Networking Concepts – Part One Exercise 1 – Essential Router Configuration

Exercises
Introduction
Lab Topology
Exercise 1 – Essential Router Configuration
Exercise 2 – Essential Switch Configuration
Exercise 3 – Next-Generation Firewalls
Exercise 4 – Next-Generation IPS
Exercise 5 – Access Points
Exercise 6 – Controllers
Exercise 7 – Endpoints and Servers
Exercise 8 – 2 Tier and 3 Tier Architecture
Exercise 9 – Spine-Leaf
Exercise 10 – SOHO and WAN
Exercise 11 – On-Premises and Cloud
Exercise 12 – Compare TCP to UDP
Review

Welcome to the Networking Concepts – Part One Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Exercise 1 – Essential Router Configuration
• Exercise 2 – Essential Switch Configuration
• Exercise 3 – Next-Generation Firewalls
• Exercise 4 – Next-Generation IPS
• Exercise 5 – Access Points
• Exercise 6 – Controllers
• Exercise 7 – Endpoints and Servers
• Exercise 8 – 2 Tier and 3 Tier Architecture
• Exercise 9 – Spine-Leaf
• Exercise 10 – SOHO and WAN
• Exercise 11 – On-Premises and Cloud
• Exercise 12 – Compare TCP to UDP

After completing this lab, you will be able to:

• Perform the Initial Configuration Dialog
• Configure and Examine the Router using CLI
• Configure an IP Address on an Interface
• Enable SSH Access to the Router
• Configure the Switch
• Know about Startup and Running Configurations
• Manage Startup and Running Configurations
• View System Information
• Describe and Compare Next-Generation Firewalls with Traditional Firewalls
• Describe NGIPS and how it Works
• Describe the Purpose and Function of an Access Point
• Describe the Purpose of Cisco DNA
• Describe the Purpose of Cisco WLC
• Describe the Purpose of Endpoints and Servers
• Describe the Difference between 2 Tier and 3 Tier Architecture
• Describe the Characteristics of Spine-Leaf Network Topology
• Describe SOHO Networks
• Describe WAN Networks
• Describe On-Premises and Cloud Networks
• Know about TCP and UDP

Exam Objectives

The following exam objective is covered in this lab:

• 1.1 Explain the role and function of network components
• 1.2 Describe characteristics of network topology architectures
• 1.5 Compare TCP to UDP

Lab Topology

During your session, you will have access to the following lab configuration.

Depending on the exercises, you may or may not use all of the devices, but they are shown here in the layout to get an overall understanding of the topology of the lab.

• NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
• NYEDGE2 – (Cisco 2911 – Internet Edge Router 2)
• NYWAN1 – (Cisco 2911 – WAN Router)
• NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
• NYCORE2 – (Cisco 3750v2 – 24PS – Core Switch 2)
• NYACCESS1 – (Cisco 2960-24 – Access Switch 1)
• PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)

Exercise 1 – Essential Router Configuration

Every computer network has at least one switch where we connect end devices (computers, printers, IP phones, and other devices) and at least one router that represents the main device in a network and connects us to the outside world.

Today, most enterprise networks follow a typical network scheme where they have one central site – headquarter, and a couple of remote sites – branches. For them to communicate, we need a router at each site. Routers usually have 2 interfaces, one connected to a LAN switch and the other to a WAN link. The network connects to the Internet and other remote sites or headquarters over this WAN link.

Routers operate at layer 3 of the TCP/IP and OSI Reference model and have the capability to forward packets from source to destination. Packets travel from the source device over the switch to the router’s LAN interface. The router then forwards the packet to the outside interface based on the destination IP address of the packet. It performs a routing table lookup to find the next hop and exiting interface.

Routing table will be covered in detail in a later module. In this exercise, you will perform basic router configuration.

Learning Outcomes

After completing this exercise, you will be able to:

• Perform the Initial Configuration Dialog
• Configure and Examine the Router using CLI
• Configure an IP Address on an Interface
• Enable SSH Access to the Router

Your Devices

You will be using the following devices in this lab. Please power these on now.

• NYEDGE1 – (Cisco 2911 – Internet Edge Router 1)
• NYEDGE2 – (Cisco 2911 – Internet Edge Router 2)
• NYWAN1 – (Cisco 2911 – WAN Router)
• NYCORE1 – (Cisco 3750v2 – 24PS – Core Switch 1)
• PLABCSCO01 – (Windows Server 2012 R2 – Cisco Tools Server)

A Note About Your Lab Routers

The routers used in the lab belong to the Cisco 2911 series. These routers have 4 * HWIC slots and 1 * NM slot and 3 * GigabitEthernet interfaces. These are very capable routers and are the workhorses of many small offices, medium-sized organizations, and enterprises alike.

In the image below, you can see a cropped section of one of the Cisco racks that contain the labs you are accessing. The image shows the rear of the three routers you have access to in this lab showing their interfaces and slots. The top router is NYEDGE1, the middle router is NYEDGE2, and the bottom router is NYWAN1.

From left to right in the top router NYEDGE1 in the image, you can see the following:

• 4 * HWIC slots, HWIC0 on the right shows an HWIC-2T card installed with two Smart-Serial DTE-DCE cables attached.
• Aux and Console ports (the console port has a cable attached, the Aux port isn’t clear, but it’s above the console port).
• 3 * GigabitEthernet interfaces.
• USB connections.
• Compact flash card slots (*2) under the HWIC slots.
• Network module slot (NM) on the bottom left.

Notice this lab is currently powered off as there are no link lights on any of the LEDs.

The bottom router NYWAN1 has 2 * HWIC-2T’s installed and a single HWIC-1T with no cable attached in slot 2.

The GigabitEthernet interfaces connect to the lab switches and some of our infrastructure, enabling some advanced services such as OSPF, BGP, and others.

The compact flash cards in the routers are different from fixed configuration switches as the flash card can be removed. The flash card in this router is a CompactFlash type card and is where the router’s OS lives (IOS).

One interesting point of difference between switches and routers is that many switches don’t actually have power switches to turn them on and off, but routers do. The higher-end switches, especially those with removable power supplies do have power switches, but the lower end ones don’t.

The image below shows the interfaces a little clearer with no cables attached.

Command Line Modes

Before proceeding with the first task, familiarize yourself with the various command line modes Cisco devices use. The most common modes are as follows:

• User Exec Mode – signified by the > at the end of the device name, for example, NYEDGE1>
• Privileged Executive Mode – signified by the # symbol at the end of the device name, for example, NYEDGE1#
• Global Configuration Mode – signified by the (config)# at the end of the device name, for example, NYEDGE1 (config)#

When you first connect to a router, it’s in a user exec mode (>) by default. To change to a privileged exec mode (#) and start configuring our device,the following command is used:

NYEDGE1>enable
NYEDGE1#

There are many other modes that branch off from the global configuration mode, such as line configuration mode or VLAN configuration mode, which will change the command prompt slightly. The most commonly used is the interface configuration mode which appears as follows:

NYEDGE1(config-if)#

Task 1 – The Initial Configuration Dialog

In this task, you will perform the initial router booting process . You will view the different syslog messages that are generated during the boot process.

Step 1

Connect to NYEDGE1.

You will notice that once the device begins to boot up, the terminal window appears. The boot-up process is useful to watch as you can view the router going through its various boot and test stages. Remember, these are real Cisco devices, so depending on the hardware and software of the device, this may take a few minutes. Larger more feature-rich IOSs take longer to boot than smaller ones.

Once the device has booted, you will see the initial configuration dialog appear.The boot-up process can take a while before the initial configuration dialog appears.

You will see the following output:

CISCO2911/K9 platform with 524288 Kbytes of main memory
Main memory is configured to 72/-1(On-board/DIMM0) bit mode with ECC enabled
 
 
Readonly ROMMON initialized
program load complete, entry point: 0x80803000, size: 0x1b340
program load complete, entry point: 0x80803000, size: 0x1b340
 
 
IOS Image Load Test 
___________________ 
Digitally Signed Release Software 
program load complete, entry point: 0x81000000, size: 0x5e8ba54
Self decompressing the image : #####################################################################################################
####################################################################################################################################
####################################################################################################################################
####################################################################################################################################
######################################################################################### [OK]
 
 
Smart Init is enabled
smart init is sizing iomem
                 TYPE      MEMORY_REQ
          HWIC Slot 0      0x00200000
    Onboard devices &
         buffer pools      0x0228F000 
-----------------------------------------------
               TOTAL:      0x0248F000
 
Rounded IOMEM up to: 40Mb.
Using 7 percent iomem. [40Mb/512Mb]

 !<-- Output Omitted -->           

Step 2

Once the initial configuration dialog appears, quit out of it by typing no as you will be configuring the router using CLI(Command-line interface).

!<-- Output Omitted -->
Installed image archive
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FCZ1820707R
3 Gigabit Ethernet interfaces
2 Serial(sync/async) interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)
         --- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]:  no

Step 3

You will see a number of syslog messages appear, this is normal. Press Enter a few times until you get the Router> prompt. Your output should look something like this:

!<-- Output Omitted -->

*Feb  5 03:00:18.103: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Feb  5 03:00:18.103: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Feb  5 03:00:18.103: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to down
Router>
Router>

Task 2 – Configuring and Examining the Router using CLI

In this task, you are going to carry out the following activities on the router:

• Set the router’s hostname
• View the router’s interfaces
• View which cables are connected to the router’s WAN interfaces (the cards that are inserted into the HWIC slots)
• View which routing protocols are running on the router
• View which IOS version the router is running

Step 1

First, configure the hostname of the router.

Connect to NYEDGE1. Configure the hostname by issuing the following commands (press Enter after each command):

Router>

enable

Router#

configure terminal

Router(config)#

hostname NYEDGE1

NYEDGE1(config)#

exit

You will see the following output:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname NYEDGE1
NYEDGE1(config)#exit
NYEDGE1#

Step 2

Next, you will take a look at the router’s interfaces, and you will determine whether cables are attached to the serial interfaces. Being able to view which cables are attached to the serial interfaces on the WIC-1T or WIC-2T cards is very handy, as it can be a great way to troubleshoot connectivity issues.

To do this, type the following command:

NYEDGE1#

show ip interface brief

Press Enter.

You will see the following output:

NYEDGE1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down
GigabitEthernet0/0         unassigned      YES unset  administratively down down
GigabitEthernet0/1         unassigned      YES unset  administratively down down
GigabitEthernet0/2         unassigned      YES unset  administratively down down
Serial0/0/0                unassigned      YES unset  administratively down down
Serial0/0/1                unassigned      YES unset  administratively down down
NYEDGE1#

In the output, you can see that NYEDGE1 has two serial interfaces. You can also see this in the figures of the physical devices at the beginning of this exercise. You can also see that all the interfaces are in an administratively down state by default. Switch, in contrast, has all the interfaces as enabled by default.

Step 3

Now determine what type of cable is connected to the serial interfaces. Specifically, you will look at the cable type of the Serial 0/0/0 interface by issuing the following command:

NYEDGE1#

show controllers serial 0/0/0

Press Enter.

You will see the following output:

NYEDGE1#show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is SCC
DTE V.35
Clock Freq detected Rx clk/Tx clk 1932725/1932725 (+-10%)
!<-- Output Omitted -->
NYEDGE1#

Whilst it is not entirely obvious from the lengthy output that results from the command, in the first few lines, you will see DTE V.35 at the beginning of one of the lines. This indicates that a DTE cable is attached to the interface.

Step 4

You will now issue the same commands in NYEDGE2 and NYWAN1 and compare the output.

Connect to NYEDGE2. Quit the initial configuration dialogs on routers by typing no and issue the following commands (press Enter after each command):

Router>

enable

Router#

configure terminal

Router(config)#

hostname NYEDGE2

NYEDGE2(config)#

exit

NYEDGE2#

show controllers serial 0/0/0

The output will be as follows:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname NYEDGE2
NYEDGE2(config)#exit
NYEDGE2#show controllers serial 0/0/0
Interface Serial0/0/0
Hardware is SCC
DCE V.35, clock rate 2000000
idb at 0x21ADADC0, driver data structure at 0x3C2D47A0
wic_info 0x21ADBCD0 NYEDGE2#show controllers serial 0/0/0
!<-- Output Omitted -->
NYEDGE2#

Step 5

Connect to NYWAN1. Quit the initial configuration dialogs on routers by typing no and issue the following commands (press Enter after each command):

Router>

enable

Router#

configure terminal

Router(config)#

hostname NYWAN1

NYWAN1(config)#

exit

NYWAN1#

show controllers serial 0/2/0

You will see the following output:

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname NYWAN1
NYWAN1(config)#exit

NYWAN1#show controllers serial 0/2/0
Interface Serial0/2/0
Hardware is SCC
No serial cable attached
idb at 0x3C818878, driver data structure at 0x21F2DAA8
wic_info 0x3C819788NYWAN1#show controllers serial 0/2/0
!<-- Output Omitted -->
NYWAN1#

In the output of NYEDGE2, you can see that there is a DCE cable attached, and on NYWAN1, there is no cable attached. This gives you all three possible outcomes of this command: DTE, DCE, and no cable. If you look at the picture at the start of the module, you will see that there is no cable attached to Serial 0/2/0. This is also confirmed by the output.

Step 6

Next, view the routing protocols that are running on NYEDGE1.

Connect to NYEDGE1 and enter the following command:

NYEDGE1#

show ip protocols

Press Enter.

You will see the following output:

NYEDGE1#show ip protocols
*** IP Routing is NSF aware ***
NYEDGE1#

As you can see, there are currently no routing protocols enabled; this is, of course, the case as the router was powered up in a fresh, un-configured state.Note: You do, however, get the message that IP Routing is NSF aware. This just states that the router has Non Stop Forwarding enabled. NSF is just a feature that allows routers to keep on forwarding traffic even in the event of a restart. This is done by separating the control and the data plane, having one process involved in building the routing table, and another process in forwarding the packets. For more information, use your favorite search engine to further research this topic.

Step 7

Finally, before continuing on with your configuration, take a look at which IOS version the router is running as well as other physical characteristics. As with a switch you can use the show version command to view this:

NYEDGE1#

show version

Press Enter.

The output will be as follows:

NYEDGE1#show version
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 19-Mar-14 19:23 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
NYEDGE1 uptime is 22 minutes
System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M6.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FCZ1820706X
3 Gigabit Ethernet interfaces
2 Serial(sync/async) interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
255488K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device#   PID SN
-------------------------------------------------
*0     CISCO2911/K9          FCZ1820706X
Technology Package License Information for Module:'c2900'
-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
uc            None          None           None
data          datak9        Permanent      datak9
Configuration register is 0x2142
NYEDGE1#

See if you can find the following information about your router:

• Cisco IOS Version
• The IOS filename and location
• The uptime of the router
• How many and what type of interfaces the router has
• The configuration register

Task 3 – Configuring an IP Address on an Interface

When configuring an IP address on a router, the address is applied to a physical interface. In this task, you will configure an IP address on a router interface.

Step 1

Connect to the NYEDGE1 router and enter the interface configuration mode of GigabitEtherent 0/0 by entering the following commands (press Enter after each command):

NYEDGE1#

configure terminal

NYEDGE1(config)#

interface gigabitEthernet 0/0

You will see the following output:

NYEDGE1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
NYEDGE1(config)#interface gigabitEthernet 0/0
NYEDGE1(config-if)#

Step 2

Next, configure the IP address of this interface to be 192.168.16.1 with a subnet mask of 255.255.255.0 and enable the interface.

Type the following commands (press Enter after each command):

NYEDGE1(config-if)#

ip address 192.168.16.1 255.255.255.0

NYEDGE1(config-if)#

no shutdown

NYEDGE1(config-if)#

exit

NYEDGE1(config)#

exit

You will see the following output:

NYEDGE1(config-if)#ip address 192.168.16.1 255.255.255.0
NYEDGE1(config-if)#no shutdown
NYEDGE1(config-if)#exit
NYEDGE1(config)#exit
*Sep 16 17:30:20.607: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Sep 16 17:30:21.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
NYEDGE1#

Note: Notice that by default, router interfaces are in a shutdown state. Interestingly, there is no command to enable them directly. The command to enable an interface is the negation of the shutdown command, which is no shutdown.

Assuming the NYCORE1 switch has finished booting up already, you should see syslog messages on NYEDGE1 similar to the above indicating that the GigabitEthernet 0/0 interface has changed state to up.Note: IP addresses on routers are assigned to their interfaces. Because routers have multiple interfaces, they will also have multiple IP addresses. This means that when you are attempting to remotely connect to a router, you must use an IP address of one of the active interfaces that have been assigned an IP address.

Task 4 – Enable SSH Access to the Router

SSH (Secure Shell) works in client-server mode. Our PC will have a client installed (which is usually putty.exe) and a router, which is the server. SSH uses strong encryption and hashing algorithms to ensure secure access. Since everything is about security today, you will enable SSH (Secure Shell) and disable Telnet. Telnet sends traffic as clear text, and SSH uses encryption. It uses public-key cryptography to authenticate users. SSH keys are generated on a router. Therefore, before enabling SSH to the router, you need to generate an RSA. To be able to generate a key, you need to specify a hostname, which was already done in Task 1, and a domain name on the router.

In this task, you will enable remote access to the router and perform the following activities:

• Configure hostname
• Configure domain name
• Generate SSH keys
• Enable SSH on VTY lines
• Configure a user for authentication

Step 1

Connect to the NYEDGE1 router. Configure the domain name by entering the following commands (press Enter after each command):

NYEDGE1#

configure terminal

NYEDGE1(config)#

ip domain-name practice-labs.com

You will see the following output:

NYEDGE1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
NYEDGE1(config)#ip domain-name practice-labs.com
NYEDGE1(config)#

Step 2

You will now generate an RSA key. To do so, enter the following commands (press Enter after each command):

NYEDGE1(config)#

crypto key generate rsa

How many bits in the modulus [512]:

2048

You will see the following output:

NYEDGE1(config)#crypto key generate rsa
The name for the keys will be: NYEDGE1.practice-labs.com
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
 
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 21 seconds)
NYEDGE1(config)#
*Jan 29 11:29:03.455: %SSH-5-ENABLED: SSH 1.99 has been enabled

Notice that after you generated the key, SSH 1.99 is automatically enabled.

Step 3

You will now enable version 2 of SSH. To do so, enter the following command (press Enter after each command):

NYEDGE1(config)#

ip ssh version 2

NYEDGE1(config)#

exit

You will see the following output:

NYEDGE1(config)#ip ssh version 2
NYEDGE1(config)#exit
NYEDGE1#

Step 4

You can confirm SSH is enabled by entering the following command:

NYEDGE1#

show ip ssh

Press Enter.

The output will be as follows:

NYEDGE1#show ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZmOnT4CC8U+a+VE5703YeDDApJaGsDKE1rxpbHVsf
FE6TAZDwtwouePT9JCMLa6k/wso804W3LBcnF34Mbom8lRpNNceSTD9DgfjIwjfEizuXmTHwN/wDblRd
30cSGLb8elnBceg8VFJl0ufa3sOLtFV0lHBZ4O19sYqxcP5gxQsU8/aG0EoVUITWH0YWWEa1FtoP6f+i
cygdhBaroC63kKa9zrg/tmuWsJGg0nJgBu5XoAgmpIENWlomjKZ7x50nvY2lIOdORHxcTG0FUQQo81HF
Sg8Xo/u3+W2yAZfHqa8IPQr+wLKoYAHUOH7KA5U0wCjvcLDIAORQy5slThT7
NYEDGE1#

The above output shows some basic SSH parameters. You will see version 2 of ssh is enabled. You will be disconnected after 120 seconds of inactivety and you have 3 authenticaton retries before you get disconnected from the router.

Step 5

You will now set vty lines for SSH transport. Vty stands for Virtual teletype, and it is a virtual port that is used for remote access to a device. These are virtual lines, and there is no hardware associated to them.

For example, when you issue the following command, you will have 5 simultaneous virtual connections (Telnet or SSH):

line vty 0 4

The maximum number of simultaneous connections you can have is 16 (line vty 0 15).

To configure secure shell (ssh) access, use the following commands (press Enter after each command):

NYEDGE1#

configure terminal

NYEDGE1(config)#

line vty 0 4

NYEDGE1(config-line)#

transport input ssh

NYEDGE1(config-line)#

login local

NYEDGE1(config-line)#

exit

You will see the following output:

NYEDGE1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
NYEDGE1(config)#line vty 0 4
NYEDGE1(config-line)#transport input ssh
NYEDGE1(config-line)#login local
NYEDGE1(config-line)#exit
NYEDGE1(config)# 

Note: The transport input ssh command will disable telnet access and enable only SSH access. The login local command ensures that the router uses the local user database for authentication.

Step 6

You will now configure a local account for authentication. You will specify Joe as the username and CISCO as the password:

NYEDGE1(config)#

username Joe privilege 15 secret CISCO

Press Enter.

You will see the following output:

NYEDGE1(config)#username Joe privilege 15 secret CISCO
NYEDGE1(config)# 

Note: You configured a user with the privilege level 15, which is the highest privilege level on cisco devices. If you create a user without specifying a privilege level, you would need to create an “enable” password . You will be required to provide this password to access your device.

Step 7

In the previous step, you enabled ssh access to the router. Now you will test your configuration by using Putty, which is on the PLABCSCO01 server.

Connect to PLABCSCO01. Double click on the putty icon on the desktop.

Step 8

The PuTTY Configuration window opens. Enter the following in Host Name (or IP address) field:

192.168.16.1

Ensure that SSH protocol is selected in Connection type.

Click Open.If you receive an error when opening the connection, ensure that NYCORE1 and NYACCESS1 is powered ON and ensure the systems have completed their boot process. Afterwards, reopen Putty and repeat the step of entering the 192.168.16.1 address and ensure port 22 is set and the SSH radio button is selected.

Step 9

A PuTTY Security Alert window will pop up. Read the message and click Yes.

Step 10

Enter the following login details:

login as: Joe

Press Enter.

Password: CISCO

Press Enter.Note: When typing the password, the characters will not appear on the screen.

You are now successfully logged in to a router over SSH protocol. Note that you are logged in privileged exec mode because you used an account with the highest privilege level defined (privilege level 15).

From this mode, you can enter configuration mode and start configuring your device.