Cisco Networking/CCENT/Remote Management

This lesson covers remote management, including over WANs with serial connections.

Objectives and Skills
Objectives and skills for the WANs portion of Cisco CCENT certification include:
 * Select the components required to meet a given network specification
 * Predict the data flow between two hosts across a network
 * Configure and verify utilizing the CLI to set basic Router configuration
 * Console & VTY logins
 * Interface IP Address
 * loopback
 * Configure and verify initial switch configuration including remote access management
 * Verify network status and switch operation using basic utilities such as
 * ping
 * telnet
 * SSH

Readings

 * 1)  Out-of-band management
 * 2)  Wide area network
 * 3) Cisco: Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example
 * 4) Cisco: Configuring Secure Shell on Routers and Switches Running Cisco IOS
 * 5) Cisco: WAN Technologies

Multimedia

 * 1) YouTube: Setting Console and VTY Passwords
 * 2) YouTube: Router Configuration
 * 3) YouTube: Configure the Serial Interface of a Cisco Router
 * 4) YouTube: SSH and CLI Tips

show line
To display parameters of a terminal line, use the show line command in EXEC mode. show line [line-number | aux | console | summary]

line
To identify a specific line for configuration and enter line configuration collection mode, use the line command in global configuration mode. line   [ending-line-number] line console 0 line aux 0 line vty 0 4

Command Sequence
A command sequence to configure line access with passwords might be similar to the following. enable show line

configure terminal line console 0 password letmein login exit

line aux 0 password dialin login exit

line vty 0 4 password telnetssh login exit

enable secret cisco service password-encryption exit

show running-config exit

A command sequence to configure line access with usernames and passwords might be similar to the following. enable configure terminal

username admin1 password secret1 username admin2 password secret2

line console 0 login local exit

line aux 0 login local exit

line vty 0 4 login local exec-timeout 5 exit

enable secret cisco service password-encryption exit

show running-config exit

show ip interface
To display the usability status of interfaces that are configured for IP, use the show ip interface command. show ip interface

show ip interface brief
To display the usability status of interfaces configured for various IP addresses, use the show ip interface brief command in privileged EXEC mode. show ip interface brief

shutdown
Use the shutdown interface configuration command to disable an interface. Use the no form of this command to restart a disabled interface. shutdown no shutdown

ip address
To assign an IP address and subnet mask to an interface, use the ip address command. ip address

interface loopback
To specify a loopback interface and enter interface configuration mode, use the interface loopback in global configuration mode. A loopback interface is a virtual interface that is always up and allows selected protocols to stay up even if other interfaces are down. interface loopback interface loopback 0

clock rate
To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the clock rate command in interface configuration mode. The desired clock rate, in bits per second (bps) may be: 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 250000, 500000, 800000, 1000000, 1300000, 2000000, 4000000, or 8000000. clock rate clock rate 64000

bandwidth
To set and communicate the current bandwidth value for an interface to higher-level protocols, use the bandwidth command in interface configuration mode. bandwidth bandwidth 64

encapsulation
To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode. encapsulation < frame-relay | hdlc | ppp | slip > encapsulation ppp

Command Sequence
A command sequence to assign interface ip addresses would be similar to the following. enable show ip interface brief

configure terminal interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 no shutdown exit

interface Serial0/0 ip address 192.168.2.1 255.255.255.0 clock rate 56000 encapsulation ppp no shutdown exit

interface loopback 0 ip address 192.168.255.1 255.255.255.255 exit exit

show ip interface brief exit

crypto key generate rsa
To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the crypto key generate rsa command in global configuration mode. crypto key generate rsa 1024

ip ssh version
To specify the version of Secure Shell (SSH) to be run on a router, use the ip ssh version command in global configuration mode. If this command is not configured, SSH operates in compatibility mode, that is, Version 1 and Version 2 are both supported. ip ssh version < 1 | 2 > ip ssh version 2

transport input
To define which protocols to use to connect to a specific line of the router, use the transport input command in line configuration mode. transport input transport input telnet transport input ssh transport input telnet ssh

Command Sequence
A command sequence to configure SSH access might be similar to the following. enable configure terminal

hostname router ip domain-name example.com

crypto key generate rsa 1024 ip ssh version 2

username admin password cisco

line vty 0 4 login local transport input ssh exit exit

show running-config exit

ping
To diagnose basic network connectivity on a variety of networks, use the ping privileged EXEC command. ping  ping 192.168.1.1

telnet
To log in to a host that supports Telnet, use the telnet command in EXEC mode. telnet [port] telnet 192.168.1.1

ssh
To start an encrypted session with a remote networking device, use the ssh user EXEC command. ssh [-l userid] [-c {des | 3des}] [-p portnum]  ssh -l admin 192.168.1.1

Activities

 * 1) Configure router aux line password security.Cisco CCENT Router.png
 * 2) Add a router to a new GNS3 project and start the device.
 * 3) Open the console for the router and practice using the following commands.
 * 4) Verify the configuration using the following command.
 * 5) Exit the router console session and open a console on the aux line to test the configuration.
 * 6) Configure router IP addresses.Cisco CCENT Router.png
 * 7) Add a router to a new GNS3 project and start the device.
 * 8) Set the router IP addresses and subnet masks using the following commands.
 * 9) * R1 FastEthernet0/0: 192.168.1.1 255.255.255.0
 * 10) * R1 FastEthernet0/1: 192.168.2.1 255.255.255.0
 * 11) Verify the configuration using the following commands.
 * 12) Connect a second router to the first router from above and configure IP addresses.Cisco CCENT 2 Routers.png
 * 13) Add a router to the GNS3 project above and start the device.
 * 14) Add a link to connect the following.
 * 15) * R1 FastEthernet0/0 <-> R2 FastEthernet0/0
 * 16) Set the following IP addresses and subnet masks.
 * 17) * R2 FastEthernet0/0: 192.168.1.2 255.255.255.0
 * 18) * R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
 * 19) If using serial ports for the connection, use the following commands if necessary.
 * 20) Verify the configuration using the following commands on both routers.
 * 21) Configure router vty username and password security.Cisco CCENT 2 Routers.png
 * 22) Use the routers from above and practice using the following commands on both routers.
 * 23) Verify the configuration using the following command on both routers.
 * 24) Test the configuration using the following command to remotely manage one router from the other.
 * 25) Configure router SSH access.Cisco CCENT 2 Routers.png
 * 26) Use the routers from above and practice using the following commands on both routers.
 * 27) Verify the configuration using the following command on both routers.
 * 28) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 29) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Add a link to connect the following.
 * 2) * R1 FastEthernet0/0 <-> R2 FastEthernet0/0
 * 3) Set the following IP addresses and subnet masks.
 * 4) * R2 FastEthernet0/0: 192.168.1.2 255.255.255.0
 * 5) * R2 FastEthernet0/1: 192.168.3.1 255.255.255.0
 * 6) If using serial ports for the connection, use the following commands if necessary.
 * 7) Verify the configuration using the following commands on both routers.
 * 8) Configure router vty username and password security.Cisco CCENT 2 Routers.png
 * 9) Use the routers from above and practice using the following commands on both routers.
 * 10) Verify the configuration using the following command on both routers.
 * 11) Test the configuration using the following command to remotely manage one router from the other.
 * 12) Configure router SSH access.Cisco CCENT 2 Routers.png
 * 13) Use the routers from above and practice using the following commands on both routers.
 * 14) Verify the configuration using the following command on both routers.
 * 15) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 16) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Verify the configuration using the following command on both routers.
 * 2) Test the configuration using the following command to remotely manage one router from the other.
 * 3) Configure router SSH access.Cisco CCENT 2 Routers.png
 * 4) Use the routers from above and practice using the following commands on both routers.
 * 5) Verify the configuration using the following command on both routers.
 * 6) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 7) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Configure router SSH access.Cisco CCENT 2 Routers.png
 * 2) Use the routers from above and practice using the following commands on both routers.
 * 3) Verify the configuration using the following command on both routers.
 * 4) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 5) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Verify the configuration using the following command on both routers.
 * 2) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 3) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Verify the configuration using the following command on both routers.
 * 2) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 3) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Test the configuration using the following command to verify that telnet access is no longer supported.
 * 2) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Test the configuration using the following command to remotely manage one router from the other.
 * 1) Test the configuration using the following command to remotely manage one router from the other.

Lesson Summary

 * Cisco IOS supports line connections for the console (CTY), auxiliary port (AUX), and virtual ports (VTY).
 * Console ports are used for direct local system access using a console terminal.
 * Auxiliary ports are used for out-of-band management through a modem connection.
 * Virtual lines are used for inbound Telnet or SSH connections over a network connection.
 * Historically, serial ports were used to support WAN connections over a variety of technologies, including: Frame Relay, High-Speed Serial Interface, Integrated Services Digital Network, Point-to-Point Protocol, Switched Multimegabit Data Service, Synchronous Data Link Control and Derivatives, X.25, and Digital Subscriber Line. Many WAN connectivity devices now support direct Ethernet connections rather than requiring serial ports.
 * To display parameters of a terminal line, use the  command in EXEC mode.
 * To identify a specific line for configuration and enter line configuration collection mode, use the  command in global configuration mode.
 * To display the usability status of interfaces that are configured for IP, use the  command.
 * To display the usability status of interfaces configured for various IP addresses, use the  command in privileged EXEC mode.
 * Use the  interface configuration command to disable an interface. Use the   form of this command to restart a disabled interface.
 * To assign an IP address and subnet mask to an interface, use the  command.
 * To specify a loopback interface and enter interface configuration mode, use the  command in global configuration mode.
 * To configure the clock rate for the hardware connections on serial interfaces to an acceptable bit rate, use the  command in interface configuration mode.
 * To set and communicate the current bandwidth value for an interface to higher-level protocols, use the  command in interface configuration mode.
 * To set the encapsulation method used by the interface, use the  command in interface configuration mode.
 * To generate Rivest, Shamir, and Adelman (RSA) key pairs, use the  command in global configuration mode.
 * To specify the version of Secure Shell (SSH) to be run on a router, use the  command in global configuration mode.
 * To define which protocols to use to connect to a specific line of the router, use the  command in line configuration mode.
 * To diagnose basic network connectivity on a variety of networks, use the  privileged EXEC command.
 * To log in to a host that supports Telnet, use the  command in EXEC mode.
 * To start an encrypted session with a remote networking device, use the  user EXEC command.

Key Terms

 * out-of-band management
 * The use of a dedicated channel for managing network devices.


 * Secure Shell (SSH)
 * A cryptographic network protocol to allow remote login and other network services to operate securely over an insecure network.


 * Telnet
 * A session layer protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Assessments

 * Flashcards: Quizlet: CCENT - Remote Management
 * Quiz: Quizlet: CCENT - Remote Management