Experiment-4

Aim: Connect the computers in Local Area Network.

Procedure: On the host computer

On the host computer, follow these steps to share the Internet connection:
1. Log on to the host computer as Administrator or as Owner.
2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click the connection that you use to connect to the Internet. For example, if you
connect to the Internet by using a modem, right-click the connection that you want under Dial-up
/ other network available.
6. Click Properties.
7. Click the Advanced tab.

8. Under Internet Connection Sharing, select the Allow other network users to connect
through this computer's Internet connection check box.

9. If you are sharing a dial-up Internet connection, select the Establish a dial-up connection
whenever a computer on my network attempts to access the Internet check box if you
want to permit your computer to automatically connect to the Internet.

10. Click OK. You receive the following message:

When Internet Connection Sharing is enabled, your LAN adapter will be set to use IP address
192.168.0. 1. Your computer may lose connectivity with other computers on your network. If
these other computers have static IP addresses, it is a good idea to set them to obtain their IP
addresses automatically. Are you sure you want to enable Internet Connection Sharing?

11. Click Yes.

The connection to the Internet is shared to other computers on the local area network (LAN).

The network adapter that is connected to the LAN is configured with a static IP address of
192.168.0. 1 and a subnet mask of 255.255.255.0

On the client computer

To connect to the Internet by using the shared connection, you must confirm the LAN adapter IP
configuration, and then configure the client computer. To confirm the LAN adapter IP
configuration, follow these steps:

1. Log on to the client computer as Administrator or as Owner.

2. Click Start, and then click Control Panel.
3. Click Network and Internet Connections.
4. Click Network Connections.
5. Right-click Local Area Connection and then click Properties.
6. Click the General tab, click Internet Protocol (TCP/IP) in the connection uses the following
items list, and then click Properties.

7. In the Internet Protocol (TCP/IP) Properties dialog box, click Obtain an IP address
automatically (if it is not already selected), and then click OK.

Note: You can also assign a unique static IP address in the range of 192.168.0.2 to
254. For example, you can assign the following static IP address, subnet mask, and default gateway:

8. IP Address 192.168.31.202
9. Subnet mask 255.255.255.0
10. Default gateway 192.168.31.1

11. In the Local Area Connection Properties dialog box, click OK.

12. Quit Control Panel.

 Experiment-5
Aim: Study of basic network command and Network configuration commands.

Apparatus (Software): Command Prompt And Packet Tracer.

Procedure: To do this EXPERIMENT- follows these steps:

In this EXPERIMENT- students have to understand basic networking commands e.g ping,
tracert etc.

All commands related to Network configuration which includes how to switch to privilege mode
and normal mode and how to configure router interface and how to save this configuration to
flash memory or permanent memory.

This commands includes

• Configuring the Router commands

• General Commands to configure network
• Privileged Mode commands of a router
• Router Processes & Statistics
• IP Commands
• Other IP Commands e.g. show ip route etc.

ping:
ping(8) sends an ICMP ECHO_REQUEST packet to the specified host. If the host responds, you
get an ICMP packet back. Sound strange? Well, you can “ping” an IP address to see if a machine
is alive. If there is no response, you know something is wrong.
Traceroute:

Tracert is a command which can show you the path a packet of information takes from your
computer to one you specify. It will list all the routers it passes through until it reaches its
destination, or fails to and is discarded. In addition to this, it will tell you how long each 'hop'
from router to router takes.
nslookup:

Displays information from Domain Name System (DNS) name servers.

NOTE :If you write the command as above it shows as default your pc's server name firstly.

pathping:

A better version of tracert that gives you statics about packet lost and latency.

Getting Help

In any command mode, you can get a list of available commands by entering a question mark (?).

Router>?
To obtain a list of commands that begin with a particular character sequence, type in those
haracters followed immediately by the question mark (?).

Router#co?
configure connect copy
To list keywords or arguments, enter a question mark in place of a keyword or argument.
Include a space before the question mark.

Router#configure ?

memory Configure from NV memory network Configure from a TFTP network host terminal
Configure from the terminal
You can also abbreviate commands and keywords by entering just enough characters to make
the command unique from other commands. For example, you can abbreviate the show
command to sh.

Configuration Files

Any time you make changes to the router configuration, you must save the changes to memory
because if you do not they will be lost if there is a system reload or power outage. There are two
types of configuration files: the running (current operating) configuration and the startup
configuration.
Use the following privileged mode commands to work with configuration files.
 Experiment-6

Performing an Initial Switch Configuration

Topology Diagram

Objectives
 Perform an initial configuration of a Cisco Catalyst 2960 switch.

Background / Preparation
In this activity, you will configure these settings on the customer Cisco Catalyst 2960 switch:
 Host name
 Console password
 vty password
 Privileged EXEC mode password
 Privileged EXEC mode secret
 IP address on VLAN1 interface
 Default gateway
Note: Not all commands are graded by Packet Tracer.

Step 1: Configure the switch host name.

a. From the Customer PC, use a console cable and terminal emulation software to connect to the console
of the customer Cisco Catalyst 2960 switch.
b. Set the host name on the switch to CustomerSwitch using these commands.

Switch>enable
Switch#configure terminal
 Switch(config)#hostname CustomerSwitch

Step 2: Configure the privileged mode password and secret.

a. From global configuration mode, configure the password as cisco.

CustomerSwitch(config)#enable password cisco

b. From global configuration mode, configure the secret as cisco123.

CustomerSwitch(config)#enable secret cisco123

Step 3: Configure the console password.

a. From global configuration mode, switch to configuration mode to configure the console line.
CustomerSwitch(config)#line console 0

b. From line configuration mode, set the password to cisco and require the password to be entered at
login.

CustomerSwitch(config-line)#password cisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit

Step 4: Configure the vty password.

a. From global configuration mode, switch to the configuration mode for the vty lines 0 through 15.

CustomerSwitch(config)#line vty 0 15

b. From line configuration mode, set the password to cisco and require the password to be entered at
login.

CustomerSwitch(config-line)#password cisco
CustomerSwitch(config-line)#login
CustomerSwitch(config-line)#exit

Step 5: Configure an IP address on interface VLAN1.

From global configuration mode, switch to interface configuration mode for VLAN1, and assign the IP address
192.168.1.5 with the subnet mask of 255.255.255.0.

CustomerSwitch(config)#interface vlan 1
CustomerSwitch(config-if)#ip address 192.168.1.5 255.255.255.0
CustomerSwitch(config-if)#no shutdown
CustomerSwitch(config-if)#exit

Step 6: Configure the default gateway.

a. From global configuration mode, assign the default gateway to 192.168.1.1.

CustomerSwitch(config)#ip default-gateway 192.168.1.1

 b. Click the Check Results button at the bottom of this instruction window to check your work.

Step 7: Verify the configuration.

The Customer Switch should now be able to ping the ISP Server at 209.165.201.10. The first one or two pings
may fail while ARP converges.

CustomerSwitch(config)#end
CustomerSwitch#ping 209.165.201.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.165.201.10, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 181/189/197 ms

CustomerSwitch#

Reflection
a. What is the significance of assigning the IP address to the VLAN1 interface instead of any of the Fast
Ethernet interfaces?

b. What command is necessary to enforce password authentication on the console and vty lines?

c. How many gigabit ports are available on the Cisco Catalyst 2960 switch that you used in the activity?
 Experiment-7

Performing an Initial Router Configuration

Topology Diagram

Objectives
 Configure the router host name.
 Configure passwords.
 Configure banner messages.
 Verify the router configuration.

Background / Preparation
In this activity, you will use the Cisco IOS CLI to apply an initial configuration to a router, including host
name, passwords, a message-of-the-day (MOTD) banner, and other basic settings.
Note: Some of the steps are not graded by Packet Tracer.

Step 1: Configure the router host name.

a. On Customer PC, use the terminal emulation software to connect to the console of the customer Cisco
1841 ISR.
Set the host name on the router to CustomerRouter by using these commands.

Router>enable
Router#configure terminal
Router(config)#hostname CustomerRouter

Step 2: Configure the privileged mode and secret passwords.

a. In global configuration mode, set the password to cisco.
 CustomerRouter(config)#enable password cisco

Set an encrypted privileged password to cisco123 using the secret command.

CustomerRouter(config)#enable secret cisco123

Step 3: Configure the console password.

a. In global configuration mode, switch to line configuration mode to specify the console line.

CustomerRouter(config)#line console 0

Set the password to cisco123, require that the password be entered at login, and then exit line configuration mode.

CustomerRouter(config-line)#password cisco123
CustomerRouter(config-line)#login
CustomerRouter(config-line)#exit
CustomerRouter(config)#

Step 4: Configure the vty password to allow Telnet access to the router.
a. In global configuration mode, switch to line configuration mode to specify the vty
lines.

CustomerRouter(config)#line vty 0 4

Set the password to cisco123, require that the password be entered at login, exit line configuration mode, and then
exit the configuration session.

CustomerRouter(config-line)#password cisco123
CustomerRouter(config-line)#login
CustomerRouter(config-line)#exit
CustomerRouter(config)#

Step 5: Configure password encryption, a MOTD banner, and turn off domain server lookup.
a. Currently, the line passwords and the enable password are shown in clear text when you show the
running configuration. Verify this now by entering the show running-config command.

To avoid the security risk of someone looking over your shoulder and reading the passwords, encrypt
all clear text passwords.

CustomerRouter(config)#service password-encryption

Use the show running-config command again to verify that the passwords are encrypted.
To provide a warning when someone attempts to log in to the router, configure a MOTD banner.

CustomerRouter(config)#banner motd $Authorized Access Only!$

Test the banner and passwords. Log out of the router by typing the exit command twice. The banner displays before
the prompt for a password. Enter the password to log back into the router.
You may have noticed that when you enter a command incorrectly at the user or privileged EXEC prompt, the router
pauses while trying to locate an IP address for the mistyped word you entered. For example, this output shows what
happens when the enable command is mistyped.

CustomerRouter>emable
Translating "emable"...domain server (255.255.255.255)

To prevent this from happening, use the following command to stop all DNS lookups from the router
CLI.

CustomerRouter(config)#no ip domain-lookup

Save the running configuration to the startup configuration.

CustomerRouter(config)#end
CustomerRouter#copy run start

Step 6: Verify the configuration.

a. Log out of your terminal session with the Cisco 1841 customer router.
b. Log in to the Cisco 1841 Customer Router. Enter the console password when prompted.
c. Navigate to privileged EXEC mode. Enter the privileged EXEC password when prompted.
d. Click the Check Results button at the bottom of this instruction window to check your work.

Reflection
Which Cisco IOS CLI commands did you use most?

How can you make the customer router passwords more secure?
 Experiment-8

Configuring and Troubleshooting a Switched Network

Topology Diagram

Objectives
 Establish console connection to the switch.
 Configure the host name and VLAN1.
 Use the help feature to configure the clock.
 Configure passwords and console/Telnet access.
 Configure login banners.
 Configure the router.
 Solve duplex and speed mismatch problems.
 Configure port security.
 Secure unused ports.
 Manage the switch configuration file.

Background / Preparation
In this Packet Tracer Skills Integration Challenge activity, you will configure basic switch management,
including general maintenance commands, passwords, and port security. This activity provides you an
opportunity to review previously acquired skills.
Addressing Table
Device Interface IP Address Subnet Mask
R1 Fa0/0 172.17.99.1 255.255.255.0
S1 Fa0/1 172.17.99.11 255.255.255.0
PC1 NIC 172.17.99.21 255.255.255.0
PC2 NIC 172.17.99.22 255.255.255.0
Server NIC 172.17.99.31 255.255.255.0

Step 1: Establish a console connection to a switch.

For this activity, direct access to the S1 Config and CLI tabs is disabled. You must establish a console session
through PC1.
a. Connect a console cable from PC1 to S1.
b. From PC1, open a terminal window and use the default terminal configuration. You should now have
access to the CLI for S1.
c. Check results.
Your completion percentage should be 8%. If not, click Check Results to see which required components are
not yet completed.

Step 2: Configure the host name and VLAN 1.

a. Configure the switch host name as S1.
b. Configure port Fa0/1. Set the mode on Fast Ethernet 0/1 to access mode.

i. S1(config)#interface fastethernet 0/1

ii. S1(config-if)#switchport mode access

c. Configure IP connectivity on S1 using VLAN 1.

i. S1(config)#interface vlan 1
ii. S1(config-if)#ip address 172.17.99.11 255.255.255.0
iii. S1(config-if)#no shutdown

d. Configure the default gateway for S1 and then test connectivity. S1 should be able to ping R1.
e. Check results.
Your completion percentage should be 31%. If not, click Check Results to see which required components are
not yet completed. Also, make sure that interface VLAN 1 is active.

Step 3: Configure the current time using Help.

a. Configure the clock to the current time. At the privileged EXEC prompt, enter clock ?.
b. Use Help to discover the steps required to set the current time.
c. Use the show clock command to verify that the clock is now set to the current time. Packet Tracer
may not correctly simulate the time you entered.
Packet Tracer does not grade this command, so the completion percentage does not change.
Step 4: Configure passwords.
a. Use the encrypted form of the privileged EXEC mode password and set the password to class.
b. Configure the passwords for console and Telnet. Set both the console and vty password to cisco
and require users to log in.
c. View the current configuration on S1. Notice that the line passwords are shown in clear text. Enter
the command to encrypt these passwords.
d. Check results.
Your completion percentage should be 42%. If not, click Check Results to see which required components are
not yet completed.

Step 5: Configure the login banner.

If you do not enter the banner text exactly as specified, Packet Tracer does not grade your command correctly.
These commands are case-sensitive. Also make sure that you do not include any spaces before or after the text.
a. Configure the message-of-the-day banner on S1 to display as Authorized Access Only. (Do not
include the period.)
b. Check results.
Your completion percentage should be 46%. If not, click Check Results to see which required components are
not yet completed.

Step 6: Configure the router.

Routers and switches share many of the same commands. Configure the router with the same basic commands
you used on S1.
a. Access the CLI for R1 by clicking the device.
b. Do the following on R1:
 Configure the hostname of the router as R1.
 Configure the encrypted form of the privileged EXEC mode password and set the password to
class.
 Set the console and vty password to cisco and require users to log in.
 Encrypt the console and vty passwords.
 Configure the message-of-the-day as Authorized Access Only. (Do not include the period.)
c. Check results.
Your completion percentage should be 65%. If not, click Check Results to see which required components are
not yet completed.

Step 7: Solve a mismatch between duplex and speed.

a. PC1 and Server currently do not have access through S1 because the duplex and speed are mismatched.
Enter commands on S1 to solve this problem.
b. Verify connectivity.
c. Both PC1 and Server should now be able to ping S1, R1, and each other.
d. Check results.
Your completion percentage should be 73%. If not, click Check Results to see which required components are
not yet completed.
Step 8: Configure port security.
a. Use the following policy to establish port security on the port used by PC1:
 Enable port security
 Allow only one MAC address
 Configure the first learned MAC address to "stick" to the configuration
Note: Only enabling port security is graded by Packet Tracer and counted toward the completion percentage.
However, all the port security tasks listed above are required to complete this activity successfully.
b. Verify that port security is enabled for Fa0/18. Your output should look like the following output.
Notice that S1 has not yet learned a MAC address for this interface. What command generated this
output?

S1#________________________________

Port Security : Enabled

Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses :0
Configured MAC Addresses : 0
Sticky MAC Addresses :0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

c. Force S1 to learn the MAC address for PC1. Send a ping from PC1 to S1. Then verify that S1 added
the MAC address for PC1 to the running configuration.

!
interface FastEthernet0/18
<output omitted>
switchport port-security mac-address sticky 0060.3EE6.1659
<output omitted>
!

d. Test port security. Remove the FastEthernet connection between S1 and PC1. Connect PC2 to Fa0/18.
Wait for the link lights to turn green. If necessary, send a ping from PC2 to S1 to cause the port to shut
down. Port security should show the following results: (the Last Source Address may be different)

Port Security : Enabled

Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses :1
 Configured MAC Addresses : 1
Sticky MAC Addresses :0
Last Source Address:Vlan : 00D0.BAD6.5193:99
Security Violation Count : 1

e. Viewing the Fa0/18 interface shows that line protocol is down (err-disabled), which also indicates a
security violation.

S1#show interface fa0/18

FastEthernet0/18 is down, line protocol is down (err-disabled)
<output omitted>

f. Reconnect PC1 and re-enable the port. To re-enable the port, disconnect PC2 from Fa0/18 and
reconnect PC1. Interface Fa0/18 must be manually reenabled with the no shutdown command before
returning to the active state.
g. Check results.
Your completion percentage should be 77%. If not, click Check Results to see which required components are
not yet completed.

Step 9: Secure unused ports.

a. Disable all ports that are currently not used on S1. Packet Tracer grades the status of the following
ports: Fa0/2, Fa0/3, Fa0/4, Gig 1/1, and Gig 1/2.
b. Check results.
Your completion percentage should be 96%. If not, click Check Results to see which required components are
not yet completed.

Step 10: Manage the switch configuration file.

a. Save the current configuration for S1 and R1 to NVRAM.
b. Back up the startup configuration file on S1 and R1 by uploading them to Server. Verify that Server
has the R1-confg and S1-confg files.
c. Check results.
Your completion percentage should be 100%. If not, click Check Results to see which required components are
not yet completed.
 Experiment-9

Connecting a Switch
Topology Diagram

Objectives
 Connect a switch to the network.
 Verify the configuration on the switch.

Background / Preparation
In this activity, you will verify the configuration on the customer Cisco Catalyst 2960 switch. The switch is
already configured with all the basic necessary information for connecting to the LAN at the customer site. The
switch is currently not connected to the network. You will connect the switch to the customer workstation, the
customer server, and customer router. You will verify that the switch has been connected and configured
successfully by pinging the LAN interface of the customer router.

Step 1: Connect the switch to the LAN.

a. Using the proper cable, connect the FastEthernet0/0 on Customer Router to the FastEthernet0/1 on
Customer Switch.
b. Using the proper cable, connect the Customer PC to the Customer Switch on port FastEthernet0/2.
c. Using the proper cable, connect the Local Server to the Customer Switch on port FastEthernet0/3.

Step 2: Verify the switch configuration.

a. From the Customer PC, use the terminal emulation software to connect to the console of the
customer Cisco Catalyst 2960 switch.
b. Use the console connection and terminal utility on the Customer PC to verify the configurations.
Use cisco as the console password.
c. Enter privileged EXEC mode and use the show running-config command to verify the following
configurations. The password is cisco123.
a. VLAN1 IP address = 192.168.1.5
b. Subnet mask = 255.255.255.0
 c. Password required for console access
d. Password required for vty access
e. Password enabled for privileged EXEC mode
f. Secret enabled for privileged EXEC mode
d. Verify IP connectivity between the Cisco Catalyst 2960 switch and the Cisco 1841 router by initiating
a ping to 192.168.1.1 from the switch CLI.
e. Click the Check Results button at the bottom of this instruction window to check your work.

Reflection
a. What is the significance of the enable secret command compared to the enable password?

b. If you want to remove the requirement to enter a password to access the console, what commands
do you issue from your starting point in privileged EXEC mode?