Cisco Networking/CCENT/Remote Management

CCENT
Networking Models Ethernet LANs IP Addressing Subnetting Lab Setup IOS Basics Remote Management Network Services Static Routing Dynamic Routing Switching VLANs Security Access Control Lists Troubleshooting Download Learning Guide

This lesson covers remote management, including over WANs with serial connections.

Objectives and skills for the WANs portion of Cisco CCENT certification include:^[1]

• Select the components required to meet a given network specification
• Predict the data flow between two hosts across a network
• Configure and verify utilizing the CLI to set basic Router configuration
  • Console & VTY logins
  • Interface IP Address
    • loopback
• Configure and verify initial switch configuration including remote access management
• Verify network status and switch operation using basic utilities such as
  • ping
  • telnet
  • SSH

1. Wikipedia: Out-of-band management
2. Wikipedia: Wide area network
3. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
4. Cisco: Configuring Secure Shell on Routers and Switches Running Cisco IOS
5. Cisco: WAN Technologies

1. YouTube: Setting Console and VTY Passwords
2. YouTube: Router Configuration
3. YouTube: Configure the Serial Interface of a Cisco Router
4. YouTube: SSH and CLI Tips

To display parameters of a terminal line, use the show line command in EXEC mode.^[2]

show line [line-number | aux | console | summary]

To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.^[3]

line <aux | console | tty | vty> <line-number> [ending-line-number]
line console 0
line aux 0
line vty 0 4

A command sequence to configure line access with passwords might be similar to the following.

enable
show line

configure terminal
line console 0
password letmein
login
exit

line aux 0
password dialin
login
exit

line vty 0 4
password telnetssh
login
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

A command sequence to configure line access with usernames and passwords might be similar to the following.

enable
configure terminal

username admin1 password secret1
username admin2 password secret2

line console 0
login local
exit

line aux 0
login local
exit

line vty 0 4
login local
exec-timeout 5
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

To display the usability status of interfaces that are configured for IP, use the show ip interface command.^[4]

show ip interface

To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.^[5]

show ip interface brief

Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.^[6]

shutdown
no shutdown

To assign an IP address and subnet mask to an interface, use the ip address command.^[7]

ip address <address> <mask>

To specify a loopback interface and enter interface configuration mode, use the interface loopback in global configuration mode. A loopback interface is a virtual interface that is always up and allows selected protocols to stay up even if other interfaces are down.^[8]

interface loopback <number>
interface loopback 0

To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode. The desired clock rate, in bits per second (bps) may be: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 2000000, 4000000, or 8000000.^[9]

clock rate <rate>
clock rate 64000

To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.^[10]

bandwidth <kilibits>
bandwidth 64

To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.^[11]

encapsulation < frame-relay | hdlc | ppp | slip >
encapsulation ppp

A command sequence to assign interface ip addresses would be similar to the following.

enable
show ip interface brief

configure terminal
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
exit

interface Serial0/0
ip address 192.168.2.1 255.255.255.0
clock rate 56000
encapsulation ppp
no shutdown
exit

interface loopback 0
ip address 192.168.255.1 255.255.255.255
exit
exit

show ip interface brief
exit

To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.^[12]

crypto key generate rsa
1024

To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode. If this command is not configured, SSH operates in compatibility mode, that is, Version 1 and Version 2 are both supported.^[13]

ip ssh version < 1 | 2 >
ip ssh version 2

To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.^[14]

transport input <protocol>
transport input telnet
transport input ssh
transport input telnet ssh

A command sequence to configure SSH access might be similar to the following.

enable
configure terminal

hostname router
ip domain-name example.com

crypto key generate rsa
1024
ip ssh version 2

username admin password cisco

line vty 0 4
login local
transport input ssh
exit
exit

show running-config
exit

To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.^[15]

ping <host-name | system-address>
ping 192.168.1.1

To log in to a host that supports Telnet, use the telnet command in EXEC mode.^[16]

telnet <host> [port]
telnet 192.168.1.1

To start an encrypted session with a remote networking device, use the ssh user EXEC command.^[17]

ssh [-l userid] [-c {des | 3des}] [-p portnum] <ipaddr | hostname>
ssh -l admin 192.168.1.1

1. Configure router aux line password security.

   

   1. Add a router to a new GNS3 project and start the device.
   2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • line aux 0
      • password
      • login
      • exit
   3. Verify the configuration using the following command.
      • show running-config
   4. Exit the router console session and open a console on the aux line to test the configuration.
2. Configure router IP addresses.

   

   1. Add a router to a new GNS3 project and start the device.
   2. Set the router IP addresses and subnet masks using the following commands.
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
      • enable
      • configure terminal
      • show ip interface brief
      • interface <interface>
      • ip address <address> <subnet>
      • no shutdown
      • exit
   3. Verify the configuration using the following commands.
      • show running-config
      • show ip interface brief
3. Connect a second router to the first router from above and configure IP addresses.

   

   1. Add a router to the GNS3 project above and start the device.
   2. Add a link to connect the following.
      • R1 FastEthernet0/0 <-> R2 FastEthernet0/0
   3. Set the following IP addresses and subnet masks.
      • R2 FastEthernet0/0: 192.168.1.2 255.255.255.0
      • R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
   4. If using serial ports for the connection, use the following commands if necessary.
      • clock rate
      • encapsulation
   5. Verify the configuration using the following commands on both routers.
      • show ip interface brief
      • ping
4. Configure router vty username and password security.

   

   1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • username
      • line vty 0 4
      • login local
      • exit
   2. Verify the configuration using the following command on both routers.
      • show running-config
   3. Test the configuration using the following command to remotely manage one router from the other.
      • telnet
5. Configure router SSH access.

   

   1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • hostname
      • ip domain-name
      • crypto key generate rsa
      • ip ssh version 2
      • line vty 0 4
      • transport input ssh
   2. Verify the configuration using the following command on both routers.
      • show running-config
   3. Test the configuration using the following command to verify that telnet access is no longer supported.
      • telnet
   4. Test the configuration using the following command to remotely manage one router from the other.
      • ssh

• Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).^[18]
• Console ports are used for direct local system access using a console terminal.^[19]
• Auxiliary ports are used for out-of-band management through a modem connection.^[20]
• Virtual lines are used for inbound Telnet or SSH connections over a network connection.^[21]
• Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line.^[22] Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
• To display parameters of a terminal line, use the show line command in EXEC mode.^[23]
• To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.^[24]
• To display the usability status of interfaces that are configured for IP, use the show ip interface command.^[25]
• To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.^[26]
• Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.^[27]
• To assign an IP address and subnet mask to an interface, use the ip address command.^[28]
• To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.^[29]
• To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.^[30]
• To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.^[31]
• To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.^[32]
• To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.^[33]
• To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.^[34]
• To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.^[35]
• To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.^[36]
• To log in to a host that supports Telnet, use the telnet command in EXEC mode.^[37]
• To start an encrypted session with a remote networking device, use the ssh user EXEC command.^[38]

out-of-band management

The use of a dedicated channel for managing network devices.^[39]

Secure Shell (SSH)

A cryptographic network protocol to allow remote login and other network services to operate securely over an insecure network.^[40]

Telnet

A session layer protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.^[41]

1. Cisco IOS supports line connections for _____.

   Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).
2. Console ports are used for _____.

   Console ports are used for direct local system access using a console terminal.
3. Auxiliary ports are used for _____.

   Auxiliary ports are used for out-of-band management through a modem connection.
4. Virtual lines are used for _____.

   Virtual lines are used for inbound Telnet or SSH connections over a network connection.
5. Historically, serial ports were used to support WAN connections over a variety of technologies, including: _____. Many WAN connectivity devices now support _____ rather than requiring serial ports.

   Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line. Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
6. To display parameters of a terminal line, use _____.

   To display parameters of a terminal line, use the show line command in EXEC mode.
7. To identify a specific line for configuration and enter line configuration collection mode, use _____.

   To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.
8. To display the usability status of interfaces that are configured for IP, use _____.

   To display the usability status of interfaces that are configured for IP, use the show ip interface command.
9. To display the usability status of interfaces configured for various IP addresses, use _____.

   To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.
10. Use the _____ interface configuration command to disable an interface. Use the _____ form of this command to restart a disabled interface.

    Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.
11. To assign an IP address and subnet mask to an interface, use _____.

    To assign an IP address and subnet mask to an interface, use the ip address command.
12. To specify a loopback interface and enter interface configuration mode, use _____.

    To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.
13. To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use _____.

    To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.
14. To set and communicate the current bandwidth value for an interface to higher-level protocols, use _____.

    To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.
15. To set the encapsulation method used by the interface, use _____.

    To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.
16. To generate Rivest, Shamir, and Adelman (RSA) key pairs, use _____.

    To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.
17. To specify the version of Secure Shell (SSH) to be run on a router, use _____.

    To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.
18. To define which protocols to use to connect to a specific line of the router, use _____.

    To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.
19. To diagnose basic network connectivity on a variety of networks, use _____.

    To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.
20. To log in to a host that supports Telnet, use _____.

    To log in to a host that supports Telnet, use the telnet command in EXEC mode.
21. To start an encrypted session with a remote networking device, use _____.

    To start an encrypted session with a remote networking device, use the ssh user EXEC command.

• Flashcards: Quizlet: CCENT - Remote Management
• Quiz: Quizlet: CCENT - Remote Management

• SSH

Completion status: this resource is considered to be complete.