Cisco packet tracer is 2 powerful network simulation program that allows users to design, visualize, troubleshoot and simulate networks 1. Menu Bar 2. Main Too! Bar 3. Common Tools Bar 4. Logical/ Physical Workspace and Navigation Bar 5 Workspace 6 Realtime/ Simulation Bar 7 Network Component Box 8 Device-Type Selection Box 9 Device-Specific Selection Box 10 User Created Packet Window? Exploring the Network and basic configuration OPERATING SYSTEMS 108 (Internetwork Operating System) in a multitasking operating system used on most Cisco routers and switches, + 10S has a command-line interface with the predetermined number of multiple-word commands. Q Allnetworking equipment depend on operating systems + End users (PC, laptops, smart phone) + Switches + Routers + Wireless Access Points + Firewalls (Shell ~The user interface that allows users to request specific tasks from the computer. These requests can be made either through the CLI or GUI interfaces Kernel — Communication between the hardware and software of a computer and manages hardware resources are used to meet software requirements. 1D Hardware ~ The physical part of a computer including underlying electronics Network Representations 2 Network diagrams, often called topology diagrams, use symbols to represent devices within the network. G Inaddition to the device representations on the right, it is important to remember and understand the following terms: + Network interface Card (NIC) + Physical Port + Interface D_ Network infrastructure contains three broad categories of network components: + Devices + Media + Services Network Components, End Devices ~ An end device is where a message originates from or where itis received. + Data originates with an end device, flows through the network, and arrives at an end device Intermediary Network Devices ~ An intermediary device interconnects end devices in a network. Examples include: switches, wireless access points, routers, and firewalls. The management of data as it flows through a network is also the role of an intermediary device including: + Regenerate and retransmit data signals. Maintain information about what pathways exist through the network and internetwork. a+ Notify other devices of errors and communication failures. Network Media — communication across a network is carried through a medium which allows a message to travel from source to destination. 1G _ Networks typically use three types of media: + Metallic wires within cables, such as copper + Glass, such as fiber optic cables, + Wireless transmission ‘Types of memory on a Cisco device ROM (Read-only memory) ~ stores a bootstrap program that is used to initialize a boot process. This is a read- ‘only type of memory, so it can’t be altered. G_ RAM (Random Access Memory) - the running configuration of a device is stored here. This type of memory loses its content when a device is restarted. Flash Memory — used to store IOS software images. Can also be used to store other files, example backup configuration files. Retains its content even an after a device is restarted. ._NVRAM (Nonvolatile RAM) — usually used to store a startup configuration file. This type of memory retains its content even after a device is powered down or restarted. ‘Common to accessing the 10S Console Access ~ this type of access is usually used to configure newly acquired devices. + These devices usually don’t have a IP address configured, and therefore can not be accessed through 2 network. G Telnet access — this type of access used to be a common way to access network devices. * Telnet is a terminal emulation program that enables you to access 10S through the network and configure the device remotely. SSH (Secure Shell) access like Telnet, this access type enables you to configure devices remotely, but it adds an extra layer of security by encrypting all communications using public-key cryptography. 10 Access Q Access Methods © Console © Auxiliary © Virtual Terminal (Telnet / SSH) Terminal Emulation Programs - This software is available for connecting to a networking device © PUTTY © Tera Term © SecureCRT (Computer Remote Terminal) 105 Modes of Operation Primary Modes G1 The User EXEC mode allows only a limited number of basic monitoring commands and if often referred to as view-only mode. G2 The Privileged EXEC mode, by default allows all monitoring command as well as execution of configuration and management commands, Global Configuration Mode © Global configuration commands = switeh(config)# * Router(config) O submodes ‘© Specific service or interface configurations = Switch(config- mode} * Router(config-mode)t‘Saving Configuration U. Cisco devices store commands in a configuration file. A running configuration resides in a device's RAM, so if a device loses power, all configured commands will be lost. (© To avoid that scenario, you need to copy your current configuration into a startup configuration. © Astartup configuration is stored in the nonvolatile memory of a device, which means that all configuration changes are saved even if the device loses power. To copy your running configuration into the startup configuration you need to type the command copy running- configuration startup-configuration. Show running-configuration & show startup-configuration commands This show the configuration data that is stored in a device’s RAM. 0 After you saved your running configuration into the startup configuration using the show startup-config ‘command from the privileged EXEC mode. This command shows the configuration that is currently stored in the device's NVRAM. This configuration will be loaded next time the device is restarted.Securing Privileged EXEC Access Configure a password from the privileged EXEC mode you can enter the global configuration mode and change the configuration of a device. You can do that by setting up a password to enter the privileged EXEC mode. This can be done in two ways: HOSTNAME(config) enable password PASSWORD HOSTNAME(config) enable secret PASSWORD Option to use enerypting password display is to configuring Switch(config):service password-eneryption “prevent passwords from showing up as plain text when viewing, the configuration” Banner Message Banners are messages that are displayed when someone attempts to gain access to a device. ‘© important part of the legal process in the event that someone is prosecuted for breaking into a device Configure using the banner message delimiter message delimiter command from global mode. The delimiting. character can be any character as long as itis unique and does not occur in the message (e.g., #5768") fovterscontaguce terminal ates Tonriguretion comands, one per Lines End with cwTL/2 Stvter(contap)ahostnane SERVER AL Swreiniceonagyeinterface fatethernet9/0 Siivrecatfcontgatyeip address 192-160-401 [Link] Staves ti{contig-if}ene shutdow Seven aleontip ie She's chaneo! Interface Fastethernet/o, changed state to up “Umtrsore-scuPoame Line protocel on interface Fastetherneto/0, changed state to up Semen si (contig Se)next Serven Ai (contig)eentt Seven savenable Senvenavcontigure terainal Enter configuretion comands, one per Line. End with cwtu/z Steves ai(confightline console © SEevenai(contig-Line}apessordadainistrator <---- enable configuration of console access ard using console cable & Server aatconfie-Line)elogin Senvenmi(config-Lineyeenst SEiver nteontigjeensole possword adain <---- enable configuration of privileged sode secered Sema mi(contipeont Semven-nisconfigure teria SEMER Alfconfis)sbanner ants 4 <----- deliniting character to enable banner message Enter ext messages End with the character "3 SasthorSsed Urer Only ncesesesse oc 9 Laptoe s Senven-03 (config) texit [Link] Enter configuration comands, one per Line. End with m/c SERVER R1(contig)sline way 0°35 Stuer el(config-Dinedepessword userSdsio ¢----- enable configuration of TELNET access using ®C or Laptop SERVER Ra (config: Line)elogin SERVER-AY config. line)Rext SERVER. AX config)aexit SERVER Rafconfig terminal SEER Marcontieyaservice passuord-encryption <---- patswond 4s encrypted try to check using show runaing-config command Viewing Device information ‘To verify and troubleshoot network operation, examine the operation of the devices using the show command: show running-config, show interfaces show ip interface brief Show vian show ip route show protocols show version ooccooo{ACisco 10S device supports many commands. Each 10S command has a specific format or syntax and can only be executed at the appropriate mode. Seitohoshow ip protonels [ a C= ss Sz] cu goede ‘The syntax for a command is the command followed by any appropriate keywords and arguments. © Keyword -a specific parameter defined in the operating system (Ip protocols) ‘* Argument - not predefined; a value or variable defined by the user ([Link]) er Cnr piace Sh (rsa atap enna tees ieShtoous coments tet = semaine as [Link] 8 smary 205 sesctteiace axe 18138:60 62 29 1 tovaled input dened ab" easter, HOT KEYS AND SHORTCHUTS 2 Tab- Completes the remainder of a partially typed command or keyword OD Grr-R-Redisplays line 1 Ctr-A-Moves cursor to the beginning of the line D ctr-Z— Exits configuration mode and returns to user EXEC Down Arrow — Allows the user to scroll forward through former commands Gl Up Arrow — Allows the user to scroll backward through former commands O ctrl-Shift-6 — Allows the user to interrupt an 10S process such as ping or traceroute. G trl-C— Aborts the current command and exits the configuration mode 105 Examination Commands 10S show commands can provide information about configuration, operation and status of parts of a Cisco switch or router ners Opwratig Syste Pome: | ise | tims | Ortgsa cntgaten | atinIGURATION OF DHCP wes three different address allocation methods Fy Manual Allocation = the administrator assigns a pre-allocated IPv4 address to the client and DHCP communicates only the IPva address to the device. a Automatic Allocation = DHCP automatically assigns a static IPv4 address permanently toa device, selecting it from a poo! of available addresses. {2 Dynamic Allocation = DHCP dynamically assigns or leases an IPv4 address from a pool addresses fora limited period of time chosen by the server or until the client no longer needs the address. This method is the most commonly used CONFI DHCP us DHCP Operation = - 2a - @ om oe me wer gee apie pte nants cite nar ote] OMGPREOUST mrgmex fg BSE Format DHCP Discover and Offer Messages. DHCP v4 Dicover Messe mon _| Configure a Basic DHCP Server Command Description ap See es This command tells the DHCP server not to assign the addresses ue from 192,168.1.0 to 192,168.1,10 to DHCP clients. [Link] Ghep pool NAME This command creates a DHCP pool named, NAME and changes command mode to DHCP poo! configuration mode. default-router [Link] ‘This command assigns the default gateway to clients of this DHCP poolThis command sets a primary DNS server for the clients. This command provides the IP address of the TFTP server to the clients. Sption 150 ip [Link] network [Link] This command specifies the range of IP addresses for the pool. [Link] To disable DHCP, use the no service dhcp command. DHCP Service Routervenable Routertconfigure termi 182 168.100 Router (config) finterface fastEthernet0/0 ) Router (eenfig-if) Hip addreas 192,168.10.1 255,255.255.0 Router (confsg-it) Ino shutdown R Router (config-it) #exit Router (config) #ip dhcp pool SVR-RL Router (ahep-contig) dnetwork 192-16B.10.0 [Link] Router (dhep-config) #default-router 192,168.20-2 Router(dhep-config) #donain-nane myserver-com Router (dhep-config) #exit Router (conti) # [DHCP Connection P06 Pcs, Sever [Link] DHCP Connection toma i PC feces PotDHCP Relay A responsible for forwarding the requests and responses between the DHCP clients and the DHCP servers, © AnIP helper-address, also known as a DHCP relay agent, this is a feature tha t forwards DH toa specific DHCP server on a different network segment cP broadcast packets Rontersenanble Routerfconfig terminal] Router (config) tinterface fastEtherneto/o ‘ Router (config-it)#ip address 172. 168.1.1 255,255.0.0 ere Router (config-if}4ip helper-address [Link] Router (contig-if}4no shutdown Router (config-if) exit nfig) #interface fastEthernet1/0 ig-it)#ip address [Link] [Link] ig-if)#ip helper-address [Link] 19016644 fig-it}#no shutdown vecswan wret6044 \ | = ms 2 Rowe Pot Poe | cenae ones messes DHCP, HTTP and DNS Service ServerlP: [Link] ONS: [Link] DHCP senice AP :[Link] -DNS:[Link] ONS senice -[Link] 192.168 10.1 HTTP service dit index. PC2 PctWLAN concepts Wireless LANs (WLANs) are wireless computer networks that use high-frequency radio waves instead of cables for connecting the devices within a limited area forming LAN (Local Area Network). G_ Most WLANs are based upon the standard IEEE 802.11 standard or Wi-Fi. + Amedium sized networks to about 300 feet. Wireless Technologies WIMAX (Worldwide Interoperability for Microwave Access) is alternative broadband wired internet connections. IEEE 802.16 WLAN standard for up to 30 miles (50 km). Q Cellular Broadband — Carry both voice and data. Used by phones, automobile, tablets and laptops. * Global System of Mobile (GSM) ~ internationally recognized * Code Division Multiple Access (CDMA)- primarily used on the US Satellite Broadband — Uses directional satellite dish aligned with satellite in geostationary orbit. Needs clear line ‘of site. Typically used in rural locations where cable and DSL are unavailable. JEEE 802.11 Standards so2aa 2aGHe ——-2Mbps werio Less effective at penetrating building structures. wigs» ia oar. eats Not interoperable with 802.11b or 802.11g Longer range than 802.11a and better able to —— ae pitas penetrate building structures oo 202338 24GH2 ——S4Mbps-—_Backward compatible wth 802..11 wera 24and5 Require multiple antennas with Multiple-input weria ree4 GHz sooner multiple-output (MIMO) technology s02diac 2aondS —_3.66bps Support up to eight antennas wiris 2AandS High-efficiency wireless (HEW) capable of using war che 2042654 GHz and 7 Giz frequencies are The 802.11 protocol family employs carrier-sense multiple access with collision avoidance (CSMA/CA) whereby equipment listens to a channel for other users (including non 802.11 users) before transmitting each frame (some use the term “packet”, which may be ambiguous: "frame" is more technically correct). Speed means how much data the wireless network can transmit, Frequency means what radio frequency the data is carried on. Frequencies G All wireless device operate in the range of the electromagnetic spectrum. WLAN networks operate in the 2.4 and 5 GHz frequency bands * 2.4 GHz (UHF) ~ 802,11b/e/n/ax * 5 GHz (SHF) ~ 802.11a/n/ac/ax‘The wireless router serves as an: 7 Access point ~ This provides 802.1.1a/b/g/n/ac wireless access, Switch ~ This provides a four-port, full-duplex, 10/100/1000 Ethernet swt : 7 itch to interconnect wired de Router —This provides a default gateway for connecting to other network infrastructures, suchas the internet WLAN Component ‘APs can be categorized as either autonomous APs or controller-based APs. Autonomous APs — standalone devices configured through a command line interface or GUI. Each autonomous AP acts independently of the other and configured and managed manually by administrator. Controller-based APs ~ also known as lightweight APs (LAPS). Use lightweight access point protocol (LWAPP) to communicate with a LWAN controller (WLC). Each LAP is automatically configured and managed by the wireless LAN controller 802.11 Wireless Topology Modes Ad hoc mode — used to connect clients in peer-to-peer manner without an AP. infrastructure mode — used to connect clients to the network using AP. O Tethering — variation of the ad hoc topology is when a smart phone or tal to create a personal hotspot. blet with cellular data access is enabled BSS and ESS infrastructure mode define two topology block: Basic Service Set (BSS) ~ uses single AP to + Client in different BSSs cannot communicate D_ Extended Service Set (ESS) - a union of two or more BSSs interconnected by wired distribution system. Clients in each BSS can communication through the ESS iterconnect all associated wireless client csma/ca WLANs use carries sense multiple access with collision avoidance (CSMA/CA) to determine how and when to send data. A wireless client does the following: Listens to the channel to see if itis idle, i.e. no other traffic currently on the channel Sends a ready to send (RTS) message the AP to request dedicated access to the network. Receives a clear to send (CTS) message from the AP granting access to send. Waits a random amount of time before restarting the process if no CTS message received. + Transmits the data. ‘Acknowledge all transmissions if a wireless client does not receive an acknowledgement, it assumes a collision occurred and restarts the process, Wireless Client and AP Association To achieve successful association, a wireless client and an AP must agree on specific parameters: Z_ $5ID (Service Set Identifier) ~ the client needs to know the name of the network to connect Password ~ this is required for the client to authenticate to the AP, Network mode ~ the 802.11 standard in use. O Security mode- the security parameter settings, ie, WEP, WPA or WPA2 Channel settings ~ the frequency bands in use.ror wireless devices to communicate over a network \r Ce nar comncat ove 8 network, thay mus vt attclte wth an AP or wiles router, + Discover a wireless AP + Authenticate with the AP + Associate with the AP Secure WLANs To address the threats of keeping wireless intruders out and protecting data, two early security features were used and are still available on most routers and APs: SSID cloaking — APs and some wireless routers allow the SSID beacon frame to be disabled. Wireless clients must manually configure the SSID to connect to the network. MAC address filtering - An administrator can manually permit or deny clients wireless access based on their physical MAC hardware address. In the figure, the router is configured to permit two MAC addresses. Devices with different MAC addresses will not be able to join the 2.4GHz WLAN. 802.11 Original Authentication Methods ‘The best way to secure a wireless network is to use authentication and encryption systems. Two types of ‘authentication were introduced with the original 802.11 standard: Open system authentication — no password required. Typically used to provide free internet access like cafes, hotels, and in remote areas. + Client is responsible for providing security such as using a virtual private network. 2. Shared key authentication — Provides mechanisms, such as WEP, WPA, WPA2, and WPA3 to authenticate and encrypt data between a wireless client and AP. However, the password must be pre-shared between both parties to connect. Shared Key Authentication Methods ‘There are four shared key authentication techniques available [Authentication Method [Description | The original 802.11 specification designed to secure the data using the Rivest Cipher 4 | wired Equivalent Privacy (WEP) — |(RC4) encryption method with a static key. WEP is no longer recommended and should never be used ‘A WiFi Alliance standard that uses WEP, but secures the data with the much stronger ‘Temporal Key Integrity Protocol (TKIP) encryption algorithm. TKIP changes the key for Ins Protected Access (WPA) each packet, making it much more difficult to hack i Ituses the Advanced Encryption Standard (AES) for encryption. AES is currently considered the strongest encryption protocol. The next generation of Wi-Fi security. All WPA3-enabled devices use the latest security methods, disallow outdated legacy protocols, and require the use of Protected Management Frames (MF) Authenticating a Home User Personal - Intended for home or small office networks, users authenticate using a pre-shared key (PSK). + Wireless clients authenticate with the wireless router using a pre-shared password. * No special authentication server is required. Enterprise - intended for enterprise networks but requires a Remote Authentication Dial-In User Service (RADIUS) authent + The device must be authenticated by the RADIUS server and then users must authenticate using 802.1 standard, which uses the Extensible Authentication Protocol (EAP) for authentication.encryption Methods ine WPA and WPA2 include two encryption protocols: Temporal Key Integrity Protocol (TKIP) — used by WPA and provides support for legacy WLAN equipment Advanced Encryption Standard (AES) - used by WPA2 and uses the Counter Cipher Mode with Block Chaining ize if the encrypted and Message Authentication Code Protocol (CCMP) that allows destination hosts to recogr non-encrypted bits have been altered. 192,108.24 Poe Pet Laptop [seesac Pro veacnec connect