Angelo Coiro Laboratorio Applicazioni Telematiche
L emulatore Packet Tracer
Packet Tracer Cisco Packet Tracer is an academic software that allows to emulate Cisco devices Packet Tracer can be used for Creating networks composed of generic and/or Cisco devices Emulating the Command Line Interface (CLI) of the Cisco IOS Configuring network devices by means of GUI or CLI and checking their state by creating a traffic scenario and observing the network behaviour Dynamically monitoring the state of every device or the format of all packets sent in the network
PT, a first look
Network Devices We can Use real network devices (Cisco) Create a new device Available devices are categorized in: Routers, Switches, Hubs (Repeaters), Wireless Devices (Access Point), End Devices (PCs, servers, printers,ipphone), WAN emulations (DSL e Cable Modem), customized devices
How to create a device 4. Click on workspace. 1. Click on Select tool 2. Select a type of device 3. Choose a device
Tools: The Common Tools Bar Select tool : select an item on the workspace Move tool: to move the whole topology Note tool: to add a notice Delete tool: to remove links and devices
Empty device 3. Physical Tab 4. Modules 2. Click on Device 1. Select generic empty device, e.g. Router
Adding modules to an empty device 4. Switch on the device 1. Switch off the device 4. To remove a module drag it to the module list 2. Choose the interface you want to install; e.g. Cable Gigabit Ethernet (CGE), Fiber Gigabit Ethernet (FGE), etc 3. Drag the module to an available slot on the device
Connecting devices To connect two devices we need to choose: a suitable transmission medium (wired or wireless connection?) Correct interfaces Smart connection mode is also available: PT automatically selects the correct cable and interface
Smart Connection 4. Click on first device. 1. Click Select tool 2. Click on Connection. 5. Click on second device. 3. Smart Connection.
Port Status Red means that the port is "down : it does not work! The default state of a router interface is "shutdown".
Port Labels Put the mouse cursor over the link to see which are the ports that the "Smart Connection" has used
Manual Connection Choose the correct cable Fiber if you want to use a Fiber Gigabit Ethernet interface Copper if you want to use a Copper Ethernet interface Copper Straight-Through if you are connecting an Ethernet end-device (PC or Router) to a switch Copper Cross-Over if you are directly connecting two enddevices (PC or Router) Click on devices and choose the correct interface
Configuring devices with PT (1/2) Packet Tracer provides a GUI to make basic configuration It also shows equivalent CLI commands Not used in this course
Configuring devices with PT (2/2) Packet Tracer emulates the Command Line Interface of Cisco-IOS Same commands of any Cisco device!!!
Configuring un Router
Management ports
How to use AUX and Console ports The console and AUX ports are used for management operations they are serial and asynchronous one of them is required for the initial router configuration (The console port is recommended) not all routers have an AUX port Once you have edited the initial configuration, the router can be connected to the network It is better to use the console port because it allows to display by default router startup, debugging and error messages It can also be used for recovery procedures (in case of disasters) or for password recovery.
Connection configuration with console port The console port is used to provide out-of-band access (for management operations) It is used for the initial configuration, troubleshooting, monitoring and disaster recovery procedures. To connect to a console port we have to use a rollover cable and a RJ-45 to DB-9 adapter. The PC must support terminal emulation, with software such as HyperTerminal
Establishing a HyperTerminal session(1/2) A console terminal is an ASCII terminal or a PC running terminal emulation on the console port The default parameters for the console port are 9600 baud, 8 data bits, no parity, 1 stop bit and no flow control, the console port does not support hardware flow control The steps required are Connecting the terminal using a rollover cable (using the appropriate adapter RJ-45 to DB-9) Configuring as indicated above the terminal or the terminal emulator on the PC
Establishing a HyperTerminal session (2/2) 1. Configure the terminal emulation on the PC with: The appropriate COM port 9600 baud 8 data bits No parity 1 stop bit No flow control 2. Connect the connector RJ-45 of the rollover cable to the router console port 3. Connect the other end of the cable to the adapter RJ- 45 to DB-9 4. Attach the DB-9 side of the adapter to the PC.
Terminal Session on PT (1/3) Connecting the terminal (the PC) with the Router 3. Connect the PC with the Router 2. Click on Console 1. Click on Connections
Terminal Session on PT (2/3) Opening a Terminal Session 2. Click on Desktop 3. Click on Terminal 1. Click on PC 4. Open the session
Terminal Session on PT (3/3) Now you are connected with the Router You can use the CLI of the Router
Cisco IOS A router or a switch cannot work without an operating system The Cisco IOS operating system is the software architecture of Cisco routers and Catalyst switches The Cisco IOS provides the following services: Basic functions of routing and switching Secure and reliable access to network resources
CLI (1/2) The Cisco IOS uses a command line interface (CLI) Two possible ways of accessing Console session uses a low-speed serial connection or a modem it is not necessary that the router has configured the network services Telnet session To establish a Telnet session with a router at least one interface must be configured with an IP address and the virtual terminal must be configured for login and password
CLI (2/2) The CLI uses a hierarchical structure Each level allows to accomplish certain tasks The sessions EXEC (executive command, the interpreter of IOS commands) supports two levels of access User EXEC mode Privileged EXEC mode or enable mode The user EXEC mode allows only a limited number of basic commands for monitoring functions ("view only" mode) It does not allow any command that could change the router configuration It is recognized for the prompt >" The Privileged EXEC mode allows to use the whole set of commands: It is possible to set a password for accessing Privileged EXEC It is recognized for the prompt "#"
Levels of access to the commands (1/3) Routers have two access levels User EXEC mode Privileged EXEC mode To access the complete set of commands you must enter in the Privileged EXEC mode At the prompt ">" you have to write the command "enable The password to enter in the privileged mode can be set using the commands "enable password" or "enable secret if you use both commands the latter has priority When the login has been completed the prompt changes to "#"
Levels of access to the commands (2/3) The configuration via CLI for a Cisco router is always done in global configuration mode Other configuration modes (not global) are accessible from the global configuration mode To access the global configuration mode you have to use the command configure terminal Router#configure terminal Router(config)# From the global configuration mode you can configure Interfaces Subinterfaces Routing Protocols Access-list
Levels of access to the commands (3/3) To return to the USER EXEC mode you can use the command "disable" or "exit" To return to the privileged EXEC mode from the global configuration one use exit o Ctrl-Z This command can also be used to return directly to the privileged mode from anywhere in the global configuration mode
Command modes of the CLI
Aid in the router CLI Writing? in the user EXEC or in the privileged mode it will be displayed the list of available commands After "-More-" at the end of the display, the screen will display other commands Pressing ENTER, we will see the next line, any other key causes the return to the prompt You can also enter in the privileged mode using the command "ena Example: Suppose that we have to set the clock and we don t know the command Use "?" To find the command to set the clock Check the syntax to change the time Set the time using hours, minutes and seconds Press "Ctrl-P" or "up arrow" to repeat the last command The symbol ^ indicates an error The tab key completes a command
Naming the router A router should be named with a "unique name To assign a name from the global config Router(config)#hostname Tokyo Tokyo(config)#
Reserved access (1/4) The access to the router can be limited by configuring passwords Passwords can be configured to restrict the access: 1. to the router from the console port 2. to the router from a virtual terminal line (vty), eg. access via Telnet 3. to the Privileged EXEC mode To configure a password for the access via console: Router(config)#line console 0 Router(config-line)#password <password> Router(config-line)#login
Reserved access (2/4) To configure a password for the access via the virtual terminal line: Router(config)#line vty 0 4 Router(config-line)#password <password> Router(config-line)#login
Reserved access (3/4) To configure a password for the access to the Privileged EXEC mode: There are two possible solutions: 1. Using the command enable password Router(config)#enable password <password> In this case the password is stored unencrypted in the configuration file (it is visible using the command show running-config o show startup-config )
Reserved access (4/4) You can encrypt your password by enabling the service password encryption: Router(config)#service password-encryption 2. Using the command enable secret Router(config)#enable secret <password> The password is encrypted in the configuration file The encryption algorithm used by the command enable secret is more robust than the one used by the password encryption service
The command show (1/2) It is used to display some information related to the router It is available in User EXEC or in Privileged EXEC (with different access levels to the information) Examples: show interfaces shows all statistics of the interfaces show controllers serial displays specific information about the hardware of the interface show clock shows the time set in the router show hosts shows the cached list of host names and addresses show users shows all users connected to the router show history shows the history of used commands
The command show (2/2) show flash shows information on flash memory and on flies sored on it show version shows router and IOS information show ARP shows the ARP table of the router show protocol shows global and local (each interface) states of Layer 3 protocols show startup-configuration shows the configuration stored in the NVRAM show running-configuration shows the configuration currently used and stored in the RAM
Configuring an Ethernet interface Enter in Global Configuration mode Enter in the Specific Configuration mode We want to configure the interface gigabitethernet 0/0 Configure the IP address and the Subnet Mask Enable the interface It is disabled (shutdown) by default Router#configure terminal Router(config)#interface gigabitethernet 0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown
Interface description (1/3) It is useful to assign a description to an interface The description does not affect interface operation as it is just a comment. The descriptions may include for example: the name of the network connected to the interface the location of the interface Interface descriptions are inserted with the command "description" in the interface configuration section
Interface description (2/3)
Interface description (3/3) Steps of the procedure (from Privileged EXEC): 1. Enter in global configuration mode with the command "configure terminal 2. Enter in the specific mode interface with: (for example) "Interface ethernet0 3. Use the command "description" followed by the information that should be displayed 4. Use the command "Ctrl-Z" to return to the Privileged EXEC mode
Configuring the Default Gateway of the PC Click on the PC and then click on the Config tab In GLOBAL Settings, you can change the name of the PC and insert the IP address of the gateway.
Configuring the IP address of the PC Click on FastEthernet in INTERFACE to configure the IP address and Subnet Mask.
Configuration files Running-config file: contains the current configuration Startup-config file: contains the last saved configuration in the NVRAM (and reloaded after the restart) To change the router configuration you have to access the required mode and enter the command To verify the changes "show running-config"
Example of a simple configuration
Saving the configuration To return to the previous configuration: Disable the command with "no command_name Reload the original configuration file from the NVRAM Reload a configuration file stored on a TFTP server To remove the startup-config file use the command "erase startup-config" and reboot the router (you enter in the setup mode) To save the changes (reloaded after the restart) copy the configuration file in the NVRAM using the command "copy running-config startup-config Router# copy running-config startup-config
Checking Connectivity Packet Tracer allows to check network connectivity in different ways. Realtime Mode: opening a command prompt from the desktop PC and trying to ping as in the real world. Simulation Mode: It is possible to create a simulation to see packets along their path and understand how they are processed
Chcking Connectivity in Realtime Mode In Realtime mode, select Desktop from the tabbed interface. Click the Command Prompt icon to open a command prompt from the PC.
Ping the Default Gateway Ping the Default Gateway
Configuring a router using a Telnet Session Remote devices can be configured by means of a Telnet session The device must be reachable from your PC Open the Command Prompt Open the Telnet Session You are on the Router s CLI
Opening a Telnet Session Write the command telnet IP address
Changing the addressing scheme We want to change the address of the subnetwork from 192.168.1.0/24 to 192.168.2.0/24 When we change the address of interface GigabitEthernet 0/0 we will loose the connection Change PC address properly and reconnect to the router to save changes
Scenario 2 Open file Lesson1-Scenario2.pkt You can only access PC Rome Look at the configuration of the PC Try to access Router Rome from Telnet Discover its configuration
Discovering Network configuration What is the IP address of Router Milan? Can Router Milan be reached from PC Rome? Check by a ping or trace route Why? How to access Router Milan to configure it?
Telent bounce Once you have accessed a device, you can open a telnet session toward onther device in the network, and so on PC Rome can reach Router Rome but not Router Milan Router Rome can reach Router Milan!!!
Why does it succeed? PC Rome Router Rome Router Milan TELNET TCP IP MAC PHY PC Rome TELNET TCP IP MAC PHY DA IP SA MAC PHY R. Rom. PC Rom. Telnet TELNET TCP IP MAC PHY Router Rome IP MAC PHY DA IP SA MAC PHY DA R. Mil. PC Rom. Telnet IP SA TELNET TCP IP MAC PHY R. Mil. R. Rom. Telnet Router Milan TELNET TCP IP MAC PHY Works Doesn t Work