Documente Academic
Documente Profesional
Documente Cultură
Lab Topology
The topology diagram below represents the NetMap in the Simulator.
S0/0/0 S0/0/1
Router2
S0/0/0 S0/0/0
Router1 Router3
Command Summary
Command Description
banner login [delimiting-character configures a message that is displayed at user login attempts
message delimiting-character]
banner motd [delimiting-character configures a message-of-the-day (MOTD) banner that can be
message delimiting-character] used to display a message at user login attempts
clock set hh:mm:ss day month year sets the system software clock
clock rate clock-rate sets the clock rate for a Data Communications Equipment (DCE)
interface
configure terminal enters global configuration mode from privileged EXEC mode
copy running-config startup-config saves the configuration file
copy startup-config running-config copies the startup configuration to the running configuration
description description-text assigns a description to an interface, a class map, or a policy
map
disable returns to user EXEC mode
disconnect {ip-address | console} closes an active console port or Telnet session
enable enters privileged EXEC mode
enable password password sets the enable password
enable secret password sets the enable secret password
IP Addresses
Device Interface IP Address Subnet Mask
Router1 Serial 0/0/0 10.1.1.1 255.255.255.0
Router2 Serial 0/0/0 10.1.1.2 255.255.255.0
Serial 0/0/1 172.16.10.2 255.255.255.0
Router3 Serial 0/0/0 172.16.10.1 255.255.255.0
Lab Tasks
Task 1: Connect to Router1
Review the commands needed to access the Cisco CLI, user EXEC mode, and privileged EXEC mode.
1. When you connect to a Cisco router, you are presented with an EXEC prompt. What EXEC mode is
Router1 in? _____________________________________________________________________
Are you able to make configuration changes from this mode? _____________________________
4. On Router1, enter privileged EXEC mode and view a list of commands that can be issued from that
mode.
5. What command should you issue to enter global configuration mode? _______________________
2. On all three routers, configure boson as the enable password and cisco as the enable secret
password.
3. What is the main reason for configuring passwords on Cisco devices? ______________________
______________________________________________________________________________
4. On Router1, test the passwords by exiting the console session; try to enter privileged EXEC mode.
Which password are you required to use to access the routers? ____________________________
5. What are the differences between the enable password and the enable secret password? _______
______________________________________________________________________________
7. How many virtual consoles do Cisco routers and switches typically have? How are they numbered?
______________________________________________________________________________
______________________________________________________________________________
8. On all three routers, enable Telnet access. Use cisco as the password.
9. On Router1, display all of the stored passwords. How are the passwords stored in Router1’s
configuration file? ________________________________________________________________
10. On all three routers, encrypt all current and future passwords.
11. On Router1, verify that the configured passwords are stored in an encrypted form.
2. On all three routers, configure an MOTD banner that describes their function on the network. Use #
as the delimiting character, and use the following messages:
3. On all three routers, configure a login banner with the following parameters:
5. If both an MOTD banner and a login banner are configured on a router, which will be displayed first
when a login attempt is made? _____________________________________________________
2. On Router1, display the commands that are stored in the history buffer.
3. On Router1, view the terminal settings to determine how many commands the history buffer is
configured to store.
4. What is the maximum number of commands that can be stored in a history buffer? _____________
5. On all three routers, configure the history buffer to store 100 commands issued from the console of
the routers.
6. On Router1, display the router platform type, operating system revision, number of interfaces and
the configuration register.
8. On Router1, verify that the current date and time are configured.
2. Determine whether Router1 or Router2 should have a clock rate set on its serial interface.
3. On Router1, configure the appropriate IP address and subnet mask on the Serial 0/0/0 interface;
refer to the IP Addresses table. Enable the interface, and add the description Serial 0/0/0 interface
on Router1.
4. On Router2, configure the appropriate IP addresses and subnet masks on the serial interfaces;
refer to the IP Addresses table. Configure a clock rate of 1000 Kbps on both interfaces, enable the
interfaces, and add the following descriptions:
5. On Router3, configure the appropriate IP address and subnet mask on the Serial 0/0/0 interface;
refer to the IP Addresses table. Enable the interface, and add the description Serial 0/0/0 interface
on Router3.
7. Now that the interfaces on both sides of the serial interfaces of Router2 are enabled, Router2
should be able to see Router1 and Router3 through CDP. On Router2, display all directly connected
neighbors of Router2.
8. From Router2, try to ping Router1 and Router3 using their host names. The pings should be
successful.
9. If the pings fail, what command should you issue to verify that the interfaces on Router2 are up and
operational? ____________________________________________________________________
Task 6: Telnet
1. From Router2, telnet to Router1’s Serial 0/0/0 interface by using Router1’s host name.
3. On Router2, view the active Telnet sessions. Then, resume the first Telnet session.
4. Pause the Telnet session again, and then disconnect from the Telnet session.
Once you have completed this lab, be sure to check your work by using the grading function.
You can do so by clicking the Grade Lab icon ( ) in the toolbar or by pressing Ctrl+G.
Router>
Router>enable
Router#
3. On Router1, you can issue either the exit command or the disable command followed by the logout
command to end the current session from privileged EXEC mode.
Router#disable
Router>logout
4. On Router1, enter privileged EXEC mode, type a question mark (?), and press the Enter key to view
a list of commands that can be issued from privileged EXEC mode. At the ––MORE–– prompt, press
the Spacebar key to view the next page of information. In addition to showing available commands
that can be issued at the user EXEC and privileged EXEC prompts, the question mark offers
additional help for specific commands. For example, you can type show ? to see all the available
show commands.
You can also use the help function with partial words in a command. For example, type show run?
to view the command that starts with “show run”, show running-config. This command displays the
active, or running, configuration on a router. You can press the Tab key after typing show run, and
the Cisco CLI will fill in the rest of the command for you.
Router>enable
Router#?
access-template Create a temporary Access-List entry
alps ALPS exec commands
archive manage archive files
bfe For manual emergency modes setting
cd Change current directory
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
copy Copy from one file to another
debug Debugging functions (see also ‘undebug’)
delete Delete a file
dir List files on a filesystem
disable
(continued on next page)
5. You should issue the configure terminal command to enter global configuration mode from
privileged EXEC mode.
On Router1:
Router#configure terminal
Router(config)#hostname Router1
On Router2:
Router>enable
Router#configure terminal
Router(config)#hostname Router2
On Router3:
Router>enable
Router#configure terminal
Router(config)#hostname Router3
Assigning a host name to the router makes it easier to identify the device during a console session.
2. On Router1, Router2, and Router3, issue the following commands to configure boson as the enable
password and cisco as the enable secret password:
The enable password controls access to privileged EXEC mode. This is a very important password
because, when it is configured without an enable secret password, only those who know the enable
password can access privileged EXEC mode to make configuration changes.
4. On Router1, issue the following commands to exit the current session and test the passwords:
Router1(config)#exit
Router1#exit
Router1 con0 is now available
Press RETURN to get started.
Router1>enable
Password:boson
% Authentication failed
Password:cisco
Router1#
You are required to use cisco as a password to access the privileged EXEC mode on Router1
because the enable secret password overrides the enable password when both are configured.
5. The enable password is stored as plain text in the router’s configuration file, whereas the enable
secret password is stored in an encrypted form. Because an enable secret password is encrypted, it
is a more secure method to control access to user EXEC mode on a router. Additionally, the enable
secret password takes precedence over the enable password when both are configured on a router.
6. On all three routers, issue the following commands to configure a password on the console port:
Router1#configure terminal
Router1(config)#line console 0
Router1(config-line)#password cisco
Router2(config)#line console 0
Router2(config-line)#password cisco
Router3(config)#line console 0
Router3(config-line)#password cisco
You can connect to a Cisco device remotely by using a protocol such as Telnet or locally by using a
console connection. Physical access is necessary to connect to the console connection on a Cisco
device.
7. Cisco routers and switches typically have five virtual consoles (some have more than five) that are
numbered 0 through 4. A user on the network can use a terminal emulation program that supports
the Telnet protocol to remotely connect to one of these virtual consoles. When there are five virtual
consoles, up to five concurrent remote user sessions can exist simultaneously. There are many
situations where it would be useful to be able to access a router’s EXEC session from the network;
by using this technique, you could access the EXEC session on a router or switch without regard to
your physical location or the physical location of the router or switch being configured as long as you
have network connectivity to the device being configured. A router will not accept an incoming virtual
console session request until virtual console password security has been configured; this is not
necessary for a directly connected console port session.
Router1(config-line)#line vty 0 4
Router1(config-line)#login
Router1(config-line)#password cisco
Router2(config-line)#line vty 0 4
Router2(config-line)#login
Router2(config-line)#password cisco
Router3(config-line)#line vty 0 4
Router3(config-line)#login
Router3(config-line)#password cisco
The line vty 0 4 command enables you to enter the configuration mode necessary to enable remote
access to the device and set remote access passwords, which are used for Telnet. By default, the
line virtual terminal (vty) password is stored as plain text.
9. On Router1, issue the show running-config command from privileged EXEC mode to view the
passwords configured on Router1. The enable password, the line vty password, and the console
password are stored in plain text. The enable secret password is stored in an encrypted form.
Router1(config-line)#end
<output omitted>
!
hostname Router1
enable secret 5 $1$JOz7$LVCUplYka15aJ6SfgsrYUg
enable password boson
!
<output omitted>
!
line con 0
password cisco
line aux 0
line vty 0 4
login
password cisco
!
no scheduler allocate
end
Router1#configure terminal
Router1(config)#service password-encryption
Router2(config-line)#exit
Router2(config)#service password-encryption
Router3(config-line)#exit
Router3(config)#service password-encryption
It is a good security practice to store passwords in an encrypted manner instead of plain text.
11. On Router1, issue the show running-config command from privileged EXEC mode to verify that
the configured passwords are stored in an encrypted form. Sample output is shown below:
Router1(config)#end
Router1#show running-config
<output omitted>
!
hostname Router1
enable secret 5 $1$JOz7$LVCUplYka15aJ6SfgsrYUg
enable password SE#C#cd$@VDS#$
!
<output omitted>
!
line con 0
password 6843698657529
line aux 0
line vty 0 4
login
password 68753368657529
!
no scheduler allocate
end
Router1#configure terminal
Router1(config)#banner motd #This device is used to route network traffic to Router2 #
Router2(config)#banner motd #This device is used to route network traffic between Router1 and Router3 #
The delimiting character, #, signifies that you have finished entering text for the banner.
3. On all three routers, issue the following commands to configure the appropriate login banner:
Router1(config)#line console 0
Router1(config-line)#login local
Router1(config-line)#exit
Router1(config)#username MyName password cisco
Router1(config)#banner login $You must be an authorized user to access this device $
Router2(config)#line console 0
Router2(config-line)#login local
Router2(config-line)#exit
Router2(config)#username MyName password cisco
Router2(config)#banner login $You must be an authorized user to access this device $
Router3(config)#line console 0
Router3(config-line)#login local
Router3(config-line)#exit
Router3(config)#username MyName password cisco
Router3(config)#banner login $You must be an authorized user to access this device $
The banner login command is used to configure a login message. This message is displayed when
a device is configured to require a user name and password.
4. The routers must be configured to require a user name and password combination before a login
banner will be displayed.
5. When the login banner and the MOTD banner are both configured, the MOTD banner is displayed
first, followed by the login banner, when a login attempt is made.
Router1(config)#exit
Router1#exit
Username:MyName
Password:cisco
Router1>
2. On Router1, issue the show history command from privileged EXEC mode to display the
commands that you have issued on the device.
Router1>enable
Password:cisco
Router1#show history
exit
enable
configure terminal
show running-config
configure terminal
show running-config
exit
enable
show history
3. On Router1, issue the show terminal command to view terminal settings and to determine the
number of commands that can be stored in the history buffer. Sample output is shown below:
Router1#show terminal
<output omitted>
Modem type is unknown
Session limit is not set
Time since activation: 00:01:32
Editing is enabled
History size is enabled, history size is 10
DNS resolution in show commands is enabled
Full user help is disabled
<output omitted>
4. You can configure the history buffer associated with the console and vty lines to store up to 256
commands.
Router1#configure terminal
Router1(config)#line console 0
Router1(config-line)#history size 100
Router2(config)#line console 0
Router2(config-line)#history size 100
Router3(config)#line console 0
Router3(config-line)#history size 100
6. On Router1, issue the show version command from privileged EXEC mode to obtain critical
information, such as router platform type, operating system revision, operating system last boot time
and file location, amount of memory, number of interfaces, and configuration register. The following
is sample output:
Router1(config-line)#end
Router1#show version
7. On all three routers, use the clock set command from privileged EXEC mode to configure the
current date and time.
Router2(config-line)#end
Router2#clock set 09:13:30 15 June 2014
Router3(config-line)#end
Router3#clock set 09:14:30 15 June 2014
Router1#show clock
09:15:00.152 UTC Sat Jun 15 2014
2. You should issue the show controllers command to determine that Router2 is the DCE end of the
links between the routers and should therefore have a clock rate set on its Serial 0/0/0 interface.
Sample output from Router2 is shown below:
Router2#show controllers
interface Serial0/0/0
HD unit 0, idb = 0x1AE828, driver structure at 0x1B4BA0
buffer size 1524 HD unit 0,V.35 DCE cable
cpb = 0x7, eda = 0x58DC, cda = 0x58F0
RX ring with 16 entries at 0x4075800
<output omitted>
interface Serial0/0/1
HD unit 0, idb = 0x1AE828, driver structure at 0x1B4BA0
buffer size 1524 HD unit 0,V.35 DCE cable
cpb = 0x7, eda = 0x58DC, cda = 0x58F0
RX ring with 16 entries at 0x4075800
<output omitted>
3. On Router1, issue the following commands to configure the Serial 0/0/0 interface:
Router1#configure terminal
Router1(config)#interface serial 0/0/0
Router1(config-if)#ip address 10.1.1.1 255.255.255.0
Router1(config-if)#description Serial 0/0/0 interface on Router1
Router1(config-if)#no shutdown
Router2#configure terminal
Router2(config)#interface serial 0/0/0
Router2(config-if)#ip address 10.1.1.2 255.255.255.0
Router2(config-if)#clock rate 1000000
Router2(config-if)#description Serial 0/0/0 interface on Router2
Router2(config-if)#no shutdown
Router2(config-if)#interface serial 0/0/1
Router2(config-if)#ip address 172.16.10.2 255.255.255.0
Router2(config-if)#clock rate 1000000
Router2(config-if)#description Serial 0/0/1 interface on Router2
Router2(config-if)#no shutdown
Router3#configure terminal
Router3(config)#interface serial 0/0/0
Router3(config-if)#ip address 172.16.10.1 255.255.255.0
Router3(config-if)#description Serial 0/0/0 interface on Router3
Router3(config-if)#no shutdown
6. On Router2, issue the following commands from global configuration mode to map the host name of
Router1 to its IP address and the host name of Router3 to its IP address:
Router2(config-if)#exit
Router2(config)#ip host Router1 10.1.1.1
Router2(config)#ip host Router3 172.16.10.1
7. On Router2, issue the show cdp neighbors command from privileged EXEC mode to view all
directly connected Cisco routers. Sample output is shown below:
Router2(config)#end
Router2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S -Switch, H - Host, i - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router1 Ser0/0/0 174 R 2811 Ser 0/0/0
Router3 Ser0/0/1 174 R 2811 Ser 0/0/0
8. From Router2, pings to the host names of Router1 and Router3 should be successful.
Router2#ping Router1
Router2#ping Router3
9. If the pings from Router2 to Router1 and Router3 fail, you should issue the show ip interface brief
command from privileged EXEC mode to verify that the line and protocol status of Router2’s serial
interfaces are up and operational. Sample output is shown below:
Task 6: Telnet
1. On Router2, issue the following commands to use Router1’s host name to telnet to Router1:
Router2#telnet Router1
This device is used to route network traffic to Router2
Password:cisco
Router1>
Router1>Press Ctrl+Shift+6 X
Router2#
3. On Router2, issue the show sessions command from privileged EXEC mode to view all active
Telnet sessions. Issue the resume 1 command to resume the first Telnet session. The number 1
indicates the session number of the session you want to resume. Sample output from the show
sessions command is shown below:
Router2#show sessions
Conn Host Address Byte Idle Conn Name
* 1 router1 router1 0 9 router1
Router2#resume 1
Resuming connection 1 to router1
Router1#
4. Issue the following commands to pause and then disconnect the Telnet session between Router2
and Router1:
Router1#Press Ctrl+Shift+6 X
Router2#disconnect 1
Closing connection to router1
Router1>enable
Password:cisco
Router1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Copyright © 1996–2017 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.
Router1#show startup-config
Current configuration : 1072 bytes
!
Version 15.b
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router1
enable secret 5 $1$JOz7$LVCUplYka15aJ6SfgsrYUg
enable password SE#C#cd$@VDS#$
<output omitted>
3. On Router1, you can issue the reload command or the copy startup-config running-config
command to make the configuration stored in NVRAM the active configuration. There is no need to
enter the initial configuration dialog when you are prompted.
Router1#reload
Proceed with reload? [confirm]Press Y
Building simulated configuration...
[OK]
Boson 2800 (BOSS) emulator (revision 5.0) with 20480K/512K simulated memory.
Router1>