Scribd
Upload
384 views7 pages

16.4.7 Lab - Configure Network Devices With SSH

16.4.7 Lab - Configure Network Devices with SSH Answer

Uploaded by

Joven Noblefranca
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
384 views7 pages

16.4.7 Lab - Configure Network Devices With SSH

16.4.7 Lab - Configure Network Devices with SSH Answer

Uploaded by

Joven Noblefranca
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

NAME: Joven M.

Noblefranca
SECTION: BSIT - 2105

16.4.7 Lab - Configure Network Devices with SSH

Topology

Addressing Table
Objectives

● Part 1: Configure Basic Device Settings


● Part 2: Configure the Router for SSH Access
● Part 3: Configure the Switch for SSH Access
● Part 4: SSH from the CLI on the Switch

Background / Scenario

In the past, Telnet was the most common network protocol used to remotely configure
network devices. Telnet does not encrypt the information between the client and server.
This allows a network sniffer to intercept passwords and configuration information.

Secure Shell (SSH) is a network protocol that establishes a secure terminal emulation
connection to a router or other networking device. SSH encrypts all information that
passes over the network link and provides authentication of the remote computer. SSH
is rapidly replacing Telnet as the remote login tool of choice for network professionals.
SSH is most often used to log in to a remote device and execute commands. However,
it can also transfer files using the associated Secure FTP (SFTP) or Secure Copy (SCP)
protocols.

The network devices that are communicating must be configured to support SSH in
order for SSH to function. In this lab, you will enable the SSH server on a router and
then connect to that router using a PC with an SSH client installed. On a local network,
the connection is normally made using Ethernet and IP.

Note: The routers used with CCNA hands-on labs are Cisco 4221 with Cisco IOS XE
Release 16.9.4 (universalk9 image). The switches used in the labs are Cisco Catalyst
2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other routers, switches, and
Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the
commands available and the output produced might vary from what is shown in the
labs. Refer to the Router Interface Summary Table at the end of the lab for the correct
interface identifiers.

Note: Make sure that the routers and switches have been erased and have no startup
configurations. If you are unsure, contact your instructor.
Part 1: Configure Basic Device Settings

a. Console into the router and enable privileged EXEC mode.

- router> enable

b. Enter configuration mode.

- router# configure terminal

c. Disable DNS lookup to prevent the router from attempting to translate incorrectly
entered commands as though they were host names.

- router(config)# no ip domain-lookup

d. Assign class as the privileged EXEC encrypted password.

- router(config)# enable secret class

e. Assign cisco as the console password and enable login.

- router(config)# line console 0


router(config-line)# password cisco
router(config-line)# login

f. Assign cisco as the VTY password and enable login.


router(config)# line vty 0 4
router(config-line)# password cisco

- router(config-line)# login

g. Encrypt the plaintext passwords.

- router(config)# service password-encryption

h. Create a banner that will warn anyone accessing the device that unauthorized access
is prohibited.

- router(config)# banner motd $ Authorized Users Only! $

i. Configure and activate the G0/0/1 interface on the router using the information
contained in the Addressing Table.

- router(config)# interface g0/0/1


router(config-if)# ip address 192.168.1.1 255.255.255.0
router(config-if)# no shutdown

j. Save the running configuration to the startup configuration file.

- router# copy running-config startup-config

Part 2: Configure the Router for SSH Access

a. Configure device name.

- router(config)# hostname R1

b. Configure the domain for the device.

- R1(config)# ip domain-name ccna-lab.com

Configure a username using admin as the username and Adm1nP@55 as the


password.

- R1(config)# username admin secret Adm1nP@55

a. Enable Telnet and SSH on the inbound VTY lines using the transport input command.

- R1(config)# line vty 0 4

R1(config-line)# transport input ssh

b. Change the login method to use the local database for user verification.

- R1(config-line)# login local

R1(config-line)# end
Part 3: Configure the Switch for SSH Access

a. Console into the switch and enable privileged EXEC mode.

- switch> enable

b. Enter configuration mode.

- switch# configure terminal

c. Disable DNS lookup to prevent the router from attempting to translate incorrectly
entered commands as though they were host names.

- switch(config)# no ip domain-lookup

d. Assign class as the privileged EXEC encrypted password.

- switch(config)# enable secret class

e. Assign cisco as the console password and enable login.

- switch(config)# line console 0


switch(config-line)# password cisco
switch(config-line)# login

f. Assign cisco as the VTY password and enable login.

- switch(config)# line vty 0 15


switch(config-line)# password cisco
switch(config-line)# login

g. Encrypt the plain text passwords.

- switch(config)# service password-encryption

h. Create a banner that will warn anyone accessing the device that unauthorized access
is prohibited.

- switch(config)# banner motd $ Authorized Users Only! $

i. Configure and activate the VLAN 1 interface on the switch according to the
Addressing Table.
- switch(config)# interface vlan 1
switch(config-if)# ip address 192.168.1.11 255.255.255.0
switch(config-if)# no shutdown

j. Save the running configuration to the startup configuration file.

- Switch# copy running-config startup-config

a. Configure the device name as listed in the Addressing Table.

- switch(config)# hostname S1

b. Configure the domain for the device.

- S1(config)# ip domain-name ccna-lab.com

c. Configure the encryption key method.]

- S1(config)#

d. Configure a local database username.

- S1(config)# username admin secret Adm1nP@55

e. Enable Telnet and SSH on the VTY lines.

- S1(config)# line vty 0 15


S1(config-line)# transport input ssh

f. Change the login method to use the local database for user verification.

- S1(config-line)# login local


S1(config-line)# end

Are you able to establish an SSH session with the switch?


- Yes. SSH can be configured on a switch using the same commands that were
used on the router.

What versions of SSH are supported from the CLI?

- This can be determined by using the ssh –v ? on the command line. The 2960
switch running IOS version 15.0(2) supports SSH v1 and V2.
Reflection Question

How would you provide multiple users, each with their own username, access to a
network device?

- Add each user’s username and password to the local database using the
username command. It is also possible to use a RADIUS or TACACS server, but
this has not been covered yet.

You might also like