Cisco Networking/CCENT/Remote Management
This lesson covers remote management, including over WANs with serial connections.
Objectives and Skills
editObjectives and skills for the WANs portion of Cisco CCENT certification include:[1]
- Select the components required to meet a given network specification
- Predict the data flow between two hosts across a network
- Configure and verify utilizing the CLI to set basic Router configuration
- Console & VTY logins
- Interface IP Address
- loopback
- Configure and verify initial switch configuration including remote access management
- Verify network status and switch operation using basic utilities such as
- ping
- telnet
- SSH
Readings
editMultimedia
editExamples
editLine Configuration
editshow line
editTo display parameters of a terminal line, use the show line command in EXEC mode.[2]
show line [line-number | aux | console | summary]
line
editTo identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.[3]
line <aux | console | tty | vty> <line-number> [ending-line-number] line console 0 line aux 0 line vty 0 4
Command Sequence
editA command sequence to configure line access with passwords might be similar to the following.
enable show line configure terminal line console 0 password letmein login exit line aux 0 password dialin login exit line vty 0 4 password telnetssh login exit enable secret cisco service password-encryption exit show running-config exit
A command sequence to configure line access with usernames and passwords might be similar to the following.
enable configure terminal username admin1 password secret1 username admin2 password secret2 line console 0 login local exit line aux 0 login local exit line vty 0 4 login local exec-timeout 5 exit enable secret cisco service password-encryption exit show running-config exit
Interface Configuration
editshow ip interface
editTo display the usability status of interfaces that are configured for IP, use the show ip interface command.[4]
show ip interface
show ip interface brief
editTo display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.[5]
show ip interface brief
shutdown
editUse the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.[6]
shutdown no shutdown
ip address
editTo assign an IP address and subnet mask to an interface, use the ip address command.[7]
ip address <address> <mask>
interface loopback
editTo specify a loopback interface and enter interface configuration mode, use the interface loopback in global configuration mode. A loopback interface is a virtual interface that is always up and allows selected protocols to stay up even if other interfaces are down.[8]
interface loopback <number> interface loopback 0
clock rate
editTo configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode. The desired clock rate, in bits per second (bps) may be: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 2000000, 4000000, or 8000000.[9]
clock rate <rate> clock rate 64000
bandwidth
editTo set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.[10]
bandwidth <kilibits> bandwidth 64
encapsulation
editTo set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.[11]
encapsulation < frame-relay | hdlc | ppp | slip > encapsulation ppp
Command Sequence
editA command sequence to assign interface ip addresses would be similar to the following.
enable show ip interface brief configure terminal interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 no shutdown exit interface Serial0/0 ip address 192.168.2.1 255.255.255.0 clock rate 56000 encapsulation ppp no shutdown exit interface loopback 0 ip address 192.168.255.1 255.255.255.255 exit exit show ip interface brief exit
SSH Configuration
editcrypto key generate rsa
editTo generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.[12]
crypto key generate rsa 1024
ip ssh version
editTo specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode. If this command is not configured, SSH operates in compatibility mode, that is, Version 1 and Version 2 are both supported.[13]
ip ssh version < 1 | 2 > ip ssh version 2
transport input
editTo define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.[14]
transport input <protocol> transport input telnet transport input ssh transport input telnet ssh
Command Sequence
editA command sequence to configure SSH access might be similar to the following.
enable configure terminal hostname router ip domain-name example.com crypto key generate rsa 1024 ip ssh version 2 username admin password cisco line vty 0 4 login local transport input ssh exit exit show running-config exit
Status
editping
editTo diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.[15]
ping <host-name | system-address> ping 192.168.1.1
Remote Management
edittelnet
editTo log in to a host that supports Telnet, use the telnet command in EXEC mode.[16]
telnet <host> [port] telnet 192.168.1.1
ssh
editTo start an encrypted session with a remote networking device, use the ssh user EXEC command.[17]
ssh [-l userid] [-c {des | 3des}] [-p portnum] <ipaddr | hostname> ssh -l admin 192.168.1.1
Activities
edit- Configure router aux line password security.
- Add a router to a new GNS3 project and start the device.
- Open the console for the router and practice using the following commands.
enable
configure terminal
line aux 0
password
login
exit
- Verify the configuration using the following command.
show running-config
- Exit the router console session and open a console on the aux line to test the configuration.
- Configure router IP addresses.
- Add a router to a new GNS3 project and start the device.
- Set the router IP addresses and subnet masks using the following commands.
- R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
- R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
enable
configure terminal
show ip interface brief
interface <interface>
ip address <address> <subnet>
no shutdown
exit
- Verify the configuration using the following commands.
show running-config
show ip interface brief
- Connect a second router to the first router from above and configure IP addresses.
- Add a router to the GNS3 project above and start the device.
- Add a link to connect the following.
- R1 FastEthernet0/0 <-> R2 FastEthernet0/0
- Set the following IP addresses and subnet masks.
- R2 FastEthernet0/0: 192.168.1.2 255.255.255.0
- R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
- If using serial ports for the connection, use the following commands if necessary.
clock rate
encapsulation
- Verify the configuration using the following commands on both routers.
show ip interface brief
ping
- Configure router vty username and password security.
- Use the routers from above and practice using the following commands on both routers.
enable
configure terminal
username
line vty 0 4
login local
exit
- Verify the configuration using the following command on both routers.
show running-config
- Test the configuration using the following command to remotely manage one router from the other.
telnet
- Use the routers from above and practice using the following commands on both routers.
- Configure router SSH access.
- Use the routers from above and practice using the following commands on both routers.
enable
configure terminal
hostname
ip domain-name
crypto key generate rsa
ip ssh version 2
line vty 0 4
transport input ssh
- Verify the configuration using the following command on both routers.
show running-config
- Test the configuration using the following command to verify that telnet access is no longer supported.
telnet
- Test the configuration using the following command to remotely manage one router from the other.
ssh
- Use the routers from above and practice using the following commands on both routers.
Lesson Summary
edit- Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).[18]
- Console ports are used for direct local system access using a console terminal.[19]
- Auxiliary ports are used for out-of-band management through a modem connection.[20]
- Virtual lines are used for inbound Telnet or SSH connections over a network connection.[21]
- Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line.[22] Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
- To display parameters of a terminal line, use the
show line
command in EXEC mode.[23] - To identify a specific line for configuration and enter line configuration collection mode, use the
line
command in global configuration mode.[24] - To display the usability status of interfaces that are configured for IP, use the
show ip interface
command.[25] - To display the usability status of interfaces configured for various IP addresses, use the
show ip interface brief
command in privileged EXEC mode.[26] - Use the
shutdown
interface configuration command to disable an interface. Use theno
form of this command to restart a disabled interface.[27] - To assign an IP address and subnet mask to an interface, use the
ip address
command.[28] - To specify a loopback interface and enter interface configuration mode, use the
interface loopback
command in global configuration mode.[29] - To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the
clock rate
command in interface configuration mode.[30] - To set and communicate the current bandwidth value for an interface to higher-level protocols, use the
bandwidth
command in interface configuration mode.[31] - To set the encapsulation method used by the interface, use the
encapsulation
command in interface configuration mode.[32] - To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the
crypto key generate rsa
command in global configuration mode.[33] - To specify the version of Secure Shell (SSH) to be run on a router, use the
ip ssh version
command in global configuration mode.[34] - To define which protocols to use to connect to a specific line of the router, use the
transport input
command in line configuration mode.[35] - To diagnose basic network connectivity on a variety of networks, use the
ping
privileged EXEC command.[36] - To log in to a host that supports Telnet, use the
telnet
command in EXEC mode.[37] - To start an encrypted session with a remote networking device, use the
ssh
user EXEC command.[38]
Key Terms
edit- out-of-band management
- The use of a dedicated channel for managing network devices.[39]
- Secure Shell (SSH)
- A cryptographic network protocol to allow remote login and other network services to operate securely over an insecure network.[40]
- Telnet
- A session layer protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.[41]
Review Questions
edit-
Cisco IOS supports line connections for _____.Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).
-
Console ports are used for _____.Console ports are used for direct local system access using a console terminal.
-
Auxiliary ports are used for _____.Auxiliary ports are used for out-of-band management through a modem connection.
-
Virtual lines are used for _____.Virtual lines are used for inbound Telnet or SSH connections over a network connection.
-
Historically, serial ports were used to support WAN connections over a variety of technologies, including: _____. Many WAN connectivity devices now support _____ rather than requiring serial ports.Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line. Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
-
To display parameters of a terminal line, use _____.To display parameters of a terminal line, use the show line command in EXEC mode.
-
To identify a specific line for configuration and enter line configuration collection mode, use _____.To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode.
-
To display the usability status of interfaces that are configured for IP, use _____.To display the usability status of interfaces that are configured for IP, use the show ip interface command.
-
To display the usability status of interfaces configured for various IP addresses, use _____.To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode.
-
Use the _____ interface configuration command to disable an interface. Use the _____ form of this command to restart a disabled interface.Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface.
-
To assign an IP address and subnet mask to an interface, use _____.To assign an IP address and subnet mask to an interface, use the ip address command.
-
To specify a loopback interface and enter interface configuration mode, use _____.To specify a loopback interface and enter interface configuration mode, use the interface loopback command in global configuration mode.
-
To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use _____.To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode.
-
To set and communicate the current bandwidth value for an interface to higher-level protocols, use _____.To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode.
-
To set the encapsulation method used by the interface, use _____.To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode.
-
To generate Rivest, Shamir, and Adelman (RSA) key pairs, use _____.To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode.
-
To specify the version of Secure Shell (SSH) to be run on a router, use _____.To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode.
-
To define which protocols to use to connect to a specific line of the router, use _____.To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode.
-
To diagnose basic network connectivity on a variety of networks, use _____.To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command.
-
To log in to a host that supports Telnet, use _____.To log in to a host that supports Telnet, use the telnet command in EXEC mode.
-
To start an encrypted session with a remote networking device, use _____.To start an encrypted session with a remote networking device, use the ssh user EXEC command.
Assessments
edit- Flashcards: Quizlet: CCENT - Remote Management
- Quiz: Quizlet: CCENT - Remote Management
See Also
editReferences
edit- ↑ Cisco: ICND1 Exam Topics
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: Catalyst 4500 Series Switch Cisco IOS Command Reference
- ↑ Cisco: Miscellaneous Command Reference
- ↑ Cisco: Catalyst 2960 Switch Cisco IOS Commands
- ↑ Cisco: Configuring IP Addressing
- ↑ Cisco: IOS Interface Configuration Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS Interface Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco IOS Security Command Reference
- ↑ Cisco: IOS Security Command Reference
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: IOS Configuration Fundamentals Command Reference
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: Secure Shell Commands
- ↑ Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
- ↑ Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
- ↑ Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
- ↑ Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
- ↑ Cisco: Internetworking Technologies Handbook
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: Catalyst 4500 Series Switch Cisco IOS Command Reference
- ↑ Cisco: Miscellaneous Command Reference
- ↑ Cisco: Catalyst 2960 Switch Cisco IOS Commands
- ↑ Cisco: Configuring IP Addressing
- ↑ Cisco: IOS Interface Configuration Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco: IOS Interface Command Reference
- ↑ Cisco: IOS Interface and Hardware Component Command Reference
- ↑ Cisco IOS Security Command Reference
- ↑ Cisco: IOS Security Command Reference
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: IOS Configuration Fundamentals Command Reference
- ↑ Cisco: IOS Terminal Services Command Reference
- ↑ Cisco: Secure Shell Commands
- ↑ Wikipedia: Out-of-band management
- ↑ Wikipedia: Secure Shell
- ↑ Wikipedia: Telnet