CCNA Routing and Switching training adds value to the networking professional's career and helps them to advance their careers. A CCNA® Routing and Switching certified professional will have an opportunity to increase their job prospects. CCNA® R&S is the first level of the Cisco certification program, it validates the competency levels of network professionals in various networking streams such as Routing, Switching, and Connectivity.
Cisco Integrated Services Router (ISR)
Cisco provides various series and models of routers geared towards different types of customers and requirements. Some of them just do routing whereas others provide some other functions such as Wireless connectivity, Security features, and Voice-over-IP services. Cisco’s ISR series routers are examples of routers that provide various services. The earlier CCNA exams used to focus on Cisco 2500 and 2600 routers that have been replaced by ISR 1800 and 2800/2900 series routers. 2500 and 2600 routers are End-of-Life now and cannot be bought from Cisco anymore. Figure 3-1 shows a part of the backplane of a Cisco 1841 router with important parts labeled.
Interested in mastering CCNA? Learn more about "CCNA Training" in this blog post.
Cisco Catalyst Switches
Cisco provides a wide range of switches under its Catalyst brand. The Catalyst brand encompasses many series of switches with each series targeting a particular part or size of a network. The CCNA exam focuses on the 2960 series of switches in the Catalyst brand. 2960 switches are low-cost wiring closet switches that you would expect to be used at the Access layer (remember the Cisco Hierarchical model) for providing network connectivity to hosts. Each model in the 2960 series switch is different in terms of the number of physical network interfaces it has but overall each model looks similar.
Configuration of Router and Switches
Hostname –
Clock –
myRouter#clock set 14:12:00 7 June 2011
Banners –
myRouter(config)#banner motd # Enter TEXT message. End with the character ‘#’.
Welcome to my Router. No unauthorized access.
#
The above example is repeated below with the delimiter changed to the dollar sign($) and the entire command given in a single line.
myRouter(config)#banner motd $ Welcome to myRouter. No unauthorized access.$The following output shows the banner displayed when an exec session is started.
Press RETURN to get started.Welcome to my Router. No unauthorized access.
myRouter>
There are four things that you should remember about the enable password and secret:
-Enable secret is encrypted before being stored in the config while the enable password is stored as plain text. So anyone viewing the config will know the enable password.
-If enable secret and enable password both are configured, the secret will be used always.
-Enable secret and password cannot have the same value.
-When using telnet or ssh to connect to the IOS, you cannot enter the enable mode if an enable secret or password has not been configured.
Here’s an example of how they are configured:
myRouter(config)#enable password test myRouter(config)#enable secret test123
After the enable password or secret is configured, notice how the user is prompted for a password when then enter the enable command in the user exec mode:
myRouter>en Password: test123 (password will not be shown when typed on the device]
myRouter#
To configure a line password for the console, you will first need to enter the line configuration mode for the console using the line console command in the global configuration mode as shown below:
myRouter(config)#line console ? <0-0> First Line number
myRouter(config)#line console 0 myRouter(config-line)#
In the above output, I used a question mark at the end of the first line. The help output shows that 0 is the only option available. The first thing to know here is that there can be multiple lines of a kind (for example multiple telnet lines). Second, you will need to specify the line number that you want to configure. In the case of a console, there will always be only a single line, zero, available. So the command line console 0will bring you to the line configuration mode for the console line (notice the change in router prompt to (config-line)#). In the line config mode, use the password command to set a password for the line. After that,0 you will need to use the
myRouter(config)#line console 0 myRouter(config-line)#password test
myRouter(config-line)#login
Now when someone tries to connect using the console, they will be prompted for a password as shown below.
myRouter con0 is now availablePress RETURN to get started.
User Access Verification
Password: test [password will not be displayed when typed]
myRouter>
myRouter(config)#line aux 0 myRouter(config-line)#password test
myRouter(config-line)#login
Configuring the password for the telnet lines is no different, but you need to know two things before doing that:
-Telnet lines are called vty lines because they are virtual unlike console and auxiliary
-Each IOS device has a minimum of 5 vty lines (0 to 4). Some of them can have 15 or more.
-You can configure all the vty lines together, in a group or one at a time. They need not have the same -configuration.
-A new telnet or SSH session will use the lowest available vty line. So there can be 5 telnet or SSH sessions to the device at any time.
-Telnet or SSH sessions to the device will not be allowed unless a password has been configured and login is enabled.
To configure a password on line vty, you need to use the password and login commands in the line configuration mode. You can enter the vty line configuration mode using the line vty line-number line-number command. The following example shows the available number of vty lines:
myRouter(config)#line vty ? <0-4> First Line number
myRouter(config)#line vty 0 ?
<1-4> Last Line number
<cr>
myRouter(config)#line vty 0 4
myRouter(config-line)#
The line vty 0 4 commands in the above example will enter the line configuration mode and you will be able to configure all the available vty lines at one time. The example below shows a password configured for all the vty lines:
myRouter(config)#line vty 0 4 myRouter(config-line)#password test
myRouter(config-line)#login
Once the password has been configured and login enabled, the device will allow Telnet sessions to be initiated to the device. As you already know, Telnet is not a secure protocol because the session is transmitted in plain text and is vulnerable to snooping. To overcome this problem, SSH can be used. SSH encrypts the entire session but it requires encryption keys to start a session. By default IOS does not have these keys and hence an SSH session cannot be initiated. To generate those keys, you must first set the hostname and domain name of the device and then use the crypto key command as shown below:
myRouter(config)#hostname Gateway Gateway(config)#ip domain-name test.edu
Gateway(config)#crypto key generate rsa general-keys modulus 1024
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable…
Jun 9 00:43:43.599: %SSH-5-ENABLED: SSH 1.99 has been enabled
Once the keys are generated, the vty line can be configured to accept SSH sessions using the following command:
Gateway(config-line)#transport input ssh telnet