Step by step description of Cisco lab

As shown above, this cisco lab will show you how to configure a simple network with 1 Router 1841, 2 Switch 2960 and 2 PC.  Consequently all PC have to be able to communicate to each other. Cisco packet tracer is needed for the purpose of this lab. On balance, we will use command in  privileged exec mode and global configuration mode.

Before, you can download Cisco Packet Tracer here. 

1- First of all we need to configure the first switch and rename to SW1.

1.1. Enable command

In addition to access the privileged exec mode from the user EXEC mode, type enable command

• Audain.net Switch>enable

1.2. Configure Terminal command

Also to be able to configure your switch, you need to access the global configuration mode.  So you need to type configure terminal command from privileged EXEC mode

• Audain.net Switch#configure terminal

1.3. Hostname command

In order to rename the switch name to SW1,  you need to type hostname SW1

• Audain.net The Switch(config)#hostname SW1

1.4. Enable secret password command

Some privileged EXEC commands are used for actions that can impact your system. With this in mind we need to set a password to prevent unauthorized use. We will use enable secret audain,  because is encrypted (unreadable) and more secure. In fact the secret password is written encrypted to the config.text file. Also, you need to remember, each type of password is case sensitive. Also it can contain from 1 to 25 uppercase and lowercase alphanumeric characters. Equally the password can start with a numeral. By the way, spaces are also valid password characters and leading spaces are ignored. But trailing spaces are recognized.

• Audain.net SW1(config)#enable secret audain

1.5. Line console Command

First thing to remember, the Console configuration mode is use for the purpose of configuring the console interface settings.  On any router and switch, the configuration is appear as line console 0 and in the output of the show line command as cty.  Remember, the  console port is used for the local system access by using the console terminal. In this cisco Lab we will need to access the line console to be able to setup a password.

• Audain.net SW1(config)#line console 0

1.6. Password and login Command

 Here in the  line console configuration. We need to use the login configuration command in order to enable password  verification at login. Furthermore, console authentication requires the password and the login commands to operate.

• Audain.net SW1(config-line)#password cisco
• Audain.net  SW1(config-line)#login

1.7. Line vty Command

Granted access to telnet and SSH thru the network to the switch and the router, we need to setup the VTY ports (virtual TTY ports).  In summary, this port is for the purpose of connecting the switch or the router to make configuration modification or verify the status. The router 2960 have five VTY ports, numbered 0 to 4.

•  Audain.net SW1(config-line)#line vty 0 4

1.8. Password and login Command

Let configure the login password for the port VTY.

•  Audain.net SW1(config-line)#password cisco
• Audain.net SW1(config-line)#login

1.9. Exit Command

Now that we complete the port password protection we need to leave the line console.  We use Exit command to exit to privileged EXEC mode and to exit to global configuration mode

• Audain.net SW1(config-line)#exit

1.10. banner motd Command

MOTD mean Message of the Day , consequently for our security need, we will displays a legal notices regarding connection to the switch.

•  Audain.net SW1(config)#banner motd  #unauthorized access to this device is prohibited #

1.11. Interface Vlan Command

First thing to remember, a logical interface for a VLAN is named a Switched Virtual Interface. In other word when you setup the switch this interface will be identify as vlan interface. Another key point the VLAN Interface is that can be assigned an IP address.  Furthermore you can assigned bridge group, interface description and quality of service policy.

Another Key point, the VLAN Interface provide the  layer 2 devices the possibility to interact with an another devices at layer 3. Moreover the multi-Layer switches use VLAN interfaces to authorize multi-layer routing possibility on a switch. To sum up, the switch have the router hability and the default VLAN on a switches is VLAN 1.

• Audain.net SW1(config)#interface vlan 1

1.12. Ip address Command

Actually, we will configure the IP address 192.168.2.2 on the vlan 1 interface.  That will allow to communicate with your switch from another subnet.  Whoever, you need to configure the default gateway, this way he will be able to access the local LAN.

• SW1(config-if)#ip address 192.168.2.2 255.255.255.0

1.13. No shutdown Command

Now we setup the VLAN ip address, we need to bring the interface up.  With this intention,  the “no shutdown ” command will bring the interface up.

• SW1(config-if)#no shutdown

1.14. Do show running-config Command

In order to display the configuration that is actually running on the switch, we need to use the show running-config command.  This command only work in privileged EXEC mode.  Consequently you need to use the “do” command to run a command in privileged mode.

• Audain.net Audain.net 09:11:09  Sw1 SW1(config-if)#do show running-config

1.15. Exit Command

We use Exit command to exit to network interface.

• Audain.net SW1(config-if)#exit

1.16. Service Password-encryption Command

Since all passwords configured are stored in clear-text in switch configuration file. Of course all attacker know they only need to run show running-config to find out the passwords. The servive password-encryption command create a “secure” non-text password displayed in the configuration.

• Audain.net SW1(config)#service password-encryption

1.17. IP default-gateway Command

Subsequently, there 3 things to communicate on an inter-network: IP address, subnet mask and default gateway.  Initially switch will forward IP packets thru the 192.168,2,1. In short the default gateway is the IP address we will setup to the router interface.

• Audain.net SW1(config)#ip default-gateway 192.168.2.1

1.18. Exit Command

Now let Exit to the privileged EXEC mode.

•  Audain.net SW1(config)#exit

1.19. Copy running-config startup-config Command

In the event that the system is rebooted. In that case we need to save ours configuration changes. More importantly we will save the two types of configuration files. At first the running configuration (current operating) and the startup configuration. To resume the running configuration is stored in RAM and  the startup configuration is stored in NVRAM.

• Audain.net SW1#copy running-config startup-config

 

---

2- Next we need configure the router and rename it to R1.

2.1. Enable command

Let access the privileged exec mode from the user EXEC mode in the router, type enable command

• Audain.net   Router>enable

2.2. Configure Terminal command

Much less to be able to configure your router, you need to access the global configuration mode.  So you need to type configure terminal command from privileged EXEC mode

• Audain.net  Router#configure terminal

2.3. Hostname command

In order to rename the router to R1,  you need to type hostname R1

• Audain.net    Router(config)#hostname R1

2.4. Enable secret password command

As we learn, privileged EXEC commands are used for actions and can impact your router. For this reason a password to prevent unauthorized use will be configure. Consequently we will use enable secret audain,  because is encrypted  and more secure. With this in mind, password is case sensitive and can contain from 1 to 25 uppercase and lowercase alphanumeric characters. Equally the password can start with a numeral. And spaces are also valid password characters and leading spaces are ignored. But trailing spaces are recognized.

• Audain.net  R1(config)#enable secret audain

2.5. Line console Command

The Console configuration mode is use for the purpose of configuring the console interface settings.  On any router and switch, the configuration is appear as line console 0 and in the output of the show line command as cty.  Remember, the  console port is used for the local system access by using the console terminal. In this cisco Lab we will need to access the line console to be able to setup a password.

Audain.net  R1(config)#line console 0

2.6. Password and login Command

Here in the  line console configuration. We need to use the login configuration command in order to enable password  verification at login. Furthermore, console authentication requires the password and the login commands to operate.

Audain.net  R1(config-line)#password cisco

Audain.net  R1(config-line)#login

2.7. Line vty Command

Granted access to telnet and SSH thru the network to the switch and the router, we need to setup the VTY ports (virtual TTY ports).  In summary, this port is for the purpose of connecting the switch or the router to make configuration modification or verify the status. The router 2960 have five VTY ports, numbered 0 to 4.

Audain.net  R1(config-line)#line vty 0 4

2.8. Password and login Command

 Here in the  line console configuration. We need to use the login configuration command in order to enable password  verification at login. Furthermore, console authentication requires the password and the login commands to operate.

Audain.net  R1(config-line)#password audain

Audain.net  R1(config-line)#login

2.9. Exit Command

Now let Exit to the privileged EXEC mode.

Audain.net  R1(config-line)#exit

2.10. Do show IP interface brief Command

In the same time, let display the status of the router interface with show ip interface brief command. As we can see, it  include their IP address, Layer 2 status, and Layer 3 status. This command only work in privileged EXEC mode.  Consequently you need to use the “do” command to run a command in privileged mode.

Audain.net R1(config)#do show ip interface brief

2.11. Banner motd Command

MOTD mean Message of the Day , consequently for our security need, we will displays a legal notices regarding connection to the switch.

• Audain.net  R1(config)#banner motd #

2.12. Interface  Command

First, a few words about the the interfaces names.

• The 100Mbits / interfaces are named fastethernet.
• 1Gbit / interfaces are named gigabitEthernet.
• 10Gigabit / s interfaces are named TenGigabitEthernet.
• Port numbers have the following syntax: 0/1 or 1/0/1.

 

Let setup the network interface 0/0 connected to switch 1(SW1)

• Audain.net  R1(config)#interface fastethernet 0/0

2.13. Ip address Command

Actually, we will configure the IP address 192.168.2.1 on the interface fastethernet 0/0.  That will allow to communicate with the switch1 (SW1).  Whoever, you need to configure the default gateway, this way he will be able to access the local LAN.

• Audain.net  R1(config-if)#ip address 192.168.2.1 255.255.255.0

2.14. No shutdown Command

Now we setup the fastethernet 0/0, we need to bring the interface up.  With this intention,  the “no shutdown ” command will bring the interface up.

• Audain.net  R1(config-if)#no shutdown

2.15. Description  Command

By adding description you will be able to identify the interface easily.

• Audain.net  R1(config-if)#description LAN 192.168.1.0

2.16. Exit Command

Now let Exit from the interface.

• Audain.net  R1(config-if)#exit

2.17. Interface  Command

Let setup the network interface 0/1 connected to switch 2(SW2). This time let use the “interface fa0/1” as the abbreviation of interface fastethernet 0/1

• Audain.net  R1(config)#interface fa0/1

2.18. Ip address Command

Actually, we will configure the IP address 172.19.1.1 on the interface fastethernet 0/1.  That will allow to communicate with the switch1 (SW2).  Whoever, you need to configure the default gateway, this way he will be able to access the local LAN.

• Audain.net  R1(config-if)#ip address 172.19.1.1 255.255.255.0

2.19. No shutdown Command

Now we setup the interface fastinternet 0/1  ip address, we need to bring the interface up.  With this intention,  the “no shutdown ” command will bring the interface up.

• Audain.net  R1(config-if)#no shutdown

2.20. Description  Command

By adding description you will be able to identify the interface connected to switch 2.

Audain.net  R1(config-if)#description LAN 172.19.1.0

2.21. Exit Command

We use Exit command to exit the interface.

• Audain.net R1(config-if)#exit

2.22. Service Password-encryption Command

Since all passwords configured are stored in clear-text in switch configuration file. Of course all attacker know they only need to run show running-config to find out the passwords. The servive password-encryption command create a “secure” non-text password displayed in the configuration.

• Audain.net  R1(config)#service password-encryption

2.23. Exit Command

Now let Exit to the privileged EXEC mode.

• Audain.net  R1(config)#exit

2.24. Copy running-config startup-config Command

In the event that the system is rebooted. In that case we need to save ours configuration changes. More importantly we will save the two types of configuration files. At first the running configuration (current operating) and the startup configuration. To resume the running configuration is stored in RAM and  the startup configuration is stored in NVRAM. This time let use the “copy run start” as the abbreviation of copy running -config startup-config  from privileged EXEC mode

• Audain.net  R1#copy run start

---

3- Finally the configurations of the second switch and let rename it to SW2.

3.1. Enable command

This time again let access the privileged exec by typing enable command

• Audain.net 09:33:01  SW2 Switch>enable

3.2. Configure Terminal command

To be able to configure your switch, we need to access the global configuration mode.  This time let use “configure t” as abbreviation of configure terminal abbreviation.

• Audain.net Switch#configure t

3.3. Hostname command

Now to rename the switch name to SW2,  you need to type hostname SW2

• Audain.net Switch(config)#hostname SW2

3.4. Enable secret password command

Again privileged EXEC commands are used for actions that can impact your system.That mean,  we need to set a password to prevent unauthorized use. For this reason, we use enable secret audain,  because is encrypted (unreadable) and more secure.  In fact,  you need to remember, each type of password is case sensitive. And it can contain from 1 to 25 uppercase and lowercase alphanumeric characters. Equally the password can start with a numeral. Do not forget, spaces are also valid password characters and leading spaces are ignored. But trailing spaces are recognized.

• Audain.net SW2(config)#enable secret audain

3.5. Line console Command

The Console configuration mode is use for the purpose of configuring the console interface settings.  Now access the line console to be able to setup a password.

• Audain.net SW2(config)#line console 0

3.6. Password and login Command

Furthermore, console authentication requires the password and the login commands to operate.

• Audain.net SW2(config-line)#password cisco
• Audain.net SW2(config-line)#login

3.7. Line vty Command

Granted access to telnet and SSH thru the network to the switch and the router, we need to setup the VTY ports (virtual TTY ports).  In summary, this port is for the purpose of connecting the switch or the router to make configuration modification or verify the status. The router 2960 have five VTY ports, numbered 0 to 4.

• Audain.net SW2(config-line)#line vty 0 4
• Audain.net SW2(config-line)#password cisco

3.8. Password and login Command

Let configure the login password for the port VTY.

• Audain.net SW2(config-line)#login

3.9. Exit Command

Now that we complete, exit the line interface configuration.

• Audain.net SW2(config-line)#exit

3.10. Banner motd Command

Consequently for our security need, we will displays a legal notices regarding connection to the switch.

• Audain.net SW2(config)#banner motd #

 

3.11. Interface Vlan Command

First thing to remember, a logical interface for a VLAN is named a Switched Virtual Interface. In other word when you setup the switch this interface will be identify as vlan interface. Another key point the VLAN Interface is that can be assigned an IP address.  Furthermore you can assigned bridge group, interface description and quality of service policy.

Another Key point, the VLAN Interface provide the  layer 2 devices the possibility to interact with an another devices at layer 3. Moreover the multi-Layer switches use VLAN interfaces to authorize multi-layer routing possibility on a switch. To sum up, the switch have the router hability and the default VLAN on a switches is VLAN 1.

• Audain.net SW2(config)#interface vlan 1

3.12. Ip address Command

Actually, we will configure the IP address 192.168.2.2 on the vlan 1 interface.  That will allow to communicate with your switch from another subnet.  Whoever, you need to configure the default gateway, this way he will be able to access the local LAN.

• Audain.net SW2(config-if)#ip address 172.19.1.2 255.255.255.0

3.13. No shutdown Command

Now we setup the VLAN ip address, we need to bring the interface up.  With this intention,  the “no shutdown ” command will bring the interface up.

• Audain.net SW2(config-if)#no shutdown

3.14. Description  Command

By adding description may prevent you from changing configuration on the wrong interface.

• Audain.net SW2(config-if)#description Network 172.19.1.0

3.15Exit Command

We use Exit command to exit interface configuration.

• Audain.net SW2(config-if)#exit

3.16. IP default-gateway Command

Subsequently, there 3 things to communicate on an inter-network: IP address, subnet mask and default gateway.  Initially switch will forward IP packets thru the 192.168,2,1. In short the default gateway is the IP address we will setup to the router interface.

• Audain.net SW2(config)#ip default-gateway 172.19.1.1

3.17. Exit Command

Now use Exit command to exit to privileged EXEC mode and to exit to global configuration mode

• Audain.net SW2(config)#exit

3.19. Configure Terminal command

Also to be able to configure your switch, you need to access the global configuration mode.  So you need to type configure terminal command from privileged EXEC mode

• Audain.net SW2#config t

3.20. Service Password-encryption Command

Since all passwords configured are stored in clear-text in switch configuration file. Of course all attacker know they only need to run show running-config to find out the passwords. The servive password-encryption command create a “secure” non-text password displayed in the configuration.

• Audain.net SW2(config)#service password-encryption

3.21. Exit Command

Now let Exit to the privileged EXEC mode.

• Audain.net SW2(config)#exit

3.22. Copy running-config startup-config Command

In the event that the system is rebooted. In that case we need to save ours configuration changes. More importantly we will save the two types of configuration files. At first the running configuration (current operating) and the startup configuration. To resume the running configuration is stored in RAM and  the startup configuration is stored in NVRAM. This time let use the “copy run start” as the abbreviation of copy running -config startup-config  from privileged EXEC mode

• Audain.net SW2#copy run start