TNE10006 Networks and Switching Lab 2

Laboratory Week 2 – The Command Line Interface (CLI)

Aims:
• To gain an understanding of what a Switch is as a device
• To familiarise students with the Command Line Interface (CLI) to configure the Switch
• To gain knowledge in configuring network interfaces on a Switch
• To understand the different Cisco Switch modes of operation
• To understand how and where passwords apply on a Cisco Switch
• To understand the concept and differences between the running-config and the startup-config on a Cisco Switch

Background:
Network device to Human Interface (Local access)

How a Network Switch or Router different from a personal computer (PC)?

A Smart Switch is a computing device like any general-purpose computer. It has a CPU, temporary and permanent storage
(RAM and FLASH), network interfaces (multiple rather than one) and an Operating System (OS). The OS run on a
Switch is one specifically geared towards performing the tasks of a Switch rather than a general-purpose OS (such as
Windows). A purpose-built OS is important because Switches typically run slower CPUs and have less RAM and
permanent storage (FLASH) than a typical PC. This statement is also true of network Routers, which run their own
Routing OS and which we will also use during this semester.

How you can directly access to a Network device?

Your standard PC is also equipped with a Monitor and Keyboard to allow for human interaction. A network Switch will
typically not have a Video Card nor keyboard port to provide for this interface. Nonetheless, human-switch interaction is
still required. Switches (and other made-for-purpose equipment) typically provide for human interaction in the same
manner that computers used to provide it back in the 1970's and early 1980's. In those times, video cards did not exist, nor
did generic keyboard devices, all computers interfaced with humans using a Terminal.

A Terminal is an interface port, which is purpose-built for computer that incorporates a monitor and keyboard in the same
unit. A Console Terminal on a network Switch or Router is equipped with an RS-232 serial communication interface that
directly connected to an RS-232 (serial) port on a personal computer (PC). The Terminal processes ASCII characters as
transmitted over the RS-232 connection and displays them on the screen. Similarly, any keystrokes on the Terminal
keyboard are translate to ASCII characters; and it is forwards to the connected computer via the RS-232 connection too.
In a manner of speaking, the Terminal became the keyboard and monitor for the computer. Computers with multiple serial
ports could support multiple Terminals, essentially allowing many monitor/keyboard for concurrent users to use the
computer at the same time.

Figure 1: physical connection for direct access to a network device

While computers have moved to a special purpose video card and keyboard/mouse technologies, networking devices have
stuck with the terminal concept as it consumes less power, requires less CPU, and less software to manage. Having said
that, we do not carry Terminals with us anymore. With ubiquitous access to laptop technologies, the current means of
accessing the terminal of networking equipment is to connect the terminal of the Switch or Router to the RS-232 port on
[1]
TNE10006 Networks and Switching Lab 2

your laptop (or other computer device), and then to run Terminal emulation software – such as PuTTy (or equivalent) to
pretend to be the Terminal which is talking to the device. In this way, your computer remains as a general-purpose
computing device, while one application running on your computer becomes the keyboard and monitor for the network
Switch or Router.

Connections are made using the Console terminal or port on the network Switch and Router. Another port – Auxiliary –
exists to connect a modem to the router to provide for dial-up access to the command line interface.

Remote Access to network device

It does not make sense to always use a Terminal, if you are managing a nation-wide network, and you need to modify the
configuration of a network Switch or Router on the other side of the country, you are not going to travel to the remote
location just to plug in your laptop and make a five minute change to the device configuration. Configuring a Switch or
Router directly using terminal emulation software plugged into the router via a serial console cable is typically only
performed for preliminary configuration. Once a Switch (or other networking device) is configured, or partially
configured, the remainder of the configuration can be performed from a remote location. Remote access in this context
referring to network based virtual access to a network device that enabling a terminal-like activities.

Figure 2: Example – simplest form of physical connection for remote access

There are two primary means for accessing the network device-human interface remotely:
1. Configure remote access on the Switch. In this case you would configure the device to accept either telnet or ssh
connections from a remote device. As long as the device is reachable on the network, you can remotely access the
command line interface to monitor and/or change the router configuration. Ssh is preferred to telnet as it encrypts
communications thus providing better security for your network. You would then use a telnet/ssh client application
on your computer to connect to the remote device. The application becomes an extension of the command-line
interface of the router or switch, the application window becomes the device monitor, whilst any text entered into
the application is sent to the device as if it had been typed directly into the keyboard.

2. Another common approach is to use a device such as a console concentrator. This is physically installed into the
same rack as the Switch or Router. An RS-232 cable is then connected between the Switch/Router console port and
the console concentrator. The concentrator is then configured and connected to the network. Users then remotely use
ssh to connect to the concentrator, which will then forward the command-line interface from the console port
remotely. While this appears to be more complex than option 1, it is more flexible as multiple network
routers/switches can be connected to a single concentrator.

The Cisco labs will however use physical PCs and network devices like Switches and Routers.

Part 1A: Access the Console in the simulator

Access to the console in the Cisco’s Packet Tracer can be done through direct simple select (left-click) to your mouse on
the intended device icon (Switch/Router) on the workspace. You will see a window popped up with 4 tabs: Physical,
Config, CLI, and Attributes.
• Physical tab – for customizing the device with additional features (functional modules).
• Config tab – alternative/quick device setup solution to hardware modules and command line interface (CLI).
• CLI tab – the user command line interface which is used to configure the device. It has similar view like the
actual terminal emulation application that is used in real world.
• Attribute tab – for another non-configuration features setup (not important for now).

[2]
TNE10006 Networks and Switching Lab 2

In this unit, we will mainly target on the Physical and CLI tabs.

Physical tab enabled us to add or replace the existing module(s) for special needs. The list of the installed interfaces
(usually refer to physical connectable ports that can be found on a device) can be found in the INTERFACE subheading in
the Config tab. To make a change to the device, first, locate the power button of the device in the “physical device view”,
turn off the device power by simply a click on the power button. Next, drag-n-drop selected module from the “Modules”
list to the appropriate blank space on the device. Once complete, turn on the device power again and spare some time for
the device to boot up (you can view the sequence in the CLI tab) before it is ready to be configured.

CLI tab enable you to program (configure the device to be more appropriate) the device so that it will be functionally
matching the requirements of the needs of specific network. This tab offers the only user interface to the inner world of
the device. The user shall key in appropriate commands at specific sequence to activate individual function of the device.

On default, once the device is placed on the workspace of the Packet Tracer, it will start to “boot up” and get ready in few
seconds. One can view the booting process through the CLI tab.

Try to add or change the module as described below:

(1) For a generic PC – Replace the existing FastEthernet interface card to a Gigabit network interface.
(2) For a Router model 2811 – Add a dual-serial port WAN interface cards (WIC-2T) to an appropriate module slot
and add covers to all other empty module slots.

To replicates the real-world remote access to the command line interface (CLI) of a network device, you can construct a
connection like illustrated in Figure 1 above. Then use the given program called Terminal (in the desktop tab of the
PC). A terminal configuration window will be appeared, and you just need to select the OK button to start the CLI access
to the Switch/Router. The default configuration should be 9600 bps, 8 bits, no parity, 1 stop-bits, no flow control. This is
also the default setting found in generic network devices.

Part 1B: Access the Console in the Cisco Labs

Access to the console in physical world can be achieved using the PuTTY terminal emulation application. This is a third-
party software running on the PC’s OS with only intention – connect to the CLI of the device. There are other software
you may use to accommodate for the same purpose, examples will be hyperTerminal, TerraTerm, and et cetera. Access
via PuTTy is preferred for performance, improved access, multiple concurrent console sessions, and provision of cut-
paste features. Following details only brief you on the connecting procedure:

1. Download PuTTY (e.g. putty-0.73-installer.exe installer file) from the following link. Install and load it.
http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Upon starting up the PuTTY at the first time, you will see the following screen:

[3]
TNE10006 Networks and Switching Lab 2

2. For direct console connection, Select Serial button and key in the correct COM port number for your serial link
to the network device.

a Optional: Select Logging under the Session option on the left panel if you want to safeguard your settings
for future reference. Choose what to log, supply a log filename, and specify what to do if the log file exists
already.
b Select Serial from the left panel and configure the COM port as per the image below

[4]
TNE10006 Networks and Switching Lab 2

3. In the case of remote terminal service is needed (through Ethernet interface as shown in Figure 2 above), we will
use Telnet for terminal emulation. While Session is selected from the left panel, type in the IP address of the
host you want to access, select Telnet from the Protocol option and click on Open. Ensure Telnet is configured
as per the image below:

Part 2: The Device running-config, startup-config, conf-reg and vlan.dat

Cisco network devices typically store two configurations, properly known as the running configuration ( running-config)
and the startup configuration ( startup-config).

running-config – The current configuration of the switch/router. The configuration is presented to the user as a
virtual file on the system. You can use the “show running-config” command to display this file (from
Administrator Mode). This command will read the current configuration, generate it as a text file/view, and
print it to the display. Be aware that this file does not exist on the device and refers to how the switch/router is
currently configured. When you switch on a switch/router for the first time, it has a blank configuration, this
does not mean that the running-config is empty, there are a number of default settings that will always be set
on a default configuration.

startup-config – This configuration is saved on the flash within the switch or router. When the device boots up, it
checks to see if this file exists, if so it loads the stored configuration in this file and sets the switch/router to
these properties. If this file does not exist, there is no configuration so the device is loaded with an
empty/default configuration, and the switch/router will prompt you if you wish to use the wizard to configure
the device. If you do not get prompted, then a startup-config exists and was loaded, the device has already
been configured and is not blank.

For Cisco Router only

There is one other important setting on the router, this is the configuration register, or conf-reg. The conf-reg is a 16-bit
value stored in the device that determines how the router behaves when it is switched on, it is typically represented in
hexadecimal. Some of the things that values in the conf-reg can determine include the baud rate used on the RS-232
Console port for communications, which OS the router should boot up with, and more importantly, whether the router
should use the stored startup-config when it boots up. Note that while there is a conf-reg on the Cisco Switches, its
[5]
TNE10006 Networks and Switching Lab 2

value does not correlate to the Router values, and changing it does not have the same affect. In the Swinburne Cisco labs,
the value of conf-reg on the router will be one of two possible values.

0x2102 – This signifies a normal boot cycle. The device will boot up normally, loading the stored OS. Once the OS is
loaded and the basic boot-up is complete, the device will check to see if a startup-config exists. If it does,
then the startup-config is loaded, and the device is configured with its stored contents, otherwise the wizard
will be launched.
0x2142 – This signifies a normal boot except for loading of the startup-config. The device will boot up normally,
loading the stored OS. Once the OS is loaded and the basic boot-up is complete, the device will launch the
configuration wizard regardless of whether a saved startup-config exists. If this is the case and you wish to
use the saved startup-config, you will need to load it manually using “copy startup-config
runningconfig”. This mode is often used for password recovery so you can boot the device up without a
password, then load the startup-config, before finally resetting the password to a known value.

In general, you should not be seeking to change the value of the router’s conf-reg during your labs. However, if you
come across a router with a configured password, you may need to do so in order to perform a password recovery
procedure.

For Cisco Switches only:

Another file may exist on the Flash storage. The vlan.dat file contains the configuration of the VLANs that have been
created on the switch. The contents of this file are always loaded at system boot time. When clearing a switch to default
values, it is necessary to delete the vlan.dat file.

Part 3: Useful Tips in the Command Line Interface (Try this out in the Packet Tracer too)
When entering commands at the CLI, the <tab> key and “?” are your friends.
1. Typing a “?” at any time on the command line will result in a list of all commands available to you at the present
time, along with a brief description of what each command does.
2. Typing a “?” with a partial command entered on the command line will result in a list of all commands available
to you that start with the letters you have currently typed in, along with a brief description of what those
commands do
3. Typing a command, followed by a space and then a “?” will list what the command is expecting as the next
parameter, along with a description of the parameter itself. This can be repeated for commands with multiple
parameters
4. Typing some letters, then hitting <tab> will result in the Router performing auto-completion of the command (or
parameter) name. For example, typing “sh<tab>” will result in the device displaying “show” as a valid/complete
command.
5. A variation on point 4 above is when the command is ambiguous, for example typing “ s<tab>”. In this case
multiple commands begin with “s” so no auto-completion is performed. If some auto-completion is possible,
then the device will automatically add characters until the first ambiguous option
6. You only need to enter enough characters in a command, so it is un-ambiguous to the device what you wish to
achieve. For example, a command we will use later is “show running-config”, however “show” is the only
command that starts with “sh”, so typing in “sh running-config” has the same result. Similarly,
“runningconfig” is the only filename that starts with “run”. As such, other valid alternatives are “sh run”,
“show run”, “sh runni”, “sho runn”, etc. However, “s run” is not valid as multiple commands begin with “s”

[6]
TNE10006 Networks and Switching Lab 2

Part 4: Device Modes of Operation

You can tell which mode the Switch/Router OS is in by looking at the prompt. The prompt always begins with the device
name. The default name for a Router is “Router” and for a Switch is “Switch”, you can change these defaults when you
configure the device. There are three primary modes of operation:
User Mode (EXEC) – Signified by a “>” after the device name in the prompt. This mode has minimal privileges, you
will not be able to change any settings on the device, and you will only be able to view the status of some of
the internal switch/router parameters.
Administrator Mode (PRIVILEGE EXEC) – Also called “enable mode” or “privileged execution mode”. Signified
by a “#” after the device name in the prompt. In this mode you will be able to examine the full state of the
device and check its current configuration. You will also be able to enter configuration mode.
Configuration Mode (GLOBAL CONFIG) – Signified by a “(config)#” after the device name in the prompt. In this
mode you will be able to change the device configuration. A number of sub-configuration modes exist
(example if you are configuring a network interface the prompt will be followed by “ (config-if)#”).

Different commands are used to enter and leave different configuration modes. These are:
1. You can transition from User Mode to Administrator Mode by entering the command “enable”
2. Logout from User Mode by entering “exit”
3. Transition from Administrator Mode to User Mode by entering “exit”
4. Transition from Administrator Mode to Configuration Mode by entering “configure terminal”. This command
specifies that you wish to enter configuration mode via the terminal (or console port)
5. Transition from Configuration Mode to Administrator Mode by entering “exit”
6. Transition from a Sub-configuration Mode to Configuration Mode by entering “exit”
7. Transition from any Configuration or Sub-configuration Mode to Administrator Mode by entering “end”

Methodology: (Try this out as pre-lab before the lab)

Powering Up the Devices
1. Plug in the device into a power source, then switch on the power button
2. Ensure that the router is powered up by observing the lights on the front panel

Access the Console for the Switch

We will access the console via the PuTTY terminal application as explained above.
1. When the device has booted, it will display the prompt:
Would you like to …... (Y/N)
This prompt indicates that the device is ready to use and it has loaded up with a blank configuration. If you do
not see this prompt, then the switch or router has loaded a saved configuration from an earlier lab where another
student did not properly clear their work. For now, ask your Lab Supervisor to fix this for you. The question
itself is asking whether or not you wish to use the wizard to configure the Switch (or Router)
2. You should never use the wizard to configure a Cisco device so the correct answer here is “No”. Configuring the
Switch via the wizard requires more knowledge than not using the wizard. When you answer “ No”, the device
may prompt you with another question (depending on the version of the OS): Are you sure....(Y/N)
In this case, the correct answer is “Yes”
3. The device will then print a few more messages to the screen before providing you with a prompt indicating that
you may begin working on the Switch or Router

Device Modes of Operation (for details refer to Part 4 above)

We will now take the time to explore the CLI environment. Use the “enable” (or “ena”), “configure terminal” (or
“conf t”), “exit” and “end” commands to navigate between the three (User/Administrator/Configuration) modes.

Basic configuration for the network device for both Switch and Router)
You will now started to learn how a device (Switch or Router) are configured, verify and Test for what you have done. You
should always verify you work right after the implementation to ease in the testing process happened in later stage.
[7]
TNE10006 Networks and Switching Lab 2

Setting the Device Name

To set the switch name, we need to be in Configuration mode. Enter the following commands:
Switch>ena
Switch#conf t
Switch(config)#hostname ccna_swin
ccna_swin(config)#end
ccna_swin#

Verification Note: after you set the switch’s name using the “hostname” command, the switch name will instantly change
and reflected in the prompt displayed on the screen. The hostname command takes one parameter, the
new name for the switch. This command is exactly the same if you are configuring a router.

Now let’s have a look at the hostname reflected in the current configuration of the switch (in running-configuration file):
ccna_swin#sh run

You can use the space bar to view the configuration one screen at a time or the “Enter” key to scroll through the
configuration one line at a time. Apart from all the default settings in the switch, you will notice the line:
hostname ccna_swin

This is an exact copy of the command you entered in configuration mode. In fact, you can type the entire contents of the
output of “sh run” into a switch to give it the same configuration.

Setting the Message of the Day

The message of the day (MOTD) is displayed to the user when nobody is logged into the device before entering the User
Mode. It can consist of multiple lines and the command for configuring it is the same for routers as for switches.
1. To set the MOTD, we need to be in Configuration mode. Enter the following commands:

ccna_swin#conf t
ccna_swin(config)#banner motd +
********************
** This is Week 2 **
** of CCNA1 **
** at Swinburne **
********************
+
ccna_swin(config)#end
ccna_swin#

2. The '+' is not a required character in that it has to be a '+', it just has to be any character that is NOT present
in the actual MOTD. This is because the “banner motd” command uses this character as a flag to determine
where the end of the actual MOTD is (because it can consist of multiple lines).
3. Observe the MOTD in the current configuration using the “sh run” command (verification)
4. To Test if it is working fine, Let us see the MOTD in action, keep typing “exit” until you are logged out of the
router
5. Now press Enter a few times to log back in, note that the entered MOTD is displayed before you see the prompt
“ccna_swin>”
6. Repeat the above set of commands using a different MOTD and a different special character to mark the
beginning and end of the MOTD

Saving or purging Configurations and Rebooting the Switch

As previously discussed, there is a difference between the switch current configuration ( running-config) and the saved
configuration (startup-config). To verify that there is no saved configuration, you should enter the command “show
startup-config”. We are now going to complete a series of tasks.

We will begin by rebooting the switch. To reboot the switch, enter the following command (same for routers):

[8]
TNE10006 Networks and Switching Lab 2

ccna_swin#reload

The switch may warn you that you have not saved the current configuration and ask if you are sure that you want to reboot
it. Please answer these questions such that the device reboots. The reboot process takes a few minutes to complete, it is the
same as switching the device on, you will have to wait. While you are waiting for the switch to reboot, please configure
your second switch with a hostname and MOTD as per the instructions above.

When the switch has restarted, you should note that it is again asking if you wish to run the configuration wizard, just as
per the start of this lab, again you should answer “No”. Once you have console access to the switch, change to enable
mode and confirm that there is no startup configuration, and all the work you have done up until now is lost:
Switch>ena
Switch#sh startup-config
Switch#sh running-config

On the second trial, do configure the hostname and MOTD and we will now save the most current configuration so that
when the switch reboots, it does so without losing your configuration. To do that, execute the following commands to
save the configuration:

ccna_swin#copy running-config startup-config

ccna_swin#reload

USEFUL TIP: On the Cisco Routers, you can examine the current value of the conf-reg by executing the command
“show version” whilst in Administrator mode. The output of this command will contain basic information about the
router hardware, the current version number of the router OS, and the current value of the conf-reg. It will also tell you if
the conf-reg has been changed since the last reboot.

Now when the switch has rebooted, it will not ask you about running the configuration wizard, instead it will ask you to
press Enter to start using the device. When you press Enter, note that it displays your configured MOTD, and that the
prompt includes the configured hostname. Once you have access to the router, execute “sh run” and “sh start” in
Administrator mode to confirm that both the current and saved configurations are correct and the same.

You have now successfully saved the switch configuration and rebooted the switch without losing any of your work. Note
that if you make any more changes to the configuration, the new changes will not be saved until you execute the “copy
run start” command again. Test this by changing something about the current configuration (either hostname or MOTD)
and then “sh start” and “sh run” to confirm that the outputs are different.

Finally, we will delete the saved configuration, execute the command:

ccna_swin#erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]

Press Enter to confirm deleting the saved configuration, then execute “sh start” to confirm it no longer exists.

WARNING: If you miss-spell “startup-config”, the device will ask you if you wish to delete the FLASH, if you
confirm, this will result in you deleting the OS and the device will no longer be usable. As such, you need to read the
confirmation carefully before confirming. To be sure you have not made a mistake, it is best to type: Switch#erase
sta<tab>
Pressing <tab> will cause the router to complete the filename automatically and without spelling mistakes. If it does not
complete, then you have a spelling mistake in the first three characters.

NOTICE: Saving configurations is very important on a production router or switch. The device forms part of a real
network and in the case of a power outage, you want it to work properly after the power returns. In the lab, saving
configurations only annoys other users who have to use the equipment after you have finished with it. After today's lab,
you should NOT execute “copy run start” again.

USEFUL TIP: Relating to mistyped commands. When you type a word into a Cisco device that is not a command, the
device will assume that you wish to telnet to the device name you typed in. As such, the device will attempt to perform a
DNS lookup on that mistyped command. This will result in the router or switch being unresponsive until the DNS lookup
[9]
TNE10006 Networks and Switching Lab 2

fails (it will fail because your device is not connected to a real network with a functioning DNS server). To stop the DNS
lookup attempt – therefore letting you continue immediately – enter the following in the main configuration mode.
ccna_swin(config)#no ip domain lookup
ccna_swin(config)#end

You can enter the “ip domain lookup” command to re-enable this functionality

Passwords and Securing the Switch

Basic security configuration for the switch is used to restrict access to the switch for configuration purposes. The same
commands outlined below can be used to secure a Cisco router. The Cisco OS provides three levels of passwords:

User Mode Password – Needs to be entered at the console before you can login to the device in User Mode
Administrator Mode Password – Needs to be entered after typing “enable” before entering “Administrator mode
Telnet Password – Needs to be entered when telnetting to the device before your login at the User Mode

These passwords can be the same, or different. By default, they do not exist. There are other passwords that can be
configured on the device to achieve different tasks. In CCNA, we will only concern ourselves with these three passwords.

User Mode (EXEC) Password

To set the User Mode password, enter the following commands (in order):

ccna_swin#configure terminal Enter configuration mode on the device

Configure the device’s console port. We now enter a sub-configuration

mode, noted by the change in prompt to “ccna_swin(config-line)”.
ccna_swin(config)#line console 0 This indicates that we are configuring a terminal line, in this case the
console. The number refers to which console port we are configuring.
The device only has one console port, signified as port 0

Sets the password required to access this terminal in User Mode. In this
ccna_swin(config-line)#password ccna
case the password is set to “ccna”.

Setting the password is not enough, we now have to tell the router that
ccna_swin(config-line)#login the user needs to login by using the password. This is done using the
“login” command.

This exits configuration mode. Alternatively, we could have entered

ccna_swin(config-line)#end “exit”, in which case we would leave the line sub-configuration mode
and returned to the main configuration mode.
ccna_swin#exit Logout of the device, we will now have to hit Enter to login again

Note when you log back in you are asked for a password, you need to enter “ccna” to continue. Use “sh run” to confirm
that the current configuration has your configured password settings. Note that the password is displayed in plaintext.
Anybody who has Administrator access to the switch or router will be able to see the console password.

Change User Mode Password

To change the password, you need to execute the password command again, there can only be one password, and the new
password will replace the old one:

ccna_swin(config)#line console 0
ccna_swin(config-line)#password new_password
ccna_swin(config-line)#end

[10]
TNE10006 Networks and Switching Lab 2

Delete User Mode Password

To delete the password, you need to tell the device there is no password and to stop requiring a password to login:

ccna_swin(config)#line console 0
ccna_swin(config-line)#no password
ccna_swin(config-line)#no login
ccna_swin(config-line)#end

Administrator (Privilege EXEC) Mode Password:

The Administrator password can be set in two ways. One displays the Administrator password as plaintext in the output of
“sh run” (and “sh start” if saved), the other will not show the password as plaintext. We will only discuss setting the
password so that it cannot be read as it is more secure.

To set the Administrator User Mode password, enter the following commands at Global configuration mode:
ccna_swin(config)#enable secret cisco
ccna_swin(config)#exit

The password set will be “cisco”, the word “secret” means that the password will not be displayed when typing “sh
run”, type “sh run” now to confirm you cannot read the password. The password is stored as a hash of the password.
Confirm that the password works by logging out and logging back in again. You should be asked for the User Mode
password (unless you deleted it). You should then be asked for the Administrator password when you enter the “ ena”
command.

Change Administrator Mode Password

To change the Administrator password, you use the “enable secret” command to replace it. As per the User password,
there can only be one:

ccna_swin(config)#enable secret new_password

ccna_swin(config)#exit

Delete Administrator Mode Password

To delete the Administrator password, execute:
ccna_swin(config)#no enable secret
ccna_swin(config)#exit

Configuring Telnet Access to the cisco network devices

Configure the user mode access security on Console 0 on a network device (Switch/Router) as described on above demonstrates
how console access is provided in the Cisco lab by direct cable connection through console terminal connection. However, in
production environments, switches are usually accessed via a console concentrator or simply the Ethernet network connection.
Telnet server is no w req uir ed to be enabled on the switch (or router). When enabled, you can connect to the device using a
telnet application from a remote location. You will be asked for the telnet password which will then drop you into User mode
like a normal console connection. To get to Administrator mode, you will then need to enter the Administrator password (if
one has set).

We can enable the Telnet server on the Switch/Router using the following commands:

[11]
TNE10006 Networks and Switching Lab 2

First, we have to configure the virtual terminal (vty = virtual terminal)

ports on the switch. Cisco network device have virtual terminals (or
virtual consoles), the 0 and 15 signify we wish to configure virtual ports
0 to 15 (all 16 of them). Command “line” indicates a connection. We
ccna_swin (config)#line vty 0 15
will now enter a sub-configuration mode, as noted by the change in
prompt, note this is the same sub-configuration mode as when
configuring the console terminal line.
The Cisco routers only have 5 vty ports, numbered 0 through 4
Next, sets the password required to access this virtual terminal in User
ccna_swin (config-line)#password ccna
Mode. In this case the password is set to “ccna”.
Then, setting the password is not enough, we now have to tell the
device that the user needs to login by using the password. This is
ccna_swin (config-line)#login
done using the “login” command. Without this command, the device will
not work as planned.
Later, you have to let the device know that the connection is for user input
and open only for Telnet communication. Many new generation device
ccna_swin (config-line)#transport input telnet
has default setting of “none” which means nothing can passes through the
line.

Enabling the Telnet server – via both the “password” and “login” commands – immediately allows remote systems to
access the switch via the Telnet port (port 23). You will get a warning that telnet access is not enabled until you also
set the password. On some switches/routers, you will also get a warning when enabling telnet when there is no
Administrator password, you can ignore this warning. When an application connects to TCP port 23 on the device:
• The device will connect the input and output of the TCP connection to the output and input of the first
available vty terminal of the sixteen on the switch (five for the router). All input from the network is sent to
the virtual terminal, all output from the terminal is sent over the network.
• The telnet application on the PC becomes the monitor/keyboard to access the device configuration mode.
• Up to seventeen people can concurrently configure the switch (6 on the router), one on the console port
(Local access) and sixteen via telnet (remote access through Ethernet connection).

Change Telnet Password

To change the password, you need to execute the password command again, there can only be one password, and the new
password will replace the old one:

ccna_swin (config)#line vty 0 15

ccna_swin (config-line)#password new_password
ccna_swin (config-line)#end

Delete User Mode Password

To delete the password, you need to tell the device there is no password and to stop requiring a password to login. Besides,
you should disable the remote access port to prevent hackers attack:

ccna_swin (config)#line vty 0 15

ccna_swin (config-line)#no password
ccna_swin (config-line)#no login
ccna_swin (config-line)#transport input none
ccna_swin (config-line)#end

NOTICE: Passwords are an extremely important feature on a production switch or router for security purposes. In the lab,
passwords are annoying, especially as the router will automatically log you out if you haven't configured it for some time.

[12]
TNE10006 Networks and Switching Lab 2

In the lab exams there is a requirement NOT to use console or enable passwords. After today's lab, you should NOT set
any passwords on a switch or router again.

USEFUL TIP: To stop the switch from logging you out, you can enter the following in the console line sub-configuration
mode:

ccna_swin(config-line)#exec-timeout 0 0
ccna_swin(config-line)#end

Numbers other than zero signify how long the device will wait with no activity before logging out the user. Zero
values tell the device not to log the user out automatically

Configuring the Ethernet Interfaces

We will now configure the Ethernet interfaces on the switch. We will also connect the PCs (reference to Lab 1) to the
switch and confirm that the switch and the PCs can ping each other. Note that there are 24 Fast-Ethernet ports on the
switch, these are called Fa0/1 through to Fa0/24. All the ports are free to plug in an Ethernet cable.

For this lab we are going to connect the PC1 to the Fa0/8 interface and PC2 to the Fa0/24 interface. PC1 will be
configured with the IP address (192.168.0.8 255.255.255.0) and PC2 with the IP address (192.168.0.24 255.255.255.0).

Question: What other IP addresses will be in the LAN running on the switch?

View the status of the Network Ports (connected interface)

To discover the names of the network interfaces on your switch, execute the command “show ip interface brief”. The
switch will list all network interfaces along with a brief summary of their state. Among the interfaces displayed, note that
the switch interface names are actually in the format “FastEthernet 0/1”. It is allowable to call an interface by its full
name, or, as per other commands, you can name it with just enough details such that the name is unambiguous. Fast
Ethernet interfaces are the only ones that begin with an “f”. As such, you can call the interfaces f0/8 and f0/24 on the
switch, note that these can be entered with or without a space between the “ f” and the interface numbers. This command
can be a handy “tool” used to examine or verify if a particular port is functioning normal or abnormal. For example, if the
connection is done but the port status shows a “down”, it will mean something is wrong.

How to read the port status from the table

When executing this command (show ip interface brief), pay careful attention to the interface status on your
configured ports. Note that the f0/1 interface is “Administratively down” and that the Protocol is also “down”. This is
because you disabled the interface.

What do the two status fields mean?

Interface Status
If displaying “Administratively down”, then you have entered the “shutdown” command on this interface
(interface disabled). If “up”, then the interface is enabled

Protocol Status
Indicates the Layer 2 status of the interface. “down” indicates that the Layer 2 network is not functional, while
“up” means that all is OK. For an Ethernet network, the Layer 2 network does not need any configuration other
than turning the Interface on, so if the protocol is down, that means there is nothing plugged into the Interface,
or whatever is plugged into the Interface is switched off. When we look at Serial Interfaces, we will see that we
need to configure Layer 2 settings to make the Interface come up.
Due to the nature of how the switch operates, it is highly unlikely you will see anything other than the following
combinations of status:

So, in this case, you will see 3 possibilities:

Interface status Protocol status Meaning
[13]
TNE10006 Networks and Switching Lab 2

Indicates that the port has been disabled and

Administratively Down Down
cannot be used
Indicates that the port is enabled but there is no
device connected to this port. This is either
because the port does not have a cable in it, or
Down Down
there is a cable, but the other end of the cable is
either not attached or the device at the other end
of the cable is switched off
Indicates that the port has an active device
Up Up
connected to it

Configure a network interface – disable a port

Unlike a Cisco Router where all interfaces are turned off by default, all interfaces on a Switch are enabled by default. For
security purposes, let’s disable interface FastEthernet0/1:

ccna_switch(config)#interface f0/1
ccna_switch(config-if)#shutdown
ccna_switch(config-if)#end
Enter the interface sub-configuration mode for the interface f0/1. This is
indicated by the change in prompt.
Disable the interface. To re-enable it, enter the command “no shutdown”
Exit back to Administrator mode

Enable an interface (port)

To enable a network interface, execute the following commands:

ccna_switch(config)#interface f0/1
ccna_switch(config-if)#no shutdown
ccna_switch(config-if)#end

Configure a description to an interface for reference purpose

Now let’s configure an Interface description on f0/24. This has nothing to do with the functioning of the switch but is
used to tell the switch administrator what type of network the Interface is connected tor (eg. “Connected to Student LAN”
or “Connection to Core Switch”). This can be particularly useful if the switch services many VLANs and performs
multiple functions. To set the description on an interface, use the command.

ccna_switch(config)interface f0/24
ccna_switch(config-if)#description Connected to PC2
ccna_switch(config-if)#end

Verification Note: The interface configuration can be verified through viewing the running-configuration file, “sh run” at
Administrator Mode. Now look at the output of “sh run”. Note that the interface is configured with
the description. Note that if an interface is disabled, then “ sh run” will output “shutdown”, but if it is
enabled, “no shutdown” will be displayed in the output.

Connecting the PCs

Start both PC1 and PC2, connect PC2 to f0/24 of the Switch you have configured and PC1 to f0/8. Once the Ethernet PC
is connected the Protocol status of f0/8 should change to “up”.

Now configure the IP addresses of the two PCs as specified in the previous section.
1. From PC2, try to ping PC1 – ping 192.168.0.8
2. From PC1, try to ping PC2 – ping 192.168.0.24
What you get? What does it mean?

[14]
TNE10006 Networks and Switching Lab 2

Configuring the Switch Management Interface (virtual)

In a real environment, we want to be able to communicate with the switch remotely. This saves effort in having to
physically access the device whenever we want to reconfigure it. We will consider remote access in next week’s lab,
however in order for remote access to work, the switch (or other network device) must be allocated an IP address.

Unlike network layer devices, a Switch only needs one IP address, and it is theoretically reachable on all its interfaces but
not actually allocated to a physical interface. On Cisco devices, this is done by configuring the Management Interface.
You will have noticed when you previously ran the “sh ip int brief” command that an interface called “VLan1”
existed. This virtual interface is the management interface on the switch.

NOTICE: By default, Cisco Switches connect all ports to VLAN1 and run the management interface on VLAN1 as well.
Later in the semester we will discover how to create multiple VLANs and how to move the management interface and the
physical interfaces to a different VLAN. For now, we will keep things simple and just use VLAN1.

Let’s set the IP address on the management interface to 192.168.0.1/24. Why can’t we use 192.168.57.1? (refer to the PPT
note given on CANVAS in week 1 to figure out the issue)

Execute the commands:

ccna_switch(config)interface VLan1
ccna_switch(config-if)#ip address 192.168.0.1 255.255.255.0
ccna_switch(config-if)#end

You should now be able to ping the switch via the management interface IP address from either of your two PCs.
Similarly, you should also be able to run the ping command from the switch interface to ping your PCs. If you are unable
to do this, please try and troubleshoot before asking the instructor.

Change and delete the IP Address and interface description on a virtual interface
There can only be one IP Address on an interface, this includes the management interface. To modify a configured IP
address, you enter the “ip address” command again. To un-configure the interface, you can execute the “no ip address”
command in the Interface sub-configuration mode. Similarly, you can change the interface description by re-executing the
“description” command and delete a description by typing the “no description” command.

Cleaning Up
If you have finished, feel free to continue exploring the user interface of the switch and the commands you have
learnt. When you are ready to finish, make sure you complete the following steps:
1. Clear the switch configuration with “erase sta<tab>” and make sure the switch is clean with “sh start”
2. Unplug all cables from the switches and return them
3. Return the switches and cables where you took them from initially.

Chapter Challenge:
(1) Reboot the Switch with default configuration.
(2) Set hostname of the switch to SWINBURNE01
(3) Add the MOTD.
(4) Configure the console line with EXEC level password – CCNA1TUT
(5) Configure the Telnet access with a password – CCNA_TEL
(6) Assign a PRIVILEGE EXEC level password to the device – AUTH0123
(7) Encrypt the passwords for console and telnet link. (find the command using command “?”. It is not
inside the text above – search through the internet).
(8) Shutdown ports 3,4,9,17-24.
(9) Put a description on each interface.
(10) Verify the configuration and save it to the permanent storage in the switch.
(11) Reboot the switch and verify again if all your configuration is still intact.
(12) Verify the telnet access to the switch so that you can access the CLI.

Draw a reflection on your work.

[15]