Lab Instructions

Computer
Networks
Products
Lecturer:
Dr Hamidreza Bagheri

York St John University

School of Science, Technology and Health

2024-2025
 Creating a Simple Topology
The Cisco IOS user interface is divided into many different modes. The commands
available to you depend on which mode you are currently in. Enter a question mark
(?) at the system prompt to obtain a list of commands available for each command
mode.
You can start a CLI session through a console connection, through Telnet, an SSH, or
by using the browser.
When you start a session, you begin in user mode, often called user EXEC mode. Only
a limited subset of the commands is available in user EXEC mode. For example, most
of the user EXEC commands are one-time commands, such as show commands, which
show the current configuration status, and clear commands, which clear counters or
interfaces. The user EXEC commands are not saved when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you
must enter a password to enter privileged EXEC mode. From this mode, you can enter
any privileged EXEC command or enter global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to
the running configuration. If you save the configuration, these commands are stored
and used when the switch reboots. To access the various configuration modes, you
must start at global configuration mode. From global configuration mode, you can
enter interface configuration mode and line configuration mode.

This table describes the main command modes, how to access each one, the
prompt you see in that mode, and how to exit the mode.

Mode Access Method Prompt Exit Method About This Mode

User EXEC Begin a session Switch> Enter logout or quit. Use this mode to
using Telnet,
• Change
SSH, or console.
terminal
settings.
• Perform basic
tests.
• Display system
information.

Privileged While in user Switch# Enter disable to exit. Use this mode to
EXEC EXEC mode, verify commands
enter that you have
the enable com entered. Use a
mand. password to
protect access to
this mode.

1|Page
Mode Access Method Prompt Exit Method About This Mode

Global While in Switch(config)# To exit to privileged Use this mode to

configuration privileged EXEC EXEC mode, configure
mode, enter enter exit or end, or parameters that
the configure com press Ctrl-Z. apply to the
mand. entire switch.

VLAN While in global Switch(config- To exit to global Use this mode to

configuration configuration vlan)# configuration mode, configure VLAN
mode, enter enter parameters. When
the vlan vlan- the exit command. VTP mode is
id command. transparent, you
To return to
can create
privileged EXEC mode,
extended-range
press Ctrl-Z or
VLANs (VLAN IDs
enter end.
greater than 1005)
and save
configurations in
the switch startup
configuration file.

Interface While in global Switch(config-if)# To exit to global Use this mode to

configuration configuration configuration mode, configure
mode, enter enter exit. parameters for the
the interface com Ethernet ports.
To return to
mand (with a
privileged EXEC mode,
specific interface).
press Ctrl-Z or
enter end.

Line While in global Switch(config-line)# To exit to global Use this mode to

configuration configuration mode, configuration mode, configure
specify a line with enter exit. parameters for the
the line vty or line terminal line.
To return to
console command
privileged EXEC mode,
press Ctrl-Z or
enter end.

Source:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/consol
idated_guide/b_consolidated_3850_3se_cg_chapter_01.html

2|Page
 Configuring Initial Switch Settings
Objectives
Part 1: Verify the Default Switch Configuration
Part 2: Configure a Basic Switch Configuration
Part 3: Configure a MOTD Banner
Part 4: Save Configuration Files to NVRAM
Part 5: Configure S2

Background
In this activity, you will perform basic switch configurations. You will get secure
access to the CLI and console ports using encrypted and plain text passwords. You
will also learn how to configure messages for users logging into the switch. These
banners are also used to warn unauthorized users that access is prohibited.

Part 1: Verify the Default Switch Configuration

Step 1: Enter Privileged Mode

You can access all switch commands from privileged mode. However, because many
of the privileged commands configure operating parameters, privileged access should
be password-protected to prevent unauthorized use.

The privileged EXEC command set includes those commands contained in user EXEC
mode, as well as the configure command through which access to the remaining
command modes are gained. Design the below topology.

3|Page
a. Click S1 and then the CLI tab. Press Enter

b. Enter privileged EXEC mode by entering the enable command:

Switch> enable
Switch#

Notice that the prompt changed in the configuration to reflect privileged EXEC mode.

Step 2: Examine the current switch configuration.

a. Enter the show running-config command.

Switch# show running-config

b. Answer the following questions:

1) How many FastEthernet interfaces does the switch have? 24

2) How many Gigabit Ethernet interfaces does the switch have? 2
3) What is the range of values shown for the vty lines? 0 -15
4) Which command will display the current contents of non-volatile random-
access memory (NVRAM)? show startup-configuration
5) Why does the switch respond with startup-config is not present? It displays
this message because the configuration file was not saved to NVRAM.
Currently it is only located in RAM.

Part 2: Create a Basic Switch Configuration.

Step 1: Assign a name to a switch.

To configure parameters on a switch, you may be required to move between various

configuration modes. Notice how the prompt changes as you navigate through the
switch.

Switch# configure terminal

Switch(config)# hostname S1
S1(config)# exit
S1#

Step 2: Secure access to the Console Line.

4|Page
To secure access to the console line, access config-line mode and set the console
password to ‘letmein’.

S1# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

S1(config)# line console 0

S1(config-line)# password letmein
S1(config-line)# login
S1(config-line)# exit
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#

Answer the following question:

1) Why is the login command required? In order for the password checking
process to work, it requires both login and password commands.

Step 3: Verify that console access is secured.

Exit privileged mode to verify that the console port password is in effect.

S1# exit

Switch con0 is now available. Press RETURN to get started.

User Access Verification

Password:[enter the password you entered above, letmein]
S1>

Note: If the switch did not prompt you for a password, then you did not configure the
login parameter in Step 2.

Step 4: secure privileged mode access.

Set the enable password to c1$c0. This password protects access to privileged mode.

Note: The 0 in c1$c0 is a zero, not a capital O. This password will not grade as correct
until after you encrypt it in Step 8.

5|Page
 S1> enable
S1# configure terminal
S1(config)# enable password c1$c0
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#

Step 5: Verify that privileged mode access is secure.

a. Enter the exit command again to log out of the switch.

b. Press and you will now be asked for a password:

User Access Verification

Password:

c. The first password is the console password you configured for line con 0. Enter
this password to return to user EXEC mode.

d. Enter enable command to access privileged mode.

e. Enter the second password you configured to protect privileged EXEC mode.

f. Verify your configurations by examining the contents of the running-

configuration file:

S1# show running-configuration

Notice how the console and enable passwords are both in plain text. This could pose
a security risk if someone is looking over your shoulder.

Step 6: Configure an encrypted password to secure access to privileged mode.

The enable password should be replaced with the newer encrypted secret password
using the enable secret command.

Set the enable secret password to ‘itsasecret’.

S1# config t

S1(config)# enable secret itsasecret

S1(config)# exit

6|Page
 S1#

Note: The enable secret password overrides the enable password. If both are
configured on the switch, you must enter the enable secret password to enter
privileged EXEC mode.

Step 7: verify that the enable secret password is added to the configuration file.

a. Enter the show running-configuration command again to verify the new enable
secret password is configured.

Note: You can abbreviate show running-configuration as

S1# show run

b. What is displayed for the enable secret password?

$1$mERr$ILwq/b7kc.7X/ejA4Aosn0

c. Why is the enable secret password displayed differently from what we

configured? The enable secret is shown in encrypted form, whereas the enable
password is in plain text.

Step 8: Encrypt the enable and console passwords.

As you noticed in Step 7, the enable secret password was encrypted, but the enable
and console passwords were still in plain text. We will now encrypt these plain text
passwords using the service password-encryption command.

S1# config t
S1(config)# service password-encryption
S1(config)# exit

If you configure any more passwords on the switch, will they be displayed in the
configuration file as plain text or in encrypted form? Explain why? The service
password-encryption command encrypts all current and future passwords.

Part 3: Configure a MOTD Banner

Step 1: Configure a message of the day (MOTD) banner.

The Cisco IOS command set includes a feature that allows you to configure messages
that anyone logging onto the switch sees. These messages are called message of the

7|Page
day, or MOTD banners. Enclose the banner text in quotations or use a delimiter
different from any character appearing in the MOTD string.

S1# config t
S1(config)# banner motd “This is a secure system.
Authorized Access Only!”
S1(config)# exit
%SYS-5-CONFIG_I: Configured from console by console
S1#

When will this banner be displayed? The message will be displayed when someone
enters the switch through the console port.

Why should every switch have a MOTD banner? Every switch should have a banner
to warn unauthorized users that access is prohibited but can also be used for sending
messages to network personnel/technicians (such as impending system shutdowns
or who to contact for access)

Part 4: Save Configuration Files to NVRAM

Step 1: Verify that the configuration is accurate using the show run command.

Step 2: Save the configuration file.

You have completed the basic configuration of the switch. Now back up the running
configuration file to NVRAM to ensure that the changes made are not lost if the system
is rebooted or loses power.

S1# copy running-config startup-config

Destination filename [startup-config]? [Enter] Building
configuration…
[OK]

Abbreviated version of the copy running-config startup-config command? cop r s

Step 3: Examine the startup configuration file.

Which command will display the contents of NVRAM? show startup-config

8|Page
Are all the changes that were entered recorded in the file? Yes, it is the same as the
running configuration.

Part 5: Configure S2

You have completed the configuration on S1. You will now configure S2. If you cannot
remember the commands, refer to Parts 1 to 4 for assistance.

Configure S2 with the following parameters:

a. Name device: S2

b. Protect access to the console using the ‘letmein’ password.

c. Configure an enable password of c1$c0 and an enable secret password of

‘itsasecret’.

d. Configure a message to those logging into the switch with the following message:

Authorized access only. Unauthorized access is prohibited,

and violators will be prosecuted to the full extent of the
law.

e. Encrypt all plain text passwords.

f. Ensure that the configuration is correct.

g. Save the configuration file to avoid loss if the switch is powered down.

Switch> enable
Switch# config t
Enter configuration commands, one per line. End with
CNTL/Z.
Switch(config)# hostname S2
S2(config)# line console 0
S2(config-line)# password letmein
S2(config-line)# login
S2(config-line)# enable password c1$c0
S2(config)# enable secret itsasecret

9|Page
S2(config)# banner motd $any text here$
S2(config)# service password-encryption
S2(config)# do copy running-config startup-config

10 | P a g e