Professional Documents
Culture Documents
Switch S1 Configuration
Switch>
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Switch>enable
Enable
Next, enter Global Configuration Mode and enter the following command:
Switch(config)# hostname S1
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Switch(config)#hostname S1
S1(config)#ip domain-name cisco.com
S1(config)#username cisco privilege 15 password cisco
S1(config)#username cisco1 privilege o password cisco1
S1(config)#crypto key generate rsa
The name for the keys will be: S1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
S1(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)#
First, we have defined the device hostname by using the hostname S1 command. Next, we
have defined the domain name by using the ip domain-name cisco.com command. After
that, the local user is created by using the username cisco password cisco command. Next,
we need to enable only the SSH access to a device. This is done by using the transport
input ssh command:
S1(config)#line vty 0 15
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#exit
7. Create VLAN-s
S1(config)#vlan 30
S1(config-vlan)#name servers
S1(config-vlan)#vlan 100
S1(config-vlan)#name Management
S1(config-vlan)#vlan 99
S1(config-vlan)#name Native
S1(config-vlan)#exit
9. Create access ports on switch and assign to the corresponding vlan. On these ports also
specify port security as static and violation mode shtudown. The number of maximum mac
adresses registered in these ports is 2. Only two mac adresses can be connected to each
port.
10.Configure trunk interface on port fast ethernet f0/23 and f0/24. Also configure native vlan
on trunk interface. Ensure trunk is not negotiated but created manually for security reasons.
S1(config)#service password-encryption
12.Save Configuration
S1(config)#exit
S1#copy running-config startup-config
Press Enter
Switch>
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Switch>enable
Enable
Next, enter Global Configuration Mode and enter the following command:
Switch S2 Configuration
Switch>enable
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Enable
Next, enter Global Configuration Mode and enter the following command:
Switch(config)# hostname S2
5. Configure Console
S2(config)# line console 0
S2(config-line)# password cisco
S2(config-line)# login
S2(config-line)# exit
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Switch(config)#hostname S2
S2(config)#ip domain-name cisco.com
S2(config)#username cisco password cisco
S2(config)#username cisco1 privilege o password cisco1
S2(config)#crypto key generate rsa
The name for the keys will be: S2.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
S2(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
S2(config)#
First, we have defined the device hostname by using the hostname S2 command. Next, we
have defined the domain name by using the ip domain-name cisco.com command. After
that, the local user is created by using the username cisco password cisco command. Next,
we need to enable only the SSH access to a device. This is done by using the transport
input ssh command:
S2(config)#line vty 0 15
S2(config-line)#login local
S2(config-line)#transport input ssh
S2(config-line)#exit
7. Create VLAN-s
S2(config-vlan)#vlan 30
S2(config-vlan)#name servers
S2(config-vlan)#vlan 100
S2(config-vlan)#name Management
S2(config-vlan)#vlan 99
S2(config-vlan)#name Native
S2(config-vlan)#exit
9. Create access ports on switch and assign to the corresponding vlan. On these ports also
specify port security as static and violation mode shtudown. The number of maximum mac
adresses registered in these ports is 2. Only two mac adresses can be connected to each
port.
10. Configure trunk interface on port f0/21 and f0/22 . Also configure native vlan on trunk
interface. Ensure trunk is not negotiated but created manually for security reasons.
S2(config)#service password-encryption
12.Save Configuration
S2(config)#exit
S2#copy running-config startup-config
Press Enter
_________________________________________________________________________
Switch S3 Configuration
Switch>
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Switch>enable
Next, enter Global Configuration Mode and enter the following command:
Switch(config)# hostname S3
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Switch(config)#hostname S3
S3(config)#ip domain-name cisco.com
S3(config)#username cisco privilege 15 password cisco
S3(config)#username cisco1 privilege 0 password cisco1
S3(config)#crypto key generate rsa
The name for the keys will be: S3.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
S3(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
S3(config)#
First, we have defined the device hostname by using the hostname S3 command. Next, we
have defined the domain name by using the ip domain-name cisco.com command. After
that, the local user is created by using the username cisco password cisco command. Next,
we need to enable only the SSH access to a device. This is done by using the transport
input ssh command:
S3(config)#line vty 0 15
S3(config-line)#login local
S3(config-line)#transport input ssh
S3(config-line)#exit
7. Create VLAN-s
S3(config-vlan)#vlan 10
S3(config-vlan)#name Marketing
S3(config-vlan)#vlan 100
S3(config-vlan)#name Management
S3(config-vlan)#vlan 99
S3(config-vlan)#name Native
S3(config-vlan)#exit
9. Create access ports on switch and assign to the corresponding vlan. On these ports also
specify port security as static and violation mode shtudown. The number of maximum mac
adresses registered in these ports is 2. Only two mac adresses can be connected to each
port.
10.Configure trunk interface on port fastethernet 0/19 and 20. Also configure native vlan on
trunk interface. Ensure trunk is not negotiated but created manually for security
reasons. .Enable dhcp snoopong and ip arp inspection for vlan 10 globally. On port f0/19
and f0/20 specifty as trusted ports towards the DHCP server. Every DHCP request made my
PC will go through these ports because they are trusted and they show the right path
towards DHCP server.
S3(config)#service password-encryption
12.Save Configuration
S3(config)#exit
S3#copy running-config startup-config
Press Enter
Switch S4 Configuration
Switch>
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Switch>enable
Next, enter Global Configuration Mode and enter the following command:
Switch(config)# hostname S4
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Switch(config)#hostname S4
S4(config)#ip domain-name cisco.com
S4(config)#username cisco privilege 15 password cisco
S4(config)#username cisco1 privilege 0 password cisco1
S4(config)#crypto key generate rsa
The name for the keys will be: S4.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
S4(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
S3(config)#
First, we have defined the device hostname by using the hostname S4 command. Next, we
have defined the domain name by using the ip domain-name cisco.com command. After
that, the local user is created by using the username cisco password cisco command. Next,
we need to enable only the SSH access to a device. This is done by using the transport
input ssh command:
S4(config)#line vty 0 15
S4(config-line)#login local
S4(config-line)#transport input ssh
S4(config-line)#exit
7. Create VLAN-s
S4(config-vlan)#vlan 20
S4(config-vlan)#name Finance
S4(config-vlan)#vlan 100
S4(config-vlan)#name Management
S4(config-vlan)#vlan 99
S4(config-vlan)#name Native
S4(config-vlan)#exit
9. Create access ports on switch and assign to the corresponding vlan. On these ports also
specify port security as static and violation mode shtudown. The number of maximum mac
adresses registered in these ports is 2. Only two mac adresses can be connected to each
port.
S4(config)#int range f0/1-2
S4(config-if)#switchport mode access
S4(config-if)#switchport access vlan 20
S4(config-if)#switchport port-security
S4(config-if)#switchport port-security maximum 2
S4(config-if)#switchport port-security mac-address sticky
S4(config-if)#switchport port-security violation shutdown
S4(config-if)#spanning-tree portfast
S4(config-if)#spanning-tree bpduguard enable
S4(config-if)ip dhcp snooping limit rate 200
S4(config-if)#exit
10.Configure trunk interface on port fastethernet 0/17 and 18. Also configure native vlan on
trunk interface. Ensure trunk is not negotiated but created manually for security
reasons. .Enable dhcp snoopong and ip arp inspection for vlan 20 globally. On port f0/17
and f0/18 specifty as trusted ports towards the DHCP server. Every DHCP request made my
PC will go through these ports because they are trusted and they show the right path
towards DHCP server.
S4(config)#service password-encryption
12.Save Configuration
S4(config)#exit
S4#copy running-config startup-config
Press Enter
Switch L1 Configuration
Switch>
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Switch>enable
Next, enter Global Configuration Mode and enter the following command:
Switch(config)# hostname L1
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
To enable SSH, the following steps are required:
The following example shows the configuration of the first three steps:
Switch(config)#hostname L1
L1(config)#ip domain-name cisco.com
L1(config)#username cisco privilege 15 password cisco
L1(config)#username cisco1 privilege 0 password cisco1
L1(config)#crypto key generate rsa
The name for the keys will be: S4.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
L1(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
S3(config)#
First, we have defined the device hostname by using the hostname L1 command. Next, we
have defined the domain name by using the ip domain-name cisco.com command. After
that, the local user is created by using the username cisco password cisco command. Next,
we need to enable only the SSH access to a device. This is done by using the transport
input ssh command:
L1(config)#line vty 0 15
L1(config-line)#login local
L1(config-line)#transport input ssh
L1(config-line)#exit
7. Create VLAN-s
L1(config-vlan)#vlan 10
L1(config-vlan)#name Marketing
L1(config-vlan)#vlan 20
L1(config-vlan)#name Finance
L1(config-vlan)#vlan 30
L1(config-vlan)#name servers
L1(config-vlan)#vlan 100
L1(config-vlan)#name Management
L1(config-vlan)#vlan 99
L1(config-vlan)#name Native
L1(config-vlan)#exit
8. Activate ip routing command on siwtch layer 3 to turn it on a router and configure inter-
vlan routing. Also conigure HSRP process on the switch layer 3. L1 switch will be the active
for vlans 10 and 100 and standby for vlans 20 and 30.
L1(config)ip routing
L1(config)#interface vlan 10
L1(config-if)#description default gateway per vlan 10
L1(config-if)ip address 192.168.10.2 255.255.255.0
L1(config-if)standby 10 ip 192.168.10.1
L1(config-if)standby 10 priority 110
L1(config-if)standby 10 preempt
L1(config-if)exit
L1(config)#interface vlan 20
L1(config-if)#description default gateway per vlan 20
L1(config-if)ip address 192.168.20.2 255.255.255.0
L1(config-if)standby 20 ip 192.168.20.1
L1(config-if)exit
L1(config)#interface vlan 30
L1(config-if)#description default gateway per vlan 30
L1(config-if)ip address 192.168.30.2 255.255.255.0
L1(config-if)standby 30 ip 192.168.30.1
L1(config-if)exit
9. Configure trunk interfaces on switch layer 3 and deactivate DTP. Include also native vlan
on trunk.
L1(config)#int f0/19
L1(config-if)#switchport trunk encapsulation dot1q
L1(config-if)#switchport mode trunk
L1(config-if)#switchport trunk allowed vlan 20,99,100
L1(config-if)#switchport trunk native vlan 99
L1(config-if)switchport nonegotiate
L1(config-if)exit
L1(config)#int f0/11
L1(config-if)#switchport trunk encapsulation dot1q
L1(config-if)#switchport mode trunk
L1(config-if)#switchport trunk allowed vlan 20,99,100
L1(config-if)#switchport trunk native vlan 99
L1(config-if)switchport nonegotiate
L1(config-if)exit
10. Configure ehterchannel (channel-group 2) using LACP on G0/1 and G0/2. Configure
trunk on port channel 2.
L1(config)#int port-channel 2
L1(config-if)#switchport trunk encapsulation dot1q
L1(config-if)#switchport mode trunk
L1(config-if)#switchport trunk allowed vlan 10,20,30,99,100
L1(config-if)#switchport trunk native vlan 99
L1(config-if)#switchport nonegotiate
L1(config-if)#exit
11. Configure DHCP for vlan 10 and vlan 20. Exclude the first 10 ip adresses.
12. Configure f0/22 and f0/24 as routeed port on switch layer 3 using the command no
switchport. Assign an ip adress to these ports.
L1(config)#int f0/22
L1(config-if)#no switchport
L1(config-if)#ip address 10.10.10.1 255.255.255.252
L1(config-if)#description lidhja me router R1
L1(config-if)#exit
L1(config)#int f0/24
L1(config-if)#no switchport
L1(config-if)#ip address 10.10.20.1 255.255.255.252
L1(config-if)#description lidhja me router R2
L1(config-if)#exit
13. Configure OSPF version 4 on area o, which will be the backbone area. Create OPSF
process which will be ospf 10. Specify router-id, networks that will be declared to the
neighbours, reference bandwidth 1000 and passive interface to the interface which is
connected to the LAN.
L1(config)#router ospf 10
L1(config-router)#router-id 1.1.1.1
L1(config-router)#network 192.168.10.0 0.0.0.255 area 0
L1(config-router)#network 192.168.20.0 0.0.0.255 area 0
L1(config-router)#network 192.168.30.0 0.0.0.255 area 0
L1(config-router)#network 192.168.100.0 0.0.0.255 area 0
L1(config-router)#network 10.10.10.0 0.0.0.3 area 0
L1(config-router)#network 10.10.20.0 0.0.0.3 area 0
L1(config-router)#passive-interface F0/17
L1(config-router)#passive-interface F0/19
L1(config-router)#passive-interface F0/21
L1(config-router)#passive-interface F0/23
L1(config-router)#passive-interface G0/1
L1(config-router)#passive-interface G0/2
L1(config-router)# auto-cost reference-bandwidth 1000
L1(config-router)#exit
15.Save Configuration
L1(config)#exit
L1#copy running-config startup-config
Press Enter
Switch L2 Configuration
Switch>
2. Enter Privileged EXEC Mode and Set a Hostname for the Switch
Type in the enable command to enter privileged EXEC mode (you don’t need a password at
this stage because you’re under the default configurations which don’t have one!):
Switch>enable
Next, enter Global Configuration Mode and enter the following command:
Switch(config)# hostname L2
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Switch(config)#hostname L2
L2(config)#ip domain-name cisco.com
L2(config)#username cisco privilege 15 password cisco
L2(config)#username cisco1 privilege 0 password cisco1
L2(config)#crypto key generate rsa
The name for the keys will be: S4.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
L1(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
S3(config)#
First, we have defined the device hostname by using the hostname L2 command. Next, we
have defined the domain name by using the ip domain-name cisco.com command. After
that, the local user is created by using the username cisco password cisco command. Next,
we need to enable only the SSH access to a device. This is done by using the transport
input ssh command:
L2(config)#line vty 0 15
L2(config-line)#login local
L2(config-line)#transport input ssh
L2(config-line)#exit
7. Create VLAN-s
L2(config-vlan)#vlan 10
L2(config-vlan)#name Marketing
L2(config-vlan)#vlan 20
L2(config-vlan)#name Finance
L2(config-vlan)#vlan 30
L2(config-vlan)#name servers
L2(config-vlan)#vlan 100
L2(config-vlan)#name Management
L2(config-vlan)#vlan 99
L2(config-vlan)#name Native
L2(config-vlan)#exit
8. Activate ip routing command on siwtch layer 3 to turn it on a router and configure inter-
vlan routing. Also conigure HSRP process on the switch layer 3. L2 switch will be the active
for vlans 20 and 30 and standby for vlans 10 and 100.
L2(config)ip routing
L2(config)#interface vlan 10
L2(config-if)#description default gateway per vlan 10
L2(config-if)ip address 192.168.10.3 255.255.255.0
L2(config-if)standby 10 ip 192.168.10.1
L2(config-if)exit
L2(config)#interface vlan 20
L2(config-if)#description default gateway per vlan 20
L2(config-if)ip address 192.168.20.3 255.255.255.0
L2(config-if)standby 20 ip 192.168.20.1
L2(config-if)standby 20 priority 110
L2(config-if)standby 20 preempt
L2(config-if)exit
L2(config)#interface vlan 30
L2(config-if)#description default gateway per vlan 30
L2(config-if)ip address 192.168.30.3 255.255.255.0
L2(config-if)standby 30 ip 192.168.30.1
L2(config-if)standby 30 priority 110
L2(config-if)standby 30 preempt
L2(config-if)exit
L2(config-if)exit
9. Configure trunk interfaces on switch layer 3 and deactivate DTP. Include also native vlan
on trunk.
L2(config)#int f0/20
L2(config-if)#switchport trunk encapsulation dot1q
L2(config-if)#switchport mode trunk
L2(config-if)#switchport trunk allowed vlan 20,99,100
L2(config-if)#switchport trunk native vlan 99
L2(config-if)switchport nonegotiate
L2(config-if)exit
L2(config)#int f0/18
L2(config-if)#switchport trunk encapsulation dot1q
L2(config-if)#switchport mode trunk
L2(config-if)#switchport trunk allowed vlan 20,99,100
L2(config-if)#switchport trunk native vlan 99
L2(config-if)switchport nonegotiate
L2(config-if)exit
10. Configure ehterchannel (channel-group 2) using LACP on G0/1 and G0/2. Configure
trunk on port channel 2.
11. Configure DHCP for vlan 10 and vlan 20. Exclude the first 10 ip adresses.
12. Configure f0/22 and f0/24 as routeed port on switch layer 3 using the command no
switchport. Assign an ip adress to these ports.
L2(config)#int f0/21
L2(config-if)#no switchport
L2(config-if)#ip address 10.10.30.1 255.255.255.252
L2(config-if)#description lidhja me router R1
L2(config-if)#exit
L2(config)#int f0/23
L2(config-if)#no switchport
L2(config-if)#ip address 10.10.40.1 255.255.255.252
L2(config-if)#description lidhja me router R2
L2(config-if)#exit
13. Configure OSPF version 4 on area o, which will be the backbone area. Create OPSF
process which will be ospf 10. Specify router-id, networks that will be declared to the
neighbours, reference bandwidth 1000 and passive interface to the interface which is
connected to the LAN.
L2(config)#router ospf 10
L2(config-router)#router-id 2.2.2.2
L2(config-router)#network 192.168.10.0 0.0.0.255 area 0
L2(config-router)#network 192.168.20.0 0.0.0.255 area 0
L2(config-router)#network 192.168.30.0 0.0.0.255 area 0
L2(config-router)#network 192.168.100.0 0.0.0.255 area 0
L2(config-router)#network 10.10.30.0 0.0.0.3 area 0
L2(config-router)#network 10.10.40.0 0.0.0.3 area 0
L2(config-router)#passive-interface F0/18
L2(config-router)#passive-interface F0/20
L2(config-router)#passive-interface F0/22
L2(config-router)#passive-interface F0/24
L2(config-router)#passive-interface G0/1
L2(config-router)#passive-interface G0/2
L2(config-router)# auto-cost reference-bandwidth 1000
L2(config-router)#exit
L2(config)#service password-encryption
15.Save Configuration
L2(config)#exit
L2#copy running-config startup-config
Press Enter
Router R1 Configuration
1.Router>enable
Enable
Next, enter Global Configuration Mode and enter the following command:
2.You can make the router easier to locate in the network by assigning a hostname. Enter
the following command to assign a hostname:
Router(config)# hostname R1
On R1 specify the miminum lengh of passwords 5 characters. For security reasong configure
that R1 will be blocked for 120 seconds if password is typed 3 times wrong during 60
seconds.
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Router(config)#hostname R1
R1(config)#ip domain-name cisco.com
R1(config)#username cisco password cisco
R1(config)#crypto key generate rsa
The name for the keys will be: R1.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
R1(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)#
First, we have defined the device hostname by using the hostname R1 command. Next, we
have defined the domain name by using the ip domain-name cisco command. After that, the
local user is created by using the username cisco password cisco command. Next, we need
to enable only the SSH access to a device. This is done by using the transport input ssh
command:
R1(config)#line vty 0 15
R1(config-line)#login local
R1(config-line)#transport input ssh
R1(config-line)#exit
7. Configure Router interfaces with ip adrreses on the networks they are connected on.
R1(config)#int Gi0/0
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
R1(config-if)#description lidhja me L1
R1(config-if)#ip address 10.10.10.2 255.255.255.252
R1(config-if)#exit
R1(config)#int Gi0/1
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
R1(config-if)#description lidhja me L2
R1(config-if)#ip address 10.10.30.1 255.255.255.252
R1(config-if)#exit
R1(config)#int Gi0/2
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
R1(config-if)#description lidhja me router EDGE
R1(config-if)#ip address 20.20.10.1 255.255.255.252
R1(config-if)#exit
8. Configure OSPF version 4 on area o, which will be the backbone area. Create OPSF
process which will be ospf 10. Specify router-id, networks that will be declared to the
neighbours, reference bandwidth 1000 and passive interface to the interface which is
connected to the LAN.
R1(config)#router ospf 10
R1(config-router)#router-id 3.3.3.3
R1(config-router)#network 10.10.10.0 0.0.0.3 area 0
R1(config-router)#network 10.10.30.0 0.0.0.3 area 0
R1(config-router)#network 20.20.10.0 0.0.0.3 area 0
R1(config-router)# auto-cost reference-bandwidth 1000
R1(config-router)#exit
R1(config)#service password-encryption
10.Save Configuration
R1(config)#exit
R1#copy running-config startup-config
Router R2 Configuration
1.Router>enable
Enable
Next, enter Global Configuration Mode and enter the following command:
Router(config)# hostname R2
On R2 specify the miminum lengh of passwords 5 characters. For security reasong configure
that R2 will be blocked for 120 seconds if password is typed 3 times wrong during 60
seconds.
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Router(config)#hostname R2
R2(config)#ip domain-name cisco.com
R2(config)#username cisco password cisco
R2(config)#crypto key generate rsa
The name for the keys will be: R2.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:2024
% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
R2(config)#ip ssh v 2
*Jun 8 16:46:45.407: %SSH-5-ENABLED: SSH 1.99 has been enabled
R1(config)#
First, we have defined the device hostname by using the hostname R2 command. Next, we
have defined the domain name by using the ip domain-name cisco command. After that, the
local user is created by using the username cisco password cisco command. Next, we need
to enable only the SSH access to a device. This is done by using the transport input ssh
command:
R2(config)#line vty 0 15
R2(config-line)#login local
R2(config-line)#transport input ssh
R2(config-line)#exit
7. Configure Router interfaces with ip adrreses on the networks they are connected on.
R2(config)#int Gi0/0
R2(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
R2(config-if)#description lidhja me L1
R2(config-if)#ip address 10.10.20.2 255.255.255.252
R2(config-if)#exit
R2(config)#int Gi0/1
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
R2(config-if)#description lidhja me L2
R2(config-if)#ip address 10.10.40.1 255.255.255.252
R2(config-if)#exit
R2(config)#int Gi0/2
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
R2(config)#router ospf 10
R2(config-router)#router-id 4.4.4.4
R2(config-router)#network 10.10.20.0 0.0.0.3 area 0
R2(config-router)#network 10.10.40.0 0.0.0.3 area 0
R2(config-router)#network 20.20.20.0 0.0.0.3 area 0
R2(config-router)# auto-cost reference-bandwidth 1000
R2(config-router)#exit
R2(config)#service password-encryption
10.Save Configuration
R2(config)#exit
R2#copy running-config startup-config
1.Router>enable
Enable
Next, enter Global Configuration Mode and enter the following command:
2.You can make the router easier to locate in the network by assigning a hostname. Enter
the following command to assign a hostname:
On EDGE specify the miminum lengh of passwords 5 characters. For security reasong
configure that R2 will be blocked for 120 seconds if password is typed 3 times wrong during
60 seconds.
5. Configure Console
6. Create vty lines and activate ssh protocol for remote access
To enable secure access to your Cisco device, you can use SSH instead of Telnet. SSH
uses encryption to secure data from eavesdropping.
The following example shows the configuration of the first three steps:
Router(config)#hostname EDGE
EDGE (config)#ip domain-name cisco.com
EDGE (config)#username cisco password cisco
EDGE (config)#crypto key generate rsa
The name for the keys will be: EDGE.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
7. Configure Router interfaces with ip adrreses on the networks they are connected on.
EDGE (config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
EDGE (config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
EDGE (config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1/0, changed state to up
2. Configure the G0/1/0 interface facing the Internet as the NAT outside interface.
EDGE(config)#int f0/0
EDGE(config-if)#ip nat outside
5. Associate the access list with the outside interface and enable PAT to complete
the configuration.
EDGE(config)#ip nat inside source list 1 interface G0/1/0 overload
ISP
.Router>enable
Enable
Next, enter Global Configuration Mode and enter the following command:
2.You can make the router easier to locate in the network by assigning a hostname. Enter
the following command to assign a hostname:
ISP (config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up