You are on page 1of 8

10/24/12

vLab

Sample Solution

Print this page Open in new window

Task Index Task 1 PERFORMING SWITCH STARTUP AND INITIAL CONFIGURATION

Task 1 PERFORMING SWITCH STARTUP AND INITIAL CONFIGURATION Step 1 : Console into Sw 1 (Sw itch 1). Enter the enable com m and to access privileged exec m ode. Action:

s w 1 >e n a b l e s w 1 # Result: Anytime you see a device blinking, it is a reminder to console into a new device. Explanation: You should see the prompt change from sw 1> (user mode) to sw 1# to indicate that you are in privileged exec mode. From privileged exec, you can enter any available show or debug command and you have the ability access global configuration mode, as w ell. Step 2 : Erase the startup configuration on Sw 1 and reload the device. Action:

s w 1 #e r a s es t a r t u p c o n f i g E r a s i n gt h en v r a mf i l e s y s t e mw i l lr e m o v ea l lc o n f i g u r a t i o nf i l e s ! C o n t i n u e ?[ c o n f i r m ] ( P R E S SE N T E R ) s w 1 #r e l o a d P r o c e e dw i t hr e l o a d ?[ c o n f i r m ] ( P R E S SE N T E R ) Result: The startup-config is the saved configuration in NVRAM that is loaded w hen the sw itch boots up. By erasing it and entering the reload command, you w ill be able to configure the sw itch from scratch. Explanation: RAM is w here your running configuration is stored. RAM is volatile, meaning that everything found in it is flushed w hen the device is rebooted. NVRAM is Non-Volatile RAM. The contents remain intact w hen the device is reloaded. Because of this, any time a configuration is saved, it is copied from RAM to NVRAM. Step 3 : After the Sw 1 reloads, press Enter. When prom pted to enter the configuration dialog, answ er yes. Action:

W o u l dy o ul i k et oe n t e rt h ei n i t i a lc o n f i g u r a t i o nd i a l o g ?[ y e s / n o ] :y e s

Result: Explanation:
ekvcse.vlab.elementk.com/vlab/labLockerDisplay.vlab 1/8

If you only have access to user mode. When it is configured. Step 4 : On Sw 1. going w ith the basic setup is the better choice. Step 6 : On Sw 1. Since w e w ant to configure only one interface. answ er sanfran w hen asked for the enable secret passw ord. only one interface is configured and the rest are left in their default state. you w ill configure the sw itch directly using IOS commands. active. With basic. you may run into unnecessary problems in later labs that are assuming that your passw ord matches w hat is listed here. they could use the dialog to provide the sw itch w ith enough information to allow netw ork connectivity. you w ill step through the configuration dialog so that you are familiar w ith using it to create a bare bones configuration. you cannot make configuration changes or enter debug commands. answ er cisco w hen asked for the enable passw ord.10/24/12 Explanation: The initial configuration dialog contains a series of questions. Action: E n t e re n a b l ep a s s w o r d :c i s c o Result: Explanation: 2/8 . a user cannot get beyond user mode unless they enter the passw ord. In this lab. Also. Action: W o u l dy o ul i k et oe n t e rb a s i cm a n a g e m e n ts e t u p ?[ y e s / n o ] :y e s Result: Explanation: The setup is almost identical for basic and extended except for the number of interfaces configured. the hostname on a Cisco sw itch is Sw itch. From that point. Step 5 : Change the hostnam e to: sw 1 Action: E n t e rh o s tn a m e[ S w i t c h ] :s w 1 Result: Explanation: By default. the sw itch creates a basic configuration. although you could change the passw ord to something other than sanfran. Explanation: The enable secret passw ord provides security for privileged exec mode. Based on the answ ers. If someone unfamiliar w ith a Cisco sw itch needed help. an engineer could take over remotely and finish the configuration. answ er yes to entering basic m anagem ent setup. Cisco engineers typically do not use this command. Step 7 : On Sw 1. In later labs. Action: E n t e re n a b l es e c r e t :s a n f r a n Result: Be especially careful here not to mistype or add an extra space after sanfran.

Step 9 : Answ er no w hen asked to configure SNMP Netw ork Managem ent.10/24/12 vLab Explanation: The enable passw ord has the same job as the enable secret passw ord: to provide security for privileged exec mode. on a sw itch. If both are configured. You could press the ENTER key here instead of typing the answ er. Action: C u r r e n ti n t e r f a c es u m m a r y Result: ( P R E S SS P A C E B A RT W I C E ) Explanation: If you look at the last tw o columns of output. an administratively dow n/dow n state. Step 8 : Enter sanjose w hen asked for a virtual term inal passw ord for Sw 1. Press the space bar to page dow n through all of the interfaces until you reach the end of the list. w hen asked for an interface nam e for connecting to the m anagem ent netw ork.elementk. Step 11 : On Sw 1. This interface is virtual. Step 10 : A sum m ary of the interfaces found on the sw itch w ill be show n next. If you examined this sw itch. Up/up means that the physical and data link layers are alive and w ell. Dow n/dow n. This indicates it is the default answ er.vlab 3/8 . you w ould not find a physical port labeled VLAN 1. Action: E n t e rv i r t u a lt e r m i n a lp a s s w o r d :s a n j o s e Result: Explanation: The virtual terminal (VTY) passw ord is used to authenticate users that attempt to telnet into the sw itch. typically means that nothing is plugged into that interface. Action: E n t e ri n t e r f a c en a m eu s e dt oc o n n e c tt ot h e m a n a g e m e n tn e t w o r kf r o mt h ea b o v ei n t e r f a c es u m m a r y :v l a n 1 Result: Explanation: VLAN 1 is the default management interface. fake. ekvcse. It is a logical interface that can be assigned an IP address. the VLAN 1 interface is disabled. Action: C o n f i g u r eS N M PN e t w o r kM a n a g e m e n t ?[ n o ] :n o Result: Explanation: The w ord no is by itself in brackets.com/vlab/labLockerDisplay.vlab. only the enable secret passw ord is used. or a dow n/dow n state. the interfaces w ill either be in an up/up state. The IP address makes it possible to access the sw itch remotely through telnet. Telnet allow s you to access the sw itch remotely. means that the interface has been disabled. By default. enter VLAN1. Administratively dow n/dow n. or in other w ords.

2 Result: Step 14 : Enter 255. 0 . enable secret.2 Action: I Pa d d r e s sf o rt h i si n t e r f a c e :1 0 .1. w hen prom pted for an IP address.elementk.vlab 4/8 . 1 . 0 Result: Step 15 : On Sw 1. 0 . Action: T h ef o l l o w i n gc o n f i g u r a t i o nc o m m a n ds c r i p tw a sc r e a t e d : ( P R E S SS P A C EB A RT H R E ET I M E S ) Result: Explanation: As you look through the configuration. 0 ] :2 5 5 . answ er no to the Enable as a Cluster Com m and Sw itch prom pt. enable passw ord.0 w hen prom pted for a subnet m ask on Sw 1.10/24/12 VLAN 1 is the default management interface. Action: C o n f i g u r eI Po nt h i si n t e r f a c e ?[ n o ] :y e s Result: Step 13 : On Sw 1. VTY passw ord.vlab. and IP address.255. Action: S u b n e tm a s kf o rt h i si n t e r f a c e[ 2 5 5 .255. 2 5 5 . Page dow n to the bottom of the config using the space bar.1.com/vlab/labLockerDisplay. ekvcse. 1 . Action: W o u l dy o ul i k et oe n a b l ea sac l u s t e rc o m m a n ds w i t c h ?[ y e s / n o ] :n o Result: Step 16 : A configuration w ill be created based on the questions you answ ered. vLab Step 12 : Answ er yes w hen asked to configure IP on this interface. enter 10. you w ill see the commands that w ere generated based on the information you provided such as: hostname. 2 5 5 .

so to ekvcse. A guard must also be set at the door. line 0. from this mode. you can enter commands that affect the entire device.1.elementk. Action: s w 1 >e n a b l e P a s s w o r d :s a n f r a n s w 1 #c o n f i gt s w 1 ( c o n f i g ) # Result: Explanation: To make configuration changes on a Cisco device. 1 .10/24/12 vLab Step 17 : Select 2 w hen prom pted to save the configuration to NVRAM and exit. Explanation: There is only one console port.vlab . 1 . Step 18 : Enter global configuration m ode on Sw 1. Action: E n t e ry o u rs e l e c t i o n[ 2 ] :2 s w 1 > Result: Explanation: If you made any mistakes w hen going through the dialog. Action: s w 1 ( c o n f i g ) #l i n ec o n0 s w 1 ( c o n f i g l i n e ) #p a s s w o r dc i s c o s w 1 ( c o n f i g l i n e ) #l o g i n s w 1 ( c o n f i g l i n e ) # Result: Configuring a console passw ord is also know n as configuring a user mode passw ord. Configuring a passw ord is not enough to secure the port. like changing the hostname or configuring a default gatew ay. Once you are satisfied that your configuration is correct.com/vlab/labLockerDisplay. Entering 0 breaks out of the dialog altogether. entering 2 saves the configuration to NVRAM. You can also enter more specific configuration modes.1.1. 1 s w 1 ( c o n f i g ) # Result: 10. the configuration w ill remain. Step 19 : Configure Sw 1 w ith the default gatew ay: 10. In global configuration mode.1 Action: s w 1 ( c o n f i g ) #i pd e f a u l t g a t e w a y1 0 . you can enter 1 to start over. Step 20 : Configure the passw ord cisco on Sw 1’s console port and enable security.1.vlab. you first have to enter global configuration mode. This means that even if the device is reloaded. such as interface configuration.1 is R1.

com/vlab/labLockerDisplay. Second. Step 24 : View the running configuration on Sw 1 again. Notice that your enable secret passw ord is encrypted. If either of your passw ords do not w ork. but you should be able to read your other passw ords in clear text. Step 23 : Configure the passw ord encryption service on Sw 1 to secure all clear text passw ords.10/24/12 vLab There is only one console port. How ever. so to speak. Explanation: Use the space bar to page dow n. Action: s w 1 ( c o n f i g l i n e ) #e n d s w 1 #s h o wr u n s w 1 # Result: The end command is helpful w hen you're in one of the configuration modes and w ant to immediately access privileged mode instead of typing exit multiple times. Verify that the enable passw ord and console passw ord are now unreadable. are now scrambled visually. Configuring a passw ord is not enough to secure the port.vlab 6/8 . to ask for the passw ord. Action: s w 1 #e x i t ( P R E S SE N T E RT W I C E ) U s e rA c c e s sV e r i f i c a t i o n P a s s w o r d : c i s c o s w 1 >e n a b l e P a s s w o r d :s a n f r a n s w 1 # Result: Explanation: If your console passw ord does not w ork. If this still does not allow you to gain access. and enter privileged exec m ode. first make sure that your caps lock is not on. log back in. scroll up and look at the show run command you entered in the last step. cisco and sanfran. Step 22 : Verify that your user m ode and privileged m ode passw ords are w orking properly. try entering the same passw ords.vlab. This is done w ith the login command. the passw ords that w ere previously readable in your running config. Action: ekvcse. but w ith a space after the passw ord. Step 21 : View your running configuration on Sw 1.elementk. Note w hich passw ords are readable. try reloading the device through the Device Controls link. you still use the same passw ords to access. A guard must also be set at the door. line 0. Sometimes people w ill accidentally add a space after the passw ord and this w ill not show up in the running configuration. Action: s w 1 #c o n f i gt s w 1 ( c o n f i g ) #s e r v i c ep a s s w o r d e n c r y p t i o n s w 1 ( c o n f i g ) # Result: Explanation: After entering this command. Exit out of Sw 1.

rem ove the login com m and from the console. ( P R E S SE N T E R ) $ ( P R E S SE N T E R ) s w 1 ( c o n f i g ) # Result: Explanation: A configured banner MOTD appears before a user logs into a Cisco device. Action: s w 1 ( c o n f i g ) #e x i t s w 1 #e x i t ( P R E S SE N T E RT W I C E ) Result: You should see the banner message appear before the user mode login. Rem ove the enable secret. Step 27 : Enter privileged m ode. a $ w as used as the delimiter to show w here the message starts and stops. enable passw ord.elementk. Action: ekvcse. In addition.vlab. and console passw ord. Action: P a s s w o r d :c i s c o s w 1 >e n a b l e P a s s w o r d :s a n f r a n s w 1 #c o n f i gt s w 1 ( c o n f i g ) #n oe n a b l es e c r e t s w 1 ( c o n f i g ) #n oe n a b l ep a s s w o r d s w 1 ( c o n f i g ) #l i n ec o n0 s w 1 ( c o n f i g l i n e ) #n op a s s w o r d s w 1 ( c o n f i g l i n e ) #n ol o g i n s w 1 ( c o n f i g l i n e ) # Result: Entering the keyw ord no in front of any command that appears in your configuration w ill remove it. In the example here.vlab 7/8 .10/24/12 vLab s w 1 ( c o n f i g ) #e n d s w 1 #s h o wr u n s w 1 # Result: All of your passw ords should now be unreadable. Step 25 : Configure a m essage of the day banner w arning unauthorized users not to log into Sw 1. The $ w ill not show up in the message.com/vlab/labLockerDisplay. Action: s w 1 #c o n f i gt s w 1 ( c o n f i g ) #b a n n e rm o t d$ ( P R E S SE N T E R ) U N A U T H O R I Z E DA C C E S SP R O H I B I T E D . Step 26 : Exit out of Sw 1 to verify that your banner is configured correctly. Step 28 : Com pare your running configuration w ith your startup configuration.

When a Cisco device boots. The changes you have made w ould be lost if the sw itch w ere reloaded at this point. you can use the Suggested Approach link. You can also test your mastery of the material w hen you take a lab for the second time. Action: s w 1 #s h o ws t a r t s w 1 # Result: Explanation: You have successfully saved your configuration if the contents of the startup-config match the contents of the running-config. but w ithout the w alkthrough.vlab. This can be done by clicking on the Device Controls link on the left bar. The startup-config is stored in NVRAM.10/24/12 vLab s w 1 ( c o n f i g l i n e ) #e n d s w 1 #s h o wr u n s w 1 #s h o ws t a r t s w 1 # Result: Explanation: As you can see. Result: To take the lab a second time. w hich is non-volatile.vlab 8/8 . the running-config and startup-config should match. Step 31 : You have finished the lab. Step 29 : Copy the running configuration to the startup configuration on Sw 1. w hich is volatile and is flushed w hen the device is reloaded.elementk. all of your changes are found in the running configuration. it loads the startup configuration. Instead of using the Sam ple Solution link w hich w alks you through each step. Anything that is copied into the startup-config overw rites w hat w as previously there. by default.com/vlab/labLockerDisplay. Once this command is entered. and clicking the Reload button. selecting all devices. This process takes several minutes. Once the devices are all marked green. ekvcse. The running-config is in RAM. you can begin the lab. Action: s w 1 #c o p yr u ns t a r t s w 1 # Result: Explanation: The syntax is to copy from source (running-config) to destination (startup-config). Step 30 : Verify that the configuration is now saved in NVRAM. you first need to reset the devices back to the baseline configurations that w ere present at the beginning of the lab. Action: You can take this lab again if time permits. In this case. This provides the same steps. the startup-config is empty.