CCNA RnS, CCNA Sec, CCNP RnS, CCNP Sec, CCIE Sec (written)

Contents
1. Cisco CLI mode

2. Basic Configuration of Router and Switch

3. Configuring SSH Access to Cisco Device

4. Backup and restoring your configuration

5. VLAN, Access and Trunk Port Configuration

6. VTP configuration

7. Ether channel configuration

8. configuring VTP Pronging

9. SVI Configuration

10. Configure STP, RSTP

11. Port Security

12. Configure port fast, bpdu guard, root guard

13. Inter-Vlan Routing

14. VLAN Project LAB

15. Configure uplink fast, backbone fast

16. Static route and Static default route configuration

17. RIPv2 configuration

18. EIGRP Basic configuration

19. EIGRP Authentication

20. EIGRP Summarization

21. EIGRP load balance

22. EIGRP Passive Interface

23. EIGRP Stub

24. EIGRP Project LAB

25. OSPF basic configuration

26. OSPF Authentication

27. OSPF Summarization

28. OSPF virtual link

29. OSPF Project LAB

 30. PPP and HDLC

31. Basic BGP Configuration

32. BGP redundancy

33. BGP load balance

34. Standard ACL

35. Extended ACL

36. Named ACL

37. Staci NAT

38. Dynamic NAT

39. Static PAT

40. Dynamic PAT

41. IPv6 LAB

42. Site-to Site VPN

43. AAA configuration

44. SNMPv3

45. Syslog Server

46. NTP

47. Router & Switch basic Security Configuration

48. Password Recovery

49. Final Project 1

50. Final Project 2

Extra

CCNA Vendor Exam LAB

1. Cisco CLI mode

Cisco routers have different configuration modes based on the model. Mainly two modes :

EXEC Mode Prompt Typical Use

User ccna> Check the router status
Privileged ccna # Accessing the router

Privileged Mode has as a subset, the Global Configuration mode

To be able to get into either User Exec or Privileged mode a password is needed if password is
configured. From Privileged Mode, you can then enter Global Configuration Mode (password not needed
here) to then further configure interfaces, routing protocols, access lists and many more.

Some of the specific configuration modes can be entered from Global Configuration Mode and other
from Privileged mode:

User Exec Mode (distinguished by the ">" prompt) is your first mode, which is used to get statistics
from router, see which version IOS you're running, check memory resources and a few more things.

Privileged Mode (distinguished by the "#" prompt) is the second mode. Here you can enable or disable
interfaces on the router, get more detailed information on the router, for example, view the running
configuration of the router, copy the configuration, load a new configuration to the router, backup or
delete the configuration, backup or delete the IOS and a lot more.
Global Configuration Mode (distingushed by the (config)# prompt) is accessable via Privileged Mode.
In this mode you're able to configure each interface individually, setup banners and passwords, enable
secrets (encrypted passwords), enable and configure routing protocols and a lot more. We dare say
that almost every time you want to configure or change something on the router, you will need to be in
this mode.
Examples :

Router>------------------------- User Exec Mode

Router>enable ----------------- Enter Privileged Mode

Router#-------------------------- Privileged Mode

Router#disable ---------------- Enter User Exec Mode

Router>-------------------------- User Exec Mode

Router#conf ig terminal------ Enter Global Configuration Mode

Router(config)#----------------- Global Configuration Mode

Router(config)#interface fastEthernet 0/0---- Enter Interface Configuration Mode

Router(config-if)#-------------------------------- Interface Configuration Mode

Router(config)#interface fastEthernet 0/0.10-- Enter Sub-Interface Configuration Mode

Router(config-subif)#------------------------------ Sub-Interface Configuration Mode

Router(config)#line vty 0 4----------------------- Enter Line Mode

Router(config-line)#------------------------------- Line Mode

================================================================================

2. BASIC CONFIGURTION OF ROUTER AND SWITCH

Objective:

1. Configure the Switch as follows:

hostname
login banner
enable password for accessing privilege mode
assign console password to prevent console login
assign IP for vlan 1 (Management VLAN)
configure virtual terminal for telnet session
set default gateway for the switch

2. Configure The Router as follows:

hostname
login banner
enable password for accessing privilege mode
assign console password to prevent console login
 configure virtual terminal for telnet session
Assign IP Address on Router Interface

3. Assign IP for the PC

4. Save all configuration

5. Verification

Configuration of a switch:

1. First check the startup-config and running-config ..if there any configuration is exist

When you type a command in the global configuration mode it is stored in the running configuration. A
running configuration resides in a devices RAM, so if a device loses power, all configured commands
will be lost.

So you need to copy your current configuration into a startup configuration. A startup configuration is
stored in the NVRAM of a device, Now all configurations are saved even if the device loses power.

There are two ways to save your configuration:

Switch#copy running-config startup-config

or

Switch# write memory

Check the startup-config and running-config

Switch#show startup-config
startup-config is not present
Switch#show running-config

2. Enter global configuration mode and configure Hostname as DU

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname DU
DU(config)#

3. Assign password cisco123

Enable password will restrict one's access to privilege mode which is like a root user's password. We can
set it in two ways : enable password / enable secret command.
enable secret password provides encryption automatically using MD5 hash algorithm.
The enable password password does not encrypt the password and can be view in clear text in the
running-config. In order to encrypt the enable password password , use the service password-
encryption command. Actually, the enable secret password command provides stronger encryption
than the service password-encryption command.

DU(config)#enable secret cisco123

4. Configure login banner

A login banner is displayed whenever someone connects to the router by telnet or console connections

DU(config)#banner motd "Unauthorized Users are highly Prohibited to login

here"
DU(config)#

5. Console Password

We can protect console port of Cisco devices using console port password.

DU(config)#line console 0
DU(config-line)#password ashish123
DU(config-line)#login
DU(config-line)#exit
DU(config)#

6. Telnet configuration for remote access

Telnet is a user command and an underlying TCP/IP protocol for accessing remote devices.

The VTY lines are the Virtual Terminal lines of the router. They are virtual, in the sense that they are a
function of software - there is no hardware associated with them. They appear in the configuration as
line vty 0 4.

DU#conf t
Enter configuration commands, one per line. End with CNTL/Z.
DU(config)#line vty 0 4
DU(config-line)#password ashish@123#
DU(config-line)#login
DU(config-line)#exit
DU(config)#

7. Configure management vlan for remotely access on the switch

By default, all switch ports are part of VLAN 1. VLAN 1 contains control plane traffic and can contain
user traffic.
By default, VLAN 1 is the management VLAN. Management VLAN is used for purposes such as telnet,
SNMP, and syslog.
DU(config)#interface vlan 1
DU(config-if)#ip address 192.168.10.10 255.255.255.0
DU(config-if)#no shutdown
DU(config-if)#exit
DU(config)#

8. Configure default-gateway for the switch

The switch should be configured with a default gateway if the switch will be managed remotely from
networks not directly connected. The default gateway is the first Layer 3 device (such as a router) on
the same management VLAN network to which the switch connects. The switch will forward IP packets
with destination IP addresses outside the local network to the default gateway.

DU(config)#ip default-gateway 192.168.10.1

----------------------------------------------------------------------------------------------------------------------------

Configure The Router

1. First check the startup-config and running-config

Switch#show startup-config
startup-config is not present
Switch#show running-config

2. Configure Hostname as BUET

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname BUET
BUET(config)#

3. Assign enable secret password cisco123

BUET(config)#enable secret cisco123

BUET(config)#

4. Configure login banner

BUET(config)#banner motd "Do not try to access here"

5. Console password

BUET(config)#line console 0
BUET(config-line)#password ashish123
BUET(config-line)#login
BUET(config-line)#exit
BUET(config)#
6. Enter Virtual Terminal lines and give a password ashish@123#, to login remotely

BUET(config)#line vty 0 4
BUET(config-line)#password ashish@123#
BUET(config-line)#login
BUET(config-line)#exit
BUET(config)#

7. Configure IP Address Router's on Interface

Enter global configuration mode

BUET# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

BUET(config)#

Enter FastEthernet 0/0 interface configuration mode :

BUET(config)#interface fastEthernet 0/0

BUET(config-if)#

Enter IP address and subnet mask:

BUET(config-if)#ip address 192.168.10.1 255.255.255.0

By default, all interfaces on a Cisco router are Administratively Down. To bring an interface up, issue
the no shutdown command.

BUET(config-if)#no shutdown
BUET(config-if)#exit
BUET(config)#

8. Save Configuration

BUET#write memory

Building configuration...
[OK]
BUET#

DU#write memory

Building configuration...
[OK]

you can also save configuration using

BUET# copy running-config start-up config

But be sure about the command, cannot be reversed as :

copy start-up config running-config

then all your configuration will be lost or backup from NVRAM.

9. Assign IP to all hosts

11. Now ping to all devices from any PC

C:\>ping 192.168.10.2

Pinging 192.168.10.2 with 32 bytes of data:

Reply from 192.168.10.2: bytes=32 time=1ms TTL=128

Reply from 192.168.10.2: bytes=32 time<1ms TTL=128
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128
Reply from 192.168.10.2: bytes=32 time<1ms TTL=128

C:\>ping 192.168.10.3

Pinging 192.168.10.3 with 32 bytes of data:

Reply from 192.168.10.3: bytes=32 time=1ms TTL=128

Reply from 192.168.10.3: bytes=32 time<1ms TTL=128
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128

C:\>ping 192.168.10.1

Pinging 192.168.10.1 with 32 bytes of data:

Reply from 192.168.10.1: bytes=32 time=1ms TTL=255

Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time<1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255

14. Now logon to the router remotely

C:\>telnet 192.168.10.1

Trying 192.168.10.1 ...Open

Do not try to access here

User Access Verification

Password:
Password:
BUET>

16. Now logon to the switch remotely

C:\>telnet 192.168.10.10

Trying 192.168.10.10 ...Open

Unauthorized Users are highly Prohibited to login here

User Access Verification

Password:
DU>
N.B. if the switch is L3 you can assign IP address to its interfaces as follows:

DU(config)#interface fastEthernet 0/2

DU(config-if)# no switchport

DU(config-if)# ip address 192.168.10.10 255.255.255.0

DU(config-if)# no shutdown

For routing capabilities you can also follow the rules

DU(config)# ip routing

===============================================================================