LOVELY PROFESSIONAL UNIVERSITY

MODEL HOME WORK: #2

INT506: Network Administration

School: Department:

Name of the faculty member:

Class: B.Tech IT Term:8th Section:D27T1

Batch: 2007 Roll no:RD27T1A5

Max. Marks: 5 DOA: 3-2-2011 DOS: 16-2-2011

Part A

Q1. Take a Router of your choice and configure the secret and telnet passwords. Save the
configuration and write the contents of .pkt file as your answer.

ANS:-Password:

You’ll notice that before we can get into privileged mode, we have to enter the password we
set earlier. If you followed the above example, you should be able to input mypassword and
press Enter. You are now authenticated for privileged mode!

So why don’t we use the enable password command in most cases? The answer is simple:
it’s an outdated format that anyone can have ample opportunity to take advantage of. Try
following the below steps and note what you see.

Router# show running-config

Building configuration…

Current configuration : 162 bytes

version 12.2

no service password-encryption

hostname Router

enable password mypassword

!

As you can see, anyone can see the password in plain view. This is because it is stored as
plain text- no encryption is being used! To help cover this vast security hole, Cisco created
the enable secret command. As you can probably guess, it makes use of encryption this time
around.

Q2. Enlighten upon the purpose of having Banners, what are the various Banners and how
are they used? Write down the configuration steps for them.

Ans: The banner is displayed whenever anyone logs in to your Cisco router. The syntax is
"banner motd # ". MOTD stands for "Message Of The Day".
# symbol signifies the start of the banner message to the router. You will be prompted for the
message to be displayed. You need to enter "#" symbol at the end of the message, signifying
that the message has ended.

Q3 What are they various types of passwords that we can set in a Cisco Router, mention all
of them, their purpose and configuration commands?

Ans:- There are five different types of passwords:

1. ENABLE PASSWORD - A global command that restricts access to privileged exec mode.
This is a non-encrypted password.
2. ENABLE SECRET - Assigns a one-way encryptographic secret password, available in
versions 10.3 and up. This secret password is used instead of the enable password when it
exists.
3. Virtual Terminal Password (vty password) - The virtual terminal password is used for
Telnet sessions into the router. The password can be changed at any time. It can be set up
when you configure the router from the console. There can be five distinct passwords
corresponding to each vty (vty0 to vty4) or there can be a single password for all vtys.
4. Auxiliary Password - Auxiliary password is used to set password to the auxiliary port. This
port is used to access a router through a modem.
5. Console Password - Console password is used to set the console port password

Enable Password – The Most Basic Of Security Features

The two most basic of passwords a Cisco router can provide support for is the enable
password and enable secret commands. Depending on the IOS version, administrators will
likely only need to setup the enable secret command.

For Cisco routers running IOS versions before version 10.3, enable password is going to be
used. It is the outdated version of the two, and we’ll see why it isn’t used in average
applications after we enable it. You can enable this basic password following the commands
seen below.

Router> enable

Router# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# enable password mypassword

In this example, mypassword is the new password that is going to be set on the router. Try
typing exit and navigate to the privileged mode, as seen below.

Router> enable

Password:

You’ll notice that before we can get into privileged mode, we have to enter the password we
set earlier. If you followed the above example, you should be able to input mypassword and
press Enter. You are now authenticated for privileged mode!

So why don’t we use the enable password command in most cases? The answer is simple:
it’s an outdated format that anyone can have ample opportunity to take advantage of. Try
following the below steps and note what you see.

Router# show running-config

Building configuration…

Current configuration : 162 bytes

version 12.2

no service password-encryption

hostname Router

enable password mypassword

As you can see, anyone can see the password in plain view. This is because it is stored as
plain text- no encryption is being used! To help cover this vast security hole, Cisco created
the enable secret command. As you can probably guess, it makes use of encryption this time
around.

Enable Secret – An Evolved Form Of The Previous Example

Encryption can be a tough subject to tackle. But Cisco has made the process of enabling an
encrypted password just as easy as the previous example. In fact, we are only changing one
word in the process!
Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret mypassword

Note that many routers will alert the user at this point if they have made the enable secret and
the enable password values the same in terms of the password. Although the message that
results is just a warning, and administrators can indeed set both to the same thing (although
this is not recommended as it will almost defeat the purpose of the enable secret command).

Now let’s go back to the very beginning, and try logging back into privileged mode once
more. We’ll take a look at the running configuration in the below example.

Router# show running-config

Building configuration…

Current configuration : 209 bytes

version 12.2

no service password-encryption

hostname Router

enable secret 5 $1$mERr$7sOd0mgRuXYhHwfWsV4QZ/

enable password mypassword

Notice how the enable secret password is unreadable, while the outdated command enable
password is being displayed in plain view! Obviously, it comes as to no surprise that Cisco
decided to do away with the command in order to improve network security.

Q4.Illustrate the use of Ethernet & Fast Ethernet ports, if Fast is available why do we use the
normal Ethernet Ports. Write down an example of each.

Ans:- Ethernet port works with 10 Mbps & Fast Ethernet port works with 100 Mbps.
Ethernet- 10BASE T,2,5(802.3) DATA can travel at speeed of upto 10mbps upto distance of
100 m(T) to 500m(5).cat 3 utp
Fast Ethernet- 100basetx (802.3 u) data travel 10 times faster at speed of upto 100mbps upto
distance of 100 tp412m.cat 5,6 utp

Q5. If editing a Router Configuration is possible, why do we need to delete one? Write steps
to Delete & Reload the configuration of a Cisco router.

Q6.Use at least 3 show commands and discuss at least 4 options of each one of them in detail
and how can we use them?

Ans: SHOW command is extensively used for seeing the status and configuration information
of the router.
Some of the frequently used commands are:

1. SHOW VERSION - Displays information about the system hardware (RAM/ROM),

software version, names of configuration files, and boot-images. This command will also
show the current configuration register value.

The following is a sample output of a show version command.

2. Router# show version

3. Cisco Internetwork Operating System Software
4. IOS (tm) 3600 Software (C3640-J-M), Version 11.2(6)P, SHARED
PLATFORM,
5. RELEASE SOFTWARE (fc1)
6. Copyright (c) 1986-1997 by cisco Systems, Inc.
7. Compiled Mon 12-May-97 15:07 by tej
8. Image text-base: 0x600088A0, data-base: 0x6075C000
9.
10. ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX],
EARLY DEPLOYMENT
11. RELEASE SOFTWARE (fc2)
12.
13. Router uptime is 1 week, 1 day, 38 minutes
14. System restarted by power-on
15. System image file is "flash:c3640-j-mz_112-6_P.bin",
booted
16. via flash
17. Host configuration file is "3600_4-confg", booted via
tftp
18. from 171.69.83.194
19.
20. cisco 3640 (R4700) processor (revision 0x00) with
107520K/23552K bytes
21. of memory.
22. Processor board ID 03084730
23. R4700 processor, Implementation 33, Revision 1.0
24. Bridging software.
25. SuperLAT software copyright 1990 by Meridian Technology
Corp).
26. X.25 software, Version 2.0, NET2, BFE and GOSIP
compliant.
27. TN3270 Emulation software.
28. Primary Rate ISDN software, Version 1.0.
29. 2 Ethernet/IEEE 802.3 interface(s)
30. 97 Serial network interface(s)
31. 4 Channelized T1/PRI port(s)
32. DRAM configuration is 64 bits wide with parity disabled.
33. 125K bytes of non-volatile configuration memory.
34. 16384K bytes of processor board System flash
(Read/Write)
35.
36. Configuration register is 0x2102
37.

3.SHOW RUNNING-CONFIGURATION -This command displays the router's active

configuration file, passwords, system name, and interface settings, interfaces IP addresses etc.
4.SHOW INTERFACE - Shows status and configuration information of the local interfaces.
The first line says something like “TokenRing1 is up, line protocol is up”. The first part
“TokenRing1 is up” describes the physical layer components such as electrical cabling and
signaling are OK. The second part “line protocol is up” means that the router is detecting
keep-alive messages. The router may be put into administratively down status, at which point
the line would read, “TokenRing1 is administratively down, line protocol is down.”
5.SHOW INTERFACE SERIAL 0 - Shows the serial 0 configuration.
6.SHOW INTERFACES - Displays statistics for all interfaces configured on the switch.

The show interfaces command boasts a number of options that allow you to limit the
output information. You can specify the type of interface as well as the interface
number:

38. show interfaces {type of interface} {interface number}

39. Using these options, you can view output for a single interface. Here's an example:
40. Router# show interfaces ethernet 0/0
41. Ethernet0/0 is administratively down, line protocol is down
42. Hardware is AmdP2, address is 0003.e39b.9220 (bia 0003.e39b.9220)
43. Internet address is 1.1.1.1/8
44. MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
45. reliability 255/255, txload 1/255, rxload 1/255
46. Encapsulation ARPA, loopback not set
47. Keepalive set (10 sec)
48. ARP type: ARPA, ARP Timeout 04:00:00
49. Last input 4d06h, output never, output hang never
50. Last clearing of "show interface" counters never
51. Queueing strategy: fifo
52. Output queue 0/40, 0 drops; input queue 0/75, 0 drops
53. 5 minute input rate 0 bits/sec, 0 packets/sec
54. 5 minute output rate 0 bits/sec, 0 packets/sec
55. 19 packets input, 2330 bytes, 0 no buffer
56. Received 19 broadcasts, 0 runts, 0 giants, 0 throttles
57. 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
58. 0 input packets with dribble condition detected
59. 0 packets output, 0 bytes, 0 underruns
60. 0 output errors, 0 collisions, 0 interface resets
61. 0 babbles, 0 late collision, 0 deferred
62. 0 lost carrier, 0 no carrier
63. 0 output buffer failures, 0 output buffers swapped out
64. Router#
65. You can also view of a summary of the output from the show interfaces command. Using
this option, you can get a summary of all interfaces and statistics about each one.
66. For example, say you're looking for an interface that's exceeding a 512-Kbps receive rate
or perhaps you want to find any interfaces that are dropping packets from their input
 queue. Either way, this option can help you find that information much quicker. Here's an
example:
67. Router# show interfaces summary
68.
69. *: interface is up
70. IHQ: pkts in input hold queue IQD: pkts dropped from input
queue
71. OHQ: pkts in output hold queue OQD: pkts dropped from output
queue
72. RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
73. TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
74. TRTL: throttle count
75.
76. Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS
TRTL
77. -------------------------------------------------------------------
---
78. Ethernet0/0 0 0 0 0 0 0 0 0
0
79. Serial0/0 0 0 0 0 0 0 0 0
0
80. Serial0/1 0 0 0 0 0 0 0 0
0
81. Router#
82. You can also use this command with the pipe command [|] and the begin, include, or
exclude options. Here's an example of using include:
83. Router# show interfaces | inc CRC
84. 29 input errors, 29 CRC, 0 frame, 0 overrun, 0 ignored, 53
abort
85. 1375 input errors, 5 CRC, 30 frame, 0 overrun, 0 ignored, 22
abort
86. 24 input errors, 142 CRC, 19 frame, 9 overrun, 5 ignored, 64
abort
87. 140 input errors, 14 CRC, 47 frame, 0 overrun, 0 ignored, 30
abort
88. 114 input errors, 9 CRC, 29 frame, 0 overrun, 0 ignored, 18
abort
89.
5. SHOW PROCESS - Displays a router’s CPU utilization.
6. SHOW CONFIG - Displays information on the startup configuration.

7. Show IP protocol: This command will show information on RIP timers including routing
update timer (30sec default), hold-down timer (default 180sec). It also displays the number of
seconds due for next update (this is fraction of update timer). This command also gives the
network number for which IP RIP is enabled, Gateway, and the default metric.

8. Show IP route: This command will display the IP routing table entries. In addition, it
displays the Gateway of last resort (if one is assigned). It also displays the codes used for
various types of routes. Some of the important codes are:
C: directly connected;
S: Statically connected
I: IGRP
R: RIP
Show IP interface: This command shows you interface-wise information such as IP address
assigned to each interface, whether the interface is up, MTU etc.
Q7. 172.16.0.0 = Network address, 255.255.240.0 = Subnet mask. Calculate subnets, hosts,
valid subnets, valid hosts, broadcast address.

Ans:

172.16.0.0 = Network address

255.255.240.0 = Subnet mask

1_ Subnets? 24 = 16.

2_ Hosts? 212– 2 = 4094.

3_ Valid subnets? 256 – 240 = 0, 16, 32, 48, etc., up to 240. Notice that these are
the same

numbers as a Class C 240 mask.

4_ Broadcast address for each subnet?

5_ Valid hosts?

The following table shows the first four subnets, valid hosts, and broadcast
addresses in a

Class B 255.255.240.0 mask:

Subnet 0.0 64.0 128.0 192.0

First host 0.1 64.1 128.1 192.1

Last host 63.254 127.254 191.254 255.254

Broadcast 63.255 127.255 191.255 255.255

Subnet 0.0 16.0 32.0 48.0

First host 0.1 16.1 32.1 48.1

Last host 15.254 31.254 47.254 63.254

Broadcast 15.255 31.255 47.255 63.255

Q8. 172.16.0.0 = Network address, 255.255.255.224 = Subnet mask.
Calculate subnets, hosts, valid subnets, valid hosts, broadcast address.

Ans:This is done the same way as the preceding subnet mask, except that we just
have more subnets and fewer hosts per subnet available.

172.16.0.0 = Network address

255.255.255.224 = Subnet mask

1_ Subnets? 211 = 2048.

2_ Hosts? 25 – 2 = 30.

3_ Valid subnets? 256 – 224 = 32. 0, 32, 64, 96, 128, 160, 192, 224.

4_ Broadcast address for each subnet?

5_ Valid hosts?

Subnet 0.0 0.64 0.128 0.192 1.0 1.64 1.128 1.192

First host 0.1 0.65 0.129 0.193 1.1 1.65 1.129 1.193

Last host 0.62 0.126 0.190 0.254 1.62 1.126 1.190 1.254

Broadcast 0.63 0.127 0.191 0.255 1.63 1.127 1.191 1.255