Data Communications and Networks
Topology
Objectives
Set Up the Network Topology
Configure PC Hosts
Configure and Verify Basic Switch Settings
Configure the Switch Management Interface
Background / Scenario
In this activity, you will perform basic switch configuration tasks. You will secure access to the command-line interface (CLI) and console ports using encrypted and plain text passwords. You will also learn how to configure messages for users logging into the switch. These message banners are also used to warn unauthorized users that access is prohibited. Then, you will implement basic connectivity by configuring IP addressing on switches and PCs. When the IP addressing configuration is complete, you will use various show commands to verify the configuration and use the ping command to verify basic connectivity between devices.
Note: In Packet Tracer, the Catalyst 2960 switch uses IOS version 12.2 by default. If required, the IOS version can be updated from a file server in the Packet Tracer topology. The switch can then be configured to boot to IOS version 15.0, if that version is required.
Instruction
Task 0: Create Network Topology
Cable your network as shown in the above network topology.
Task 1: Configure Network
Step 1.1: Enter privileged EXEC mode.
You can access all switch commands from privileged EXEC mode. However, because many of the privileged commands configure operating parameters, privileged access should be password-protected to prevent unauthorized use.
The privileged EXEC command set includes the commands available in user EXEC mode, many additional commands, and the configure command through which access to the configuration modes is gained.
Click S1 and then the CLI tab. Press Enter.
Enter privileged EXEC mode by entering the enable command:
Switch> enable
Switch#
Notice that the prompt changed to reflect privileged EXEC mode.
Step 1.2: Examine the current switch configuration.
Enter the show running-config command.
Switch# show running-config
Answer the following questions:
How many Fast Ethernet interfaces does the switch have?
How many Gigabit Ethernet interfaces does the switch have?
What is the range of values shown for the vty lines?
Which command will display the current contents of non-volatile random-access memory (NVRAM)?
Why does the switch respond with "startup-config is not present?"
Task 2: Create a Basic Switch Configuration
Step 2.1: Assign a name to a switch.
To configure parameters on a switch, you may be required to move between various configuration modes. Notice how the prompt changes as you navigate through the switch.
Switch# configure terminal
Switch(config)# hostname S1_
S1_xxxxxxx(config)# exit
S1_xxxxxxx# exit
Step 2.2: Secure access to the console line.
To secure access to the console line, access config-line mode and set the console password to letmein.
S1_xxxxxxx # configure terminal
Enter configuration commands, one per line. End with CNTL/Z. S1_xxxxxxx(config)# line console 0
S1_xxxxxxx(config-line)# password letmein<Your First Name>
S1_xxxxxxx(config-line)# login
S1_xxxxxxx (config-line)# exit
S1_xxxxxxx(config)# exit
%SYS-5-CONFIG_I: Configured from console by console S1_xxxxxxx#
Step 2.3: Verify that console access is secured.
Exit privileged mode to verify that the console port password is in effect.
S1_xxxxxxx # exit
Switch con0 is now available Press RETURN to get started.
User Access Verification Password:
S1_xxxxxxx>
Note: If the switch did not prompt you for a password, then you did not configure the login parameter in Step 2.
Step 2.4: Secure privileged mode access.
Set the enable password to c1$c0-<Your Student ID>. This password protects access to privileged mode.
Note: The 0 in c1$c0 is a zero, not a capital O. This password will not grade as correct until after you encrypt it in Step 8.
S1_xxxxxxx> enable
S1_xxxxxxx# configure terminal
S1_xxxxxxx(config)# enable password c1$c0-<Your Student ID>
S1_xxxxxxx(config)# exit
%SYS-5-CONFIG_I: Configured from console by console S1_xxxxxxx #
Step 2.5: Verify that privileged mode access is secure.
Enter the exit command again to log out of the switch.
Press <Enter> and you will now be asked for a password:
User Access Verification Password:
The first password is the console password you configured for line con 0. Enter this password to return to user EXEC mode.
Enter the command to access privileged mode.
Enter the second password you configured to protect privileged EXEC mode.
Verify your configuration by examining the contents of the running-configuration file:
S1_xxxxxxx# show running-config
Notice that the console and enable passwords are both in plain text. This could pose a security risk if someone is looking over your shoulder or obtains access to config files stored in a backup location.
Step 2.6: Configure an encrypted password to secure access to privileged mode.
The enable password should be replaced with the newer encrypted secret password using the enable secret command. Set the enable secret password to mynameis<Your first name>.
S1_xxxxxxx# config t
S1_xxxxxxx(config)# enable secret mynameis<Your first name>
S1_xxxxxxx(config)# exit
S1_xxxxxxx#
Note: The enable secret password overrides the enable password. If both are configured on the switch, you must enter the enable secret password to enter privileged EXEC mode.
Step 2.7: Verify that the enable secret password is added to the configuration file.
Enter the show running-config command again to verify the new enable secret password is configured.
Note: You can abbreviate show running-config as
S1_xxxxxxx# show run
What is displayed for the enable secret password?
Why is the enable secret password displayed differently from what we configured?
Step 2.8: Encrypt the enable and console passwords.
As you noticed in Step 7, the enable secret password was encrypted, but the enable and console passwords were still in plain text. We will now encrypt these plain text passwords using the service password-encryption command.
S1_xxxxxxx# config t
S1_xxxxxxx(config)# service password-encryption
S1_xxxxxxx(config)# exit
If you configure any more passwords on the switch, will they be displayed in the configuration file as plain text or in encrypted form? Explain.
Task 3: Configure a MOTD Banner
Step 3.1: Configure a message of the day (MOTD) banner.
The Cisco IOS command set includes a feature that allows you to configure messages that anyone logging onto the switch sees. These messages are called message of the day, or MOTD banners. Enclose the banner text in quotations or use a delimiter different from any character appearing in the MOTD string.
S1_xxxxxxx # config t
S1_xxxxxxx (config)# banner motd "This is a secure system. Authorized Access Only! And designed by <Your full name>"
S1_xxxxxxx(config)# exit
%SYS-5-CONFIG_I: Configured from console by console S1_xxxxxxx#
When will this banner be displayed?
Why should every switch have a MOTD banner?
Task 4: Save and Verify Configuration Files to NVRAM
Step 4.1: Verify that the configuration is accurate using the show run command.
Save the configuration file. You have completed the basic configuration of the switch. Now back up the running configuration file to NVRAM to ensure that the changes made are not lost if the system is rebooted or loses power.
S1_xxxxxxx # copy running-config startup-config Destination filename [startup-config]?[Enter] Building configuration...
What is the shortest, abbreviated version of the copy running-config startup-config command?
Examine the startup configuration file.
Which command will display the contents of NVRAM?
Are all the changes that were entered recorded in the file?
Task 5: Configure the Switch Management Interface
Configure S1 and S2 with an IP address.
Step 5.1: Configure S1 with an IP address.
Switches can be used as plug-and-play devices. This means that they do not need to be configured for them to work. Switches forward information from one port to another based on MAC addresses.
If this is the case, why would we configure it with an IP address?
Step 5.2: Verify the IP address configuration on S1.
Use the show ip interface brief command to display the IP address and status of all the switch ports and interfaces. You can also use the show running-config command.
Task 6: Configure S2
You have completed the configuration on S1. You will now configure S2. If you cannot remember the commands, refer to Parts 1 to 4 for assistance.
Configure S2 with the following parameters:
Device name: S2_<Your Student ID>
Protect access to the console using the letmein<Your First Name> password.
Configure an enable password of c1$c0-<Your first name> and an enable secret password of
mynameis<Your first name>
Configure an appropriate message to those logging into the switch.
Encrypt all plain text passwords.
Task 7: Configure the PCs and Test Connectivity
Configure PC-A and PC-B with your IP addresses.
Step 7.1: Configure both PCs with IP addresses.
Click PC-A and then click the Desktop tab.
Click IP Configuration. Use your Addressing Table and enter this information for PC-A in the IP Configuration window. Configure the Pc IP address and Mask.
Step 7.2: Test network connectivity.
Network connectivity can be verified using the ping command. It is very important that connectivity exists throughout the network. Corrective action must be taken if there is a failure. Ping S1 and S2 from PC-A and PC-B.
Click PC-A and then click the Desktop tab.
Click Command Prompt.
Ping the IP address for S1. Type the ping command and the IP address for S1 and press Enter.
Packet Tracer PC Command Line 1.0 PC-A> ping 192.168.5.1
Ping the IP address for PC-B.
Ping the IP address for S2.
Note: You can also use the ping command on the switch CLI and on PC-B.
All pings should be successful. If your first ping result is 80%, try again. It should now be 100%. You will learn why a ping may sometimes fail the first time later in your studies. If you are unable to ping any of the devices, recheck your configuration for errors.