CPE529C

COMPUTER NETWORK AND SECURITY

Act # 4: GNS3 VPCS, Cloud and

setting device Base Configuration

1
General Instructions
1. Read and understand the activity discussions. The
material is for reference only.
2. Perform the supplementary activity. Ensure you
are not connected to WIFI (or other connections)
before you start GNS3 to prevent unwanted VM
behavior.
General Instructions
3. Answer the questions in the supplementary
activity. No need to capture all steps onto your lab
document; provide only what is required to satisfy
the question.
4. In case you need to capture configuration, copy
and paste it from the terminal application to your
document. Set the font style to “Courier
New”.
Work quietly. Raise your hand
to get my attention.

4
Activity Discussion

5
Cisco IOS Access
Access Methods
• Console – A physical management port
used to access a device in order to
provide maintenance, such as
performing the initial configurations.
• Secure Shell (SSH) – Establishes a
secure remote CLI connection to a
device, through a virtual interface, over a
network. (Note: This is the recommended
method for remotely connecting to a
device.)

• Telnet – Establishes an insecure remote

CLI connection to a device over the
network. (Note: User authentication,
passwords and commands are sent over the
network in plaintext.)
6
Secure Remote Access
Telnet Operation
Telnet uses TCP port 23. It is an older
protocol that uses unsecure plaintext
transmission of both the login
authentication (username and
password) and the data transmitted
between the communicating devices.
A threat actor can monitor packets using
Wireshark. For example, in the figure
the threat actor captured the
username admin and
password ccna from a Telnet session.

7
Secure Remote Access
SSH Operation
Secure Shell (SSH) is a secure protocol that uses
TCP port 22. It provides a secure (encrypted)
management connection to a remote device.
SSH should replace Telnet for management
connections. SSH provides security for remote
connections by providing strong encryption when
a device is authenticated (username and
password) and also for the transmitted data
between the communicating devices.

The figure shows a Wireshark capture of an SSH

session. The threat actor can track the session
using the IP address of the administrator device.
However, unlike Telnet, with SSH the username
and password are encrypted.

8
Cisco IOS Access
Terminal Emulation Programs
• Terminal emulation programs are used to connect to a network device by either a console
port or by an SSH/Telnet connection.
• There are several terminal emulation programs to chose from such as PuTTY, Tera Term
and SecureCRT.

9
IOS Navigation
Primary Command Modes
User EXEC Mode:
• Allows access to only a limited
number of basic monitoring
commands
• Identified by the CLI prompt
that ends with the > symbol

Privileged EXEC Mode:

• Allows access to all
commands and features
• Identified by the CLI prompt
that ends with the # symbol

10
IOS Navigation
Configuration Mode and Subconfiguration Modes

Global Configuration Mode:

• Used to access
configuration options on the
device

Line Configuration Mode:

• Used to configure console,
SSH, Telnet or AUX access

Interface Configuration Mode:

• Used to configure a switch
port or router interface
11
IOS Navigation
Navigation Between IOS Modes
▪ Privileged EXEC Mode:
• To move from user EXEC mode to privilege
EXEC mode, use the enabled command.
▪ Global Configuration Mode:
• To move in and out of global configuration
mode, use the configure terminal
command. To return to privilege EXEC
mode, use the exit command.
▪ Line Configuration Mode:
• To move in and out of line configuration
mode, use the line command followed by
the management line type. To return to
global configuration mode, use the exit
command.
12
IOS Navigation
Navigation Between IOS Modes (Cont.)
Subconfiguration Modes:
• To move out of any subconfiguration mode to
get back to global configuration mode, use
the exit command. To return to privilege
EXEC mode, use the end command or key
combination Ctrl +Z.

• To move directly from one subconfiguration

mode to another, type in the desired
subconfiguration mode command. In the
example, the command prompt changes from
(config-line)# to (config-if)#.

13
The Command Structure
Basic IOS Command Structure

• Keyword – This is a specific parameter defined in the operating system (in the figure, ip
protocols).

• Argument - This is not predefined; it is a value or variable defined by the user (in the
figure, 192.168.10.5).

14
The Command Structure
IOS Command Syntax Check
A command might require one or more arguments. To determine the keywords
and arguments required for a command, refer to the command syntax.
• Boldface text indicates commands and keywords that are entered as shown.
• Italic text indicates an argument for which the user provides the value.

Convention Description
Boldface text indicates commands and keywords that you enter literally as
boldface
shown.
italics Italic text indicates arguments for which you supply values.

[x] Square brackets indicate an optional element (keyword or argument).

{x} Braces indicate a required element (keyword or argument).

Braces and vertical lines within square brackets indicate a required choice
[x {y | z }] within an optional element. Spaces are used to clearly delineate parts of the
command.

15
The Command Structure
IOS Command Syntax Check (Cont.)
▪ The command syntax provides the pattern, or format, that must be used when
entering a command.

▪ The command is ping and the user-defined

argument is the ip-address of the
destination device. For example, ping
10.10.10.5.
▪ The command is traceroute and the
user-defined argument is the ip-
address of the destination device. For
example, traceroute 192.168.254.254.

▪ If a command is complex with multiple arguments, you may see it represented like this:

16
The Command Structure
IOS Help Features
The IOS has two forms of help available: context-sensitive help and command
syntax check.
• Context-sensitive help enables you to • Command syntax check verifies that
quickly find answers to these questions: a valid command was entered by
• Which commands are available in each command
the user.
mode? • If the interpreter cannot understand the
• Which commands start with specific characters or command being entered, it will provide
group of characters? feedback describing what is wrong with
the command.
• Which arguments and keywords are available to
particular commands?

17
The Command Structure
Hot Keys and Shortcuts
• The IOS CLI provides hot keys and shortcuts that make configuring, monitoring, and
troubleshooting easier.
• Commands and keywords can be shortened to the minimum number of characters
that identify a unique selection. For example, the configure command can be
shortened to conf because configure is the only command that begins with conf.

18
The Command Structure
Hot Keys and Shortcuts (Cont.)
▪ The table below is a brief list of keystrokes to enhance command line editing.

Keystroke Description

Tab Completes a partial command name entry.

Backspace Erases the character to the left of the cursor.

Left Arrow or Ctrl+B Moves the cursor one character to the left.

Right Arrow or Ctrl+F Moves the cursor one character to the right.

Recalls the commands in the history buffer, beginning with

Up Arrow or Ctrl+P
the most recent commands.

19
The Command Structure
Hot Keys and Shortcuts (Cont.)
• When a command output produces more text
than can be displayed in a terminal window, • The table below lists commands that can
the IOS will display a “--More--” prompt. The be used to exit out of an operation.
table below describes the keystrokes that can
be used when this prompt is displayed.

Keystroke Description Keystroke Description

When in any configuration mode, ends the
Enter Key Displays the next line. Ctrl-C configuration mode and returns to privileged EXEC
mode.
When in any configuration mode, ends the
Space Bar Displays the next screen. Ctrl-Z configuration mode and returns to privileged EXEC
mode.
Ends the display string, returning to All-purpose break sequence used to abort DNS
Any other key Ctrl-Shift-6
privileged EXEC mode. lookups, traceroutes, pings, etc.

Note: To see more hot keys and shortcuts refer to 2.3.5.

20
Basic Device Configuration
Device Names
• The first configuration command on any device should be to
give it a unique hostname.
• By default, all devices are assigned a factory default name.
For example, a Cisco IOS switch is "Switch.”

• Guideline for naming devices:

• Start with a letter
• Contain no spaces
• End with a letter or digit
Note: To return the switch to the default
• Use only letters, digits, and dashes
prompt, use the no hostname global
• Be less than 64 characters in length config command.

21
Basic Device Configuration
Configure Passwords
Securing user EXEC mode access:
• First enter line console configuration mode
using the line console 0 command in global
configuration mode.
• Next, specify the user EXEC mode password
using the password password command.
• Finally, enable user EXEC access using
the login command.

Securing privileged EXEC mode access:

• First enter global configuration mode.
• Next, use the enable secret password command.

22
Basic Device Configuration
Configure Passwords (Cont.)
Securing VTY line access:
• First enter line VTY configuration mode
using the line vty 0 15 command in
global configuration mode.
• Next, specify the VTY password using
the password password command.
• Finally, enable VTY access using
the login command.

▪ Note: VTY lines enable remote access using Telnet or SSH to the device. Many Cisco
switches support up to 16 VTY lines that are numbered 0 to 15.

23
Basic Device Configuration
Encrypt Passwords
▪ The startup-config and running-config files ▪ Use the show running-config command
display most passwords in plaintext. to verify that the passwords on the device
are now encrypted.
▪ To encrypt all plaintext passwords, use
the service password-encryption global config
command.

24
Basic Device Configuration
Banner Messages
▪ A banner message is important to warn
unauthorized personnel from attempting
to access the device.
▪ To create a banner message of the day
on a network device, use the banner The banner will be displayed on attempts to access the device.
motd # the message of the day # global
config command.

Note: The “#” in the command syntax is called

the delimiting character. It is entered before
and after the message.

25
Save Configurations
Configuration Files
▪ There are two system files that store the device configuration:
• startup-config - This is the saved configuration file that is stored in NVRAM. It contains all the commands that will be
used by the device upon startup or reboot. Flash does not lose its contents when the device is powered off.
• running-config - This is stored in Random Access Memory (RAM). It reflects the current configuration. Modifying a
running configuration affects the operation of a Cisco device immediately. RAM is volatile memory. It loses all of its
content when the device is powered off or restarted.
• To save changes made to the running configuration to the startup configuration file, use the copy running-config
startup-config privileged EXEC mode command.

26
Save Configurations
Alter the Running Configurations
If changes made to the running config do not
have the desired effect and the running-config
has not yet been saved, you can restore the
device to its previous configuration. To do this
you can:
• Remove the changed commands individually.
• Reload the device using the reload command
in privilege EXEC mode. Note: This will cause
the device to briefly go offline, leading to
network downtime.
If the undesired changes were saved to the
startup-config, it may be necessary to clear all
the configurations using the erase startup-
config command in privilege EXEC mode.
• After erasing the startup-config, reload the
device to clear the running-config file from
RAM.

27
Configure IP Addressing
Switch Virtual Interface Configuration
To access the switch remotely, an IP address and a subnet mask must be configured on
the SVI.
To configure an SVI on a switch:
• Enter the interface vlan 1 command in global configuration mode.
• Next assign an IPv4 address using the ip address ip-address subnet-mask command.
• Finally, enable the virtual interface using the no shutdown command.

28
Configure Initial Router Settings
Basic Router Configuration Steps
• Configure the device name. Router(config)# hostname hostname

• Secure privileged EXEC Router(config)# enable secret password

mode. Router(config)# line console 0
Router(config-line)# password password
• Secure user EXEC mode. Router(config-line)# login

• Secure remote Telnet / SSH Router(config)# line vty 0 4

access. Router(config-line)# password password
Router(config-line)# login
• Encrypt all plaintext Router(config-line)# transport input {ssh | telnet}
passwords.
Router(config)# service password encryption
• Provide legal notification and
Router(config)# banner motd # message #
save the configuration. Router(config)# end
Router# copy running-config startup-config

29
Configure Initial Router Settings
Basic Router Configuration Example
• Commands for basic router R1(config)# hostname R1
R1(config)# enable secret class
configuration on R1. R1(config)# line console 0
R1(config-line)# password cisco
• Configuration is saved to R1(config-line)# login
NVRAM. R1(config-line)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)# service password encryption
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
**********************************************
R1(config)# exit
R1# copy running-config startup-config

30
Configure Initial Router Settings
Basic Router Configuration Steps
• Configure the device name. Router(config)# hostname hostname

• Secure privileged EXEC Router(config)# enable secret password

mode. Router(config)# line console 0
Router(config-line)# password password
• Secure user EXEC mode. Router(config-line)# login

• Secure remote Telnet / SSH Router(config)# line vty 0 4

access. Router(config-line)# password password
Router(config-line)# login
• Encrypt all plaintext Router(config-line)# transport input {ssh | telnet}
passwords.
Router(config)# service password encryption
• Provide legal notification and
Router(config)# banner motd # message #
save the configuration. Router(config)# end
Router# copy running-config startup-config

31
Configure Initial Router Settings
Basic Router Configuration Example
• Commands for basic router R1(config)# hostname R1
R1(config)# enable secret class
configuration on R1. R1(config)# line console 0
R1(config-line)# password cisco
• Configuration is saved to R1(config-line)# login
NVRAM. R1(config-line)# line vty 0 4
R1(config-line)# password cisco
R1(config-line)# login
R1(config-line)# transport input ssh telnet
R1(config-line)# exit
R1(config)# service password encryption
R1(config)# banner motd #
Enter TEXT message. End with a new line and the #
***********************************************
WARNING: Unauthorized access is prohibited!
**********************************************
R1(config)# exit
R1# copy running-config startup-config

32
Configure Interfaces
Configure Router Interfaces
Configuring a router interface includes issuing the following commands:

Router(config)# interface type-and-number

Router(config-if)# description description-text
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown

• It is a good practice to use the description command to add

information about the network connected to the interface.
• The no shutdown command activates the interface.

33
Configure Interfaces
Configure Router Interfaces Example
The commands to configure interface G0/0/0 on R1 are shown here:

R1(config)# interface gigabitEthernet 0/0/0

R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,
changed state to up

34
Configure Interfaces
Configure Router Interfaces Example (Cont.)
The commands to configure interface G0/0/1 on R1 are shown here:

R1(config)# interface gigabitEthernet 0/0/1

R1(config-if)# description Link to R2
R1(config-if)# ip address 209.165.200.225 255.255.255.252
R1(config-if)# ipv6 address 2001:db8:feed:224::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:46:29.170: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Aug 1 01:46:32.171: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Aug 1 01:46:33.171: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1,
changed state to up

35
Configure Interfaces
Verify Interface Configuration
To verify interface configuration use the show ip interface brief and
show ipv6 interface brief commands shown here:

R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

36
Configure Interfaces
Configure Verification Commands

The table summarizes show commands used to verify interface configuration.

Commands Description

show ip interface brief Displays all interfaces, their IP addresses, and their current
show ipv6 interface brief status.
show ip route Displays the contents of the IP routing tables stored in
show ipv6 route RAM.
show interfaces Displays statistics for all interfaces on the device. Only
displays the IPv4 addressing information.
show ip interfaces Displays the IPv4 statistics for all interfaces on a router.

show ipv6 interfaces Displays the IPv6 statistics for all interfaces on a router.

37
Configure Interfaces
Configure Verification Commands (Cont.)
View status of all interfaces with the show ip interface brief and show ipv6 interface
brief commands, shown here:

R1# show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.10.1 YES manual up up
GigabitEthernet0/0/1 209.165.200.225 YES manual up up
Vlan1 unassigned YES unset administratively down down
R1#

R1# show ipv6 interface brief

GigabitEthernet0/0/0 [up/up]
FE80::201:C9FF:FE89:4501
2001:DB8:ACAD:10::1
GigabitEthernet0/0/1 [up/up]
FE80::201:C9FF:FE89:4502
2001:DB8:FEED:224::1
Vlan1 [administratively down/down]
unassigned
R1#

38
Configure Interfaces
Configure Verification Commands (Cont.)
Display the contents of the IP routing tables with the show ip route and show ipv6
route commands as shown here:
R1# show ip route
< output omitted>
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/0
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/0
209.165.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 209.165.200.224/30 is directly connected, GigabitEthernet0/0/1
L 209.165.200.225/32 is directly connected, GigabitEthernet0/0/1
R1#

R1# show ipv6 route

<output omitted>
C 2001:DB8:ACAD:10::/64 [0/0]
via GigabitEthernet0/0/0, directly connected
L 2001:DB8:ACAD:10::1/128 [0/0]
via GigabitEthernet0/0/0, receive
C 2001:DB8:FEED:224::/64 [0/0]
via GigabitEthernet0/0/1, directly connected
L 2001:DB8:FEED:224::1/128 [0/0]
via GigabitEthernet0/0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R1# 39
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show interfaces gig0/0/0
Display statistics for all GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140)
interfaces with the show Description: Link to LAN
interfaces command, as Internet address is 192.168.10.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
shown here: reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1180 packets input, 109486 bytes, 0 no buffer
Received 84 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles

<output omitted>

R1#

40
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ip interface g0/0/0
Display IPv4 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the Internet address is 192.168.10.1/24
Broadcast address is 255.255.255.255
show ip interface Address determined by setup command
command, as shown here: MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled

<output omitted>

R1#
41
Configure Interfaces
Configure Verification Commands (Cont.)
R1# show ipv6 interface g0/0/0
Display IPv6 statistics for GigabitEthernet0/0/0 is up, line protocol is up
router interfaces with the IPv6 is enabled, link-local address is
FE80::868A:8DFF:FE44:49B0
show ipv6 interface No Virtual link-local address(es):
command shown here: Description: Link to LAN
Global unicast address(es):
2001:DB8:ACAD:10::1, subnet is 2001:DB8:ACAD:10::/64
Joined group address(es):
FF02::1
FF02::1:FF00:1
FF02::1:FF44:49B0
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND NS retransmit interval is 1000 milliseconds

R1#

42
Configure a Switch with Initial Settings
Switch SVI Configuration Example
By default, the switch is configured to have its management controlled through VLAN 1. All
ports are assigned to VLAN 1 by default. For security purposes, it is considered a best
practice to use a VLAN other than VLAN 1 for the management VLAN,
Step 1: Configure the Management Interface: From VLAN interface configuration mode,
an IPv4 address and subnet mask is applied to the management SVI of the switch.

Note: The SVI for VLAN 99 will not appear as “up/up” until VLAN 99 is created and there is
a device connected to a switch port associated with VLAN 99.

Note: The switch may need to be configured for IPv6. For example, before you can
configure IPv6 addressing on a Cisco Catalyst 2960 running IOS version 15.0, you will need
to enter the global configuration command sdm prefer dual-ipv4-and-ipv6 default and
then reload the switch.

43
Configure a Switch with Initial Settings
Switch SVI Configuration Example (Cont.)

Task IOS Commands

Enter global configuration mode. S1# configure terminal

Enter interface configuration mode for the
S1(config)# interface vlan 99
SVI.
Configure the management interface IPv4
S1(config-if)# ip address 172.17.99.11 255.255.255.0
address.
Configure the management interface IPv6
S1(config-if)# ipv6 address 2001:db8:acad:99::1/64
address
Enable the management interface. S1(config-if)# no shutdown

Return to the privileged EXEC mode. S1(config-if)# end

Save the running config to the startup
S1# copy running-config startup-config
config.

44
Configure a Switch with Initial Settings
Switch SVI Configuration Example (Cont.)
Step 2: Configure the Default Gateway
• The switch should be configured with a default gateway if it will be managed remotely
from networks that are not directly connected.
• Note: Because, it will receive its default gateway information from a router advertisement (RA)
message, the switch does not require an IPv6 default gateway.

Task IOS Commands

Enter global configuration mode. S1# configure terminal

Configure the default gateway for the switch. S1(config)# ip default-gateway 172.17.99.1

Return to the privileged EXEC mode. S1(config-if)# end

Save the running config to the startup config. S1# copy running-config startup-config

45
Configure a Switch with Initial Settings
Switch SVI Configuration Example (Cont.)
Step 3: Verify Configuration
• The show ip interface brief and show ipv6 interface brief commands are useful for
determining the status of both physical and virtual interfaces. The output shown
confirms that interface VLAN 99 has been configured with an IPv4 and IPv6 address.
Note: An IP address applied to the SVI is only for remote management access to the
switch; this does not allow the switch to route Layer 3 packets.

46
Configure Switch Ports
Switch Verification Commands
Task IOS Commands

Display interface status and configuration. S1# show interfaces [interface-id]

Display current startup configuration. S1# show startup-config

Display current running configuration. S1# show running-config

Display information about flash file system. S1# show flash

Display system hardware and software status. S1# show version

Display history of command entered. S1# show history

S1# show ip interface [interface-id]

Display IP information about an interface. OR
S1# show ipv6 interface [interface-id]
S1# show mac-address-table
Display the MAC address table. OR
S1# show mac address-table

47
Configure the Default Gateway
Default Gateway on a Switch

• A switch must have a

default gateway address
configured to remotely
manage the switch from
another network.
• To configure an IPv4
default gateway on a
switch, use the ip default-
gateway ip-address
global configuration
command.

48
Configure Switch Ports
Verify Switch Port Configuration
The show running-config command can be used to verify that the switch has been correctly
configured. From the sample abbreviated output on S1, some important information is shown
in the figure:
• Fast Ethernet 0/18 interface configured with the management VLAN 99
• VLAN 99 configured with an IPv4 address of 172.17.99.11 255.255.255.0
• Default gateway set to 172.17.99.1

49
Configure Switch Ports
Verify Switch Port Configuration (Cont.)
The show interfaces command is another commonly used command, which displays status and
statistics information on the network interfaces of the switch. The show interfaces command is
frequently used when configuring and monitoring network devices.

The first line of the output for the show interfaces fastEthernet 0/18 command indicates that the
FastEthernet 0/18 interface is up/up, meaning that it is operational. Further down, the output shows
that the duplex is full and the speed is 100 Mbps.

50
Configure Switch Ports
Network Access Layer Issues
The output from the show interfaces command is useful for detecting common media issues. One of
the most important parts of this output is the display of the line and data link protocol status, as shown
in the example.
The first parameter (FastEthernet0/18 is up) refers to the hardware layer and indicates whether the
interface is receiving a carrier detect signal. The second parameter (line protocol is up) refers to the
data link layer and indicates whether the data link layer protocol keepalives are being received.
Based on the output of the show interfaces command, possible problems can be fixed as follows:
• If the interface is up and the line protocol is down, a problem exists. There could be an encapsulation type mismatch, the
interface on the other end could be error-disabled, or there could be a hardware problem.
• If the line protocol and the interface are both down, a cable is not attached, or some other interface problem exists. For
example, in a back-to-back connection, the other end of the connection may be administratively down.
• If the interface is administratively down, it has been manually disabled (the shutdown command has been issued) in the
active configuration.

51
Configure Switch Ports
Network Access Layer Issues (Cont.)
The show
interfaces command output
displays counters and
statistics for the
FastEthernet0/18 interface,
as shown here:

52
Device Configuration
Lab Device Base Configuration
Throughout this course, all devices must be configured with at least:
1. Device name (hostname)
2. Management IP address
3. Secured privilege EXEC mode (enable secret)1
4. Enable terminal VTY login and set password1
5. Appropriate MOTD banner (banner motd)2
6. Encrypted password (service password-encryption)
7. Disable domain lookup (no ip domain lookup)

Note 1: We will set a common password to ‘CNSp@ssw0rd’. This will allow me to perform remote
access to your device.
Note 2: Clear any existing banners (incoming, exec and login).

53
Configure VPCS
GNS3 Virtual PC Simulator
Virtual PC Simulator (VPCS)
is a program written by Paul
Meng, which allows you to
simulate a lightweight PC
supporting DHCP and ping.
It consumes only 2MB of
RAM per instance and does
not require an additional
image or complex
configuration.

54
Configure VPCS
GNS3 Virtual PC Simulator

When adding VPCS on your project, set your

appropriate GNS3 VM.

55
Configure VPCS
GNS3 Cloud
The Cloud allows your GNS3 devices to connect to the physical network.
This will give your virtual network access to the actual network.

56
Supplementary Activity

57
The Network Design

Physical
Device Interface Target Device On Logical: 10.110.X.0 /24
R1 Gi0/0 External eth1 Device Interface IP Settings
R1 Gi0/1 SW1 Gi0/1 R1 Gi0/0 DHCP
SW1 Gi1/1 PC1 Eth0 R1 Gi0/1 10.110.x.1
SW1 Gi1/2 PC2 Eth0 SW1 VLAN1 10.110.x.10
Device Model PC1 Eth0 10.110.x.101
R1 Cisco IOSv 15.9(3)M6 PC2 Eth0 10.110.x.102
SW1 Cisco IOSvL2 15.2(20200924:215240) Note: X is your class roll number
PCs VPCS

Change the device icon of SW1 to show the same. Do not use the built-in Ethernet Switch.
Activities
1. Implement the network as shown on the diagram.
2. Set the devices’ base configurations.
3. From PC1, ping R1 on its LAN interface. Does the
ping command result success? Capture the
command output. (Q#1)
4. From PC2, ping SW1 on its active SVI. Does the
ping command result success? Capture the
command output. (Q#2)
Activities
5. From SW1, ping the PCs. Does the ping command
result success?
6. From R1, ping the server IP on the external
network. Does the ping command result success?
(Q#3)
7. From PC1/PC2, ping the server IP on the external
network. Does the ping command result success?
If not, why does the ping fail? (Q#4)
Activities
8. Apply the following configs on R1:
access-list 1 permit any
interface GigabitEthernet0/0
ip nat outside
interface GigabitEthernet0/1
ip nat inside
ip nat inside source list 1 interface GigabitEthernet0/0 overload
Activities
9. Repeat the ping test to server IP from either PC.
Does the ping command result success now? If
yes, how does the commands in step 8 affects the
network communication? (Q#5)
10. From SW1, ping the server IP on the external
network. Does the ping command result success?
If not, apply necessary command to resolve the
issue. Test again and capture the positive result.
(Q#6)
Activities
11. Copy as text R1’s running configuration. Paste it
to your lab document. (Q#7)
12. Copy as text SW1’s running configuration. Paste it
to your lab document. (Q#8)
13. Copy as picture PC1’s IP configuration. Paste it to
your lab document. (Q#9)
14. Copy as picture PC2’s IP configuration. Paste it to
your lab document. (Q#10)
Raise your hand so I can check your
work. I will only check your work twice.

Upload your PDF lab document on the

Server (file name should be in the
format: LN, FN – Act # 4).
END

65