Activity 1: Switching Concepts and Configuration

Name:
Date/Time:

Objectives:
 Configure Devices and Verify Connectivity
 Gather Information with Show Commands

Topology:

UTP Straight-Through Cables

Figure 1 Network Topology

Materials and Equipment:

 1 unit – 4321 Router
 2 units – 2960 Switch
 2 units – Desktop PC (Generic)

Addressing Table:
Interfac
Device e IP Address Subnet Mask Default Gateway
G0/0/0 10.10.10.1 255.255.255.0 N/A
Router
G0/0/1 10.10.20.1 255.255.255.0 N/A
SW1 VLAN1 10.10.10.2 255.255.255.0 10.10.10.1
SW2 VLAN1 10.10.20.2 255.255.255.0 10.10.20.1
PC1 NIC 10.10.10.10 255.255.255.0 10.10.10.1
PC2 NIC 10.10.20.10 255.255.255.0 10.10.20.1

Background:
In this activity, you will configure SW1, SW2, and Router with basic settings, including IP addressing. Once you
have successfully verified connectivity, you will use show commands to gather information about the network.

Configure Devices and Verify Connectivity

Step 1: Build the topology as shown in figure 1.
Step 2: Configure addressing on PC1 and PC2.
a. Configure the IP Addresses of PC1 and PC2
For PC1:
1. Click on the PC1 icon.
 2. Click on the “Desktop” tab.
3. Click on “IP Configuration” to open the UI shown in figure 2.
4. In the “IP Address” field, enter the IP address for PC1 from the Addressing table.
5. In the “Subnet Mask” field, enter the subnet mask for PC1 from the Addressing table.
6. In the “Default Gateway” field, enter the default gateway for PC1 from the Addressing table.
7. Your changes are automatically saved. You may close the UI.

Figure 2 PC UI

For PC2:
1. Click on the PC2 icon.
2. Click on the “Desktop” tab.
3. Click on “IP Configuration” to open the UI shown in figure 3.
4. In the “IP Address” field, enter the IP address for PC2 from the Addressing table.
5. In the “Subnet Mask” field, enter the subnet mask for PC2 from the Addressing table.
6. In the “Default Gateway” field, enter the default gateway for PC2 from the Addressing table.
7. Your changes are automatically saved. You may close the UI.

Figure 3 PC2 UI

Step 3: Configure SW1 and SW2

For SW1:
a. Enter privileged mode.
 You can access all switch commands from privileged mode. However, because many of the
privileged commands configure operating parameters, privileged access should be password-
protected to prevent unauthorized use.

The privileged EXEC command set includes those commands contained in user EXEC mode, as
well as the configure command through which access to the remaining command modes are
gained.
1. Click SW1 and then the CLI tab. Press Enter.

2. Enter the privileged EXEC mode by entering the enable command.

Switch>enable
Switch#

3. Examine the current switch configuration.

Switch#show running-config

4. Answer the questions.

i. How many FastEthernet interfaces does the switch have?
ii. How many Gigabit Ethernet interfaces does the switch have?
iii. What is the range of values shown for the vty lines?
iv. Which command will display the current contents of non-volatile random-access memory
(NVRAM)?
v. Why does the switch respond with startup-config is not present?
5. Assign a name to a switch.
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#exit
SW1#

6. Secure access to the console line.

To secure access to the console line, access config-line mode and set the console password to
“catsu”.
 SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#line console 0
SW1(config-line)#password catsu
SW1(config-line)#login
SW1(config-line)#exit
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by consoleSW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console

7. Answer the question.

vi. Why is the login command required?
8. Verify that console access is secured. Exit privileged mode to verify that the console port
password is in effect.
Switch#exit

SW1>enable
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#enable password cict
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console

9. Secure privileged mode access. Set the enable password to “cict”. This password protects
access to privileged mode.
SW1>enable
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#enable password cict
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console

10. Verify that privileged mode access is secure.

i. Enter the exit command again to log out of the switch.
ii. Press and you will now be asked for a password:
User Access Verification

Password:
iii. The first password is the console password you configured for line con 0. Enter this
password to return to user EXEC mode.
iv. Enter the command to access privileged mode.
v. Enter the second password you configured to protect privileged EXEC mode.
vi. Verify your configurations by examining the contents of the running-configuration file:
SW1#show running-config
Notice how the console and enable passwords are both in plain text. This could pose a
security risk if someone is looking over your shoulder.
11. Configure an encrypted password to secure access to privileged mode.
The enable password should be replaced with the newer encrypted secret password using the
enable secret command. Set the enable secret password to “itp831”.
 SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#enable secret itp831
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console

The enable secret password overrides the enable password. If both are configured on the
switch, you must enter the enable secret password to enter privileged EXEC mode.
12. Verify that the enable secret password is added to the configuration file.
i. Enter the show running-configuration command again to verify the new enable secret
password is configured.
13. Answer the questions.
vii. What is displayed for the enable secret password?
viii. Why is the enable secret password displayed differently from what we configured?
14. Encrypt the enable and console passwords.
As you noticed, the enable secret password was encrypted, but the enable and console
passwords were still in plain text. We will now encrypt these plain text passwords using the
service password-encryption command.
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#service password-encryption
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console

15. Answer the question.

ix. What is displayed for the enable password?
x. If you configure any more passwords on the switch, will they be displayed in the
configuration file as plain text or in encrypted form? Explain why?
16. Configure a message of the day (MOTD) banner.
The Cisco IOS command set includes a feature that allows you to configure messages that
anyone logging onto the switch sees. These messages are called message of the day, or MOTD
banners. Enclose the banner text in quotations or use a delimiter different from any character
appearing in the MOTD string.
SW1#config t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#banner motd "Authorized Access Only! Unauthorized access is prohibited and
violators will be prosecuted to the full extent of the law."
SW1(config)#exit
SW1#
%SYS-5-CONFIG_I: Configured from console by console
17. Answer the questions.
xi. When will this banner be displayed?
xii. Why should every switch have a MOTD banner?
18. Save Configuration Files to NVRAM.
i. Verify that the configuration is accurate using the show run command.
ii. Save the configuration file.
You have completed the basic configuration of the switch. Now back up the running
configuration file to NVRAM to ensure that the changes made are not lost if the system is
rebooted or loses power.
SW1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
SW1#
19. Answer the questions.
xiii. Which command will display the contents of NVRAM?
 xiv. Are all the changes that were entered recorded in the file?
For SW2:
Configure SW2 with the following parameters:
a. Name device: SW2
b. Protect access to the console using the “catsu” password.
c. Configure an enable password of “cict” and an enable secret password of “itp831”.
d. Configure a message to those logging into the switch with the following message:
Authorized Access Only! Unauthorized access is prohibited and violators will be prosecuted
to the full extent of the law.
e. Encrypt all plain text passwords.
f. Ensure that the configuration is correct.
g. Save the configuration file to avoid loss if the switch is powered down.
Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW2
SW2(config)#line console 0
SW2(config-line)#password catsu
SW2(config-line)#login
SW2(config-line)#enable password cict
SW2(config)#enable secret itp831
SW2(config)#banner motd "Authorized Access Only! Unauthorized access is prohibited
and violators will be prosecuted to the full extent of the law."
SW2(config)#service password-encryption
SW2(config)#exit
SW2#copy run st
Destination filename [startup-config]?
Building configuration...
[OK]
SW2#
Step 4: Apply basic configuration to Router
a. Using the following information and the Addressing Table, configure RTA:
 Hostname and banner
 Line passwords set to “catsu”; encrypted password set to “cict”.
 IP addressing and descriptions on LAN interfaces
 Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R
R(config)#banner motd "Authorized Access Only! Unauthorized access is prohibited
and violators will be prosecuted to the full extent of the law."
R(config)#line con 0
R(config-line)#pass catsu
R(config-line)#login
R(config-line)#line vty 0 15
R(config-line)#pass catsu
R(config-line)#login
R(config-line)#enable secret cict
R(config)#int g0/0/0
R(config-if)#ip address 10.10.10.1 255.255.255.0
R(config-if)#no shut

R(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0, changed

state to up

R(config-if)#int g0/0/1
R(config-if)#ip address 10.10.20.1 255.255.255.0
R(config-if)#no shut

R(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed

state to up

R(config-if)#exit
R(config)#exit
R#
%SYS-5-CONFIG_I: Configured from console by console

R#copy ru st
Destination filename [startup-config]?
Building configuration...
[OK]
R#

b. Gather information from show interface command output.

Issue each of the following commands and then answer the questions:
R#show ip interface brief
R#interfaces
R#ip interface
xv. Which commands display the status of the port?
xvi. Which command shows only the IP address (no subnet mask or prefix)?
xvii. Which command displays the description configured on the interface?
xviii. Which command displays the IP broadcast address?
xix. Which command displays the MAC address of the interface?
c. Gather information from show ip route command output.
Issue each of the following commands and then answer the questions:
R#show ip route
R#show ip route connected
xx. How many networks are known by the router based on the output of the show ip route
command?
xxi. What does the L at the beginning of the lines within the routing table represent?
xxii. What does the /32 prefix listed in the route table indicate?