GNI102 Lab 11
The workflow in this laboration is that you work in pairs of two together and configure one device at a time; not parallel on a device each.
The three first parts are made up of areas we have worked on multiple times before: Base-configuration, IP-addressing, subnetting and Address configuration. Therefor you will only get the assignments but no commands on how to do the actual configuration. At the end of the lab paper there is a so called "Cheat-sheet". Peak there ONLY if you absolutely have too, try and practice without(You will not have any "Cheat-sheets" on exam day. If you manage to complete the full assignment today without looking at the cheat-sheet you only need to do the lab once. If you need to peak on the sheet you should repeat the parts you had to use the cheat-sheet for. Repeat as many times as needed untill you have learnt the commands. You should have started to learn and memorized of them by now! Remember no cheat-sheets on exam day.
Contents |
Topology
Base Configuration
1. Connect the devices as show in the image
2. On all the devices configure the following:
- hostname
- password for privileged exec-mode (Use the password cisco)
- make sure that all the passwords are encrypted in running-config
- set a appropriate message-of-the-day-banner
- secure usage of the console-port with a password (password cisco)
- secure the usage on five VTY-ports (password cisco for telnet, don't configure ssh yet)
3. Safe your configuration in the nvram on all your devices
IP-addressing
You have the IPv4 network 172.16.0.0/25 and the IPv6-prefix 2001:DB8:ACAD::/48
IPv4
Create two equally large subnets. Write down your new subnets here:
1) Network address: ______.______.______.______ Subnet mask:______.______.______.______
2) Network address: ______.______.______.______ Subnet mask:______.______.______.______
IPv6
Create two subnets with the prefix length of /64. Write down your new subnets here:
1) Network address: ______________________________________________________________________/____
2) Network address: ______________________________________________________________________/____
Address configuration
Use subnet one for the local network to the left. Use subnet two for the local network to the right.
1. Plan your addressing scheme on paper for the topology before you start the configuration of your devices.
- Use the first address in the subnet on the interfaces of the router
- Use the fifth address in the subnet on the switches interfaces(SVI)
- Use the tenth address in the subnet on each of the PCs
Router
2. Activate ipv6 unicast-routing on the router
3. Configure the interfaces on the router with appropriate descriptions, apply the chosen IPv4- and IPv6-addresses and also change the IPv6 link-local-address to fe80::1. Don't forget to activate the interfaces!
Switch
4. Make sure the switch supports IPv6 and if it doesn't, use:
sdm prefer dual-ipv4-and-ipv6 default
5. Configure the interface on the switches (SVI) with a appropriate descriptions, apply the chosen IPv4- and IPv6-addresses. Activate the interfaces!
6. Also configure the correct default gateway for IPv4 on the switches
PC
7. Lastly apply IP-Addresses on the PC's with the chosen valda IPv4- and IPv6-addresses as well as IPv4 and IPv6 default gateways
8. Test now to send a ping from PC1 to PC2 with both IPv4 och IPv6
9. Does it work?, if no: Troubleshoot! Use ping and/or traceoute to find where the issue exists. For issues with IPv6-connectivity the command ipv6 nd autoconfig default-route might be needed on the switches interfaces (SVI).
10. If all pings works: Save configuration to nvram on both the router and switches.
TELNET vs SSH
1. Configure all network devices for communication with both Telnet and SSH.
- Step 1: Create users on each device with the global configuration-command:
R1(config)# username Admin secret cisco
- Step 2: Configure a domain on all the devices:
R1(config)# ip domain-name cnap.hv.se
- Step 3: Create keys for encryption:
R1(config)# crypto key generate rsa modulus 1024
- Step 4: Configure the vty lines for both ssh and telnet, login with the local database and automatic disconnection after 5 minutes of idle-time
R1(config)# line vty 0 4
R1(config-line)# transport input telnet ssh
R1(config-line)# login local
R1(config-line)# exec-timeout 5 0
2. Now test to communicate with R1 using telnet from PC1
3. Try and login in with the username and password you created in the local database
4. Did it work? Great! Now close down the session
5. Start the software Wireshark on the same computer (Blue sharkfin icon in windows taskbar)
6. Choose the correct networks card connection, you want wired ethernet (might exist multiple ones if WIFI-card is activated) and start a recording
7. Now go back to your terminal software and start a new telnet-session with the router
8. When you have done a successful login enter privileged mode and show running-config.
9. Go back to the Wireshark software and stop the recording and filter on telnet-traffic by using a appropriate filter (try something related to telnet)
10. What port does Telnet use? _____________
11. Right click a telnet packet, choose the option Follow stream, and then pick TCP
12. Now a new window should had opened up, here you can read what have been sent in the telnet conversation between your PC and the router
13. Why does some of the letters get written twice?
___________________________________________________________________________
___________________________________________________________________________
14. Start a new recording without saveing the previous one
15. open the software Putty (Is located on your windows taskbar). Make sure that SSH is the chosen connection type and write the IP-address you want to talk with on the router. Press Open. If a new window called Putty Security alert opens up, choose YES to continue
16. Login with your username and password. When you have successfully completed your login, exit the session by writing quit
17. Go back to Wireshark, finish the Wireshark recording and filter on ssh-trafic with a appropriate filter
18. What port does SSH use?______________
19. Right click a SSH packet, choose the option Follow stream, and then pick TCP
20. Now try to read the content of the conversation (as you previously did in the telnet stream)
21. As you might have noticed the difference the preferred protocol is SSH over telnet. Can you come up a reason as to why some may use telnet instead of SSH?
___________________________________________________________________________
Troubleshooting
Something you can't do to much of is troubleshooting! Troubleshooting is the best way of learning how to configure and how to fix misconfigurations
Before you start with this part go talk with a instructor and show that you have full connectivity in your topology
1. Student 1 should leave the room while Student 2 creates and applies 3 faults in the topology. Try and stick to the IPv4 network so the faulty area doesn't become to large. The faults should be detectable with the help of ping/traceroute as well as by using SSH to try and login to the devices. Some examples of faults can be: closed down ports, cables moved and connected to the wrong place, wrong ip-addressing (example inconsistent gateway, different networks on a single LAN, no ip-address at all), wrong username/password for ssh, wrong configuration for ssh, and so on. Use your imagination! =)
2. After Student 2 have completed creating 3 faults let Student 1 back inside to troubleshoot and correct the faults. The student troubleshooting should when completed manage to ping all devices with IPv4 as well communicate with the devices using ssh.
3. Once first Student have completed troubleshooting you change (Student 1 creates faults and student 2 troubleshoots)
Try to not assist each other to early, let your lab-partner first try to find the faults by themself before you give them tips of where the issues might be.
Good job!
Did you have to peek at the cheat-sheet while doing any of the parts??
If you did, redo that prat!
Please ask your lab instructor for new networks to subnet
Are you done and did not use the cheat-sheet? Ask your instructor to go through the lab with you, you should be able to show the following:
- You have full connectivity in both IPv4 and IPv6, if you don't you need to troubleshoot
- Your notes and answers to the questions
CCNA 1 Cheat Sheet
Minimum | Maximum | Överkurs Router# show running-config | |show runn | include unicast-routing Router# show ip interface brief |show ip interface | |show interface | |show ip route | |show ip arp | |show mac address-table (switch) | | |show clock Router# copy running-config startup-config | |write Router# erase startup-config | |write erase Router# reload | | | |clock set 16:15:00 11 OCTOBER 2017 Anything(config)# hostname Robert | | |username Admin secret cisco | |ip domain-name | | |no ip-domain lookup Router(config)# banner motd % Keep out! % | | Router(config)# enable secret cisco | | Router(config)# service password-encryption | | |security passwords min-length 12 | |login block-for 90 attempts 3 within 60| |crypto key generate rsa modulus 1024 | Router(config)# line console 0 | | Router(config)# line vty 0 4 | | Router(config-line)# password cisco | | Router(config-line)# login |login local | |exec-timeout 5 0 | | |logging synchronous |transport input ssh (endast vty) | Router(config)# ipv6 unicast-routing | | Router(config)# interface gigabitethernet 0/? | | Router(config-if)# ip address 1.2.3.1 255.255.240.0| | Router(config-if)# ipv6 address a:b:c:d::1234/64 | | Router(config-if)# ipv6 address fe80::1 link-local | | Router(config-if)# description PC1 connected | | Router(config-if)# no shutdown | | | |ipv6 enable Switch(config)# ip default-gateway 1.2.3.1 | | | |sdm prefer dual-ipv4-and-ipv6 default Switch(config)# interface vlan 1 | | Switch(config-if)# Description GÄLLER ENDAST TOMTEN| | Switch(config-if)# ip address 1.2.3.5 255.255.240.0| | Switch(config-if)# ipv6 address a:b:c:d::1234/64 | | Switch(config-if)# ipv6 address fe80::5 link-local | | Switch(config-if)# no shutdown | | | |ipv6 nd autoconfig default-route