Journal

Configuring a router:

When configuring a new router always remember to remove

initial startup config using the command erase startup-config
while in EXEC mode
To enter EXEC mode: enable
To configure interfaces and router security: configure terminal
Interfaces:
1. interface xxx where xxx is the name of
interface
2. ip address x.x.x.x y.y.y.y where x is ip and y is
subnet
3. no shutdown change interface link status to
up
Security:

1. enable secret ****1 to lock access to EXEC

mode
2. enable password ****1 lock access to router
terminal
3. line con 0 >> password ****1 >> login
>> exit set password for console access
4. line vty 0 4 >> password ****1 >> login
>> exit set password for telnet access
5. service password-encryption encrypts
passwords
6. banner motd # to add a banner for intruders,
end banner with #

*1

: put a password of your own instead of ****

hostname ROUTERNAME to change name of router

no ip domain-lookup Prevent unwanted DNS lookups
to end terminal configuration press CNTRL+Z
type Show Run to view all configuration set
type show ip interface brief to view the configuration of
interfaces

Advanced Security measures:

Require that a minimum of 10 characters be used for all passwords.
R1(config)# security passwords min-length 10

Enable SSH connections.

a. Assign the domain name as CCNA-lab.com.
R1(config)# ip domain-name CCNA-lab.com
b. Create a local user database entry to use when connecting to the
router via SSH. The password should meet strong password standards,
and the user should have administrator-level access.
R1(config)# username admin privilege 15 secret
Admin15p@55
c. Configure the transport input for the vty lines so that they accept SSH
connections, but do not allow Telnet connections.
R1(config)# line vty 0 4
R1(config-line)# transport input ssh
d. The vty lines should use the local user database for authentication.
R1(config-line)# login local
R1(config-line)# exit
e. Generate a RSA crypto key using a modulus of 1024 bits.
R1(config)# crypto key generate rsa modulus 1024
The name for the keys will be: R1.CCNA-lab.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be nonexportable...
[OK] (elapsed time was 2 seconds)
R1(config)#
*Jan 31 17:54:16.127: %SSH-5-ENABLED: SSH 1.99 has been
enabled

Secure the console and VTY lines.

(will logout after 5 mins of being idle)

R1(config)# line console 0

R1(config-line)# exec-timeout 5 0
R1(config-line)# line vty 0 4
R1(config-line)# exec-timeout 5 0
R1(config-line)# exit
R1(config)# login block-for 30 attempts 2 within
120 (The router blocks login attempts for 30 seconds if
someone fails two attempts within 120 seconds. This timer is
set especially low for the purpose of this lab.)

Navigating the IOS

Cisco IOS Modes of Operation

Presentation_ID

2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Protocol Suites

Protocol Suites and Industry Standards

Presentation_ID

2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

16

Protocol Suites

TCP/IP Protocol Suite and Communication

Presentation_ID

2008 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

18

//LAYERS VIP\\
7 layers used to help trouble shoot network problems.
Layers:
Encapsulation Process
Protocol Data Unit (PDU)
7. Application
(all)
6. Presentation
(people)
5. Session
(seem)
4. Transport
(to)
Segment
3. Network
(need)
Packet
2. Datalink
(data)
Frame
1. Physical
(processing)
Bit
(sender point of view)
Note:

Note: TCP/IP Model:

TCP and UDP connections

use netstat command in order to show tcp and udp connection

netstat a shows active connections and specify whether it is UDP or
TCP
netstat r Shows routing table

Contents of the IPv4 packet header

Contents of a frame

ETHERNET STANDARDS
LLC
Handles communication between upper and lower layers.
Takes the network protocol data and adds control information to
help deliver the packet to the destination.
MAC
Constitutes the lower sublayer of the data link layer.
Implemented by hardware, typically in the computer NIC.
Two primary responsibilities:
Data encapsulation
Media access control

NETWORK TAPOLOGIES
(i) Network Topology:

(ii) Network Topologies include:

(a) bus
(b) star
(c) extended star
(d) ring
(e) mesh (full/partial)

work for Problem

POINT TO POINT ROUTING (next hop on

both routers)
Command to point to point route:
Ip route 0.0.0.0 0.0.0.0 se0/0/0

Making DHCP SERVER

>> Ip dhcp pool poolname
>> network a.b.c.d a.b.c.d
>> default router a.b.c.d
(exclude gateway+vlan and such stuff)
>> ip dhcp exlude(tab)

IPV4 AND IPV6

IPv4 Address Classes
Class A 1 127 Leading bit pattern 0
00000000.00000000.00000000.00000000

Class B 128 191 Leading bit pattern 10

10000000.00000000.00000000.00000000

Class C 192 223 Leading bit pattern 110

11000000.00000000.00000000.00000000

Class D 224 239 (Reserved for multicast)

Class E 240 255 (Reserved for experimental, used for research)

Speciality Address Ranges

Loopback - Only the single 127.0.0.1 address is used, addresses
127.0.0.0 to
127.255.255.255 are reserved. Any address within this block will
loop
back to the local host.
Link-Local Addresses - IPv4 addresses in the address block
169.254.0.0 to 169.254.255.255
(169.254.0.0/16) are designated as link-local addresses.
TEST-NET Addresses - The address block 192.0.2.0 to
192.0.2.255 (192.0.2.0/24) is set aside
for teaching and learning purposes.
Experimental Addresses - The addresses in the block 240.0.0.0 to
255.255.255.254 are listed as
reserved for future use (RFC 3330).

Private Address Space

Class A 10.0.0.0 to 10.255.255.255
Class B 172.16.0.0 to 172.31.255.255
Class C 192.168.0.0 to 192.168.255.255

Default Subnet Masks

Class A 255.0.0.0
Class B 255.255.0.0
Class C 255.255.255.0