Download - Journal
Journal
Configuring a router:
When configuring a new router always remember to remove initial startup config using the command “ erase startup-config ” while in EXEC mode
To enter EXEC mode: “enable”To configure interfaces and router security: “configure terminal”
Interfaces: 1. “interface xxx” where xxx is the name of interface2. “ip address x.x.x.x y.y.y.y” where x is ip and y is subnet3. “no shutdown” change interface link status to up
Security:1. “enable secret ****1” to lock access to EXEC mode2. “enable password ****1” lock access to router terminal3. “line con 0” >> “password ****1” >> “login” >> “exit” set
password for console access4. “line vty 0 4” >> “password ****1” >> login >> exit” set
password for telnet access5. “service password-encryption” encrypts passwords 6. “banner motd #” to add a banner for intruders, end
banner with “#”*1: put a password of your own instead of ****
“hostname ROUTERNAME” to change name of router“ no ip domain-lookup” Prevent unwanted DNS lookups
to end terminal configuration press CNTRL+Z
type “Show Run” to view all configuration settype “show ip interface brief” to view the configuration of interfaces
Advanced Security measures: Require that a minimum of 10 characters be used for all passwords.
R1(config)# security passwords min-length 10
Enable SSH connections.
a. Assign the domain name as CCNA-lab.com.
R1(config)# ip domain-name CCNA-lab.com
b. Create a local user database entry to use when connecting to the router via SSH. The password should meet strong password standards, and the user should have administrator-level access.
R1(config)# username admin privilege 15 secret Admin15p@55
c. Configure the transport input for the vty lines so that they accept SSH connections, but do not allow Telnet connections.
R1(config)# line vty 0 4
R1(config-line)# transport input ssh
d. The vty lines should use the local user database for authentication.
R1(config-line)# login local
R1(config-line)# exit
e. Generate a RSA crypto key using a modulus of 1024 bits.
R1(config)# crypto key generate rsa modulus 1024The name for the keys will be: R1.CCNA-lab.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)
R1(config)#
*Jan 31 17:54:16.127: %SSH-5-ENABLED: SSH 1.99 has been enabled
Secure the console and VTY lines.
(will logout after 5 mins of being idle)
R1(config)# line console 0
R1(config-line)# exec-timeout 5 0
R1(config-line)# line vty 0 4
R1(config-line)# exec-timeout 5 0
R1(config-line)# exit
R1(config)# login block-for 30 attempts 2 within 120 (The router blocks login attempts for 30 seconds if someone fails two attempts within 120 seconds. This timer is set especially low for the purpose of this lab.)
//LAYERS VIP\\
7 layers used to help trouble shoot network problems.Layers: Encapsulation Process Protocol Data Unit (PDU)7. Application (all)6. Presentation (people)5. Session (seem)4. Transport (to) Segment 3. Network (need) Packet2. Datalink (data) Frame 1. Physical (processing) Bit (sender point of view)Note:
Note: TCP/IP Model:
TCP and UDP connections
use netstat command in order to show tcp and udp connectionnetstat –a shows active connections and specify whether it is UDP or TCPnetstat –r Shows routing table
Contents of the IPv4 packet header
Contents of a frame
ETHERNET STANDARDSLLCHandles communication between upper and lower layers.
Takes the network protocol data and adds control information to help deliver the packet to the destination. MACConstitutes the lower sublayer of the data link layer.Implemented by hardware, typically in the computer NIC.Two primary responsibilities: Data encapsulation Media access control
NETWORK TAPOLOGIES(i) Network Topology:
(ii) Network Topologies include:(a) bus(b) star(c) extended star(d) ring(e) mesh (full/partial)
work for Problem
POINT TO POINT ROUTING (next hop on both routers)
Command to point to point route:
Ip route 0.0.0.0 0.0.0.0 se0/0/0
Making DHCP SERVER
>> Ip dhcp pool poolname>> network a.b.c.d a.b.c.d>> default router a.b.c.d
(exclude gateway+vlan and such stuff)>> ip dhcp exlude(tab)
IPV4 AND IPV6
IPv4 Address Classes
Class A 1 – 127 Leading bit pattern 0 00000000.00000000.00000000.00000000
Class B 128 – 191 Leading bit pattern 10 10000000.00000000.00000000.00000000
Class C 192 – 223 Leading bit pattern 110 11000000.00000000.00000000.00000000
Class D 224 – 239 (Reserved for multicast)Class E 240 – 255 (Reserved for experimental, used for research)Speciality Address Ranges
Loopback - Only the single 127.0.0.1 address is used, addresses 127.0.0.0 to127.255.255.255 are reserved. Any address within this block will loopback to the local host.Link-Local Addresses - IPv4 addresses in the address block 169.254.0.0 to 169.254.255.255(169.254.0.0/16) are designated as link-local addresses.TEST-NET Addresses - The address block 192.0.2.0 to 192.0.2.255 (192.0.2.0/24) is set asidefor teaching and learning purposes.Experimental Addresses - The addresses in the block 240.0.0.0 to 255.255.255.254 are listed asreserved for future use (RFC 3330).Private Address Space
Class A 10.0.0.0 to 10.255.255.255Class B 172.16.0.0 to 172.31.255.255Class C 192.168.0.0 to 192.168.255.255Default Subnet Masks
Class A 255.0.0.0Class B 255.255.0.0Class C 255.255.255.0