addresses and their respective MAC addresses.
show mac-address-table Displays only the dynamically learned MAC addresses in the table.
dynamic
show mac-address-table Displays only the MAC addresses in the table associated with the
interface int-id specified interface.
show port-security interface int-id Displays all administrative and operational status of all secure ports on
a switch. Optionally displays specific interface security settings or all
secure MAC addresses.
show running-config interface Displays the running configuration of the interface specified in the
int-id command.
switchport mode access Sets the port to access mode. Use the no version of this command to
reset default values.
switchport port-security mac- Sets the secure MAC addresses associated with an interface to be
address sticky learned dynamically.
switchport port-security Sets the maximum number of secure MAC addresses for the interface.
maximum [number] Use the no version of this command to remove it.
switchport port-security Sets the action to be taken when a security violation occurs. Protect,
violation violation mode restrict, and shutdown are the three valid modes.
transport input telnet ssh Specifies which protocols to use to connect to a specific line of the
switch.
username username password Creates a username and password pair, which can then be used as a
password local authentication database.
48 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity.
Refer to Lab 2-1 for information regarding connection.
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup switch via the console server, and enter the
necessary commands and passwords to get to the enable EXEC prompt.
Step 2 At the user EXEC prompt, enter the command enable, followed by the enable
password for your switch.
Step 3 At the privileged EXEC prompt (sometimes called the “enable prompt”) of your
assigned switch, enter config t.
Step 4 Access the console port configuration by entering the command line console 0.
Step 5 At the line console configuration mode, use the password “sanjose” for the console
line. Enter the command password sanjose.
Step 6 Enter the command login, which will require a password to be supplied to access the
switch via the console in the future.
Step 8 Enter the command login, which will be applied to all 16 lines (0 through 15).
Step 9 Enter the command end, which will return you to the enable EXEC prompt.
Step 10 Enter the show running-config command and observe the output to see that you
have correctly configured line console 0 and vty lines 0 through 15. Your output
should be similar to the example below, where the line configuration is shown in
bold text. You will observe that the passwords for both the line console and vty lines
are stored in cleartext.
Step 14 Supply the password the you just configured to get to the user EXEC prompt.
Step 15 Enter the command and password to get to the enable EXEC prompt.
Step 16 Your output for Steps 12 though 15 should be similar to the example below.
SwitchX#logout
..
..empty lines omitted
..
..
..empty lines omitted
..
Password:
SwitchX>enable
Password:
SwitchX#
Activity Verification
You have completed this task when you attain these results:
You configured the console and vty lines to require a password.
You inspected the configuration and observed that the line passwords are stored in
cleartext.
You tested the login process and password access to the console line successfully.
Your output matches the example in Step 14.
50 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 2: Activate Password Encryption Service
As discussed in the previous task, some passwords are stored in cleartext. This can be a security
issue when the configurations are transmitted and stored on remote file systems. In this task,
you will configure the password encryption service to secure all cleartext passwords with
encryption.
Activity Procedure
Complete these steps:
Step 1 From the enable EXEC prompt, enter the command to get to global configuration
mode.
Step 2 Enter the command service password-encryption.
Step 4 Enter the command to see the running configuration. Concentrate on the first few
lines and the last few lines of the configuration to see that the service password-
encryption command is now active and the effect it has on the line passwords. Your
output should be similar to the example below, with the bold text highlighting output
of particular interest.
SwitchX#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SwitchX(config)#service password-encryption
SwitchX(config)#end
SwitchX#
00:38:45: %SYS-5-CONFIG_I: Configured from console by console
SwitchX#show running-config
Building configuration...
!
!
line con 0
password 7 14041305060B392E
login
line vty 0 4
password 7 14041305060B392E
login
line vty 5 15
password 7 120A041918041F01
login
!
end
Activity Procedure
Complete these steps:
Note Do NOT use percent symbols as part of your banner message text—they will be interpreted
as the closing delimiter of your message.
**************************************************************%
SwitchX(config)#
Step 5 Enter the command to return to the EXEC mode.
Step 6 Enter the command to display the running configuration. Your output should be
similar to the example below, which has been edited to show just the banner
configuration. Notice that your text delimiter has been replaced with a ^C, which is a
nontext control character.
52 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
!
banner login ^C
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
!
Step 7 Use the logout command to end your console session. Then log back in to the enable
prompt. Observe the display to see your banner message being presented, prior to
password entry. Your output should be similar to the example below, which has
been edited to reduce space.
SwitchX#logout
**************************************************************
Password:
SwitchX>en
Password:
SwitchX#
Step 8 Enter the command to save the running configuration to startup-config.
Activity Verification
You have completed this task when you attain these results:
You have configured a login banner message that clearly states that access to the switch is
restricted.
You have tested the login message, and it does give a warning prior to password prompt.
You have saved your configuration.
Step 1 At the enable EXEC prompt, enter the command to access the global configuration
prompt.
Step 2 The SSH protocol requires the use of a username and password pair. As this has not
yet been configured, you must configure it now. Enter the command username
username password password. In this example, you will use “netadmin” for both.
Obviously, in the real-world environment, a much stronger username and password
pair should be used.
Step 3 The generation of a SSH cryptographic key requires that both the hostname and
domain name be configured. You have configured the hostname, so it is necessary to
configure the domain name. Normally you would use your organization domain
name, but in the lab you will use “cisco.com.”
Step 5 Enter the command crypto key generate rsa. You will be prompted for a key size;
512 is the default, but you will enter 1024 to produce a more secure key. Your
output should be similar to the example below, which is edited to include only the
lines pertaining to this task.
SwitchX(config)#username netadmin password netadmin
SwitchX(config)#ip domain-name cisco.com
SwitchX(config)#crypto key generate rsa
The name for the keys will be: SwitchX.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
Step 8 Enter the command login local. This changes the login process to use the locally
configured username and password pairs.
Step 9 Enter the command transport input telnet ssh. This configures the 16 vty lines to
support both Telnet or SSH. Your output should be similar to the example below.
SwitchX(config)#line vty 0 15
SwitchX(config-line)#login local
SwitchX(config-line)#transport input telnet ssh
Step 10 Enter the command to return to enable EXEC prompt.
54 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 12 To test your configuration, you need to make a VPN tunnel connection to the remote
lab using the method from Lab 2-1, Task 2. On your PC, open your SSH terminal
client application. Use the IP address of your workgroup switch and the username
and password pair that you configured in Step 2 of this task.
Step 13 Below is an example of a successful connection with the PuTTY application and
using SSH.
Step 15 Open the Windows Command window and enter the command telnet 10.x.x.11
(your workgroup switch IP address). Your output should be similar to the example
below.
Step 16 Enter the username and password in the new Telnet Command window that
automatically opens. Having established that Telnet is working simultaneously with
SSH, type logout at the user EXEC prompt and close your Command window by
typing exit at the Command window prompt. Your output should be similar to the
example below.
Activity Verification
You have completed this task when you attain these results:
You configured the vty lines to support the SSH version 2 protocol.
You successfully directly connected to your workgroup switch using SSH and Telnet, thus
proving that both are being supported simultaneously.
You saved your configuration.
Activity Procedure
Access your SwitchX console port, where x identifies your pod. Complete the following steps
to configure port security on the workgroup switch:
Caution You should have saved the current running configuration at the end of the previous lab. If
you are in doubt then save your running configuration to startup-config prior to reloading.
Step 3 Enter the command ping to test connectivity to the IP address in the table below.
You will complete the table in Steps 4 and 5.
10.x.x.100
Unmanaged device
Step 4 Enter the command show ip arp. This will display the bindings between the IP
address and the MAC address. Enter the corresponding MAC address in the
table above. Your output should be similar to the example below.
SwitchX#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.x.x.11 - 001a.6d44.6cc0 ARPA Vlan1
Internet 10.x.x.100 0 001a.2fe7.3089 ARPA Vlan1
56 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 5 Enter the command show mac-address-table int fa0/1. There should be one MAC
not associated with the IP address you just pinged. This is the MAC address of the
unmanaged device. Use this to complete the table from Step 3 above. Your output
should be similar to the example below.
SwitchX#show mac-address-table int fa0/1
Mac Address Table
-------------------------------------------
Step 6 Before you configure port security, you need to clear the dynamically learned MAC
address entries. Enter the command clear mac-address-table dynamic int fa0/1.
Step 7 Wait at least 10 seconds before entering the show mac-address-table int fa0/1 to
see the effect of this command. You will see that the MAC address of the
unmanaged device is still in the MAC address table. This is because this device is
periodically sending Layer 2 frames. Other Ethernet interfaces may be set to
periodically send keep-alive frames. However, you should see only the MAC
addresses being learned at this time. Your output should be similar to the example
below.
SwitchX#show mac-address-table int fa0/1
Mac Address Table
-------------------------------------------
Step 12 Before activating port security, it is necessary to set the maximum number of MAC
addresses to an appropriate value if there are more than the default of 1. However, as
the intention is to trigger a MAC address violation, and in Step 5 you saw there were
two MAC addresses associated with this interface, no action is necessary.
Step 13 Another parameter that should be set before the activation of port security is what
action to take when more MAC addresses attempt to use the interface than have
been configured. This is known as the violation action. The default action is
shutdown, which will error-disable the interface. Initially you will use this default
value, so that you get experience resetting the interface.
Step 14 Enter the command switchport port-security mac-address sticky. This will cause
MAC addresses that are learned to be saved in the running configuration. If the
configuration is subsequently saved to startup-config, they will be remembered upon
a restart.
Step 17 Enter the command end to leave configuration mode and return to the enable EXEC
prompt.
Step 18 Wait for 20 seconds before entering the command show running-config int fa0/1 to
display the portion of the running configuration for interface fa0/1. Your output
should be similar to the example below, which has some lines shown in bold for
emphasis.
SwitchX#show running-config int fa0/1
Building configuration...
58 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 22 Enter the show port-security interface fa0/1 command to display the current port
security settings.
SwitchX#show port-security int fa0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 001a.2fe7.3089:1
Security Violation Count : 1
Step 23 It is now necessary to modify the maximum value of allowable MAC addresses to
two. It is also necessary to change the violation action to restrict and then return the
interface from error disable state to administratively up.
Step 24 Before you attempt to modify the port security setting, it is best to clear the MAC
table entries.
Step 25 Enter the command clear port-security sticky int fa0/1 access. Note: By restricting
the action of the clear command to only the interface that you are currently dealing
with, you avoid the risk of inadvertently impacting other interfaces.
Step 29 Enter the command switchport port-security violation restrict. The restrict
violation action does not shut down the interface; instead it blocks the frames,
generates a local message, and increments the security violation count. This
violation action is appropriate for a low-security environment.
Step 32 Wait 20 seconds before you test your configuration by using the ping command to
10.x.x.100.
Step 33 The example below shows the output of the show running-config int fa0/1
command. Your output should be similar.
SwitchX#show running-config int fa0/1
Building configuration...
Step 34 The example below shows the output of the show port-security int fa0/1 command.
SwitchX#show port-security int fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 2
Total MAC Addresses : 2
Configured MAC Addresses : 0
Sticky MAC Addresses : 2
Last Source Address:Vlan : 001a.2fe7.3089:1
Security Violation Count : 0
Step 35 Compare the bolded text with the output of Step 22, which should show that the port
is up and that the violation mode is now to Restrict rather than Shutdown the
interface.
Step 36 Save your running configuration to startup-config.
Activity Verification
You have completed this task when you attain these results:
The switch was configured to permit one dynamically learned MAC addresses on the first
access port (fa0/1)
The port was forced into a port-security violation resulting in it being error disabled
The configuration was then changed to support two dynamically learned addresses, and the
violation action was modified to restrict access and not shutdown the port
The port was returned from error disable to administratively up state
The port was retested and no port-security violations were triggered
The running configuration was saved to startup-config
Activity Procedure
Complete these steps:
Step 1 At the enable EXEC prompt enter the command to access the global configuration
prompt.
Step 2 Enter the command interface range fa0/3 - 10. All the commands that follow will
be applied to the ports specified.
60 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 Enter the command shutdown.
Step 4 Enter the command interface range fa0/13 - 24 to replace the previous range
command.
Step 6 Enter the command interface range gi0/1 - 2 to replace the previous range
command.
Step 9 Enter the command to display the running configuration to confirm that only the
intended interfaces were shut down.
Step 11 Enter the command interface range fa0/1 - 24, gi0/1 - 2 to include all ports in the
range. Notice in this instance the interface ranges have been grouped into a single
command by using the , (comma) as a separator.
Step 12 Enter the command switchport mode access.
Step 14 Enter the command to display the running configuration to confirm that all the
interfaces were placed into access mode.
Step 15 When you are certain that all ports are in access mode, and all ports with the
exception of fa0/1, fa0/2, fa0/11, and fa0/12 are shut down, save your running
configuration to startup-config.
Activity Verification
You have completed this task when you attain these results:
Configured the given range of unused ports to be shut down
Configured all ports to be in access mode
Saved the running configuration to startup-config
Activity Objective
In this activity, you will demonstrate and practice the use of the CLI features of your
workgroup switch. After completing this activity, you will be able to meet these objectives:
Explore context-sensitive help
Edit incorrect CLI commands on the switch
Examine the switch status using show commands
Visual Objective
The figure illustrates what you will accomplish in this activity.
Workgroup Switch IP
Hostname Address Subnet Mask
SwitchA 10.2.2.11 255.255.255.0
SwitchB 10.3.3.11 255.255.255.0
SwitchC 10.4.4.11 255.255.255.0
SwitchD 10.5.5.11 255.255.255.0
SwitchE 10.6.6.11 255.255.255.0
SwitchF 10.7.7.11 255.255.255.0
SwitchG 10.8.8.11 255.255.255.0
SwitchH 10.9.9.11 255.255.255.0
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod information from Lab 2-1
62 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.
Command Description
After you enter enable and enter your enable password for
privileged mode, a much larger list of available commands
is displayed.
exec time-out Sets the inactivity time allowed before a session will be
automatically logged out.
history size Sets the number of lines held in the history buffer for recall.
Two separate buffers are used, one for EXEC mode
commands and the other for configuration mode
commands.
line vty 0 15 Enters the virtual terminal line configuration mode. Vty lines
allow access to the switch for remote network
management. The number of vty lines available is
dependant on the Cisco IOS Software version. Typical
values are 0-4 and 0-15 (inclusive).
show version Displays the configuration of the router hardware and the
various software versions.
Current Passwords
Switch Console Login sanjose
Activity Procedure
Complete these steps:
Step 1 Connect to your workgroup switch using the information from Lab 2-1.
Step 2 Enter the help command (?). At the user EXEC prompt, you should see a partial list
of commands available. Your output should resemble the example below.
Exec commands:
access-enable Create a temporary Access-List entry
clear Reset functions
connect Open a terminal connection
..
..Text omitted
..
set Set system parameter (not config)
show Show running system information
ssh Open a secure shell client connection
systat Display information about terminal lines
telnet Open a telnet connection
--More--
Step 3 Press the Spacebar to complete or continue the list.
Step 5 Notice the prompt which indicates that the switch mode was “>” and is now “#.”
Step 6 Enter the help (?) command at the privileged EXEC mode prompt. Use help to
determine the keyword command that manages the system clock.
Step 7 Your console should be displaying a prompt of “--More--“ as it waits for you to
press a key before displaying more output. Enter q to terminate continuation of the
output.
Step 8 Enter the clock ? command. You should see the context-sensitive help. Your output
should resemble the example below.
SwitchX#clock ?
set Set the time and date
64 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 9 Set the system clock to the current time and date. Remember to use context-sensitive
help to guide you through the process.
Step 10 At the switch# prompt, enter sh? You should see another example of the context
sensitive help. Your output should resemble the example below.
SwitchX#sh?
show
Step 11 Press the Tab key. You should see the command-completion feature in action.
When enough letters of a command or keyword have been entered, the Tab key will
complete the word and place a space so that it is ready to receive any further input.
Step 12 Enter the show clock command. Your output should reflect the changes you made
using the clock set command in Step 9. Your output should be similar to the
example below.
SwitchX#show clock
10:45:25.073 UTC Tue Jul 10 2007
Activity Verification
You have completed this task when you attain this result:
You used the system help facility and the command-completion facility.
Activity Procedure
Complete these steps:
Step 1 Enter the following comment line at the prompt: “This command changes the
clock speed for the router”. Enter the text without the quotes (“).
SwitchX#This command changes the clock speed for the router.
^
% Invalid input detected at '^' marker.
Step 2 Enter the following comment line, preceded by the exclamation point (!): !ths
comand changuw the clck sped for the swch,. An exclamation point (!) before the
text line indicates that you are entering a comment.
SwitchX#!ths comand changuw the clck sped for the swch,
Step 3 Enter Ctrl-P or press the Up Arrow key to see the previous line.
Step 4 Use the editor commands Ctrl-A, Ctrl-F, Ctrl-E, and Ctrl-B to move along the line
and the Backspace key to delete unwanted characters.
Step 5 Using the editing commands, correct the comment line to read !This command
changes the clock speed for the switch.
Activity Verification
You have completed this task when you attain this result:
You used the built-in editor and used those keystrokes for cursor navigation.
Activity Procedure
Complete these steps:
Step 1 Enter the command show terminal. Your output should be similar to the example
below, which has been edited to reduce unwanted lines.
SwitchX#sh terminal
Line 0, Location: "", Type: ""
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
..
..Text omitted
..
Editing is enabled.
History is enabled, history size is 10.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are none.
Allowed output transports are telnet ssh.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters
Step 2 The size of the history buffers is 10. You could change this by using the command
terminal history size 100. However, this value would have to be entered every time
you log out of and back into the switch. The history size can be set in the
configuration, associated with the console and vty lines.
Step 3 Enter the command config t to get to the global configuration prompt.
Step 6 While you are in the console line mode, it is a good idea to change the EXEC
timeout from the 15-minute value to 60 minutes. Enter the command exec-timeout
60.
Step 7 Enter the command logging synchronous to synchronize unsolicited messages and
debug privileged EXEC command output with the input from the CLI.
Step 8 Enter the command line vty 0 15 to configure the vty lines.
Step 9 Enter the commands to configure the history size to 100 and to synchronize the
messages.
Step 10 Enter the exit command to return to the global configuration mode.
Step 11 Enter the command no ip domain-lookup to disable the resolution for symbolic
names.
Step 12 Return to enable EXEC prompt.
66 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 13 Use the history recall to enter the show terminal command. Your output should be
similar to the example below, which has been edited to reduce unwanted lines.
SwitchX#sh term
Line 0, Location: "", Type: ""
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits
..
..Text omitted
..
Editing is enabled.
History is enabled, history size is 100.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are none.
Allowed output transports are telnet ssh.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters
Step 14 Enter the show running-config command to confirm that the configuration changes
just made are correct.
Step 15 When you are satisfied that your running configuration reflects the changes, then
save it to startup-config.
Activity Verification
You have completed this task when you attain these results:
The inactivity timeout on the console line is set to 60 minutes
You have verified that the history buffer value is set to 100 lines on the console and vty
lines
You have verified that logging synchronous is configured on the console and vty lines
You have saved your configuration to starting configuration
You close any open connections to your workgroup switch
Activity Objective
In this activity, you convert decimal and binary numbers. After completing this activity, you
will be able to meet these objectives:
Convert decimal numbers to binary
Convert binary numbers to decimal
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
There are no resources for this lab activity.
Command List
There are no commands used in this lab activity.
Job Aids
There are no job aids for this lab activity.
68 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Preparation
There is no preparation for this lab activity.
Base 2 27 26 25 24 23 22 21 20
48 0 0 1 1 0 0 0 48 = 32 +16 =
0
00110000
146 1 0 0 1
222
119
135
60
Base 2 27 26 25 24 23 22 21 20
10101010 1 0 1 0
11100011
10110011
00110101
10010111
Activity Verification
You have completed this lab when you attain these results:
You can accurately convert decimal format numbers to binary notation.
You can accurately convert binary notation numbers to decimal format.
Activity Objective
In this activity, you classify network addresses with IPv4 and IPv6. After completing this
activity, you will be able to meet these objectives:
Convert decimal IP addresses to binary numbers
Convert binary numbers to IP addresses
Identify classes of IP addresses
Identify valid and invalid host IP addresses
Visual Objective
The figure illustrates what you will accomplish in this activity.
0.124.0.0?
255.255.255.255?
23.75.345.200?
© 2007 Cisco Systems, Inc. All rights reserved. ICND1 v1.0—11
Required Resources
There are no resources for this lab activity.
Command List
There are no commands used in this activity.
Job Aids
There are no job aids for this lab activity.
70 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Preparation
There is no preparation for this lab activity.
Base 2 27 26 25 24 23 22 21 20
145 1 0 0 1 0 0 0 1 10010001
32 0 0 1 0 0 0 0 0 00100000
59
24
Base 2 27 26 25 24 23 22 21 20
200
42
129
16
Base 2 27 26 25 24 23 22 21 20
14
82
19
54
Base 2 27 26 25 24 23 22 21 20
11011000 1 1 0 1 1 0 0 0 216
00011011
00111101
10001001
Base 2 27 26 25 24 23 22 21 20
11000110
00110101
10010011
00101101
Base 2 27 26 25 24 23 22 21 20
01111011
00101101
01000011
01011001
72 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 3: Identify IP Address Classes
Activity Procedure
Complete this table to identify the address class, number of bits in the network ID, and
maximum number of hosts.
Maximum
Number of Number of
Address Bits in Hosts
Binary IP Address Decimal IP Address Class Network ID (2h – 2)
11001000.00101010.10000001.00010000 200.42.129.16
00001110.01010010.00010011.00110110 14.82.19.54
11011000.00011011.00111101.10001001 216.27.61.137
10110011.00101101.01000011.01011001 179.45.67.89
11000110.00110101.10010011.00101101 198.53.147.45
23.75.345.200
216.27.61.134
102.54.94
255.255.255.255
142.179.148.200
200.42.129.16
0.124.0.0
Activity Verification
You have completed this lab when you attain these results:
You can accurately convert decimal format IP addresses to binary format
You can accurately convert binary format IP addresses to decimal format
You can identify the address class of a given IP address
You can identify valid and invalid IP addresses
Activity Objective
In this activity, you determine the number of bits to borrow from the host ID to create the
required number of subnets for a given IP address. After completing this activity, you will be
able to meet these objectives:
Determine the number of bits required to create different subnets
Determine the maximum number of host addresses available in a given subnet
Visual Objective
The figure illustrates what you will accomplish in this activity.
Given:
Class C network address of 192.168.89.0
Class B network address of 172.25.0.0
Class A network address of 10.0.0.0
How many subnets can you create?
How many hosts per subnet can you create?
Required Resources
There are no resources for this lab activity.
Command List
There are no commands used in this activity.
Job Aids
There are no job aids for this lab activity.
74 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Preparation
There is no preparation for this lab activity.
Number of
Subnets Number of Bits to Borrow Number of Hosts per Subnet (2h – 2)
12
24
40
Number of
Subnets Number of Bits to Borrow Number of Hosts per Subnet (2h – 2)
14
20
35
Number of
Subnets Number of Bits to Borrow Number of Hosts per Subnet (2h – 2)
10
14
20
40
80
Activity Verification
You have completed this lab when you attain these results:
Given a Class A, B, or C network, you can identify the number of bits to borrow to create a
given number of subnets
Given a Class A, B, or C network, you can determine the number of hosts on the network,
given a number of subnets and number of bits to borrow
76 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-4: Calculating Subnet Masks
Complete the lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you calculate subnet masks. After completing this activity, you will be able to
meet these objectives:
Given a network address, determine the number of possible network addresses and the
binary subnet mask to use
Given a network IP address and subnet mask, determine the range of subnet addresses
Identify the host addresses that can be assigned to a subnet and the associated broadcast
addresses
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
There are no resources for this lab activity.
Command List
There are no commands used in this activity.
Activity Preparation
There is no preparation for this lab activity.
Number of Hosts
Classful per Subnet
Address Decimal Subnet Mask Binary Subnet Mask (2h – 2)
/20
/21
/22
/23
/24
/25
/26
/27
/28
/29
/30
_________________________________________________________________________
2. Specify the classful address and subnet mask in binary and decimal that allows you to
create 12 subnets.
_________________________________________________________________________
78 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step Description Example
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
...
_________________________________________________________________________
2. Specify the classful address and subnet mask in binary and decimal that allows you to
create six subnets.
_________________________________________________________________________
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
_________________________________________________________________________
2. How many subnets can you define with the specified mask?
_________________________________________________________________________
80 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
3. How many hosts will be in each subnet?
_______________________________________________________________________
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
_________________________________________________________________________
_________________________________________________________________________
_________________________________________________________________________
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
82 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 6: Given a Network Block and Classful Address, Define
Subnets
Activity Procedure
Assume that you have been assigned the 172.20.0.129 address in a /25 network block.
1. Specify the subnet mask in binary and decimal.
_________________________________________________________________________
2. How many subnets can you define with the specified mask?
_________________________________________________________________________
_________________________________________________________________________
Activity Verification
You have completed this lab when you attain these results:
Given a network address, you can determine the number of possible network addresses and
the binary subnet mask to use
Given a network IP address and subnet mask, you can apply the mask to determine the
range of subnet addresses
You can apply subnet masks to identify the host addresses that can be assigned to a subnet and
the associated broadcast addresses.
84 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-5: Performing Initial Router Startup
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will connect to your remote workgroup router, ensure that it is
unconfigured, and examine the startup process. After completing this activity, you will be able
to meet these objectives:
Remove any existing residual router configuration
Restart the router and observe the output
Decline the initial configuration dialog request when the restart process completes
Visual Objective
The figure illustrates what you will accomplish in this activity.
Workgroup Router IP
Hostname Address Subnet Mask
RouterA 10.2.2.3 255.255.255.0
RouterB 10.3.3.3 255.255.255.0
RouterC 10.4.4.3 255.255.255.0
RouterD 10.5.5.3 255.255.255.0
RouterE 10.6.6.3 255.255.255.0
RouterF 10.7.7.3 255.255.255.0
RouterG 10.8.8.3 255.255.255.0
RouterH 10.9.9.3 255.255.255.0
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Command List
The table describes the commands that are used in this activity.
Command Description
Job Aids
These job aids are available to help you complete the lab activity.
Current Passwords
Router console login None
Activity Procedure
Complete these steps:
Step 1 Connect to your workgroup router using the access information from Lab 2-1, also
refer to visual objective for IP address information.
Step 2 If prompted for a username and password, user cisco for both. If not proceed to next
step.
Step 3 If the prior step did not result in being enabled, enter the command to get to the
enable prompt.
Step 4 Enter the command erase startup-config, Confirm that you do wish to continue.
Your output should be similar to the example below.
Username: cisco
Password:
yourname#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
86 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Erase of nvram: complete
yourname#
*Apr 24 00:16:13.683: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
yourname#
Activity Verification
You have completed this task when you attain this result:
You have erased the startup configuration
Activity Procedure
Complete these steps:
Step 1 Enter the command reload. Confirm the question to continue with reload using the
ENTER key. Your output should resemble the example below
yourname#reload
Proceed with reload? [confirm]
.
Step 2 Observe the output as the reload progresses. You will have to wait a few minutes for
all the output and a final prompt. Your output should be similar to the example
below, which has been edited to reduce the length of some lines.
*Apr 24 00:18:02.043: %SYS-5-RELOAD: Reload requested by cisco on console.
Reload Reason: Reload Command.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Step 3 Answer no to the question “Would you like to enter the initial configuration
dialog?” Wait until the output has completed before pressing the Enter key to get a
prompt.
sslinit fn
88 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
*Apr 24 00:19:27.799: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State
changed to: Enabled
*Apr 24 00:19:29.059: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-
Null0, changed state to up
*Apr 24 00:19:29.059: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state
to up
*Apr 24 00:19:29.063: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state
to up
*Apr 24 00:19:29.063: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to
down
*Apr 24 00:19:29.063: %LINK-3-UPDOWN: Interface Serial0/0/1, changed state to
down
*Apr 24 00:19:30.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to down
*Apr 24 00:19:30.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to down
*Apr 24 00:19:30.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0/0, changed state to down
*Apr 24 00:19:30.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0/1, changed state to down
*Apr 24 00:19:32.295: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
*Apr 24 00:19:32.323: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to up
*Apr 24 00:29:25.479: %IP-5-WEBINST_KILL: Terminating DNS process
*Apr 24 00:29:26.659: %LINK-5-CHANGED: Interface FastEthernet0/0, changed
state to administratively down
*Apr 24 00:29:26.659: %LINK-5-CHANGED: Interface FastEthernet0/1, changed
state to administratively down
*Apr 24 00:29:26.659: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to
administratively down
*Apr 24 00:29:26.659: %LINK-5-CHANGED: Interface Serial0/0/1, changed state to
administratively down
*Apr 24 00:29:26.991: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
*Apr 24 00:29:26.995: %SNMP-5-COLDSTART: SNMP agent on host Router is
undergoing a cold start
*Apr 24 00:29:27.203: %SYS-6-BOOTTIME: Time taken to reboot after reload =
684 seconds
*Apr 24 00:29:27.383: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Apr 24 00:29:27.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to down
*Apr 24 00:29:27.659: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/1, changed state to down
<ENTER>
Router>
Activity Verification
You have completed this task when you attain these results:
You have reloaded your workgroup router
You have declined the initial configuration dialog
Activity Objective
In this activity, you will perform the initial minimal configuration. After completing this
activity, you will be able to meet these objectives:
Use the setup command to apply a minimal configuration for router operation
Use show commands to validate your configuration
Visual Objective
The figure illustrates what you will accomplish in this activity.
Workgroup Router IP
Hostname Address Subnet Mask
RouterA 10.2.2.3 255.255.255.0
RouterB 10.3.3.3 255.255.255.0
RouterC 10.4.4.3 255.255.255.0
RouterD 10.5.5.3 255.255.255.0
RouterE 10.6.6.3 255.255.255.0
RouterF 10.7.7.3 255.255.255.0
RouterG 10.8.8.3 255.255.255.0
RouterH 10.9.9.3 255.255.255.0
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Successful completion of Lab 2-4
Command List
The table describes the commands that are used in this activity.
90 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Router Cisco IOS Commands
Command Description
show running-config Displays the router configuration settings that are currently
in effect.
show startup-config Displays the router configuration settings that are stored in
NVRAM.
Job Aids
These job aids are available to help you complete the lab activity.
Current Passwords
Router console login none
Activity Procedure
Complete these steps:
Step 1 If you are not continuing from Lab 4-5m then connect to your workgroup router
using the access information from Lab 2-1 and refer to the visual objective for IP
address and subnet mask information.
Step 2 Enter the enable command to get into the privileged EXEC mode.
Step 3 At the enable prompt enter the command setup. This command starts the initial
configuration dialog.
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Step 5 Enter no to the question “Would you like to enter basic management setup?”
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Step 6 Enter yes to the question “First, would you like to see the current interface
summary?” Your output should look similar to the following display:
First, would you like to see the current interface summary? [yes]: yes
Step 7 Enter your assigned workgroup router hostname at the prompt “Enter host name,”
where x in the example below is your workgroup letter (A, B, C, D, E, F, G or H).
Enter host name [Router]: RouterX
Step 8 Enter the enable secret password at the prompt “Enter enable secret.”
The enable secret is a password used to protect access to privileged EXEC and
configuration modes. This password, after entered, becomes encrypted in the
configuration.
Step 9 Enter the enable password at the prompt “Enter enable password.”
The enable password is used when you do not specify an enable secret password,
with some older software versions, and some boot images.
Step 10 Enter the vty password at the prompt “Enter virtual terminal password.”
The virtual terminal password is used to protect access to the router over a network
interface.
92 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 13 Enter no to the question “Configure RIP routing?”
Configure RIP routing? [yes]: no
Step 16 Enter yes to the question “Do you want to configure FastEthernet0/0 interface?”
Configuring interface parameters:
Step 17 Enter no to the question “Use the 100 Base-TX (RJ-45) connector?”
Use the 100 Base-TX (RJ-45) connector? [yes]:no
Step 20 Enter the IP address of your assigned workgroup router. (See the visual objective for
this lab.)
IP address for this interface: 10.x.x.3
Step 21 Enter the subnet mask of your assigned workgroup router. Notice that the Cisco IOS
Software can calculate the IP addressing class.
Subnet mask for this interface [255.0.0.0] : 255.255.255.0
Class A network is 10.0.0.0, 24 subnet bits; mask is /24
Step 22 Enter no to the question “Do you want to configure FastEthernet0/1 interface?”
Do you want to configure FastEthernet0/1 interface? [no]:no
Step 23 Enter no to the question “Do you want to configure Serial0/0/0 interface?”
Do you want to configure Serial0/0/0 interface? [no]:no
Step 24 Enter no to the question “Do you want to configure Serial0/0/1 interface?”
Do you want to configure Serial0/0/1 interface? [no]:no
Step 25 Enter no to the question “Would you like to go through AutoSecure configuration?”
Would you like to go through AutoSecure configuration? [yes]: no
AutoSecure dialog can be started later using "auto secure" CLI
Step 26 The setup process outputs the configuration script that can be applied depending on
your answer to the question that follows. Notice that by default the router has only
five (0 to 4) vty lines preconfigured. You may recall that the switch had 16 ( 0 to
15). You will need to press the Spacebar when prompted with --More-- to get
additional output.
hostname RouterX
enable secret 5 $1$.dET$BDxkofHF3aAsRthe/c0.c.
enable password cisco
line vty 0 4
password sanjose
no snmp-server
!
ip routing
no clns routing
no bridge 1
!
interface FastEthernet0/0
no shutdown
half-duplex
ip address 10.x.x.3 255.255.255.0
no mop enabled
!
interface FastEthernet0/1
shutdown
no ip address
!
interface Serial0/0/0
shutdown
no ip address
!
interface Serial0/0/1
shutdown
no ip address
dialer-list 1 protocol ip permit
!
end
Step 28 Observe the output displayed. You may see that the running Cisco IOS version
announces that the hostname does not match the latest CLI standards; however, the
name is accepted.
Building configuration...
[OK]
*Apr 24 00:37:02.203: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state
to up
Use the enabled mode 'configure' command to modify this configuration.
RouterX#
*Apr 24 00:37:04.867: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
Activity Verification
You have completed this task when you attain these results:
You have entered your workgroup router configuration information using the setup
command
You have selected the option to save and exit on completion of the configuration dialog
94 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 2: Validate the Router Configuration
You will use the show commands to check that the router configuration matches your
requirements, and is saved to the startup configuration in the startup-config file.
Activity Procedure
Complete these steps:
Step 1 Enter the command show running-config. Observe the output, validate that the
passwords are set and match those you entered in Task 1, also check that the
interface FastEthernet 0/0 has the IP address assigned for your workgroup router and
does not have the shutdown command applied to the interface. Below is an excerpt
from the output; your display should be similar.
..Text omitted!
..
!
interface FastEthernet0/0
ip address 10.x.x.3 255.255.255.0
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
..Text omitted!
Step 2 Enter the command show startup-config. Observe the output and validate that the
information you verified in Step 1 above matches. This demonstrates that the setup
command saved the configuration to both the running configuration and startup
configuration.
Activity Verification
You have completed this task when you attain these results:
Your output of the show running-config command matched your input in Task 1.
Your startup configuration was the same as your running configuration.
Activity Objective
In this activity, you will increase the security of the router following its initial configuration.
After completing this activity, you will be able to meet these objectives:
Add password protection to the console line
Use the Cisco IOS configuration command to encrypt all passwords
Add a banner message to the login process
Increase the remote management security of the router by adding the SSH protocol to the
vty lines
Visual Objective
The figure illustrates what you will accomplish in this activity.
Workgroup Router IP
Hostname Address Subnet Mask
RouterA 10.2.2.3 255.255.255.0
RouterB 10.3.3.3 255.255.255.0
RouterC 10.4.4.3 255.255.255.0
RouterD 10.5.5.3 255.255.255.0
RouterE 10.6.6.3 255.255.255.0
RouterF 10.7.7.3 255.255.255.0
RouterG 10.8.8.3 255.255.255.0
RouterH 10.9.9.3 255.255.255.0
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
96 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Your assigned pod access information from Lab 4.1
Successful completion of Lab 4-6
Command List
The table describes the commands that are used in this activity.
Command Description
configure terminal From privileged EXEC mode, enters global configuration mode.
copy running-config startup- Copies the switch running configuration file to the startup
config configuration file which is held in local NVRAM.
crypto key generate rsa Generates the RSA key pairs to be used.
ip domain-name name Supplies an IP domain name, which is required by the crypto key
generation process.
ip ssh version [1 | 2] Specifies the version of Secure Shell (SSH) to be run. To disable
the version of SSH that was configured and to return to
compatibility mode, use the no form of this command.
line console 0 Specifies the console line and enters line configuration mode.
line vty 0 4 Enters the virtual terminal line configuration mode. Vty lines
allow access to the switch for remote network management. The
number of vty line available is dependant on the Cisco IOS
Software version. Typical values are 0 to 4 and 0 to 15
(inclusive).
login local Activates the login process on the console or vty lines to require
using the local authentication database.
service password-encryption Enable the service which will encrypt all passwords in the
running configuration.
show running-config Displays the router configuration settings that are currently in
effect.
transport input telnet ssh Specifies which protocols to use to connect to a specific line of
the router.
username username password Creates a username and password pair, which can then be used
password as a local authentication database.
Current Passwords
Router console login none
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup router via the console server. You will need to
use the VTY password configured earlier to get to the user EXEC mode.
Step 2 Enter the enable command and password to get to the enable EXEC prompt.
Step 5 At the line console configuration mode, enter the command password password.
Use the same password that is set for the vty lines.
Step 6 Enter the command login, which will require a password to be supplied to access the
router via the console in future.
Step 7 Enter the end command to exit the configuration mode.
Step 8 Enter the show running-config command and observe the output to see that you
have correctly configured line console 0 and vty lines 0-4. Your output should be
similar to the example below, where the line configuration is shown in bold text.
You will observe that the passwords for both the line console and vty lines are stored
in cleartext.
98 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
RouterX#show running-config
..
..Text omitted
..
!
line con 0
password sanjose
login
line aux 0
line vty 0 4
password sanjose
login
!
end
Step 9 Test your configured password by logging out of and back into the router via the
console.
Step 10 Enter the command logout.
Step 12 Supply the password that you just configured to get to the user EXEC prompt.
Step 13 Enter the command and password to get to the enable EXEC prompt.
Step 14 Your output for Steps 10 though 13 should be similar to the example below.
RouterX#logout
..
..empty lines omitted
..
..
..empty lines omitted
..
Password:
RouterX>enable
Password:
RouterX#
Activity Verification
You have completed this task when you attain these results:
You configured the console line to require a password
You inspected the configuration and observed that the line passwords are stored in cleartext
You tested the login process and password access to the console line successfully
Your output matches the example in Step 14
Activity Procedure
Complete these steps:
Step 1 From the enable EXEC prompt enter the command to get to global configuration
mode.
Step 2 Enter the command service password-encryption.
Step 4 Enter the command to see the running configuration. Concentrate on the first few
lines and the last few lines of the configuration, to see that your command is now
active and the effect it has on the line passwords. Your output should be similar to
the example below, with bold text highlighting output of particular interest.
RouterX#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterX(config)#service password-encryption
RouterX(config)#end
RouterX#
*Mar 16 20:19:40.509: %SYS-5-CONFIG_I: Configured from console by console
RouterX#show running-config
Building configuration...
!
!
line con 0
password 7 051807012B435D0C
login
line aux 0
line vty 0 4
password 7 051807012B435D0C
login
!
scheduler allocate 20000 1000
!
end
Step 5 Enter the command to save the running configuration to startup-config.
100 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
You have enabled the password encryption service.
You have displayed the running configuration and observed the encryption of the line
passwords.
You have saved your running configuration.
Activity Procedure
Complete these steps:
Step 3 Enter text to form your message followed by %. Do NOT include a percent sign in
your text; it will be interpreted as the closing delimiter of your message. Below is an
example of the output of the configuration of a banner message.
RouterX#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterX(config)#banner login %
Enter TEXT message. End with the character '%'.
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
RouterX(config)#end
Step 4 Enter the command to display the running configuration. Your output should be
similar to the example below, which has been edited to show just the banner
configuration. Notice that your text delimiter has been replaced with a ^C, which is a
nontext control character.
!
banner login ^C
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
!
Step 5 Use the logout command to end your console session. Then log back in to the enable
prompt. Observe the display to see your banner message being presented, prior to
password entry. Your output should be similar to the example below, which has
been edited to reduce space.
**************************************************************
Password:
RouterX>en
Password:
RouterX#
Step 6 Enter the command to save the running configuration to NVRAM.
Activity Verification
You have completed this task when you attain these results:
You have configured a login banner message which clearly states that access is restricted to
the router
You have tested the login message, and it does give a warning prior to password prompt
You have saved your configuration
Activity Procedure
Complete these steps:
Step 1 At the enable EXEC prompt enter the command to access the global configuration
prompt.
Step 2 The SSH protocol requires the use of a username and password pair. These have not
yet been configured, so you will do that now. Enter the command username
netadmin password netadmin. It this example, you use a simple username, but in a
real-world environment, a much stronger username and password must be used.
102 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 4 Enter the command crypto key generate rsa. You are prompted for a key size; 512
is the default, but you will enter 1024. Your output should be similar to the example
below, which is edited to include only those lines pertaining to this task.
RouterX(config)#username netadmin password netadmin
RouterX(config)#ip domain-name cisco.com
RouterX(config)#crypto key generate rsa
The name for the keys will be: RouterX.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
RouterX(config)#
*Mar 16 20:32:15.613: %SSH-5-ENABLED: SSH 1.99 has been enabled
Step 5 Enter the command ip ssh version 2 to specify the required SSH version.
Step 7 Enter the command login local. This changes the login process to use the locally
configured username and password pairs.
Step 8 Enter the command transport input telnet ssh. This configures the five vty lines to
support both Telnet or SSH. Your output should be similar to the example below.
RouterX(config)#line vty 0 4
RouterX(config-line)#login local
RouterX(config-line)#transport input telnet ssh
Step 9 Enter the command to return to enable EXEC prompt.
Step 10 Enter the command show ip ssh.
RouterX#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Step 11 To test your configuration you need to make a VPN tunnel connection to the remote
lab using the method from Lab 2-1. You may get a security warning regarding the
crypto key; accept the key by clicking the Yes button in the popup window.
Step 12 On your PC, open your SSH terminal client application. Use the IP address of your
workgroup router (10.x.x.3), and the username and password pair that you
configured in Step 2 of this task.
Step 13 Below is an example of a successful connection using the PuTTY application using
SSH.
Step 15 Enter the username and password in the new Telnet Command window that
automatically opens. Having established that Telnet is working simultaneously with
SSH, type logout at the user EXEC prompt and close your Command window by
typing exit at the Command window prompt. Your output should be similar to the
example below.
Activity Verification
You have completed this task when you attain these results:
You configured the vty lines to support the SSH version 2 protocol
You successfully connected directly to your workgroup router using SSH and Telnet, thus
proving both are being supported simultaneously
You saved your configuration
104 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-8: Using Cisco SDM to Configure DHCP
Server Function
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will use Cisco SDM to configure DHCP server functionality on your
workgroup router. After completing this activity, you will be able to meet these objectives:
You will use Cisco SDM to configure a DHCP pool of addresses
You will use Cisco SDM to verify at least one DHCP client has received an address from
the pool just created
You will use Cisco IOS commands to locate the switch port through which the DHCP
client is attaching to your workgroup switch
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Command List
The table describes the commands that are used in this activity.
Command Description
show mac-address-table dynamic Displays dynamic MAC address table entries only; use
the command in privileged EXEC mode.
Job Aids
This job aid is available to help you complete the lab activity.
Work DHCP Pool DHCP Pool Starting IP Ending IP Default Lease Time
group Name Network/Mask Router (Days:
Hrs:Mins)
106 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Current Passwords
Router console login sanjose
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup router via the console server, and enter the
necessary commands and passwords to get to the enable EXEC prompt.
Step 2 The current configurations have the HTTP service already enabled. However, it is
preferable to use the secure HTTP services (HTTPS). To enable the HTTP/HTTPS
server on your workgroup router, enter the ip http secure-server command.
Router(config)# ip http secure-server
Note The ability to support the secure server depends on the Cisco IOS version running on the
router. If HTTPS were not supported, then the HTTP server could still be enabled.
Step 3 It is also necessary to configure the HTTPS services with the method to be used for
authentication. To enable the workgroup router HTTP/HTTPS server authentication
method, enter the ip http authentication local command in global configuration
mode.
Router(config)# ip http authentication local
Step 4 To modify your netadmin user account to a privilege level of 15 (full enable
privileges), enter the username netadmin privilege 15 command in global
configuration mode.
Router(config)# username netadmin privilege 15
Activity Procedure
Complete these steps:
Step 2 Open a Windows Internet Explorer window and enter your workgroup router IP
address in the Address bar in the form of a URL; for example, https://10.x.x.3.
Step 3 In the new window that opens, enter your netadmin username and password.
Step 4 You may see this message. If so, click Yes to it and any subsequent security
windows.
108 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 5 Eventually, you should see the screen below.
Step 7 New options will appear on the left side of the window. Choose Additional Tasks
(the bottom option).
110 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 10 In the Add DHCP Pool window, add the information from Table 1 for your specific
workgroup. When you have finished click the OK button.
Step 11 The Commands Delivery window opens, indicating the status of the transfer of
configuration commands to your workgroup router. When the status indicates
“Configuration delivered to router,” click the OK button.
Step 12 Wait a few minutes for any clients on your network to obtain an address. Then click
the DHCP Pool Status button.
Step 14 Note the IP address of the DHCP client in the space below.
Step 15 Click the OK button to close the DHCP Pool Status window.
Activity Verification
You have completed this task when you attain these results:
You connected to your workgroup router and opened the Cisco SDM window.
You configured your router to support a DHCP pool.
You used Cisco SDM to confirm that a client obtained an address from the pool.
You noted the actual address of the DHCP client.
Activity Procedure
Complete these steps:
Step 2 At the enable prompt workgroup router, enter ping IP_address_dhcp_client. Your
output should be similar to the example below.
RouterX#ping 10.10.10.150
112 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 Enter the show ip arp IP_address_dhcp_client command to obtain the hardware
address (MAC address) that is bound to the IP address you just pinged. Your output
should be similar to the example below.
RouterX#show ip arp 10.10.10.150
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.150 63 001a.6ca1.eea9 ARPA FastEthernet0/0
Step 4 Note the hardware address (MAC address) of your DHCP client in the space below.
Step 6 At the workgroup switch enable prompt, enter the show mac-address-table
dynamic command to display only the dynamically learned entries. Your output
should be similar to the example below.
SwitchX#show mac-address-table dynamic
Mac Address Table
-------------------------------------------
Step 8 You have located the switchport through which the DHCP client is entering your
network. If your network consists of any number of switches and routers, you can
use the same process to trace the physical location of any device, given its IP and
MAC (hardware address) addresses.
Step 9 You should close any open connections and the VPN tunnel.
Activity Verification
You have completed this task when you attain these results:
You used the IP address of the DHCP client identified in Task 1, in a ping command.
You used the information from the output of the ping command to identify the MAC
address of that DHCP client.
You used the workgroup switch mac-address-table command to identify the port through
which the DHCP client is accessing the network.
Activity Objective
In this activity, you will use Telnet and SSH connections to access Cisco routers and switches.
After completing this activity, you will be able to meet these objectives:
Be able to initiate, suspend, resume and close a Telnet session from a Cisco router or
switch
Be able to initiate, suspend, resume and close a SSH session from a Cisco router or switch
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Successful completion of Lab 4-8
Command List
The table describes the commands that are used in this activity.
114 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Cisco IOS Router and Switch Commands
Command Description
exec-timeout mins [secs] Sets the amount of idle time that can elapse before a
connection is automatically closed.
exit The exit command in EXEC mode exits the active session
(logs off the device).
history size number Sets the number of line held in the history buffer for recall.
Two separate buffers are used, one for EXEC mode
commands and the second for configuration mode
commands.
Job Aids
There are no job aids for this lab activity.
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup router via the console server, and enter the
necessary commands and passwords to get to the enable mode.
Step 3 Enter the command config t to get to the global configuration prompt.
Step 5 Enter the command history size 100 to change the history buffer size.
Step 6 Enter the command exec-timeout 60 to extend the idle timeout value.
Step 7 Enter the command logging synchronous to synchronize unsolicited messages and
debug privileged EXEC command output with the input from the CLI.
Step 8 Enter the command line vty 0 4 to configure the vty lines.
Step 9 Enter the commands to configure the history size to 100 and to synchronize the
messages.
Step 10 Enter the exit command to return to the global configuration mode.
Step 11 Enter the command no ip domain-lookup to disable the resolution for symbolic
names.
Step 15 When you are satisfied that your running configuration reflects the changes. save it
to startup-config.
Activity Verification
You have completed this task when you attain these results:
The inactivity timeout on the console line is set to 60 minutes.
You have verified that the history buffer value is set to 100 lines on the console and vty
lines.
116 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
You have verified that logging synchronous is configured on the console and vty lines.
You have verified that IP domain lookup is disabled.
You saved your running configuration to startup-config.
Activity Procedure
Complete these steps:
Step 1 From your PC, open a VPN connection to your designated workgroup.
Step 2 From your PC, use PuTTY to connect to the IP address of your workgroup router
and get to the enable EXEC prompt. Use the username and password netadmin
during this activity.
Step 3 Get to the enable EXEC prompt and enter the command show sessions. Your output
should look similar to the following display:
login as: netadmin
**************************************************************^C
netadmin@10.10.10.3's password:
RouterX#show sessions
% No connections open
RouterX#
Step 4 Enter the command show users to see the current users connected to your
workgroup router. Your output should look similar to the following display:
RouterX#sh users
Line User Host(s) Idle Location
*322 vty 0 netadmin idle 00:00:00 10.10.10.134
Interface User Mode Idle Peer Address
Step 5 The user “netadmin” is associated with the address of your PC, because of the VPN
connection you made in Step 2 of this task.
Step 6 Enter the command conf t to get to the global configuration prompt.
Step 7 Enter the command line vty 0 4 to get to the VTY line configuration mode.
Step 8 Enter the command exec-timeout 30 to extend the idle timer period to 30 minutes.
Step 9 Return to the EXEC prompt by entering the command end. Your output should look
similar to the following display:
Activity Verification
You have completed this task when you attain these results:
You connected from your PC to your remote workgroup router using PuTTY via VPN
tunnel.
You increased the idle timeout of the router vty lines to 30 minutes.
You used the show sessions command to verify that the router has no open sessions at this
time.
You used the show users command to identify that you are the only user currently
connected to your router.
Activity Procedure
Complete these steps:
Step 1 From your workgroup router, open a Telnet session to your assigned workgroup
switch, using the telnet ip_address command.
Step 2 Enter the command to get to the enable EXEC prompt. Your output should look
similar to the following display:
RouterX#telnet 10.10.10.11
Trying 10.10.10.11 ... Open
**************************************************************
Username: netadmin
Password:
SwitchX>enable
Password:
SwitchX#
Step 3 Enter the command conf t to get to the global configuration prompt.
Step 4 Enter the command line vty 0 15 to get to the VTY line configuration mode.
Step 5 Enter the command exec-timeout 30 to extend the idle timer period to 30 minutes.
118 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 6 Return to the EXEC prompt by entering the command end. Your output should look
similar to the following display:
SwitchX#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchX(config)#line vty 0 15
SwitchX(config-line)#exec-timeout 30
SwitchX(config-line)#end
SwitchX#
Step 7 Enter the escape sequence Ctrl-Shift-6, x to suspend the session and get the
RouterX# prompt.
Step 8 Enter the command show sessions to display the currently active sessions. Your
output should look similar to the following display with the exception that the
escape sequence has been indicated in bold text:
SwitchX#<cntrl+shift+6,x>
RouterX#show sessions
Conn Host Address Byte Idle Conn Name
* 1 10.10.10.11 10.10.10.11 0 0 10.10.10.11
RouterX#
Step 9 Enter the command ssh ip_address to open a second connection to your workgroup
switch using the SSH protocol.
Note: You need to enter the password associated with the username “netadmin.”
**************************************************************
Password:
SwitchX>
Step 10 Enter the escape sequence Ctrl-Shift-6, x to suspend the session and get the
RouterX# prompt.
Step 11 Enter the command show sessions to display the currently active sessions. Your
output should look similar to the following display with the exception that the
escape sequence has been indicated in bold text:
SwitchX><ctrl+shift+6,x>
RouterX#show sessions
Conn Host Address Byte Idle Conn Name
1 10.10.10.11 10.10.10.11 0 4 10.10.10.11
* 2 10.10.10.11 10.10.10.11 0 0
RouterX#
Step 12 Enter the command resume 1 to resume your first connection to the workgroup
switch. Notice that this session has the enable prompt.
<ENTER>
RouterX#resume 1
[Resuming connection 1 to 10.10.10.11 ... ]
<ENTER>
SwitchX#show users
Line User Host(s) Idle Location
* 1 vty 0 netadmin idle 00:00:00 10.10.10.3
2 vty 1 netadmin idle 00:00:22 10.10.10.3
SwitchX#
Step 13 From your switch, Telnet to your workgroup router without prefixing the address
with “Telnet,” and notice that you were automatically enabled on the router. Your
output should look similar to the following display:
SwitchX#10.10.10.3
Trying 10.10.10.3 ... Open
**************************************************************^C
Username: netadmin
Password:
RouterX#
Step 14 Enter the command show sessions to display any sessions associated with this
connection. Your output should look similar to the following display:
RouterX#show sessions
% No connections open
RouterX#
Note At this point in the activity, you have established a Telnet connection from the router to the
switch and a Telnet connection from the switch to the router. Also, you have an SSH
connection from the router to the switch.
Step 15 Your current view is at the router user EXEC via your initial Telnet connection
through the switch. If at this point you use a single escape sequence, you will return
to the Router# prompt (session 1). However, if you use two escape sequences
followed by pressing x, you will return to the switch.
Step 16 Enter the sequence Ctrl-Shift-6, Ctrl-Shift-6, x, and notice that the x is used only
once at the end. You are returned to your switch. Your output should look similar to
the following display:
RouterX#<ctrl-shift-6, ctrl-shift-6, x>
SwitchX#sh sessions
Conn Host Address Byte Idle Conn Name
* 1 10.10.10.3 10.10.10.3 0 0 10.10.10.3
SwitchX#
Step 17 Enter the escape sequence Ctrl-Shift-6, x, to suspend the original session initiated
from the router and get the RouterX# prompt. Your output should look similar to the
following display:
SwitchX#<ctrl-shift-6, x>
RouterX#sh sessions
Conn Host Address Byte Idle Conn Name
* 1 10.10.10.11 10.10.10.11 0 0 10.10.10.11
2 10.10.10.11 10.10.10.11 0 7
Step 18 Observe the output. The asterisk (*) is by the number 1. This indicates that this is the
active session. If you press the Enter key without adding any other text, the session
will automatically be resumed.
120 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 19 Press the Enter key twice. The first resumes the connection to the switch, and the
second is interpreted at the switch to resume its session to the router. You will need
to press Enter a third time to get the router prompt. Your output should look similar
to the following display:
RouterX#<ENTER>
[Resuming connection 1 to 10.10.10.11 ... ]
<ENTER>
[Resuming connection 1 to 10.10.10.3 ... ]
<ENTER>
RouterX#
Step 20 Enter the sequence Ctrl-Shift-6, Ctrl-Shift-6, x, to return to your switch. Your
output should look similar to the following display:
RouterX#<ctrl-shift-6, ctrl-shift-6, x>
SwitchX#
Step 21 Close the connection to the router by using the disconnect command. Entering the
command without any numerical value is interpreted as closing the last created
connection. You will need to confirm your requested action. Your output should
look similar to the following display:
SwitchX#disconnect
Closing connection to 10.10.10.3 [confirm]
SwitchX#
Step 22 Remove the modification to the EXEC timeout value by setting it back to its default
value of 10 minutes. Your output should look similar to the following display:
SwitchX#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchX(config)#line vty 0 15
SwitchX(config-line)#exec-timeout 10
SwitchX(config-line)#end
SwitchX#
Step 23 Use the sequence Ctrl-Shift-6, x, to return to your router and enter the show
sessions command. Your output should look similar to the following display:
SwitchX#<ctrl-shift-6, x>
RouterX#show sessions
Conn Host Address Byte Idle Conn Name
* 1 10.10.10.11 10.10.10.11 0 1 10.10.10.11
2 10.10.10.11 10.10.10.11 0 39
Step 24 Use the disconnect command to close both connections to the switch. Your output
should look similar to the following display:
RouterX#disconnect 1
Closing connection to 10.10.10.11 [confirm]
RouterX#disconnect 2
Closing connection to 10.10.10.11 [confirm]
RouterX#
Step 25 Remove the modification to the EXEC timeout value by setting it back to its default
value of 10 minutes. Your output should look similar to the following display:
RouterX#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RouterX(config)#line vty 0 4
RouterX(config-line)#exec-timeout 10
RouterX(config-line)#end
RouterX#
Step 26 Close your SSH connection to your workgroup router by using the logout command.
Then close your VPN connection.
122 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-1: Connecting to the Internet
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will be able to configure your WAN Ethernet interface to use a DHCP
obtained IP address, and will provide PAT. After completing this activity, you will be able to
meet these objectives:
Using Cisco SDM to configure the WAN Ethernet interface to use a DHCP obtained IP
address
Using Cisco SDM to configure the router to support PAT of the inside Ethernet interface to
through the WAN Ethernet interface
Using Cisco SDM to verify that the configuration matches the requirements of the lab
Using the CLI to test and observe that PAT is taking place through the WAN Ethernet
interface
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Command List
The table describes the commands that are used in this activity.
Command Description
clear ip nat translation * Uses clear dynamic NAT translations from the translation
table.
show dhcp lease Displays the DHCP addresses leased from a server.
Job Aids
There are no job aids for this lab activity.
Activity Procedure
Complete these steps:
Step 1 Open a VPN connection to your remote workgroup.
Step 2 Open an Internet Explorer window and enter your workgroup router IP address in
the Address field in the form of a URL; for example, https://10.x.x.3.
124 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 In the new window that opens, enter your username netadmin and password
netadmin.
Step 4 You may see this window; if so, click Yes to it and any subsequent security
windows.
126 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 7 Choose the Create Connection tab, and click the Ethernet PPPoE or
Unencapsulated Routing radio button.
Step 8 Click the Create New Connection button at the bottom of the pane.
Step 9 At the Welcome to the Ethernet WAN Configuration Wizard window, click the Next
button at the bottom of the pane.
Step 10 At the Encapsulation window, make no choices. Click the Next button at the bottom
of the pane to proceed.
Step 12 At the Advanced Options window, check the Port Address Translation check box,
You should see “FastEthernet0/0” appear automatically in the LAN Interface to Be
Translated box. Click the Next button at the bottom of the pane to proceed.
128 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 13 Review the information in the Summary window. Click the Finish button to finalize
the wizard.
Step 14 The configuration commands are transferred. Click the OK button to close the
Commands Delivery Status window.
Step 16 Observe that the IP address is set and that it has (DHCP) following the value. Notice
also that in the lower pane, NAT has a value of Outside.
Note You may need to click the Refresh button to force an update of the display.
Step 17 Close both your Cisco SDM session and your VPN connection.
Activity Verification
You have completed this task when you attain these results:
You have verified that the FastEthernet0/1 interface has an address obtained using DHCP.
You have verified in Step 15 that your FastEthernet0/0 interface has been identified as
being an inside interface in the PAT configuration.
You have verified in Step 15 that your FastEthernet0/1 interface has been identified as
being an outside interface in the PAT configuration.
Task 2: Use the CLI to Verify and Observe the Operation of PAT
on Your Workgroup Router
In this task you will connect to your workgroup via the SSH connection. You will use CLI
commands to ping the DHCP provided default gateway IP address. Then observe the PAT
information stored by the workgroup router by using the clear and show ip nat translations
commands.
130 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Procedure
Complete these steps:
Step 1 Using the SSH-capable terminal emulation application, connect to your assigned
workgroup router.
Step 2 At the enable prompt, enter the show dhcp lease command. Your output should look
similar to the following display, but will be different for each pod.
RouterX#show dhcp lease
Temp IP addr: 172.20.21.5 for peer on Interface: FastEthernet0/1
Temp sub net mask: 255.255.255.0
DHCP Lease server: 172.20.21.254, state: 3 Bound
DHCP transaction id: 1F7E
Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs
Temp default-gateway addr: 172.20.21.254
Next timer fires after: 11:53:31
Retry count: 0 Client-ID: 001a.6ca1.eed9
Client-ID hex dump: 001A6CA1EED9
Hostname: RouterX
RouterX#
Step 3 Use the clear ip nat translation * command to clear any residual NAT information
before proceeding to the next step.
Step 4 Use the show ip nat translations command to verify that there is no data to display.
RouterX#clear ip nat translation *
RouterX#show ip nat translations
RouterX#
Step 5 Using the IP address of the default router obtained in your output, use the ping
command to test connectivity.
Step 6 Use the show ip nat translations command to observe if any translation was made.
Your output should look similar to the following display:
RouterX#show ip nat translations
RouterX#
Caution You may be surprised that no entry was made for the ping that you just successfully
completed. The reason for this is in the behavior of the ping process, which uses the IP
address of the outgoing interface as the source IP address in the packets it uses. For the
test that you just did, the outgoing interface (FastEthernet0/1) has the IP address
172.20.x.254, which does not need to be translated. In order to test this, you need to go to
your workgroup switch and repeat the ping command, then return to your router to view the
translation entry.
Step 7 At your workgroup switch user EXEC prompt enter the ping command to the
default router IP address you used in Step 5. Your output should look similar to the
following display:
SwitchX>ping 172.20.21.254
Activity Verification
You have completed this task when you attain these results:
You were able to get the DHCP obtained IP address of the default gateway.
You tested the operation of PAT, using a ping locally generated on your workgroup router.
The show ip nat translation command failed to show any translation because of the
behavior of the ping packets (use of source IP addresses).
You retested the ping, from your workgroup switch and using the show ip nat translation
command. This sequence of packets did generate a translation.
You saved your running configuration to startup-config.
132 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-2: Connecting to the Main Office
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will configure the serial connection and configure a static route. After
completing this activity, you will be able to meet these objectives:
Configure your serial interface to use PPP
Configure a static route to a given IP network which can be reached via the serial interface
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Successful completion of Lab 5-1
Command Description
interface serial 0/0/0 Enters the interface configuration mode of the interface
specified.
ip address ip_address mask Sets the IP address and mask of the interface.
ping ip_address Uses ICMP path echo requests and ICMP path echo
replies to determine whether a remote host is active.
traceroute ip_addess Discovers the IP routes that packets will actually take
when traveling to their destination.
Job Aids
This job aid is available to help you complete the lab activity.
134 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Current Passwords
Router console login sanjose
Activity Procedure
Complete these steps:
Step 1 Connect to your assigned workgroup router console port, and get to the EXEC
enable prompt.
Step 2 Enter the command config terminal to get to the global configuration prompt.
Step 3 Enter the command interface s0/0/0 to get to the interface configuration mode of
your first serial interface.
Step 4 Enter the command encapsulation ppp to enable the use of PPP instead of the
default encapsulation of HDLC.
Step 5 Enter the command ip address ip_address 255.255.255.0, where you supply your
WAN IP address from Table 1 at the beginning of this lab.
Step 6 Enter the command description Link to Main Office to associate text with the
interface.
Step 7 Enter the command no shutdown to bring the interface up.
Step 8 Wait a few moments for the status messages to stop. Then enter the command end to
exit to EXEC prompt.
Step 9 Your output for Steps 3 through 8 should look similar to the following display:
RouterX(config)#int s0/0/0
RouterX(config-if)#encapsulation ppp
RouterX(config-if)#ip address 10.140.10.2 255.255.255.0
RouterX(config-if)#description Link to Main Office
RouterX(config-if)#no shutdown
*Mar 26 21:10:35.451: %SYS-5-CONFIG_I: Configured from console by console
RouterX#
*Mar 26 21:10:35.983: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to up
RouterX#
Step 11 Notice the bolded lines in the example below, which should be similar to your
output.
RouterX#show interface s0/0/0
Serial0/0/0 is up, line protocol is up
Hardware is GT96K Serial
Description: Link to Main Office
Internet address is 10.140.10.2/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, loopback not set
Keepalive set (10 sec)
..
Text omitted
Step 12 If your serial interface line protocol is NOT up, then recheck that you entered your
information correctly.
Activity Verification
You have completed this task when you attain these results:
You have correctly configured a username and password pair for PPP to use.
You have configured your interface to use the assigned IP address from Table 1 in this Lab.
You have verified using the show interface command that your serial interface is up, with
the line protocol up.
Activity Procedure
Complete these steps:
Step 1 Enter the ping remote_host command using the assigned IP address of the remote
host from Table 1 above. Your output should look similar to the following display:
RouterX#ping 192.168.21.200
136 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
1 172.20.21.254 0 msec 4 msec 0 msec
2 172.20.21.254 !H * !H
Step 3 The output should indicate that the packets are being sent to the “Internet” IP
address via FastEthernet 0/1.
Step 4 Enter the command show ip route to view the current information held in the route
table. Your output should look similar to the following display:
RouterX#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Activity Verification
You have completed this task when you attain these results:
You observed using the traceroute command where your packets were being sent.
You observed using the show ip route commands that there is no entry in the routing table
that matches the network you were trying to reach. Also, the routing table has an entry for
forward “unknown” destinations, known as the gateway of last resort.
Activity Procedure
Complete these steps:
Step 1 At the enable EXEC prompt, enter the command conf t to get to global
configuration mode.
Activity Verification
You have completed this task when you attain these results:
You configured a static route entry pointing to the next hop router IP address of your serial
0/0/0 interface in the configuration of your workgroup router.
You used the show ip route command to verify that there is now an entry to your remote
network.
You successfully tested reachability using the ping command.
You used the traceroute command to verify that the path taken was through the IP subnet
used on the serial 0/0/0 interface.
You saved your running configuration to startup-config.
138 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-3: Enabling Dynamic Routing to the Main
Office
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will enable the use of the dynamic routing protocol RIP. After completing
this activity, you will be able to meet these objectives:
Configure RIP on your workgroup router
Verify that RIP is operating
Remove the now unnecessary static route to an adjacent network
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Successful completion of Lab 5-2
Commands
Command Description
network network_prefix Specifies a list of networks for the RIP routing process will
use. RIP will send and listen for routing update on
interfaces whose IP address matches the network
specified.
traceroute ip_address Discovers the IP routes that packets will actually take when
traveling to their destination.
Job Aids
Table 1: Remote Host Information
These addresses can be used as destination addresses in the ping or traceroute commands.
These are valid only for the workgroup specified.
140 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Activity Procedure
Complete these steps:
Step 1 At the EXEC prompt, enter the show ip route command to display the current route
table entries. Your output should look similar to the following display:
RouterX#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Step 3 Enter the command router rip to configure the RIP routing protocol.
Step 4 Enter the network 10.0.0.0 command to enable RIP on interfaces whose IP address
matches the network address, in this case network 10.0.0.0.
Step 5 Enter the command end to exit the configuration mode. Your output should look
similar to the following display:
RouterX#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
RouterX(config)#router rip
RouterX(config-router)#network 10.0.0.0
RouterX(config-router)#end
Step 6 Enter the show ip protocol command to display information about IP routing
protocols configured on your router. Your output should look similar to the
following display:
RouterX#show ip protocol
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 1 1 2
Serial0/0/0 1 1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 120)
Step 7 Notice that the output indicates that this router will send version 1 updates, but
will recognize and use version 1 and 2 updates.
Activity Verification
You have completed this task when you attain these results:
You enabled the RIP routing protocol.
You used show ip protocol to verify that it was operational.
You modified your configuration to use only RIP version 2 updates.
You used show ip protocol to verify this change was implemented.
Activity Procedure
Complete these steps:
Step 1 Enter the show ip route command to via the current route table entries. Your output
should look similar to the following display:
RouterX#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
..
..Text omitted
..
142 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Gateway of last resort is 172.20.21.254 to network 0.0.0.0
Step 3 Enter the conf terminal command to enter the global configuration mode.
Step 4 Enter the command no ip route 192.168.2x.0 255.255.255.0 10.140.10.1 to remove
the static route entry from the configuration.
Activity Verification
You have completed this task when you attain these results:
You removed the static route configured in a prior lab.
You verified the removal using show ip route command.
You validated reachability to the network by using traceroute command.
You saved your running configuration to startup-config.
Activity Objective
In this activity, you will use Cisco Discovery Protocol to obtain information about directly
attached Cisco devices, also you will disable Cisco Discovery Protocol from running on
selected interfaces. After completing this activity, you will be able to meet these objectives:
Verify that Cisco Discovery Protocol is running on your workgroup router and switch
Display information about neighboring Cisco devices
Limit which interfaces run Cisco Discovery Protocol as a security measure
Verify your changes
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Successful completion of Lab 5-3
144 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.
Command Description
interface range interface Allows the grouping of interfaces, such that following
interfacenumber - interfacenumber interface configuration commands will be applied to all the
interfaces specified simultaneously.
show cdp interfaces Displays information about the interfaces on which Cisco
Discovery Protocol is enabled.
show cdp neighbors [detail] Displays detailed information about neighboring devices
discovered using Cisco Discovery Protocol.
Job Aids
There are no job aids are available for this lab activity.
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup router via the console server, and enter the
necessary commands and passwords to get to the EXEC enable prompt.
Step 2 Enter the show cdp command to verify that Cisco Discovery Protocol is enabled
and to display global information.
RouterX#show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
Step 6 Observe in your display that the IP address of the remote device is output, as is the
router platform and software information.
Step 7 Using the IP address from your output in Step 5, you could attempt to log in to
router MainRouter; however, this would be unsuccessful because MainRouter has an
ACL preventing unauthorized access.
Step 8 Enter the show cdp neighbors detail command to display the same information that
show cdp entry did. However, the neighbors detail command will display all
146 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
known neighbors without requiring any other parameters. Your output should look
similar to the following display:
RouterX#show cdp neighbors detail
-------------------------
Device ID: MainRouter
Entry address(es):
IP address: 10.140.10.1
Platform: Cisco 2811, Capabilities: Router Switch IGMP
Interface: Serial0/0/0, Port ID (outgoing port): Serial1/0
Holdtime : 167 sec
Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
advertisement version: 2
VTP Management Domain: ''
-------------------------
Device ID: SwitchX.cisco.com
Entry address(es):
IP address: 10.10.10.11
Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/2
Holdtime : 135 sec
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(25)SEE2,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 11:57 by yenanh
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27,
value=00000000FFFFFFFF010221FF000000000000001A6D446C80FF0000
VTP Management Domain: ''
Native VLAN: 1
Duplex: half
Step 9 From the output of the cdp commands or by knowing the topology, you can
determine which interfaces connect to your network infrastructure. Any interfaces
that do not connect to the infrastructure should have Cisco Discovery Protocol
disabled because it offers the potential for assisting hackers to gain knowledge of
your network. From the perspective of the workgroup routers perspective, interfaces
fa0/1 and serial 0/0/1 should have Cisco Discovery Protocol disabled.
Step 10 At the global configuration mode, enter interface fa0/1 and then enter the no cdp
enable command to disable Cisco Discovery Protocol only on this interface.
Step 11 Enter the same sequence of commands to disable Cisco Discovery Protocol on your
serial 0/0/1 interface, then return to the enable EXEC prompt.
Step 12 Enter the show cdp interface command to verify that only Fa0/0 and s0/0/0 are
running Cisco Discovery Protocol at this time. Your output should look similar to
the following display:
RouterX#show cdp interface
FastEthernet0/0 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0/0/0 is up, line protocol is up
Activity Verification
You have completed this task when you attain these results:
You observed the Cisco Discovery Protocol output for your directly attached Cisco
neighbors.
You disabled Cisco Discovery Protocol on the interfaces that do not connect to your
network infrastructure.
You saved your workgroup router configuration to startup-config.
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup switch via the console server, and enter the
necessary commands and passwords to get to the EXEC enable prompt.
Step 2 Enter the show cdp command to verify that Cisco Discovery Protocol is enabled and
also to display global information. Your output should look similar to the following
display with the exception that some text has been omitted to save space.
SwitchX#show cdp interface
FastEthernet0/1 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/2 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/3 is administratively down, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/4 is administratively down, line protocol is down
Encapsulation ARPA
..
..Text omitted
..
GigabitEthernet0/2 is administratively down, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
148 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 Enter the show cdp neighbor command to view directly connected Cisco devices.
Your output should look similar to the following display:
SwitchX#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Step 5 Enter the necessary commands to have only interface fa0/2 running Cisco Discovery
Protocol. Your output should look similar to the following display:
SwitchX#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SwitchX(config)#interface range fa0/1 - 24, gi0/1 - 2
SwitchX(config-if-range)#no cdp enable
SwitchX(config-if-range)#interface fa0/2
% Command exited out of interface range and its sub-modes.
Not executing the command for second and later interfaces
SwitchX(config-if)#cdp enable
SwitchX(config-if)#end
Step 6 Enter the show cdp interface command to verify your changes have been
implemented. Your output should look similar to the following display:
SwitchX#sh cdp interface
FastEthernet0/2 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Step 7 Enter the show cdp traffic command to view information regarding the nature of the
Cisco Discovery Protocol updates being sent and received. This can be useful should
you suspect that there are some problems with the Cisco Discovery Protocol process.
Your output should look similar to the following display:
SwitchX#sh cdp traffic
CDP counters :
Total packets output: 645, Input: 164
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Fragmented: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 645, Input: 164
Step 8 Having verified the operation and also your configuration changes, save your
configuration to startup-config.
Activity Verification
You have completed this task when you attain these results:
You observed the cdp command output on your workgroup switch for your directly
attached Cisco neighbors.
You disabled Cisco Discovery Protocol on the interfaces that do not connect to your
network infrastructure.
You used the show cdp traffic command and verified that there were no errors in the Cisco
Discovery Protocol update process.
You saved your running configuration to startup-config.
Activity Objective
In this activity, you will be able to make changes to control your router startup behavior. After
completing this activity, you will be able to meet these objectives:
Display the configuration register, modify it to a specified value, and return it to its original
value
Validate by inspection of output whether a displayed configuration is from the running
configuration or the startup configuration in the startup-config file.
Modify the sequence of Cisco IOS file loaded at startup, using a sequenced list of boot
system commands
Observe a reload and verify which of the boot statements was processed to obtain the
running Cisco IOS binary file
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
150 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Your assigned pod access information from Lab 2-1
Successful completion of Lab 6-1
Command List
The table describes the commands that are used in this activity.
Command Description
boot system flash [filename] Specifies the system image that the router loads at
startup is obtained from flash memory with the given
filename.
boot system tftp filename server_ip Specifies the system image that the router loads at
startup is obtained from a TFTP server using the given
filename at the IP address specified by the server_ip
option..
show flash Displays the layout and contents of a flash memory file
system.
Job Aids
The following job aid is available to help you complete the lab activity.
A 10.2.2.1 E 10.6.6.1
B 10.3.3.1 F 10.7.7.1
C 10.4.4.1 G 10.8.8.1
D 10.5.5.1 H 10.9.9.1
Step 1 Connect to your remote workgroup router via the console server, and enter the
necessary commands and passwords to get to the EXEC enable prompt.
Step 2 Enter the show version command and press the Spacebar to complete the output.
Your output should look similar to the following display:
RouterX#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
Step 4 In the global configuration mode, enter the config-register 0x2104 command to
modify the configuration setting.
RouterX#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RouterX(config)#config-register 0x2104
Step 5 Exit the global configuration mode and enter the show version command to display
the new value. Your output should look similar to the following display:
RouterX(config)#^Z
RouterX#
RouterX#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
152 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
..Text omitted
..
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
RouterX#
Step 6 You will see that your new value will not be active until the next reload.
Step 7 You can (optionally) enter the show running-config command to look for the
config-register parameter; however, it will not be displayed as it is NOT part of the
running configuration.
Step 8 Enter the commands necessary to restore your configuration register to the value you
recorded in Step 3. When you have done this, you should enter the show version
command and verify that the configuration register has been restored to its original
value.
Step 9 It can sometimes seem confusing when viewing output to distinguish which display
is the running configuration and which is the startup configuration.
Step 10 Enter the show running-config command and use q to quit the output after the first
screen is displayed. Your output should look similar to the following display:
RouterX#show running-config
Building configuration...
Step 12 Enter the show startup-config command and use q to quit the output after the first
screen is displayed. Your output should look similar to the following display:
RouterX#sh startup-config
Using 2170 out of 245752 bytes
!
version 12.4
..
..Text omitted
..
--More--q
Step 13 Notice that the output in the example displayed has the words “Using 2170 out of
245752 bytes,” which indicates that a certain amount of the NVRAM is being used
to hold the configuration file.
Activity Verification
You have completed this task when you attain these results:
You observed and recorded the current value of the configuration register.
Task 2: Observe the Flash File System and Add Boot System
Commands
In this task you will determine the Cisco IOS system file being used. You will then add three
boot system commands that modify the default behavior of file choice at startup. Changes to
the booting process flow should be used with extreme caution, as errors may leave your router
potentially unreachable over the network. This is why usually this process is done only by
senior network administrators.
Activity Procedure
Complete these steps:
Step 1 Enter the show flash: command to output the files that are currently stored in the
flash memory. Your output should look similar to the following display:
RouterX#show flash:
-#- --length-- -----date/time------ path
1 36232088 Mar 28 2007 17:27:46 +00:00 c2800nm-advipservicesk9-mz.124-12.bin
2 1823 Dec 14 2006 08:25:40 +00:00 sdmconfig-2811.cfg
3 4734464 Dec 14 2006 08:26:10 +00:00 sdm.tar
4 833024 Dec 14 2006 08:26:26 +00:00 es.tar
5 1052160 Dec 14 2006 08:26:46 +00:00 common.tar
6 1038 Dec 14 2006 08:27:02 +00:00 home.shtml
7 102400 Dec 14 2006 08:27:24 +00:00 home.tar
8 491213 Dec 14 2006 08:27:48 +00:00 128MB.sdf
Step 2 You should note that the Cisco IOS binary file is identified with a .bin extension.
The other files (in the example display above) are related to the Cisco SDM
configuration program. It is possible to have multiple Cisco IOS images in flash
memory. Write the file name of Cisco IOS binary file in the space below; in the
example, it is c2800nm-advipservicesk9-mz.124-12.bin.
Step 3 The first found binary file in flash determines the Cisco IOS image loaded at a
restart. This order can be modified by using the boot system flash filename.bin
configuration commands.
Caution Extreme care should be taken when using boot system commands because an error may
leave the router unable to start, which can lead to significant downtime while the boot
process is restored. For this reason, only senior network administrators usually modify the
Cisco IOS flash files and modify the boot sequence.
154 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 4 At the global configuration prompt, enter the boot system tftp filename
tftp_address, where filename is the name you noted in Step 2 and tftp_address is the
IP address of your workgroup TFTP server, which can be found in Table 1. By
entering this command first, the router on reload attempts to locate and load its
Cisco IOS file from the TFTP server specified. Your output should look similar to
the following display:
RouterX(config)#boot system tftp c2800nm-advipservicesk9-mz.124-12.bin 10.x.x.1
Step 5 Enter boot system flash filename, where filename is the name you copied in Step 2.
If this command is processed, the router will attempt to load the Cisco IOS file from
flash memory using the filename specified. Your output should look similar to the
following display:
RouterX(config)#boot system flash c2800nm-advipservicesk9-mz.124-12.bin
Step 6 Enter boot system flash. No filename is necessary. This command, if processed,
will load the router with the first Cisco IOS file found in flash memory Your output
should look similar to the following display:
RouterX(config)#boot system flash
Step 7 Enter the command to leave the configuration mode.
Step 8 Enter show run command, and observe the output to verify that your boot system
commands are accurately entered. Your output should look similar to the following
display but should show your workgroup hostname and filenames:
..
..Text omitted
..
hostname RouterX
!
boot-start-marker
boot system tftp c2800nm-advipservicesk9-mz.124-12.bin 10.x.x.1
boot system flash c2800nm-advipservicesk9-mz.124-12.bin
boot system flash
boot-end-marker
!
Step 9 Make any corrections necessary before proceeding to next step.
Step 10 Enter copy run start command to save your running configuration to NVRAM.
Note The reload process will take a variable amount of time, with the low end being approximately
5 to 8 minutes, depending on router hardware and the performance of the TFTP server. A
reload from flash memory takes 2 to 3 minutes for same router hardware.
Step 11 Enter and confirm the reload command. Observe the output displayed during the
reload. In the space below, write the location that you believe provided the Cisco
IOS file to load.
**************************************************************^
Password:
Step 13 When your router has finished reloading, press Enter twice to ensure that you are at
a login prompt. Enter the information to get to the privileged EXEC mode.
Step 14 Enter show version command and observe the display to confirm the location of the
Cisco IOS file. Your output should look similar to the following display:
RouterX#sh version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
..
..TEXT omitted
..
--More--q
Step 15 If there was a problem with the TFTP download, then you may have the following
line in the show version command display:
System image file is "flash:c2800nm-advipservicesk9-mz.124-12.bin"
Activity Verification
You have completed this task when you attain these results:
You observed and recorded the current Cisco IOS binary file stored in flash memory.
You added three boot systems commands to modify the startup behavior of the router on
reload in the following order:
— First, attempt to locate a specified Cisco IOS file via a TFTP server.
— If unsuccessful, attempt to locate a specified Cisco IOS file from flash memory.
— Finally, locate the first found Cisco IOS file from flash memory.
You reloaded your router and observed the output to determine which of the boot system
commands resulted in the system file used at startup.
You used the show version command to verify which method was actually being used.
156 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 6-3: Managing Cisco Devices
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will use Cisco IOS copy and debug commands. After completing this
activity, you will be able to meet these objectives:
Save your running configuration on a remote TFTP server
Upload and download configuration files
Copy and delete files to local flash memory
Ensure that the router is lightly loaded before using debugging commands
Turn debugging on and off
Visual Objective
The figure illustrates what you will accomplish in this activity.
Required Resources
These are the resources and equipment that are required to complete this activity:
PC with connectivity to the remote lab
An SSH-capable terminal emulation application
Your assigned pod access information from Lab 2-1
Successful completion of Lab 6-2
Command Description
copy running-config tftp A multiline command that copies the running configuration
file to a TFTP server.
copy tftp flash A multiline command that copies from a TFTP server
configuration file to flash memory.
copy tftp running-config A multiline command that copies from a TFTP server
configuration file to the running configuration.
copy tftp startup-config A multiline command that copies from a TFTP server
configuration file to the startup-config file, also known as
NVRAM.
more flash:filename Displays as text the contents of the file in flash memory.
show debugging Displays information about the types of debugging that are
enabled on your router.
show flash Displays the layout and contents of a flash memory file
system.
show running-config interface Displays only the current configuration of the specified
interface_id interface.
158 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Job Aids
These following job aid is available to help you complete the lab activity.
A 10.2.2.1 E 10.6.6.1
B 10.3.3.1 F 10.7.7.1
C 10.4.4.1 G 10.8.8.1
D 10.5.5.1 H 10.9.9.1
Activity Procedure
Complete these steps:
Step 1 Connect to your remote workgroup router via the console server, and enter the
necessary commands and passwords to get to the user EXEC prompt.
Step 3 Before attempting to save or copy a configuration from a TFTP server, it is a very
good idea to test that the server is reachable. Enter the command to ping your
workgroup TFTP server; refer to Table 1 for the address. Your output should look
similar to the following display:
RouterX#ping 10.10.10.1
Step 6 At the prompt, accept the default name based on your router hostname by using the
Enter key.
Step 7 Your output from these steps should look similar to the following display:
RouterX#copy running tftp
Address or name of remote host []? 10.x.x.1
Destination filename [RouterX-confg]?
.!!
2140 bytes copied in 4.760 secs (450 bytes/sec)
Step 10 Use the IP address of your workgroup TFTP server when prompted for the address.
Step 11 Use the filename “descript-confg” when prompted for the source filename.
Step 13 Your output from these steps should look similar to the following display:
RouterX#copy tftp run
Address or name of remote host []? 10.10.10.1
Source filename []? descript-confg
Destination filename [running-config]?
Accessing tftp://10.10.10.1/descript-confg...
Loading descript-confg from 10.10.10.1 (via FastEthernet0/0): !
[OK - 289 bytes]
Step 16 Enter the copy tftp flash command to copy from the TFTP server to your local flash
memory.
Step 17 Enter the IP address of your workgroup TFTP server when prompted for the address.
Step 18 Enter the filename “descript-confg” when prompted for the source filename.
160 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 20 Your output from these steps should look similar to the following display:
RouterX#copy tftp flash:
Address or name of remote host [10.x.x.1]?
Source filename [descript-confg]?
Destination filename [descript-confg]?
Accessing tftp://10.x.x.1/descript-confg...
Loading descript-confg from 10.x.x.1 (via FastEthernet0/0): !
[OK - 289 bytes]
Step 22 You should see the filename of the file you just uploaded displayed.
Step 23 Enter more flash:descript-confg to display as text the contents of the file.
Step 24 Your output from these steps should look similar to the following display:
RouterX#more flash:descript-confg
! This file demonstrates the way the IOS removes remarks
! from configuration files
! and allows parts of a configuration to be updated
!*********************[
interface serial 0/0/0
description Connection to Main Office
interface serial 0/0/1
description Unused Interface
end
Step 25 Notice that the file contains only a small number of configuration commands that
were added to (or merged with) the existing running configuration. Also notice that
the file contains comments. These comments are ignored and not stored in the
running configuration.
Step 26 Enter the delete flash:descript-confg command to remove the file that you just
uploaded from flash memory. Your output should look similar to the following
display:
RouterX#delete flash:descript-confg
Delete filename [descript-confg]?
Delete flash:descript-confg? [confirm]
Step 27 Enter the command and subsequent parameters to copy the file descript-confg to
startup-config. Your output should look similar to the following display:
RouterX#copy tftp start
RouterX#copy tftp startup-config
Address or name of remote host [10.x.x.1]?10.x.x.1
Source filename [descript-confg]?descript-confg
Destination filename [startup-config]?
Accessing tftp://10.x.x.1/descript-confg...
Loading descript-confg from 10.x.x.1 (via FastEthernet0/0): !
[OK - 289 bytes]
[OK]
289 bytes copied in 3.348 secs (86 bytes/sec)
Step 28 Enter the show startup command to display the contents of the startup-config file.
Your output should look similar to the following display:
RouterX#show startup
Using 289 out of 245752 bytes! This file demonstrates the way the IOS removes
remarks
! from configuration files
! and allows parts of a configuration to be updated
!*********************[
interface serial 0/0/0
Step 31 Use show startup to verify that the partial configuration in your startup-config file
has been replaced by the full configuration from the running configuration.
Activity Verification
You have completed this task when you attain these results:
You saved your running configuration to your assigned TFTP server.
You uploaded a small configuration file to your running configuration.
You uploaded the configuration file to flash memory, and used the more command to
output the file as text.
You removed the uploaded file from flash memory.
You uploaded the configuration file to the startup-config file and verified that it had
overwritten all previous configuration entries.
Your copied your running configuration to startup-config, replacing the partial
configuration with the full running configuration.
Activity Procedure
Complete these steps:
Step 1 In a nontraining environment, prior to issuing a debug command, you should check
how heavily loaded the CPU is because this affects router performance. The debug
commands are given the highest priority and can cause a router to restart. This may
happen because software timers are not serviced, causing a fatal error to be inferred.
Step 2 Enter the command show processes to display information about the CPU
utilization. Quit the display after the first page is output. Your output should look
similar to the following display:
RouterX#show processes
CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
1 Cwe 400A7A2C 0 4 0 5456/6000 0 Chunk Manager
2 Csp 4008C430 4 1614 2 2528/3000 0 Load Meter
3 M* 0 7832 379196 20 7200/12000 0 Exec
..
..Text omitted
..
162 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step 3 You should review the first line of the output, which indicates the CPU utilization
over three time periods. This is bolded text in the example above. Your display
should indicate a very low value also.
Step 4 Enter the show debugging command to verify that no other debug commands are
active. Your output should indicate that there are is no active debugging taking
place.
Step 5 Enter the debug ip icmp command to turn on debugging of ICMP messages. Your
output should look similar to the following display:
RouterX#debug ip icmp
ICMP packet debugging is on
Step 6 Repeat Step 4; your display should look something like the following:
RouterX#sh debugging
Generic IP:
ICMP packet debugging is on
Step 7 Enter ping 10.x.x.1 to send ICMP echo request packets to your assigned TFTP
server IP address. Your output should look similar to the following display:
RouterX#ping 10.10.10.1
Step 9 Wait a few minutes to observe some RIP routing protocol updates being sent and
received. Your output should look similar to the following display:
RouterX#
*Apr 3 20:12:01.355: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0
(10.10.10.3)
*Apr 3 20:12:01.355: RIP: build update entries
*Apr 3 20:12:01.355: 10.140.10.0/24 via 0.0.0.0, metric 1, tag 0
*Apr 3 20:12:01.355: 10.140.10.1/32 via 0.0.0.0, metric 1, tag 0
*Apr 3 20:12:01.355: 192.168.21.0/24 via 0.0.0.0, metric 1, tag 0
*Apr 3 20:12:01.355: 192.168.121.0/24 via 0.0.0.0, metric 1, tag 0
*Apr 3 20:12:01.355: 192.168.131.0/24 via 0.0.0.0, metric 1, tag 0
*Apr 3 20:12:01.355: 192.168.221.0/24 via 0.0.0.0, metric 3, tag 0
RouterX#
*Apr 3 20:12:06.083: RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (10.140.10.2)
*Apr 3 20:12:06.083: RIP: build update entries
*Apr 3 20:12:06.083: 10.10.10.0/24 via 0.0.0.0, metric 1, tag 0
RouterX#
*Apr 3 20:12:27.295: RIP: received v2 update from 10.140.10.1 on Serial0/0/0
*Apr 3 20:12:27.295: 192.168.21.0/24 via 0.0.0.0 in 1 hops
*Apr 3 20:12:27.295: 192.168.121.0/24 via 0.0.0.0 in 1 hops
*Apr 3 20:12:27.295: 192.168.131.0/24 via 0.0.0.0 in 1 hops
*Apr 3 20:12:27.295: 192.168.221.0/24 via 0.0.0.0 in 2 hops
RouterX#
Step 11 Although it is possible to individually turn off each debug command, it is quicker
and more certain to turn off all debugging using a single command. Enter the no
debug all command to remove all active debugging from the router.
RouterX#no debug all
All possible debugging has been turned off
Activity Verification
You have completed this task when you attain these results:
You observed that your router had a very low CPU utilization using the show processes
command.
You used debug commands to observe the output of ICMP packets and RIP routing
protocol updates.
You used the show debug command to verify which, if any, debug commands were active
on your router.
You turned off all debugging operations using a single command.
164 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 6-4: Confirming the Reconfiguration of the
Branch Network
Complete this lab activity to practice what you learned in the related module.
Activity Objective
In this activity, you will assume that you are taking over the reconfiguration of a branch
network from an administrator who has not completed the configuration. In fact, there may be
misconfiguration of some of the settings. You will use the knowledge and experience gained
from the earlier labs to complete the reconfiguration, correction, and testing. After completing
this activity, you will be able to meet these objectives:
Complete the configuration of your assigned workgroup switch using information provided
in checklist below
Complete the configuration of your workgroup router using information provided in the
checklists below
See the routes indicated in the visual objective after enabling dynamic routing on your
workgroup router
Perform tests to validate that your final configuration meets the new topology information
Visual Objective
The figure illustrates what you will accomplish in this activity.
Command Lists
Refer to the command lists associated with the prior lab associated with the task you are
completing.
Job Aids
These job aids are available to help you complete the lab activity.
Visual objective for this lab
Switch tasks worksheet
Router tasks worksheet
Table containing the addressing information for each workgroup
AA 10.140.11.2 EE 10.140.55.2
BB 10.140.22.2 FF 10.140.66.2
CC 10.140.33.2 GG 10.140.77.2
DD 10.140.44.2 HH 10.140.88.2
166 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Switch Task Worksheet
Interface vlan 1
Username and password for console and vty lines. username netadmin privilege 15 password
netadmin
Netadmin has privilege level 15
Verify
IP domain-name cisco.com
SSH version 2
Interface fa0/1
Verify
Verify
Username and password for console and vty lines. username netadmin privilege level
password netadmin
User has privilege level 15
Verify
Verify
168 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Done Router Task Worksheet Workgroup:
5) Configure DHCP Server (Lab 4-8, Task 2) Support clients on Fa0/0 interface
Verify
Interface fa0/1
Verify
Interface s0/0/0
Verify
Verify
Boot order should be specified as: Cisco IOS file in flash; Cisco boot system flash filename
IOS file from TFTP server; first found Cisco IOS file in flash
boot system tftp filename address
Verify
In order to connect via a VPN tunnel to use Cisco SDM to perform configuration tasks on your
workgroup router, you will need to use a different VPN client configuration profile. This
profile will ensure that you are attached to the correct subnet to match your new workgroup
subnet address.
Activity Verification
You have completed this task when you attain these results:
You have connected to the remote lab and attached to your workgroup devices using the
same menus used in previous labs.
You have connected to the remote lab using the new VPN client profile to support using
Cisco SDM for configuration of your workgroup router.
In phase 1, gather together the necessary information regarding your assigned workgroup
switch and router.
In phase 2, inspect your switch and router to ensure that the configuration matches the values
you collected in phase 1. You may have to perform corrective action on the configuration,
replacing missing or incorrect values. It may be necessary to use either Cisco SDM or the CLI
for this phase. Reference to prior labs will provide you with the correct syntax and procedure to
implement your configuration.
170 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
In phase 3, use Cisco IOS commands to test the functionality of the switch and router working
together to support the overall configuration. These may be ping commands or explicit show
commands that demonstrate that, for example, that a DHCP client has received an address. If
you encounter problems in this phase, you will have to consider where to look to remedy the
problem. You should assume that the network around you is correctly configured and will work
if your configuration matches the values supplied in the job aids and tables. If you have tried to
fix your problems without success, ask your instructor for assistance.
Use the information provided in the Tables 1 and 2 and transfer it to the visual objective so that
you have your IP addressing information ready to reference as you proceed through the switch
and router task sheets.
Activity Verification
You have completed this task when you attain this result:
You have read through the instructions and have prepared the necessary reference
information ready to proceed to the next task.
Use the check boxes as you work through the worksheet. You may need to refer to the labs that
you completed earlier for more detailed information on completing or verifying your
configuration.
No detailed steps are provided here, because all the information that you need is in either this
lab or a prior lab. If you need any further guidance, you should discuss this with your
instructor.
Activity Verification
You have completed this task when you attain these results for your branch:
Your basic switch configuration properties match those assigned to your workgroup.
Your switch has a banner message with suitable warning text.
Your switch SSH configuration properties match those assigned to your workgroup.
Your switch port security configuration properties match those assigned to your
workgroup.
You secured your switch to match the properties assigned to your workgroup.
Your basic router configuration properties match those assigned to your workgroup.
Your router has a banner message with suitable warning text.
Your router password configuration properties match those assigned to your workgroup.
Your router SSH configuration properties match those assigned to your workgroup.
Your router DHCP server configuration properties match those assigned to your
workgroup.
172 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.
Labs 1-1, 1-2, 1-3, and 2-1 contained their answers within the labs and resulted in no
configuration changes.
174 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 2-3 Answer Key: Enhancing the Security of
Initial Switch Configuration
When you complete this activity, your workgroup switch configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SwitchX
!
enable secret 5 $1$A11O$0z83HwmswM/vk5.RSZpVr.
enable password 7 05080F1C2243
!
username netadmin password 7 030A5E1F070B2C4540
no aaa new-model
ip subnet-zero
!
ip domain-name cisco.com
ip ssh version 2
!
!
crypto pki trustpoint TP-self-signed-1833200768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1833200768
revocation-check none
rsakeypair TP-self-signed-1833200768
!
!
crypto ca certificate chain TP-self-signed-1833200768
certificate self-signed 01
3082028D 308201F6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
53312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383333 32303037 36383120 301E0609 2A864886 F70D0109
02161177 675F7377 5F612E63 6973636F 2E636F6D 301E170D 39333033 30313030
30313033 5A170D32 30303130 31303030 3030305A 3053312F 302D0603 55040313
26494F53 2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313833
33323030 37363831 20301E06 092A8648 86F70D01 09021611 77675F73 775F612E
63697363 6F2E636F 6D30819F 300D0609 2A864886 F70D0101 01050003 818D0030
81890281 8100B444 4F07E979 88953526 E0B8480C 52DBC1E7 E5FF660A 41932329
8FB4A8EE 142FAEC4 744CB8BE 021BDAE5 BF005CA6 99D0BDC7 68C4A873 25A2F06C
E460FAE5 1435B900 43505E02 3F0F5E4B D61D6787 59B6AE32 13558C75 561A6BB0
42C15C96 D078A449 669E4B58 CD5857D0 1B570F43 008B811F 45CD05B0 50D144BA
F83865F5 8BFD0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
301C0603 551D1104 15301382 1177675F 73775F61 2E636973 636F2E63 6F6D301F
0603551D 23041830 16801414 679B7C0E C82E65FB 8953EC84 1FC9DD49 E672A630
1D060355 1D0E0416 04141467 9B7C0EC8 2E65FB89 53EC841F C9DD49E6 72A6300D
06092A86 4886F70D 01010405 00038181 006C7E92 A7F96199 D1D81ADA FA16C868
0660013D 4A91A319 6D6DBD61 B5147AAA FF0FCF26 3DF20CA7 9694B3B8 24ABBEAC
F8942F5F E53466BB 04E12200 25432AFE A09DDFCF A07A5A4A 145BE58D 4040040A
5B085A4E 895C45BC 4DF264BC BFE32124 F4AA3BDB B9CF2CC2 35F3B42A B16BFD69
44531337 B03B7055 48A0B320 0A6C3173 C0
quit
!
!
176 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport mode access
shutdown
!
interface GigabitEthernet0/2
switchport mode access
shutdown
!
interface Vlan1
ip address 10.10.10.11 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.3
ip http server
ip http secure-server
!
control-plane
!
**************************************************************^C
!
line con 0
password 7 111A180B1D1D1809
login
line vty 0 4
password 7 111A180B1D1D1809
login local
line vty 5 15
password 7 111A180B1D1D1809
login local
!
end
178 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 2-4 Answer Key: Operating and Configuring
a Cisco IOS Device
When you complete this activity, your workgroup switch configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SwitchX
!
enable secret 5 $1$A11O$0z83HwmswM/vk5.RSZpVr.
enable password 7 05080F1C2243
!
username netadmin password 7 030A5E1F070B2C4540
no aaa new-model
ip subnet-zero
!
ip domain-name cisco.com
ip ssh version 2
!
!
crypto pki trustpoint TP-self-signed-1833200768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1833200768
revocation-check none
rsakeypair TP-self-signed-1833200768
!
!
crypto ca certificate chain TP-self-signed-1833200768
certificate self-signed 01
3082028D 308201F6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
53312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383333 32303037 36383120 301E0609 2A864886 F70D0109
02161177 675F7377 5F612E63 6973636F 2E636F6D 301E170D 39333033 30313030
30313033 5A170D32 30303130 31303030 3030305A 3053312F 302D0603 55040313
26494F53 2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313833
33323030 37363831 20301E06 092A8648 86F70D01 09021611 77675F73 775F612E
63697363 6F2E636F 6D30819F 300D0609 2A864886 F70D0101 01050003 818D0030
81890281 8100B444 4F07E979 88953526 E0B8480C 52DBC1E7 E5FF660A 41932329
8FB4A8EE 142FAEC4 744CB8BE 021BDAE5 BF005CA6 99D0BDC7 68C4A873 25A2F06C
E460FAE5 1435B900 43505E02 3F0F5E4B D61D6787 59B6AE32 13558C75 561A6BB0
42C15C96 D078A449 669E4B58 CD5857D0 1B570F43 008B811F 45CD05B0 50D144BA
F83865F5 8BFD0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
301C0603 551D1104 15301382 1177675F 73775F61 2E636973 636F2E63 6F6D301F
0603551D 23041830 16801414 679B7C0E C82E65FB 8953EC84 1FC9DD49 E672A630
1D060355 1D0E0416 04141467 9B7C0EC8 2E65FB89 53EC841F C9DD49E6 72A6300D
06092A86 4886F70D 01010405 00038181 006C7E92 A7F96199 D1D81ADA FA16C868
0660013D 4A91A319 6D6DBD61 B5147AAA FF0FCF26 3DF20CA7 9694B3B8 24ABBEAC
F8942F5F E53466BB 04E12200 25432AFE A09DDFCF A07A5A4A 145BE58D 4040040A
5B085A4E 895C45BC 4DF264BC BFE32124 F4AA3BDB B9CF2CC2 35F3B42A B16BFD69
44531337 B03B7055 48A0B320 0A6C3173 C0
quit
!
!
180 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport mode access
shutdown
!
interface GigabitEthernet0/1
switchport mode access
shutdown
!
interface GigabitEthernet0/2
switchport mode access
shutdown
!
interface Vlan1
ip address 10.10.10.11 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.3
ip http server
ip http secure-server
!
control-plane
!
**************************************************************^C
!
line con 0
password 7 111A180B1D1D1809
login
line vty 0 4
password 7 111A180B1D1D1809
login local
line vty 5 15
password 7 111A180B1D1D1809
login local
!
end
182 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-1 Answer Key: Converting Decimal to
Binary and Binary to Decimal
When you complete this activity, your results will match the results here.
48 0 0 1 1 0 0 0 0 48 = 32+16 = 00110000
60 0 0 1 1 1 1 0 0 60 = 32+16+8+4
= 00111100
00110101 0 0 1 1 0 1 0 1 32+16+4+1 = 53
Base-2 27 26 25 24 23 22 21 20
145 1 0 0 1 0 0 0 1 10010001
32 0 0 1 0 0 0 0 0 00100000
59 0 0 1 1 1 0 1 1 00111011
24 0 0 0 1 1 0 0 0 00011000
Base-2 27 26 25 24 23 22 21 20
200 1 1 0 0 1 0 0 0 11001000
42 0 0 1 0 1 0 1 0 00101010
129 1 0 0 0 0 0 0 1 10000001
16 0 0 0 1 0 0 0 0 00010000
Base-2 27 26 25 24 23 22 21 20
14 0 0 0 0 1 1 1 0 00001110
82 0 1 0 1 0 0 1 0 01010010
19 0 0 0 1 0 0 1 1 00010011
54 0 0 1 1 0 1 1 0 00110110
184 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Task 2: Convert from Binary Format to Decimal IP Address
Step 1 The table to express 11011000.00011011.00111101.10001001 in decimal IP address
format is shown here.
Base-2 27 26 25 24 23 22 21 20
11011000 1 1 0 1 1 0 0 0 216
00011011 0 0 0 1 1 0 1 1 27
00111101 0 0 1 1 1 1 0 1 61
10001001 1 0 0 0 1 0 0 1 137
Base-2 27 26 25 24 23 22 21 20
11000110 1 1 0 0 0 1 1 0 198
00110101 0 0 1 1 0 1 0 1 53
10010011 1 0 0 1 0 0 1 1 147
00101101 0 0 1 0 1 1 0 1 45
Base-2 27 26 25 24 23 22 21 20
01111011 0 1 1 1 1 0 1 1 123
00101101 0 0 1 0 1 1 0 1 45
01000011 0 1 0 0 0 0 1 1 67
01011001 0 1 0 1 1 0 0 1 89
216.27.61.134 Valid
255.255.255.255 Invalid Valid number but is an administrative number that should not
be assigned to a host
142.179.148.200 Valid
200.42.129.16 Valid
186 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-3 Answer Key: Computing Usable
Subnetworks and Hosts
When you complete this activity, your results will match the results here.
Number of
Subnets Number of Bits to Borrow Number of Hosts per Subnet (2h – 2)
2 1 27-2 = 126
5 3 25-2 = 30
12 4 24-2 = 14
24 5 23-2 = 6
40 6 22-2 = 2
Number of
Subnets Number of Bits to Borrow Number of Hosts per Subnet (2h – 2)
5 3 213-2 = 8,190
8 3 213-2 = 8,190
14 4 212-2 = 4,094
20 5 211-2 = 2,046
35 6 210-2 = 1,022
Number of
Subnets Number of Bits to Borrow Number of Hosts per Subnet (2h – 2)
10 4 220 – 2 = 1,048,574
14 4 220 – 2 = 1,048,574
20 5 219 – 2 = 524,286
40 6 218 – 2 = 262,142
80 7 217 – 2 = 131,070
2. Specify the classful address and subnet mask in binary and decimal that allows you to
create 12 subnets.
Classful address: /20
Subnet mask (binary): 11111111.11111111.11110000.00000000
Subnet mask (decimal): 255.255.240.0
188 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step Description Example
4. Copy the significant bits four times. 0000 0000 (first subnet)
5. In the first line, define the network address by 0000 0001 (first host address)
placing 0s in the remaining host bits.
0000 1110 (last host address)
6. In the last line, define the directed-broadcast
address by placing 1s in the host bits. 0000 1111 (broadcast address)
8. Increment the subnet bits by one to determine the 0001 0000 (next subnet)
next subnet address.
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
2. Specify the classful address and subnet mask in binary and decimal that allows you to
create six subnets.
Classful address: /27
Subnet mask (binary): 11111111.11111111.11111111.11100000
Subnet mask (decimal): 255.255.255.224
Cross out the mask so that you can view the 111 00000
significant bits in the IP address.
4. Copy the significant bits four times. 000 00000 (first subnet)
5. In the first line, define the network address by 000 00001 (first host address)
placing 0s in the remaining host bits.
000 11110 (last host address)
6. In the last line, define the directed-broadcast
address by placing 1s in the host bits. 000 11111 (broadcast address)
8. Increment the subnet bits by one to determine the 001 00000 (next subnet)
next subnet address.
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
2. How many subnets can you define with the specified mask? 16
3. How many hosts will be in each subnet? 14
190 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step Description Example
4. Copy the significant bits four times. 1000 0000 (first subnet)
5. In the first line, define the network address by 1000 0001 (first host address)
placing 0s in the remaining host bits.
1000 1110 (last host address)
6. In the last line, define the directed-broadcast
address by placing 1s in the host bits. 1000 1111 (broadcast address)
8. Increment the subnet bits by one to determine the 1001 0000 (next subnet)
next subnet address.
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
2. How many subnets can you define with the specified mask?
126
4. Copy the significant bits four times. 0111000 0.00000000 (first subnet)
5. In the first line, define the network address by 0111000 0.00000001 (first host address)
placing 0s in the remaining host bits.
0111000 1.11111110 (last host address)
6. In the last line, define the directed-broadcast
address by placing 1s in the host bits. 0111000 1.11111111 (broadcast
address)
7. In the middle lines, define the first and last host ID
for this subnet.
8. Increment the subnet bits by one to determine the 0111001 0.00000000 (next subnet)
next subnet address.
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
...
2. How many subnets can you define with the specified mask?
510
192 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Step Description Example
5. In the first line, define the network address by 00000000.10000001 (first host address)
placing 0s in the remaining host bits.
00000000.11111110 (last host address)
6. In the last line, define the directed-broadcast
address by placing 1s in the host bits. 00000000.11111111 (broadcast
address)
7. In the middle lines, define the first and last host ID
for this subnet.
8. Increment the subnet bits by one to determine the 00000001.10000000 (next subnet)
next subnet address.
Repeat Steps 4 through 8 for all subnets.
Subnet Directed-Broadcast
Number Subnet Address Range of Host Addresses Address
...
194 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Using 4 percent iomem. [12Mb/256Mb]
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
sslinit fn
196 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-6 Answer Key: Performing Initial Router
Configuration
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
version 12.4
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.dET$BDxkofHF3aAsRthe/c0.c.
enable password cisco
!
no aaa new-model
!
!
ip cef
!
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
198 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-7 Answer Key: Enhancing the Security of
Initial Router Configuration
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
!
version 12.4
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.dET$BDxkofHF3aAsRthe/c0.c.
enable password 7 14141B180F0B
!
no aaa new-model
!
!
ip cef
!
!
no ip domain lookup
ip domain name cisco.com
ip ssh version 2
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username netadmin password 7 082F495A081D081E1C
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
duplex half
**************************************************************^C
!
line con 0
password 7 14041305060B392E
login
line aux 0
line vty 0 4
password 7 071C204244060A00
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
200 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 4-8 Answer Key: Using Cisco SDM to
Configure DHCP Server Function
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
!
version 12.4
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.dET$BDxkofHF3aAsRthe/c0.c.
enable password 7 14141B180F0B
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.149
ip dhcp excluded-address 10.10.10.200 10.10.10.254
!
ip dhcp pool wgA_clients
import all
network 10.10.10.0 255.255.255.0
lease 0 0 5
!
!
no ip domain lookup
ip domain name cisco.com
ip ssh version 2
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3715519608
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3715519608
202 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
!
line con 0
password 7 14041305060B392E
login
line aux 0
line vty 0 4
password 7 071C204244060A00
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
204 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
revocation-check none
rsakeypair TP-self-signed-3715519608
!
!
crypto pki certificate chain TP-self-signed-3715519608
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373135 35313936 3038301E 170D3037 30343035 32333135
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37313535
31393630 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D0D2 4D67CC33 F0966C60 96BD12D2 675EB867 42087A6F 4310110E 1E852852
E965291B A9E21580 7F77960A B83618A5 65A718BE 4E81DB21 669B48D1 172E1FF3
73575C54 6B25A849 6E886C49 3EA0D03C CC5E7AFA 186AE594 22F612D6 8CA089EC
355AFCF5 9FBA492A EEEB13C8 27A6F2BE EEC51E85 18B52144 10DDA46C C0831824
D0450203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 1177675F 726F5F61 2E636973 636F2E63 6F6D301F 0603551D
23041830 168014B7 CBDB7C0C C2AEB57B B2CA8F85 6C9567DA ACA8F430 1D060355
1D0E0416 0414B7CB DB7C0CC2 AEB57BB2 CA8F856C 9567DAAC A8F4300D 06092A86
4886F70D 01010405 00038181 0061FD2F C903A4A2 0E241513 68AD17EA 16856A52
46C655CA 7AD9C703 DE996CD7 7F009ED1 19829639 6D57B06C 5225DEF4 5F3325D1
1567E90F 60858412 AB1E106A 3110FD46 9439D60A 7FFB783D D740FDAC EC00C4B5
388FFD58 436F2B2A A305F71B 00E91CAD 90B5F317 D705450E DC511A46 E777ACAC
1C07F960 64CCE156 F65330FE 02
quit
username netadmin privilege 15 password 7 082F495A081D081E1C
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
!
!
ip http server
ip http authentication local
ip http secure-server
!
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 14041305060B392E
logging synchronous
login
history size 100
line aux 0
line vty 0 4
password 7 071C204244060A00
logging synchronous
login local
history size 100
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
206 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-1 Answer Key: Connecting to the Internet
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
!
version 12.4
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.dET$BDxkofHF3aAsRthe/c0.c.
enable password 7 14141B180F0B
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.149
ip dhcp excluded-address 10.10.10.200 10.10.10.254
!
ip dhcp pool wgA_clients
import all
network 10.10.10.0 255.255.255.0
lease 0 0 5
!
!
no ip domain lookup
ip domain name cisco.com
ip ssh version 2
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3715519608
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3715519608
revocation-check none
rsakeypair TP-self-signed-3715519608
208 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 14041305060B392E
logging synchronous
login
history size 100
line aux 0
line vty 0 4
password 7 071C204244060A00
logging synchronous
login local
history size 100
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
210 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
revocation-check none
rsakeypair TP-self-signed-3715519608
!
!
crypto pki certificate chain TP-self-signed-3715519608
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373135 35313936 3038301E 170D3037 30343035 32333135
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37313535
31393630 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D0D2 4D67CC33 F0966C60 96BD12D2 675EB867 42087A6F 4310110E 1E852852
E965291B A9E21580 7F77960A B83618A5 65A718BE 4E81DB21 669B48D1 172E1FF3
73575C54 6B25A849 6E886C49 3EA0D03C CC5E7AFA 186AE594 22F612D6 8CA089EC
355AFCF5 9FBA492A EEEB13C8 27A6F2BE EEC51E85 18B52144 10DDA46C C0831824
D0450203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 1177675F 726F5F61 2E636973 636F2E63 6F6D301F 0603551D
23041830 168014B7 CBDB7C0C C2AEB57B B2CA8F85 6C9567DA ACA8F430 1D060355
1D0E0416 0414B7CB DB7C0CC2 AEB57BB2 CA8F856C 9567DAAC A8F4300D 06092A86
4886F70D 01010405 00038181 0061FD2F C903A4A2 0E241513 68AD17EA 16856A52
46C655CA 7AD9C703 DE996CD7 7F009ED1 19829639 6D57B06C 5225DEF4 5F3325D1
1567E90F 60858412 AB1E106A 3110FD46 9439D60A 7FFB783D D740FDAC EC00C4B5
388FFD58 436F2B2A A305F71B 00E91CAD 90B5F317 D705450E DC511A46 E777ACAC
1C07F960 64CCE156 F65330FE 02
quit
username netadmin privilege 15 password 7 082F495A081D081E1C
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-WAN$
ip address dhcp client-id FastEthernet0/1
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
description Link to Main Office
ip address 10.140.10.2 255.255.255.0
encapsulation ppp
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip route 192.168.21.0 255.255.255.0 10.140.10.1
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 14041305060B392E
logging synchronous
login
history size 100
line aux 0
line vty 0 4
password 7 071C204244060A00
logging synchronous
login local
history size 100
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
212 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 5-3 Answer Key: Enabling Dynamic Routing
to the Main Office
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
!
version 12.4
!
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterX
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.dET$BDxkofHF3aAsRthe/c0.c.
enable password 7 14141B180F0B
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.149
ip dhcp excluded-address 10.10.10.200 10.10.10.254
!
ip dhcp pool wgA_clients
import all
network 10.10.10.0 255.255.255.0
lease 0 0 5
!
!
no ip domain lookup
ip domain name cisco.com
ip ssh version 2
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3715519608
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3715519608
214 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
version 2
network 10.0.0.0
!
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 14041305060B392E
logging synchronous
login
history size 100
line aux 0
line vty 0 4
password 7 071C204244060A00
logging synchronous
login local
history size 100
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
216 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
rsakeypair TP-self-signed-3715519608
!
!
crypto pki certificate chain TP-self-signed-3715519608
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373135 35313936 3038301E 170D3037 30343035 32333135
30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37313535
31393630 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D0D2 4D67CC33 F0966C60 96BD12D2 675EB867 42087A6F 4310110E 1E852852
E965291B A9E21580 7F77960A B83618A5 65A718BE 4E81DB21 669B48D1 172E1FF3
73575C54 6B25A849 6E886C49 3EA0D03C CC5E7AFA 186AE594 22F612D6 8CA089EC
355AFCF5 9FBA492A EEEB13C8 27A6F2BE EEC51E85 18B52144 10DDA46C C0831824
D0450203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 1177675F 726F5F61 2E636973 636F2E63 6F6D301F 0603551D
23041830 168014B7 CBDB7C0C C2AEB57B B2CA8F85 6C9567DA ACA8F430 1D060355
1D0E0416 0414B7CB DB7C0CC2 AEB57BB2 CA8F856C 9567DAAC A8F4300D 06092A86
4886F70D 01010405 00038181 0061FD2F C903A4A2 0E241513 68AD17EA 16856A52
46C655CA 7AD9C703 DE996CD7 7F009ED1 19829639 6D57B06C 5225DEF4 5F3325D1
1567E90F 60858412 AB1E106A 3110FD46 9439D60A 7FFB783D D740FDAC EC00C4B5
388FFD58 436F2B2A A305F71B 00E91CAD 90B5F317 D705450E DC511A46 E777ACAC
1C07F960 64CCE156 F65330FE 02
quit
username netadmin privilege 15 password 7 082F495A081D081E1C
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ETH-WAN$
ip address dhcp client-id FastEthernet0/1
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
description Link to Main Office
ip address 10.140.10.2 255.255.255.0
encapsulation ppp
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
router rip
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 14041305060B392E
logging synchronous
login
history size 100
line aux 0
line vty 0 4
password 7 071C204244060A00
logging synchronous
login local
history size 100
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SwitchX
218 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
!
enable secret 5 $1$A11O$0z83HwmswM/vk5.RSZpVr.
enable password 7 05080F1C2243
!
username netadmin password 7 030A5E1F070B2C4540
no aaa new-model
ip subnet-zero
!
no ip domain-lookup
ip domain-name cisco.com
ip ssh version 2
!
!
crypto pki trustpoint TP-self-signed-1833200768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1833200768
revocation-check none
rsakeypair TP-self-signed-1833200768
!
!
crypto ca certificate chain TP-self-signed-1833200768
certificate self-signed 01
3082028D 308201F6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
53312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383333 32303037 36383120 301E0609 2A864886 F70D0109
02161177 675F7377 5F612E63 6973636F 2E636F6D 301E170D 39333033 30313030
30313033 5A170D32 30303130 31303030 3030305A 3053312F 302D0603 55040313
26494F53 2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313833
33323030 37363831 20301E06 092A8648 86F70D01 09021611 77675F73 775F612E
63697363 6F2E636F 6D30819F 300D0609 2A864886 F70D0101 01050003 818D0030
81890281 8100B444 4F07E979 88953526 E0B8480C 52DBC1E7 E5FF660A 41932329
8FB4A8EE 142FAEC4 744CB8BE 021BDAE5 BF005CA6 99D0BDC7 68C4A873 25A2F06C
E460FAE5 1435B900 43505E02 3F0F5E4B D61D6787 59B6AE32 13558C75 561A6BB0
42C15C96 D078A449 669E4B58 CD5857D0 1B570F43 008B811F 45CD05B0 50D144BA
F83865F5 8BFD0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
301C0603 551D1104 15301382 1177675F 73775F61 2E636973 636F2E63 6F6D301F
0603551D 23041830 16801414 679B7C0E C82E65FB 8953EC84 1FC9DD49 E672A630
1D060355 1D0E0416 04141467 9B7C0EC8 2E65FB89 53EC841F C9DD49E6 72A6300D
06092A86 4886F70D 01010405 00038181 006C7E92 A7F96199 D1D81ADA FA16C868
0660013D 4A91A319 6D6DBD61 B5147AAA FF0FCF26 3DF20CA7 9694B3B8 24ABBEAC
F8942F5F E53466BB 04E12200 25432AFE A09DDFCF A07A5A4A 145BE58D 4040040A
5B085A4E 895C45BC 4DF264BC BFE32124 F4AA3BDB B9CF2CC2 35F3B42A B16BFD69
44531337 B03B7055 48A0B320 0A6C3173 C0
quit
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0017.5a78.be01
switchport port-security mac-address sticky 001a.2fe7.3089
!
220 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
interface FastEthernet0/15
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/16
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/17
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/18
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/19
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/20
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/21
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/22
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/23
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/24
switchport mode access
shutdown
no cdp enable
!
interface GigabitEthernet0/1
switchport mode access
shutdown
no cdp enable
!
interface GigabitEthernet0/2
switchport mode access
shutdown
no cdp enable
!
interface Vlan1
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 111A180B1D1D1809
logging synchronous
login
history size 100
line vty 0 4
password 7 111A180B1D1D1809
logging synchronous
login local
history size 100
line vty 5 15
password 7 111A180B1D1D1809
logging synchronous
login local
history size 100
!
end
222 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 6-2 Answer Key: Managing Router Startup
Options
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterX
!
boot-start-marker
boot system tftp c2800nm-advipservicesk9-mz.124-12.bin 10.10.10.1
boot system flash c2800nm-advipservicesk9-mz.124-12.bin
boot system flash
boot-end-marker
!
no logging buffered
enable secret 5 $1$X.GH$OkseupwTuqqjGp4oP4Fdg0
enable password 7 121A0C041104
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.149
ip dhcp excluded-address 10.10.10.200 10.10.10.254
!
ip dhcp pool wgA_clients
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.3
lease 0 0 5
!
!
no ip domain lookup
ip domain name cisco.com
ip ssh version 2
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
224 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
shutdown
clock rate 2000000
!
router rip
version 2
network 10.0.0.0
!
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************^C
!
line con 0
exec-timeout 60 0
password 7 051807012B435D0C
logging synchronous
login
history size 100
line aux 0
line vty 0 4
password 7 051807012B435D0C
logging synchronous
login local
history size 100
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
226 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
Lab 6-4 Answer Key: Confirming the
Reconfiguration of the Branch Network
When you complete this activity, your workgroup router configuration will be similar to the
results here, with differences that are specific to your device or workgroup:
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterXX
!
boot-start-marker
boot system flash c2800nm-advipservicesk9-mz.124-12.bin
boot system tftp c2800nm-advipservicesk9-mz.124-12.bin 10.10.10.1
boot system flash
boot-end-marker
!
enable secret 5 $1$t7tb$L8Par/.s/MaoshaZH1cLq0
enable password 7 0822455D0A16
!
no aaa new-model
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.149
ip dhcp excluded-address 10.10.10.200 10.10.10.254
!
ip dhcp pool branchXX-clients
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.3
lease 0 0 5
!
!
ip domain name cisco.com
ip ssh version 2
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3575601183
enrollment selfsigned
228 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
network 10.0.0.0
!
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login
************* Warning **********************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************
!
line con 0
exec-timeout 60 0
password 7 08324D4003161612
logging synchronous
login
history size 100
line aux 0
line vty 0 4
logging synchronous
login local
history size 100
transport input ssh
!
scheduler allocate 20000 1000
!
end
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SwitchXX
!
enable secret 5 $1$LLvt$3gBuRQzm6eAcGfQjsgHC01
enable password 7 01100F175804
!
230 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
interface FastEthernet0/3
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/4
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/5
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/6
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/7
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/8
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/9
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/10
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/11
switchport mode access
no cdp enable
!
interface FastEthernet0/12
switchport mode access
no cdp enable
!
interface FastEthernet0/13
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/14
switchport mode access
shutdown
no cdp enable
!
interface FastEthernet0/15
switchport mode access
shutdown
232 Interconnecting Cisco Networking Devices Part 1 (ICND1) v1.0 © 2007 Cisco Systems, Inc.
ip default-gateway 10.10.10.3
ip http server
ip http secure-server
!
control-plane
!
banner login
********** Warning *************
Access to this device is restricted to authorized persons only!
Un-authorized access is prohibited. Violators will be prosecuted.
**************************************************************
!
line con 0
exec-timeout 60 0
password 7 04480A08052E5F4B
logging synchronous
login
history size 100
line vty 0 4
password 7 03175A01091C24
logging synchronous
login local
history size 100
transport input ssh
line vty 5 15
password 7 001712080E541803
logging synchronous
login local
history size 100
transport input ssh
!
end