[CCNA Lab #01] Basic Switch and End Device Configuration

In Lab #01, we are going to configure the Cisco Switch and End Device (PC). We will use the Packet Tracer simulator by Cisco. Thus, configure the switch in the simulator is equal to configure the real devices because we use the command-line interface. The commands used in the simulation and on the real device are the same. However, maybe there are differences in how to configure the end device (i.e. PC). It depends on your PC's operating system.

We will use Cisco Packet Tracer 7.3.1. So, please make sure you have installed version 7.3.1 or higher. You can download the Cisco Packet Tracer in Netacad's webpage.

REQUIREMENTS:

1. Understand the use of packet tracer.
2. Have knowledge of the basic configuration of Cisco IOS Switches and End devices, such as: IPv4 addressing, secure the device with a password, IOS navigation, etc.

In this article I will briefly show you how to configure it, but this is just to remind you. If you want to learn more details please read the following references.

REFERENCE (English):

• Netacad: Cisco Packet Tracer Free Courses
• Video: Official Packet Tracer Tutorials
• CiscoPress: Introduction to Cisco IOS Software
• CiscoPress: Introduction to Basic Switching Concepts and Configuration
• Cisco: Configuring the Hostname, Domain Name, and Passwords
• WebIPTEK.com: Cisco IOS Command Structure and Syntax

REFERENCE (Bahasa Indonesia):

• Ngonfig.Net - Perkenalan Cisco IOS (Internetworking Operating System)
• Ngonfig.Net - Konfigurasi Dasar Cisco IOS Router dan Switch: Hostname, Banner & Interface
• Buatkuingat: Belajar Mudah Cisco Packet Tracer Terbaru Untuk Pemula
• WebIPTEK.com: Materi CCNA 200-301

RESOURCES

• Example Lab: Make it yourself.
• Challenge Lab: 01# Basic Switch and End Device Configuration.pka

Example Lab

Hostname	Interface	Address
CoreSwitch	VLAN 1	192.168.1.15/24
PC	Fa0	192.168.1.10/24

TASK

1. Configure Hostname.
2. Set the password of the console line, VTY lines 0-4, and the privileged exec mode: Secure2020
3. Encypt all clear text passwords.
4. Configure banner on CoreSwitch.
5. Configure IP Address according to the table above.
6. Save configuration.
7. Configure IP Address in End Device.
8. Verify device connectivity using ping command.

Focus on the red prompt for the example lab configuration.

To access a Cisco devices for the first time, we can use a console cable to access and start configure our Cisco Device. In Packet Tracer we can use an aqua colored cable, it is the cable console. Connect the console cable from the Console port (on the Switch) to the RS-232 port (on the PC / End Device).

Then open the Desktop tab on PC. Then select "Terminal" and OK.

Now you can start configure your device.

A. Configure Hostname

The default name should be changed to something more descriptive. By choosing names wisely, it is easier to remember, document, and identify network devices. Here are some important naming guidelines for hosts:

• Start with a letter
• Contain no spaces
• End with a letter or digit
• Use only letters, digits, and dashes
• Be less than 64 characters in length

Command Format:

Switch(config)# hostname {device_name}

Example Command (based on the task above):

Switch(config)# hostname CoreSwitch
CoreSwitch(config)#

B. Securing the Device

We can secure our devices by authenticating user (who tries to access our device) with passwords when entering: User Exec Mode, Privileged Exec Mode and VTY Line.

When choosing passwords, use strong passwords that are not easily guessed. There are some key points to consider when choosing passwords:

• Use passwords that are more than eight characters in length.
• Use a combination of upper and lowercase letters, numbers, special characters, and/or numeric sequences.
• Avoid using the same password for all devices.
• Do not use common words because they are easily guessed.

But, for learning purpose in our example we will use an easy password.

1. User EXEC or Console Line Password
This will authenticate you every time you enter User EXEC mode.
Command Format:

Switch(config)# line console 0
Switch(config-line)# password {password}
Switch(config-line)# login

Example Command (based on the task above):

CoreSwitch(config)# line console 0
CoreSwitch(config-line)# password Secure2020
CoreSwitch(config-line)# login

2. Privileged EXEC Mode Command Format:

Switch(config)# enable secret {level level {cleartext-password | [encryption-type] encrypted-password}<

The difference between enable secret and enable password is that enable secret will encrypt your password by default, whereas enabling password doesn't.

Example Command (based on the task above):

CoreSwitch(config)# line console 0
CoreSwitch(config-line)# enable secret Secure2020

3. VTY Line Password
Virtual terminal (VTY) lines enable remote access using Telnet or SSH to the device. Many Cisco switches support up to 16 VTY lines that are numbered 0 to 15. To secure VTY line using a password:

Switch(config)# line vty [line-number]
Switch(config-line)# password [password]
Switch(config-line)# login

Example Command (based on the task above):

CoreSwitch(config)# line vty 0 4
CoreSwitch(config-line)# password Secure2020
CoreSwitch(config-line)# login

C. Encrypt Password

By default all unencrypted password can be viewed in the startup-configuration and running-configuration files. To encrypt all plaintext password, use this command:

Switch(config)# service password-encryption

This is running-configuration before password-encryption enabled.

CoreSwitch# show run
!
line con 0
 password Secure2020
 login
!
line vty 0 4
 password Secure2020
 login
line vty 5 15
 login
!

Now we enable the password-encryption, and all password will be encrypted.

CoreSwitch# show run
!
line con 0
 password 7 0812494D1C0B004542595C
 login
!
line vty 0 4
 password 7 0812494D1C0B004542595C
 login
line vty 5 15
 login
!

D. Setup Banner Message

There are actually 3 types of banners on Cisco IOS: MOTD banner, Login banner, Exec banner. However, in the packet tracer and Netacad CCNA module, there is only 1 banner, that is the MOTD (message-of-the-day) banner. To configure MOTD banner, use the following command.

Switch(config)# banner motd {Text}

Fill in the argument Text with an appropriate banner text. Use a delimiting character (any character that is different from the banner character used).

For example, if you want configgure a MOTD banner: Authorized Access Only. You must add a delimeter (such as #, $, %, x, z) in start and the end of the banner. So, your command is:

CoreSwitch(config)# banner motd #Authorized Access Only#

If your banner more than one line banner. User "banner motd delimeter" then enter.

CoreSwitch(config)# banner motd *
Enter TEXT message.  End with the character '*'.
Welcome to CoreSwitch!
Contact WebIPTEK.com to get access!
*

E. Configure IP Address

Navigate to apropiate interface, make sure your interface is enabled. To disable use shutdown command or to enable using no shutdown command.

Switch(config)# interface {interface-name}
Switch(config-if)# no shutdown
Switch(config-if)# ip address {ip-address} {netmask}

For example (based on the task above):

CoreSwitch(config)# interface vlan 1
CoreSwitch(config-if)# no shutdown
CoreSwitch(config-if)# ip address 192.168.1.15 255.255.255.0

F. Save Configuration

You have configured your device, but your configuration is still stored in running-configuration which is located in RAM). Because RAM is a volatile memory. Your running-configuration will be lost if the device loses power or rebooted.

You should save your configuration to startup-configuration (which is located in Flash memory). So, your current configuration will be loaded when your device powered on. To do that use this command:

Switch# copy running-config startup-config

In some Cisco devices, we can use the command write to save the configuration to startup-configuration.

Switch# write

G. Configure IP Address on End Device (PC/Laptop)

First, open PC's desktop tab, then select IP Configuration.

Configure appropiate IPV4 address and subnetmask.

Verify connectivity using ping command

Ping from Switch.

CoreSwitch# ping 192.168.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

CoreSwitch(config-if)#

Ping from PC. Open PC Desktop tab then select Command Prompt.

C:\> ping 192.168.1.15

Pinging 192.168.1.15 with 32 bytes of data:

Reply from 192.168.1.15: bytes=32 time=2ms TTL=255
Reply from 192.168.1.15: bytes=32 time<1ms TTL=255
Reply from 192.168.1.15: bytes=32 time<1ms TTL=255
Reply from 192.168.1.15: bytes=32 time=2ms TTL=255

Ping statistics for 192.168.1.15:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 2ms, Average = 1ms

That's all. Good luck.