YOMEDIA
ADSENSE
CCNA lab manual
314
lượt xem 162
download
lượt xem 162
download
Download
Vui lòng tải xuống để xem tài liệu đầy đủ
The Cisco CCNA Security curriculum provides foundational network security knowledge, practical experience, opportunities for career exploration, and soft-skills development to help students prepare for careers with network security responsibilities. CCNA Security includes a comprehensive set of hands-on, online laboratories.
AMBIENT/
Chủ đề:
Bình luận(0) Đăng nhập để gửi bình luận!
Nội dung Text: CCNA lab manual
- 1 Cisco DEVICE AND IOS BASICS
- 2 Device connectivity Basics The series of diagrams below reveal the cable types used for various device connectivity. I. Console Connectivity to configure a switch using management host a. PC serial port to Switch Console port Catalyst Switch Rollover cable is being used Management Console b. For remote Configuration through Auxiliary interface Internet cloud Aux 0 Modem Remote computer Modem
- 3 II. Network Connection a. To cascade same type of device use Cross-Over cable. b. For HUB/SWICH to PC/ROUTER – straight through cable is used & Cross- over cable is used between PC – Router & Hub – Switch. Switch Host Straight Through cable Cross Over cable Cross Over cable Router HUB Setting up the Management Console (windows environment): First let’s setup the Hyperterminal from windows – for interfacing with the Cisco Devices and issue commands. Here we go…
- 4 Path to trigger the emulation software from your Desktop Click start Programs Accessories Communications Hyper Terminal We’ll name our Session My_Lab. The next screen requires us to configure the COM port to which we are going to connect our Cisco Device.
- 5 Next, choose the default settings, else communication will be a problem ! On clicking OK, we’ll see the below screen & we are ready to talk to our CISCO Switch/Router !
- 6 IOS BASICS Pressing the RETURN key takes us to the USER EXEC mode. Switch con0 is now available Press RETURN to get started. Switch> The “>” prompt denotes user exec mode. To move into Privilege mode, we use the “enable” command. Switch>enable Switch# Privilege mode is identified with the “#” symbol. “configure terminal” command takes us into the global configuration mode where we can configure global parameters like hostname etc for the entire device. Switch#configure terminal Switch(config)# To get into any specific interface mode we have use the “interface” command with relevant interface number. To configure parameters specific to interface 1 of module 0, we issue the command as shown below.
- 7 Switch(config)#interface fastethernet 0/1 Switch(config-if)# This is the sequence with which we change modes in the forward direction. Let’s now move backwards now. Switch(config-if)#exit Switch(config)# To go one step backward we have to use the command “exit” Switch(config)#exit Switch# However, we must use the command “disable” to move from privilege to user exec mode. If we use “exit”, it’ll log us out (and we’ll again see the first message Switch con0 is now available Press RETURN to get started) Switch#disable Switch> To logout, we use the “exit” command again. Switch>exit Switch con0 is now available Press RETURN to get started NOTE : We can use ^Z to directly move backward 2 steps – from interface mode to privilege mode. Config-if# ^Z Switch# Also note that we can use “?” whenever we want to see the various commands available in a particular mode or want to find out what commands begin with a certain letter etc. This can be easily observed in the below case. Router#? Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files cd Change current directory Router#s? (displays all commands beginning with “s”) *s=show send setup slip squeeze start-chat systat
- 8 If we typed a wrong spelling & try to use help the output will display as “Unrecognized command”. The same message is displayed even if we try to use help when no further arguments are possible (or wrong arguments used). Look at the below examples... Router#show router ? % unrecognized command Router#show ip a % Ambiguous command: "show ip a" Router#show ? access-expression List access expression access-lists List access lists accounting Accounting data for active sessions aliases Display alias commands arp ARP table Another interesting aspect is that we don’t have to type the entire command. We can just type the first few letters of a command (to the extent that only one command begins with the typed letters) and press tab – the command is completed for us! (Even if we don’t complete the command, it’ll accept!) Using tab key Let‟s just type “sh” and use the tab key tab key Router#sh (tab) Router#show There are some shortcut keys that’ll help us to work with IOS faster. Their description & use is given below. Shortcut keys to access your CLI mode CTRL-A Moves the cursor to the beginning of the line CTRL-E Moves the cursor to the end of the line ESC-B Moves the cursor back one word at a time ESC-F Moves the cursor forward one word at a time CTRL-B Moves the cursor back one character at a time LEFT ARROW Moves the cursor back one character at a time CTRL-F Moves the cursor forward one character at a time RIGHT ARROW Moves the cursor forward one character at a time CTRL-P Recalls the last command UP ARROW Recalls the last command CTRL-N Recalls the most previously executed command DOWN ARROW Recalls the most previously executed command CTRL-D Deletes the character the cursor is under BACKSPACE Deletes the character preceding the cursor CTRL-R Redisplays the current line CTRL-U Erases the line completely
- 9 CTRL-W Erases the word the cursor is under CTRL-Z Takes you from Configuration mode back to Privilege EXEC mode TAB Once you enter a few characters and hit the TAB key, the IOS device completes the word, assuming that you typed in enough characters to make the command or parameter unique $ When this appears at the beginning of a command line, it indicates that there are more characters to the right of the $.
- 10 Switching Labs
- 11 General Experiments with Basic Switch Commands Assume we are on a Switch console and the switch’s ready – we see the below message Switch con0 is now available Press RETURN to get started. (press the return key) Switch> this is our user exec mode To get into privilege mode use the command “enable” Switch>enable Switch# The prompt has changed from “>” to “#”. if you see “#” after the hostname you are in Privilege mode To get back from privilege mode to user exec mode use the command disable Switch#disable Switch> To get into global configuration mode use the following commands Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# This prompt indicates global configuration mode To get into specific interface mode use the following commands Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface Fastethernet 0/1 Switch(config-if)# Let’s add some description to the interface fastethernet 0/1 – indicating that Host1 is connected to this interface. We do this from the specific interface mode Switch>enable Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#interface Fastethernet 0/1 Switch(config-if)#description Host1 Check out this description in running configuration using the command “show running configuration” Switch#show running-config Building configuration...
- 12 Current configuration : 130 bytes ! interface FastEthernet0/1 description Host1 no ip address end (irrelevant output omitted) Let’s see some more basic show commands. (All show commands work only in privilege mode) To view details of interfaces/particular interface use “show interfaces” (or) “show interfaces e.g. Switch#show interfaces Fa 0/1 FastEthernet0/1 is down, line protocol is down Hardware is FastEthernet,address is 000d.ed5b.49c1(bia 000d.ed5b.49c1) MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set We can also observe that it’s sufficient to use the first few letters of the keyword Fastethernet – once these letters identify the unique command, the balance letters needn’t be typed ! Switch#show interface vlan 1 Vlan1 is administratively down, line protocol is down Hardware is CPUInterface,address is 000d.ed5b.49c0(bia 000d.ed5b.49c0) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Switch#Show spanning-tree No spanning tree instances exist. Following is the command to see the current device configuration which is in the RAM. Switch#show running-config Building configuration... Current configuration : 866 by version 12.1 ! hostname Switch ! interface FastEthernet0/1 description Host1 no ip address ! interface FastEthernet0/12 no ip address ! interface Vlan1 no ip address no ip route-cache
- 13 shutdown ! line con 0 line vty 5 15 ! End Switch#Show startup-config Building configuration... Current configuration : 866 bytes ! version 12.1 ! hostname Switch ! ! interface FastEthernet0/1 description Host1 no ip address ! ! interface FastEthernet0/12 no ip address ! interface Vlan1 no ip address no ip route-cache shutdown ! line con 0 line vty 5 15 ! end Another interesting command to view the connectivity status of various interfaces is “show interface status” Switch#show interface status Port Name Status Vlan Duplex Speed Type Fa0/1 Host1 connected 1 a-half a-10 10/100BaseTX Fa0/2 notconnect 1 auto auto 10/100BaseTX Fa0/3 notconnect 1 auto auto 10/100BaseTX Fa0/4 notconnect 1 auto auto 10/100BaseTX Fa0/5 notconnect 1 auto auto 10/100BaseTX Fa0/6 notconnect 1 auto auto 10/100BaseTX Fa0/7 notconnect 1 auto auto 10/100BaseTX Fa0/8 notconnect 1 auto auto 10/100BaseTX Fa0/9 notconnect 1 auto auto 10/100BaseTX Fa0/10 notconnect 1 auto auto 10/100BaseTX Fa0/11 notconnect 1 auto auto 10/100BaseTX Fa0/12 notconnect 1 auto auto 10/100BaseTX Now, let’s see the content of the mac-address-table of our switch - after disconnecting all connected computers (no devices connected to any interface of the switch) – using the “show mac-address-table” command
- 14 Switch#show mac-address-table Mac Address Table ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- No entries are seen! Let’s connect a host (computer) to port no. 1 and generate some traffic from it. As soon as we connect the host to the switch in the port 1 the following message can be observed on the screen 02:18:06:%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up 02:18:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up To generate traffic (for the switch to learn from source address of frame) we’ll ping from the host to some IP address & then execute the show mac-address-table command again. Switch2950#sh mac-address-table Mac Address Table ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- 1 0040.33a0.4bc7 Dynamic Fa0/1 Total Mac Addresses for this criterion: 1 The above table reveals the mac address of the host connected to interface fa0/1. It also reveals that this is a dynamically learnt entry. If 2 switches are interconnected directly to each other (cascading) let’s see what happens. We shall use this simple diagram for better understanding. F0/12 F0/12 Switch A Switch B F0/1 F0/2 F0/1 F0/2 0000.0000.0002 0000.0000.0001 0000.0000.000A 0000.0000.000B
- 15 Now we see Switch A’s mac address table as below SwitchA#sh mac-address-table Mac Address Table ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- 1 0000.0000.0002 Dynamic Fa0/1 1 0000.0000.0001 Dynamic Fa0/2 1 0000.0000.000A Dynamic Fa0/12 1 0000.0000.000B Dynamic Fa0/12 1 0000.0000.00B1 Dynamic Fa0/12 1 0000.0000.00B2 Dynamic Fa0/12 Total Mac Addresses for this criterion: 6 We observe that this switch reveals the cascaded switch B’s connected host mac addresses and switch B’s Base Mac address (0000.0000.00B1) & switch B’s cascade interface Fa0/12 Mac address (0000.0000.00B2) also. A similar output would be seen for switch B’s mac table (shown below). The base Mac Address is common for the entire switch while every interface of the switch has a unique Mac address of its own also. SwitchB#sh mac-address-table Mac Address Table ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- 1 0000.0000.000A Dynamic Fa0/1 1 0000.0000.000B Dynamic Fa0/2 1 0000.0000.0001 Dynamic Fa0/12 1 0000.0000.0002 Dynamic Fa0/12 1 0000.0000.00A1 Dynamic Fa0/12 1 0000.0000.00A2 Dynamic Fa0/12 Total Mac Addresses for this criterion: 4 Let’s see what “show interface status” command reveals SwitchA#show interface status Port Name Status Vlan Duplex Speed Type Fa0/9 notconnect 1 auto auto 10/100BaseTX Fa0/10 notconnect 1 auto auto 10/100BaseTX Fa0/11 notconnect 1 auto auto 10/100BaseTX Fa0/12 Trunk 1 auto auto 10/100BaseTX SwitchB#show interface status Port Name Status Vlan Duplex Speed Type Fa0/9 notconnect 1 auto auto 10/100BaseTX Fa0/10 notconnect 1 auto auto 10/100BaseTX Fa0/11 notconnect 1 auto auto 10/100BaseTX Fa0/12 Trunk 1 auto auto 10/100BaseTX It displays the cascade link as TRUNK. Another interesting command to view various details regarding the switch’s configuration is “show version”
- 16 Switch#show version Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Sun 24-Nov-02 23:31 by antonino Image text-base: 0x80010000, data-base: 0x80562000 ROM: Bootstrap program is CALHOUN boot loader Switch uptime is 4 hours, 33 minutes System returned to ROM by power-on System image file is "flash:/c2950-i6q4l2-mz.121-12c.EA1.bin" cisco WS-C2950-12 (RC32300) processor (revision K0) with 21002K bytes of memory. Processor board ID FOC0739W1K0 Last reset from system-reset Running Standard Image 12 FastEthernet/IEEE 802.3 interface(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:0D:ED:5B:49:C0 Motherboard assembly number: 73-5782-12 Power supply part number: 34-0965-01 Motherboard serial number: FOC07391MM3 Power supply serial number: PHI073402LD Model revision number: K0 Motherboard revision number: A0 Model number: WS-C2950-12 System serial number: FOC0739W1K0 Configuration register is 0xF To save our current configuration from RAM to NVRAM (startup configuration) we use the command copy running-configuration startup- configuration (Alternately the “write” command may also be used) Switch#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] If we want to restart the switch use the following command Switch#Reload – (used to warm boot the switch) To clear all the contents of the mac table, use the below command (this will remove only dynamic entries. Static/Permanent entries will not be removed). Switch#clear mac-address-table * To delete the startup configuration, use Switch#erase startup-config To change our switch name to “Switch2950”
- 17 Switch(config)#hostname Switch2950 Switch2950(config)# To configure secret (encrypted) password for privilege mode (password is set as “cisco1” in the below example) Switch2950(config)#enable secret cisco1 After configuring the secret password let see the output in show running-config command Switch2950#show run Building configuration... Current configuration : 939 bytes hostname Switch2950 ! enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/ (this is how the encrypted password is seen) ! End To configure enable password for privilege mode Switch2950(config)#enable password cisco (to configure enable password for privilege mode) Switch2950#sh run Building configuration... Current configuration : 939 bytes hostname Switch2950 ! enable password cisco (our password is in clear text which is in readable format) ! end To configure the console password, the following is the sequence. Switch2950(config)#line console 0 Switch2950(config-line)#login % Login disabled on line 0, until 'password' is set Switch2950(config-line)#password cisco show running-config reveals Switch#show running-config ! line con 0 password cisco login !
- 18 If we restart / relogin into the switch, it asks for the password in the beginning itself Switch2950 con0 is now available Press RETURN to get started. User Access Verification Password: (here we have to supply the console 0 password to get into user exec mode) Let’s observe the whole running-config output Switch# show running-config Building configuration... Current configuration : 1154 bytes ! version 12.1 no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Switch ! enable secret 5 $1$z9ZE$mO/4D6DgtZcTrmzmyX3Ys/ enable password cisco ! ip subnet-zero ! ! interface FastEthernet0/1 description Host1 no ip address ! interface FastEthernet0/2 no ip address ! interface FastEthernet0/3 no ip address ! interface FastEthernet0/4 no ip address ! interface FastEthernet0/5 no ip address ! interface FastEthernet0/6 no ip address ! interface FastEthernet0/7 no ip address ! interface FastEthernet0/8
- 19 no ip address ! interface FastEthernet0/9 no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/11 no ip address ! interface FastEthernet0/12 ! interface Vlan1 no ip address shutdown ! ip http server ! ! line con 0 password cisco login line vty 0 4 line vty 5 15 ! End Note: if both secret and enable passwords exist, only secret will be used to get into privilege mode. Let’s say we have some remote administrators who’ll logon into this switch remotely. (They can do so because Cisco switches run terminal services). However, setting the vty password is a must for telnet access & this is how we do it. Lets start configuring the VTY sessions Switch2950(config)#line vty 0 15 Switch2950(config-line)#login % Login disabled on line 1, until 'password' is set % Login disabled on line 2, until 'password' is set % Login disabled on line 3, until 'password' is set % Login disabled on line 4, until 'password' is set % Login disabled on line 5, until 'password' is set % Login disabled on line 6, until 'password' is set % Login disabled on line 7, until 'password' is set % Login disabled on line 8, until 'password' is set % Login disabled on line 9, until 'password' is set % Login disabled on line 10, until 'password' is set % Login disabled on line 11, until 'password' is set % Login disabled on line 12, until 'password' is set % Login disabled on line 13, until 'password' is set % Login disabled on line 14, until 'password' is set % Login disabled on line 15, until 'password' is set % Login disabled on line 16, until 'password' is set
- 20 This reveals that 16 simultaneous telnet sessions are possible! we have to configure the password to enable all these 16 sessions Switch2950(config-line)#password cisco Switch2950(config-line)# This config alone is not sufficient for telnetting. We need to define an IP address to the switch and only then telnet is possible. Where do we configure an IP address in the switch ? Switch2950>enable Switch2950#configure terminal Switch2950(config)#interface vlan 1 Switch2950(config-if)#ip address 1.1.1.1 255.0.0.0 (this is the command to configure ip address for an interface). So, we configure the IP address to VLAN1 (we’ll learn more about vlan later). Switch2950(config-if)#no shutdown (after assigning the ip address we have enable the interface using the “NO SHUTDOWN” command). We will be able to see the below message. 01:33:27: %LINK-3-UPDOWN: Interface Vlan1, changed state to up 01:33:29: %LINK-3-UPDOWN: Interface Vlan1, Line Protocol changed state to up Let’s now see how we can control the speed & Duplex operation of the switch Switch2950(config)#interface fastethernet 0/1 Switch2950(config-if)#duplex half Note : Duplex will not be set until speed is set to non-auto value Switch2950(config-if)#speed 10 Switch2950(config-if)#duplex half Now check the out put in show interface status command Switch#show interface status Port Name Status Vlan Duplex Speed Type Fa0/1 Host1 connected 1 half 10 10/100BaseTX Fa0/2 notconnect 1 auto auto 10/100BaseTX Fa0/3 notconnect 1 auto auto 10/100BaseTX Fa0/4 notconnect 1 auto auto 10/100BaseTX Fa0/5 notconnect 1 auto auto 10/100BaseTX Fa0/6 notconnect 1 auto auto 10/100BaseTX Fa0/7 notconnect 1 auto auto 10/100BaseTX Fa0/8 notconnect 1 auto auto 10/100BaseTX Fa0/9 notconnect 1 auto auto 10/100BaseTX Fa0/10 notconnect 1 auto auto 10/100BaseTX Fa0/11 notconnect 1 auto auto 10/100BaseTX Fa0/12 notconnect 1 auto auto 10/100BaseTX
ADSENSE
CÓ THỂ BẠN MUỐN DOWNLOAD
Thêm tài liệu vào bộ sưu tập có sẵn:
Báo xấu
LAVA
AANETWORK
TRỢ GIÚP
HỖ TRỢ KHÁCH HÀNG
Chịu trách nhiệm nội dung:
Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA
LIÊN HỆ
Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM
Hotline: 093 303 0098
Email: support@tailieu.vn