Cisco Networking/CCENT/Remote Management

This lesson covers remote management, including over WANs with serial connections.

Objectives and Skills

edit

Objectives and skills for the WANs portion of Cisco CCENT certification include:[1]

  • Select the components required to meet a given network specification
  • Predict the data flow between two hosts across a network
  • Configure and verify utilizing the CLI to set basic Router configuration
    • Console & VTY logins
    • Interface IP Address
      • loopback
  • Configure and verify initial switch configuration including remote access management
  • Verify network status and switch operation using basic utilities such as
    • ping
    • telnet
    • SSH

Readings

edit
  1. Wikipedia: Out-of-band management
  2. Wikipedia: Wide area network
  3. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  4. Cisco: Configuring Secure Shell on Routers and Switches Running Cisco IOS
  5. Cisco: WAN Technologies

Multimedia

edit
  1. YouTube: Setting Console and VTY Passwords
  2. YouTube: Router Configuration
  3. YouTube: Configure the Serial Interface of a Cisco Router
  4. YouTube: SSH and CLI Tips

Examples

edit

Line Configuration

edit

show line

edit

To display parameters of a terminal line, use the show line command in EXEC mode.[2]

show line [line-number | aux | console | summary]

line

edit

To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[3]

line <aux | console | tty | vty> <line-number> [ending-line-number]
line console 0
line aux 0
line vty 0 4

Command Sequence

edit

A command sequence to configure line access with passwords might be similar to the following.

enable
show line

configure terminal
line console 0
password letmein
login
exit

line aux 0
password dialin
login
exit

line vty 0 4
password telnetssh
login
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

A command sequence to configure line access with usernames and passwords might be similar to the following.

enable
configure terminal

username admin1 password secret1
username admin2 password secret2

line console 0
login local
exit

line aux 0
login local
exit

line vty 0 4
login local
exec-timeout 5
exit

enable secret cisco
service password-encryption
exit

show running-config
exit

Interface Configuration

edit

show ip interface

edit

To display the usability status of interfaces that are configured for IP, use the show ip interface command.[4]

show ip interface

show ip interface brief

edit

To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.[5]

show ip interface brief

shutdown

edit

Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.[6]

shutdown
no shutdown

ip address

edit

To assign an IP address and subnet mask to an interface, use the ip address command.[7]

ip address <address> <mask>

interface loopback

edit

To specify a loopback interface and enter interface configuration mode, use the interface loopback in global configuration mode. A loopback interface is a virtual interface that is always up and allows selected protocols to stay up even if other interfaces are down.[8]

interface loopback <number>
interface loopback 0

clock rate

edit

To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode. The desired clock rate, in bits per second (bps) may be: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 2000000, 4000000, or 8000000.[9]

clock rate <rate>
clock rate 64000

bandwidth

edit

To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.[10]

bandwidth <kilibits>
bandwidth 64

encapsulation

edit

To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.[11]

encapsulation < frame-relay | hdlc | ppp | slip >
encapsulation ppp

Command Sequence

edit

A command sequence to assign interface ip addresses would be similar to the following.

enable
show ip interface brief

configure terminal
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
no shutdown
exit

interface Serial0/0
ip address 192.168.2.1 255.255.255.0
clock rate 56000
encapsulation ppp
no shutdown
exit

interface loopback 0
ip address 192.168.255.1 255.255.255.255
exit
exit

show ip interface brief
exit

SSH Configuration

edit

crypto key generate rsa

edit

To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.[12]

crypto key generate rsa
1024

ip ssh version

edit

To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode. If this command is not configured, SSH operates in compatibility mode, that is, Version 1 and Version 2 are both supported.[13]

ip ssh version < 1 | 2 >
ip ssh version 2

transport input

edit

To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.[14]

transport input <protocol>
transport input telnet
transport input ssh
transport input telnet ssh

Command Sequence

edit

A command sequence to configure SSH access might be similar to the following.

enable
configure terminal

hostname router
ip domain-name example.com

crypto key generate rsa
1024
ip ssh version 2

username admin password cisco

line vty 0 4
login local
transport input ssh
exit
exit

show running-config
exit

Status

edit

ping

edit

To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.[15]

ping <host-name | system-address>
ping 192.168.1.1

Remote Management

edit

telnet

edit

To log in to a host that supports Telnet, use the telnet command in EXEC mode.[16]

telnet <host> [port]
telnet 192.168.1.1

To start an encrypted session with a remote networking device, use the ssh user EXEC command.[17]

ssh [-l userid] [-c {des | 3des}] [-p portnum] <ipaddr | hostname>
ssh -l admin 192.168.1.1

Activities

edit
  1. Configure router aux line password security.
     
    1. Add a router to a new GNS3 project and start the device.
    2. Open the console for the router and practice using the following commands.
      • enable
      • configure terminal
      • line aux 0
      • password
      • login
      • exit
    3. Verify the configuration using the following command.
      • show running-config
    4. Exit the router console session and open a console on the aux line to test the configuration.
  2. Configure router IP addresses.
     
    1. Add a router to a new GNS3 project and start the device.
    2. Set the router IP addresses and subnet masks using the following commands.
      • R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
      • R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
      • enable
      • configure terminal
      • show ip interface brief
      • interface <interface>
      • ip address <address> <subnet>
      • no shutdown
      • exit
    3. Verify the configuration using the following commands.
      • show running-config
      • show ip interface brief
  3. Connect a second router to the first router from above and configure IP addresses.
     
    1. Add a router to the GNS3 project above and start the device.
    2. Add a link to connect the following.
      • R1 FastEthernet0/0 <-> R2 FastEthernet0/0
    3. Set the following IP addresses and subnet masks.
      • R2 FastEthernet0/0: 192.168.1.2 255.255.255.0
      • R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
    4. If using serial ports for the connection, use the following commands if necessary.
      • clock rate
      • encapsulation
    5. Verify the configuration using the following commands on both routers.
      • show ip interface brief
      • ping
  4. Configure router vty username and password security.
     
    1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • username
      • line vty 0 4
      • login local
      • exit
    2. Verify the configuration using the following command on both routers.
      • show running-config
    3. Test the configuration using the following command to remotely manage one router from the other.
      • telnet
  5. Configure router SSH access.
     
    1. Use the routers from above and practice using the following commands on both routers.
      • enable
      • configure terminal
      • hostname
      • ip domain-name
      • crypto key generate rsa
      • ip ssh version 2
      • line vty 0 4
      • transport input ssh
    2. Verify the configuration using the following command on both routers.
      • show running-config
    3. Test the configuration using the following command to verify that telnet access is no longer supported.
      • telnet
    4. Test the configuration using the following command to remotely manage one router from the other.
      • ssh

Lesson Summary

edit
  • Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).[18]
  • Console ports are used for direct local system access using a console terminal.[19]
  • Auxiliary ports are used for out-of-band management through a modem connection.[20]
  • Virtual lines are used for inbound Telnet or SSH connections over a network connection.[21]
  • Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line.[22] Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
  • To display parameters of a terminal line, use the show line command in EXEC mode.[23]
  • To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[24]
  • To display the usability status of interfaces that are configured for IP, use the show ip interface command.[25]
  • To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.[26]
  • Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.[27]
  • To assign an IP address and subnet mask to an interface, use the ip address command.[28]
  • To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.[29]
  • To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.[30]
  • To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.[31]
  • To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.[32]
  • To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.[33]
  • To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.[34]
  • To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.[35]
  • To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.[36]
  • To log in to a host that supports Telnet, use the telnet command in EXEC mode.[37]
  • To start an encrypted session with a remote networking device, use the ssh user EXEC command.[38]

Key Terms

edit
out-of-band management
The use of a dedicated channel for managing network devices.[39]
Secure Shell (SSH)
A cryptographic network protocol to allow remote login and other network services to operate securely over an insecure network.[40]
Telnet
A session layer protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.[41]

Review Questions

edit
Enable JavaScript to hide answers.
Click on a question to see the answer.
  1. Cisco IOS supports line connections for _____.
    Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).
  2. Console ports are used for _____.
    Console ports are used for direct local system access using a console terminal.
  3. Auxiliary ports are used for _____.
    Auxiliary ports are used for out-of-band management through a modem connection.
  4. Virtual lines are used for _____.
    Virtual lines are used for inbound Telnet or SSH connections over a network connection.
  5. Historically, serial ports were used to support WAN connections over a variety of technologies, including: _____. Many WAN connectivity devices now support _____ rather than requiring serial ports.
    Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line. Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
  6. To display parameters of a terminal line, use _____.
    To display parameters of a terminal line, use the show line command in EXEC mode.
  7. To identify a specific line for configuration and enter line configuration collection mode, use _____.
    To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.
  8. To display the usability status of interfaces that are configured for IP, use _____.
    To display the usability status of interfaces that are configured for IP, use the show ip interface command.
  9. To display the usability status of interfaces configured for various IP addresses, use _____.
    To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.
  10. Use the _____ interface configuration command to disable an interface. Use the _____ form of this command to restart a disabled interface.
    Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.
  11. To assign an IP address and subnet mask to an interface, use _____.
    To assign an IP address and subnet mask to an interface, use the ip address command.
  12. To specify a loopback interface and enter interface configuration mode, use _____.
    To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.
  13. To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use _____.
    To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.
  14. To set and communicate the current bandwidth value for an interface to higher-level protocols, use _____.
    To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.
  15. To set the encapsulation method used by the interface, use _____.
    To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.
  16. To generate Rivest, Shamir, and Adelman (RSA) key pairs, use _____.
    To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.
  17. To specify the version of Secure Shell (SSH) to be run on a router, use _____.
    To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.
  18. To define which protocols to use to connect to a specific line of the router, use _____.
    To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.
  19. To diagnose basic network connectivity on a variety of networks, use _____.
    To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.
  20. To log in to a host that supports Telnet, use _____.
    To log in to a host that supports Telnet, use the telnet command in EXEC mode.
  21. To start an encrypted session with a remote networking device, use _____.
    To start an encrypted session with a remote networking device, use the ssh user EXEC command.

Assessments

edit

See Also

edit

References

edit
  Completion status: this resource is considered to be complete.
  1. Cisco: ICND1 Exam Topics
  2. Cisco: IOS Terminal Services Command Reference
  3. Cisco: IOS Terminal Services Command Reference
  4. Cisco: Catalyst 4500 Series Switch Cisco IOS Command Reference
  5. Cisco: Miscellaneous Command Reference
  6. Cisco: Catalyst 2960 Switch Cisco IOS Commands
  7. Cisco: Configuring IP Addressing
  8. Cisco: IOS Interface Configuration Reference
  9. Cisco: IOS Interface and Hardware Component Command Reference
  10. Cisco: IOS Interface Command Reference
  11. Cisco: IOS Interface and Hardware Component Command Reference
  12. Cisco IOS Security Command Reference
  13. Cisco: IOS Security Command Reference
  14. Cisco: IOS Terminal Services Command Reference
  15. Cisco: IOS Configuration Fundamentals Command Reference
  16. Cisco: IOS Terminal Services Command Reference
  17. Cisco: Secure Shell Commands
  18. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  19. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  20. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  21. Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
  22. Cisco: Internetworking Technologies Handbook
  23. Cisco: IOS Terminal Services Command Reference
  24. Cisco: IOS Terminal Services Command Reference
  25. Cisco: Catalyst 4500 Series Switch Cisco IOS Command Reference
  26. Cisco: Miscellaneous Command Reference
  27. Cisco: Catalyst 2960 Switch Cisco IOS Commands
  28. Cisco: Configuring IP Addressing
  29. Cisco: IOS Interface Configuration Reference
  30. Cisco: IOS Interface and Hardware Component Command Reference
  31. Cisco: IOS Interface Command Reference
  32. Cisco: IOS Interface and Hardware Component Command Reference
  33. Cisco IOS Security Command Reference
  34. Cisco: IOS Security Command Reference
  35. Cisco: IOS Terminal Services Command Reference
  36. Cisco: IOS Configuration Fundamentals Command Reference
  37. Cisco: IOS Terminal Services Command Reference
  38. Cisco: Secure Shell Commands
  39. Wikipedia: Out-of-band management
  40. Wikipedia: Secure Shell
  41. Wikipedia: Telnet