GNI102 Lab 1
From Datateknik
(Difference between revisions)
(→Laboration) |
(→Laboration) |
||
Line 53: | Line 53: | ||
## In the same way as you just did on the routers; You need to protect both your switches. Use the passwords cisco and secret here as well. | ## In the same way as you just did on the routers; You need to protect both your switches. Use the passwords cisco and secret here as well. | ||
# '''set the correct time and date on the switches and router''' | # '''set the correct time and date on the switches and router''' | ||
− | ## | + | ## Use the command <tt> clock </tt> for this, in the privileged exec mode (MainRouter#). Use the builtin aid in the IOS to write the correct syntax by adding a questionmark (after apply a space with spacebar) as you go, for example <tt> clock ? </tt> . The IOS system will then tell you what commands can be applied next in line after clock. Keep useing the questionmark feteature: clock set ? to get the next attributes the command need which is hh:mm:ss. This is the format the router wants for time, for example 09:46:00. Before applying, check what the time is so you give the router the correct time. Continue with the command clock set 09:46:00 ? for the next word in, and the next one and the next until the only option <cr> if left. CR stands for Carriage Return and means that the only option left is to press enter |
− | ## | + | ## Controll that you did give the system the correct time with the command <tt> show clock </tt> |
− | # ''' | + | # '''Secure configurationfiles''' |
− | ## | + | ## By writing <tt> show running-config </tt> all passwords can be read out in cleartext. To encrypt these passwords the command <tt> service password-encryption</tt>, should be applied in global config mode. (MainRouter(config)# ) |
− | ## | + | ## Repeat this on all your network devices to secure their passwords. |
− | # ''' | + | # '''Set a banner''' |
− | ## Banners | + | ## Banners is written out on the display while for example trying to login on a device and is a absolute must legaly to keep the routers/switches protected in some countries/states. |
− | ## | + | ## Apply a MessageOfTheDay-banner by, in global config mode, write <tt> banner motd #Authorized Access Only!# </tt> |
− | ## | + | ## Test your banner by completely logout of your router with <tt> exit </tt> (multiple times) and then log back in again |
− | # ''' | + | # '''Document all interfaces''' |
− | ## | + | ## A description is a descriptive text which can be applied on a interface |
− | ## | + | ## The task is now to add descriptions on all the interfaces that you have used throughout this laboration, thusly this applies to the two used interfaces on the router and the three on each of the switches |
− | ## | + | ## To apply a description to a interface on the rotuer you need to do the following steps: |
− | ## | + | ## In global config mode, go to the correct interface with the command <tt> interface FastEthernet 0/0 </tt> |
− | ## | + | ## Write <tt> description </tt> followed by A text that describes where this interface goes to (tex <tt> Cable to PC-Right </tt> ) |
− | ## | + | ## Do this on all interfaces used in this laboration (Eight interfaces) |
− | # ''' | + | # '''Save configuration''' |
− | ## | + | ## On all switches and routers we will now save the current configurationfile so when the next time the devices restart they will use it again. You do this by writing the command <tt> copy running-config startup-config</tt>, in privileged mode (MainRouter# ). Confirm the filename by pressing enter |
− | ## | + | ## Controll that this was completed with the command <tt> show startup-config</tt> |
− | # ''' | + | # '''Questions''' |
− | ## | + | ## What is the filename for our routers IOS? (Write the command <tt>show version </tt> in MainRouter CLI)<br><br>_________________________________________________________ |
− | ## | + | ## What MAC-address does the routers interface FastEthernet0/0 have (show interfaces)<br><br>___________________________________________________________ |
− | ## | + | ## How many byte large is our IOS-file on the router? ( <tt>show flash:</tt> )<br><br>___________________________ |
− | #''' | + | #'''The instructor will check the following''' |
− | ## | + | ##That you have uploaded a picture to canvas ( http://hv.instructure.com/ ) |
− | ## | + | ##That it is possible to access the webserver Server-Right from PC-Left with a browser |
− | ## | + | ##That it is possible to login on the devices with the passwords you assigned |
− | ## | + | ##That you have modifed the time and date to being correct |
− | ## | + | ##That running-config does not have any passwords in cleartext visible |
− | ## | + | ##That the interfaces does have descriptions |
Revision as of 23:34, 30 August 2020
LAB 1: Packet TracerDenna laboration skall utföras individuellt, en dator per person. Laborationen skall utföras i sal med Packet Tracer 6.2 eller högre installerad.
Laboration
Du skall i denna laboration simulera nedanstående nätverk.
- Login to the computer usein the username cisco and password cisco.
- Upload a picture of yourself to the University West site at http://mittkonto.hv.se if you have not done it already.(This will be controlled by a instructor at the end of the laboration)
- Start Cisco Packet Tracer and login with your new Netacad-account
- The first step in Packet Tracer is to place out the networkcomponents we will be useing throughout this laboration.
- Press on Routers down to the left in the software and pick a 2811 router . Place it in the middle similar to what the picture displays above.
- Choose Switches and place out two 2960 as the topology-image displays.
- Choose End Devices and place out two Generic-PC and two Generic Server as in the picture above.
- Choose Connections and pick Copper Straight Through . Now useing this cable we are going to pair up all the devices useing this cabletype.
- Connect a cable from each PC (FastEthernet) to the switch above in interface FastEthernet0/1
- Connect a cable from each Server (FastEthernet) to the switch above in interface FastEthernet0/2
- Connect a cable between the left switch interface FastEthernet0/24 to the router above in interface FastEthernet0/0
- Connect a cable between the right switch interface FastEthernet0/24 to the router above in interface FastEthernet0/1
- Router Configuration
- Press on the router and the press on the tab called Config. Assign the Display Name MainRouter and the Hostname MainRouter
- Press on the FastEthernet0/0 interface and give it the IP-address 192.168.1.1 and subnetmask 255.255.255.0 Activate the interface by clicking the On option.
- Press on the FastEthernet0/1 interface and give it the IP-address 192.168.2.1 and subnetmask 255.255.255.0 Activate the interface by clicking the On option.
- Switch Configuration
- Press on the left switch and click the Config tab. Assign the Display Name and hostname Switch-Left
- Press on the right switch and click the Config tab. Assign the Display Name and hostname Switch-Right
- PC-configuration
- Press on the left PC and click the Config tab. Assign the Display Name PC-Left and Gateway to the nearby routers closest interface, 192.168.1.1
- Press on FastEthernet0. Assign the IP-address to 192.168.1.10 and the subnetmask 255.255.255.0
- Do the same configuration on the right PC, but assign the Gateway to its nearby routers closest interface, 192.168.2.1. Give the PC the name of PC-Right and IP-address 192.168.2.10
- Server-configuration
- Press on the left servern and click the Config tab.
- Assign the Display Name Server-Left and Gateway to the nearby routers closest interface, 192.168.1.1
- Press on FastEthernet0. Assign the IP-address to 192.168.1.100 and the subnetmask 255.255.255.0
- Do the same configuration on the right server, but assign the Gateway to its nearby routers closest interface, 192.168.2.1. Give the PC the name of Server-Right and IP-address 192.168.2.100
- Test your connection
- Press on PC-Left, choose the tab Desktop and press on Command Prompt
- In the command prompt that shows itself; test to send a ping to Server-Right (do it with the following command: ping 192.168.2.100 and press enter)
- Close the command prompt and instead press on Web Browser
- In the web browser that shows itself; Write the URL:en to Server-Right ( http://192.168.2.100/)
- Secure login to the router
- When a router is delivered with factory settings they have no protection against accessing the system, therefore this is something we need to change.
- Press on MainRouter and choose the tab CLI. If the router has entered sleep mode you can pres <Enter> to wake it.
- Jump out of Global Configuration Mode by pressing CTRL+Z. In the bottom left of the CLI screen you should now see MainRouter#. If it says MainRouter> you are in the wrong "mode". If this is the case, write enable to access the privileged mode: MainRouter#
- Enter configuration mode by writing the command configure terminal or conf t (In the bottom left you should see (config)# after writing the command )
- Write line console 0 to configure the console-port that gives access to the router. (In the bottom left you should see MainRouter(config-line)# )
- Apply the password cisco by writeing password cisco
- Enable password checking by writeing login
- You can test to login to the router by writing exit multiple times until the IOS responds with MainRouter con0 is now available. When this is the case, press enter and now you can login with your new password.
- We are not in the USER EXEC-mode after you have logged in and need to write enable to being able to access the configuration mode. This is also a mode we want to restrict by applying a password, and we can do this by first writing configure terminal and
afterwards enable password secure, where secure is our new enable-lösenord - We can now test our new passwords yet again by writing exit multiple times and then login first with the password cisco and then secure (writeenable to jump into the privileged exec mode)
- Secure login to the switches
- In the same way as you just did on the routers; You need to protect both your switches. Use the passwords cisco and secret here as well.
- set the correct time and date on the switches and router
- Use the command clock for this, in the privileged exec mode (MainRouter#). Use the builtin aid in the IOS to write the correct syntax by adding a questionmark (after apply a space with spacebar) as you go, for example clock ? . The IOS system will then tell you what commands can be applied next in line after clock. Keep useing the questionmark feteature: clock set ? to get the next attributes the command need which is hh:mm:ss. This is the format the router wants for time, for example 09:46:00. Before applying, check what the time is so you give the router the correct time. Continue with the command clock set 09:46:00 ? for the next word in, and the next one and the next until the only option <cr> if left. CR stands for Carriage Return and means that the only option left is to press enter
- Controll that you did give the system the correct time with the command show clock
- Secure configurationfiles
- By writing show running-config all passwords can be read out in cleartext. To encrypt these passwords the command service password-encryption, should be applied in global config mode. (MainRouter(config)# )
- Repeat this on all your network devices to secure their passwords.
- Set a banner
- Banners is written out on the display while for example trying to login on a device and is a absolute must legaly to keep the routers/switches protected in some countries/states.
- Apply a MessageOfTheDay-banner by, in global config mode, write banner motd #Authorized Access Only!#
- Test your banner by completely logout of your router with exit (multiple times) and then log back in again
- Document all interfaces
- A description is a descriptive text which can be applied on a interface
- The task is now to add descriptions on all the interfaces that you have used throughout this laboration, thusly this applies to the two used interfaces on the router and the three on each of the switches
- To apply a description to a interface on the rotuer you need to do the following steps:
- In global config mode, go to the correct interface with the command interface FastEthernet 0/0
- Write description followed by A text that describes where this interface goes to (tex Cable to PC-Right )
- Do this on all interfaces used in this laboration (Eight interfaces)
- Save configuration
- On all switches and routers we will now save the current configurationfile so when the next time the devices restart they will use it again. You do this by writing the command copy running-config startup-config, in privileged mode (MainRouter# ). Confirm the filename by pressing enter
- Controll that this was completed with the command show startup-config
- Questions
- What is the filename for our routers IOS? (Write the command show version in MainRouter CLI)
_________________________________________________________ - What MAC-address does the routers interface FastEthernet0/0 have (show interfaces)
___________________________________________________________ - How many byte large is our IOS-file on the router? ( show flash: )
___________________________
- What is the filename for our routers IOS? (Write the command show version in MainRouter CLI)
- The instructor will check the following
- That you have uploaded a picture to canvas ( http://hv.instructure.com/ )
- That it is possible to access the webserver Server-Right from PC-Left with a browser
- That it is possible to login on the devices with the passwords you assigned
- That you have modifed the time and date to being correct
- That running-config does not have any passwords in cleartext visible
- That the interfaces does have descriptions