Cisco Networking/CCENT/Remote Management

From Wikiversity
Jump to navigation Jump to search

This lesson covers remote management, including over WANs with serial connections.

Objectives and Skills[edit | edit source]

Objectives and skills for the WANs portion of Cisco CCENT certification include:[1]

  • Select the components required to meet a given network specification
  • Predict the data flow between two hosts across a network
  • Configure and verify utilizing the CLI to set basic Router configuration
    • Console & VTY logins
    • Interface IP Address
      • loopback
  • Configure and verify initial switch configuration including remote access management
  • Verify network status and switch operation using basic utilities such as
    • ping
    • telnet
    • SSH

Readings[edit | edit source]

  1. Wikipedia: Out-of-band management
  2. Wikipedia: Wide area network
  3. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  4. Cisco: Configuring Secure Shell on Routers and Switches Running Cisco IOS
  5. Cisco: WAN Technologies

Multimedia[edit | edit source]

  1. YouTube: Setting Console and VTY Passwords
  2. YouTube: Router Configuration
  3. YouTube: Configure the Serial Interface of a Cisco Router
  4. YouTube: SSH and CLI Tips

Examples[edit | edit source]

Line Configuration[edit | edit source]

show line[edit | edit source]

To display parameters of a terminal line, use the show line command in EXEC mode.[2]

show line [line-number | aux | console | summary]

line[edit | edit source]

To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[3]

line <aux | console | tty | vty> <line-number> [ending-line-number]
line console 0
line aux 0
line vty 0 4

Command Sequence[edit | edit source]

A command sequence to configure line access with passwords might be similar to the following.

enable
show line

configure terminal
line console 0
password letmein
login
exit

line aux 0
password dialin
login
exit

line vty 0 4
password telnetssh
login
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

A command sequence to configure line access with usernames and passwords might be similar to the following.

enable
configure terminal

username admin1 password secret1
username admin2 password secret2

line console 0
login local
exit

line aux 0
login local
exit

line vty 0 4
login local
exec-timeout 5
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

Interface Configuration[edit | edit source]

show ip interface[edit | edit source]

To display the usability status of interfaces that are configured for IP, use the show ip interface command.[4]

show ip interface

show ip interface brief[edit | edit source]

To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.[5]

show ip interface brief

shutdown[edit | edit source]

Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.[6]

shutdown
no shutdown

ip address[edit | edit source]

To assign an IP address and subnet mask to an interface, use the ip address command.[7]

ip address <address> <mask>

interface loopback[edit | edit source]

To specify a loopback interface and enter interface configuration mode, use the interface loopback in global configuration mode. A loopback interface is a virtual interface that is always up and allows selected protocols to stay up even if other interfaces are down.[8]

interface loopback <number>
interface loopback 0

clock rate[edit | edit source]

To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode. The desired clock rate, in bits per second (bps) may be: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 2000000, 4000000, or 8000000.[9]

clock rate <rate>
clock rate 64000

bandwidth[edit | edit source]

To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.[10]

bandwidth <kilibits>
bandwidth 64

encapsulation[edit | edit source]

To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.[11]

encapsulation < frame-relay | hdlc | ppp | slip >
encapsulation ppp

Command Sequence[edit | edit source]

A command sequence to assign interface ip addresses would be similar to the following.

enable
show ip interface brief

configure terminal
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
exit

interface Serial0/0
ip address 192.168.2.1 255.255.255.0
clock rate 56000
encapsulation ppp
no shutdown
exit

interface loopback 0
ip address 192.168.255.1 255.255.255.255
exit
exit

show ip interface brief
exit

SSH Configuration[edit | edit source]

crypto key generate rsa[edit | edit source]

To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.[12]

crypto key generate rsa
1024

ip ssh version[edit | edit source]

To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode. If this command is not configured, SSH operates in compatibility mode, that is, Version 1 and Version 2 are both supported.[13]

ip ssh version < 1 | 2 >
ip ssh version 2

transport input[edit | edit source]

To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.[14]

transport input <protocol>
transport input telnet
transport input ssh
transport input telnet ssh

Command Sequence[edit | edit source]

A command sequence to configure SSH access might be similar to the following.

enable
configure terminal

hostname router
ip domain-name example.com

crypto key generate rsa
1024
ip ssh version 2

username admin password cisco

line vty 0 4
login local
transport input ssh
exit
exit

show running-config
exit

Status[edit | edit source]

ping[edit | edit source]

To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.[15]

ping <host-name | system-address>
ping 192.168.1.1

Remote Management[edit | edit source]

telnet[edit | edit source]

To log in to a host that supports Telnet, use the telnet command in EXEC mode.[16]

telnet <host> [port]
telnet 192.168.1.1

ssh[edit | edit source]

To start an encrypted session with a remote networking device, use the ssh user EXEC command.[17]

ssh [-l userid] [-c {des | 3des}] [-p portnum] <ipaddr | hostname>
ssh -l admin 192.168.1.1

Activities[edit | edit source]

  1. Configure router aux line password security.
    Cisco CCENT Router.png
    1. Add a router to a new GNS3 project and start the device.
    2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • line aux 0
      • password
      • login
      • exit
    3. Verify the configuration using the following command.
      • show running-config
    4. Exit the router console session and open a console on the aux line to test the configuration.
  2. Configure router IP addresses.
    Cisco CCENT Router.png
    1. Add a router to a new GNS3 project and start the device.
    2. Set the router IP addresses and subnet masks using the following commands.
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
      • enable
      • configure terminal
      • show ip interface brief
      • interface <interface>
      • ip address <address> <subnet>
      • no shutdown
      • exit
    3. Verify the configuration using the following commands.
      • show running-config
      • show ip interface brief
  3. Connect a second router to the first router from above and configure IP addresses.
    Cisco CCENT 2 Routers.png
    1. Add a router to the GNS3 project above and start the device.
    2. Add a link to connect the following.
      • R1 FastEthernet0/0 <-> R2 FastEthernet0/0
    3. Set the following IP addresses and subnet masks.
      • R2 FastEthernet0/0: 192.168.1.2 255.255.255.0
      • R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
    4. If using serial ports for the connection, use the following commands if necessary.
      • clock rate
      • encapsulation
    5. Verify the configuration using the following commands on both routers.
      • show ip interface brief
      • ping
  4. Configure router vty username and password security.
    Cisco CCENT 2 Routers.png
    1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • username
      • line vty 0 4
      • login local
      • exit
    2. Verify the configuration using the following command on both routers.
      • show running-config
    3. Test the configuration using the following command to remotely manage one router from the other.
      • telnet
  5. Configure router SSH access.
    Cisco CCENT 2 Routers.png
    1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • hostname
      • ip domain-name
      • crypto key generate rsa
      • ip ssh version 2
      • line vty 0 4
      • transport input ssh
    2. Verify the configuration using the following command on both routers.
      • show running-config
    3. Test the configuration using the following command to verify that telnet access is no longer supported.
      • telnet
    4. Test the configuration using the following command to remotely manage one router from the other.
      • ssh

Lesson Summary[edit | edit source]

  • Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).[18]
  • Console ports are used for direct local system access using a console terminal.[19]
  • Auxiliary ports are used for out-of-band management through a modem connection.[20]
  • Virtual lines are used for inbound Telnet or SSH connections over a network connection.[21]
  • Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line.[22] Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
  • To display parameters of a terminal line, use the show line command in EXEC mode.[23]
  • To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[24]
  • To display the usability status of interfaces that are configured for IP, use the show ip interface command.[25]
  • To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.[26]
  • Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.[27]
  • To assign an IP address and subnet mask to an interface, use the ip address command.[28]
  • To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.[29]
  • To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.[30]
  • To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.[31]
  • To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.[32]
  • To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.[33]
  • To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.[34]
  • To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.[35]
  • To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.[36]
  • To log in to a host that supports Telnet, use the telnet command in EXEC mode.[37]
  • To start an encrypted session with a remote networking device, use the ssh user EXEC command.[38]

Key Terms[edit | edit source]

out-of-band management
The use of a dedicated channel for managing network devices.[39]
Secure Shell (SSH)
A cryptographic network protocol to allow remote login and other network services to operate securely over an insecure network.[40]
Telnet
A session layer protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.[41]

Review Questions[edit | edit source]

Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Cisco IOS supports line connections for _____.
    Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).
  2. Console ports are used for _____.
    Console ports are used for direct local system access using a console terminal.
  3. Auxiliary ports are used for _____.
    Auxiliary ports are used for out-of-band management through a modem connection.
  4. Virtual lines are used for _____.
    Virtual lines are used for inbound Telnet or SSH connections over a network connection.
  5. Historically, serial ports were used to support WAN connections over a variety of technologies, including: _____. Many WAN connectivity devices now support _____ rather than requiring serial ports.
    Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line. Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
  6. To display parameters of a terminal line, use _____.
    To display parameters of a terminal line, use the show line command in EXEC mode.
  7. To identify a specific line for configuration and enter line configuration collection mode, use _____.
    To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.
  8. To display the usability status of interfaces that are configured for IP, use _____.
    To display the usability status of interfaces that are configured for IP, use the show ip interface command.
  9. To display the usability status of interfaces configured for various IP addresses, use _____.
    To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.
  10. Use the _____ interface configuration command to disable an interface. Use the _____ form of this command to restart a disabled interface.
    Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.
  11. To assign an IP address and subnet mask to an interface, use _____.
    To assign an IP address and subnet mask to an interface, use the ip address command.
  12. To specify a loopback interface and enter interface configuration mode, use _____.
    To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.
  13. To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use _____.
    To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.
  14. To set and communicate the current bandwidth value for an interface to higher-level protocols, use _____.
    To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.
  15. To set the encapsulation method used by the interface, use _____.
    To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.
  16. To generate Rivest, Shamir, and Adelman (RSA) key pairs, use _____.
    To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.
  17. To specify the version of Secure Shell (SSH) to be run on a router, use _____.
    To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.
  18. To define which protocols to use to connect to a specific line of the router, use _____.
    To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.
  19. To diagnose basic network connectivity on a variety of networks, use _____.
    To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.
  20. To log in to a host that supports Telnet, use _____.
    To log in to a host that supports Telnet, use the telnet command in EXEC mode.
  21. To start an encrypted session with a remote networking device, use _____.
    To start an encrypted session with a remote networking device, use the ssh user EXEC command.

Assessments[edit | edit source]

See Also[edit | edit source]

References[edit | edit source]

Progress-1000.svg Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: IOS Terminal Services Command Reference
  3. Cisco: IOS Terminal Services Command Reference
  4. Cisco: Catalyst 4500 Series Switch Cisco IOS Command Reference
  5. Cisco: Miscellaneous Command Reference
  6. Cisco: Catalyst 2960 Switch Cisco IOS Commands
  7. Cisco: Configuring IP Addressing
  8. Cisco: IOS Interface Configuration Reference
  9. Cisco: IOS Interface and Hardware Component Command Reference
  10. Cisco: IOS Interface Command Reference
  11. Cisco: IOS Interface and Hardware Component Command Reference
  12. Cisco IOS Security Command Reference
  13. Cisco: IOS Security Command Reference
  14. Cisco: IOS Terminal Services Command Reference
  15. Cisco: IOS Configuration Fundamentals Command Reference
  16. Cisco: IOS Terminal Services Command Reference
  17. Cisco: Secure Shell Commands
  18. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  19. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  20. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  21. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  22. Cisco: Internetworking Technologies Handbook
  23. Cisco: IOS Terminal Services Command Reference
  24. Cisco: IOS Terminal Services Command Reference
  25. Cisco: Catalyst 4500 Series Switch Cisco IOS Command Reference
  26. Cisco: Miscellaneous Command Reference
  27. Cisco: Catalyst 2960 Switch Cisco IOS Commands
  28. Cisco: Configuring IP Addressing
  29. Cisco: IOS Interface Configuration Reference
  30. Cisco: IOS Interface and Hardware Component Command Reference
  31. Cisco: IOS Interface Command Reference
  32. Cisco: IOS Interface and Hardware Component Command Reference
  33. Cisco IOS Security Command Reference
  34. Cisco: IOS Security Command Reference
  35. Cisco: IOS Terminal Services Command Reference
  36. Cisco: IOS Configuration Fundamentals Command Reference
  37. Cisco: IOS Terminal Services Command Reference
  38. Cisco: Secure Shell Commands
  39. Wikipedia: Out-of-band management
  40. Wikipedia: Secure Shell
  41. Wikipedia: Telnet