Network

and
System
Administration
Cisco Packet Tracker
Lab Contents
 Contents

0 Understanding Basic
Cisco CLI
1
 Cisco Configuration Mode
 Cisco Memory Management
 Creating Architectural Design and Connectivity
 Command Modes

User EXEC mode

o This is the default mode when logging into a Cisco device. It offers limited access, allowing
only basic monitoring commands and restricting the ability to make configuration changes. It
is identifiable by a prompt ending with >.

Privileged EXEC mode

o This elevated mode grants access to all show commands and system-level operations. It
provides complete visibility into the system but no configuration access. It also enables users
to perform device diagnostics and file management tasks. This mode is denoted by a prompt
ending with #.

Global Configuration mode

o This highly privileged mode allows you to make system-wide configuration changes and
provides access to various sub modes for specific configurations, such as interface settings. In
this mode, the prompt includes (config)#.
 Moving Between Command Modes
enable — Used to access Privileged Exec mode.
config terminal (or simply config t) — Used to access Global Configuration mode.
exit — Used to move back one level in the configuration mode hierarchy.
end — Used to immediately return to Privileged EXEC mode from any configuration mode.

User EXEC Commands List

enable: Enter Privileged EXEC mode.
disable: Exit Privileged EXEC mode.
logout: Disconnect from the device.
show interfaces: Shows the status and configuration of all interfaces.
show IP interface brief: Provides a summary of interface status and IP addresses.
show version: Displays information about the device hardware and software.
show IP route: Shows the routing table.
show access-lists: Displays the configured access lists.
ping <ip_address>: Tests connectivity to a specified IP address.
traceroute <ip_address>: Traces the path to a specified IP address.
 Privilege EXEC Commands List
configure terminal: Enters Global Configuration mode to modify the device configuration.
vlan <vlan_id>: Enters VLAN Configuration mode to configure VLAN settings.
copy <source> <destination>: Copies files (e.g., `copy running-config startup-config`).
write memory: Saves the running configuration to startup configuration.
ping <ip_address>: Tests connectivity to a specified IP address.
traceroute <ip_address>: Traces the path to a specified IP address.
clock set <hh:mm:ss> <month> <day> <year>: Sets the system clock.
show running-config: Displays the current configuration in RAM.
show startup-config: Displays the configuration stored in NVRAM.
 Global Configuration Mode Commands List
hostname <name>: Sets the device's hostname.
enable secret <password>: Sets a secure password for entering Privileged EXEC mode.
enable password <password>: Encrypts plaintext passwords in the configuration.
line con 0: Configures console line settings.
line vty 0 4: Configures VTY lines for remote access (Telnet/SSH).
interface <interface_type> <interface_number>: Enters Interface Configuration mode for
a specific interface (e.g., interface GigabitEthernet0/0).
ip address <ip_address> <subnet_mask>: Assigns an IP address to an interface.
no shutdown: Activates an interface.
switchport mode access: Configures an access port on a switch.
router <protocol>: Enters routing protocol configuration mode (e.g., router ospf
<process_id>).
switchport access vlan <vlan_id>: Assigns an interface to a specific VLAN.
 Cisco Memory Management

Memory
Purpose Volatility User Access
Type

RAM Running Configuration Volatile Show Running-config

NVRAM Startup configuration Non-volatile Show Startup-config

Flash IOS and System File Non-volatile Dir flash

Bootstrap and
ROM Non-volatile Show version
diagnostics

Cache Fast access to data N/A N/A

 Network Architecture

Layer Role Function

Connects end devices to the

Access Device connectivity
network
Distributi Managing and optimizing traffic
ACL, Port Security, Inter-VLan Routing
on flow, security, and performance.
High-speed and reliable connectivity
Core Backbone of the network
between distribution layer devices.
Cisco Router and
Switch
Configuration
Agenda

• Console Configuration for Switch and Router

• Basic Switch/Router Configuration
• Telenet/SSH Configuration
• Switch VLAN Configuration
• Switchport Security Configuration
• Multilayer Switch / Layer 3 Switch Configuration
Console Configuration for Switch
and Router

What is Console Configuration ?

o A console port is a physical port on a Cisco router or switch.
o It’s connected to your PC/laptop using a console cable (RJ45-to-DB9 or
USB).
o In Cisco Packet Tracer, you can simulate this by connecting the PC’s
RS-232 port → Router/Switch Console port.
o From your PC, you open a terminal program (like PuTTY, Tera Term, or
Packet Tracer’s Terminal) to access the CLI (Command Line Interface).
Console Configuration for Switch
and Router

Why ?
o Initial Setup (Out-of-Band Management)
o No Network Dependency
o Troubleshooting & Recovery
o Full Privileges
Console Configuration for Switch
and Router

How ?
o Step 1: Build the Connection
o Step 2: Open the Terminal Troubleshooting &
o Step 3: Access the Device
o Step 4: Do Initial Setup
Step 4: Do Initial Setup /
Switch or Router Basic
Configuration
Always include no ip domain-lookup in your initial setup configuration for
both routers and switches to save time.
Switch> enable o no ip domain-lookup → Prevents DNS lookup when you mistype a command.
Switch# configure terminal o hostname SW1 → Renames the device (change per device).
Switch(config)# hostname S1 o banner motd → Displays a warning before login.
S1(config)#banner motd #
o line console 0 → Secures console access with password.
This is Line Configuration #
S1(config)# line console 0
o password cisco → enable console password cisco.
S1(config-line)# password cisco o Login → permit login with any console
S1(config-line)# login o enable secret admin123 → Sets encrypted privileged password.
S1(config-line)# exit o do wr → Saves configuration to NVRAM.
S1(config)# enable secret admin123
S1(config)# do wr
Telenet/SSH Configuration
Telnet
Switch> enable o line vty 0 4 → Secures console access with password.
Switch# configure terminal o password cisco → enable telnet password cisco.
Switch(config)# hostname Switch1 o Login → permit login with any console
Switch1(config)# enable password cisco123
o Interface vlan 1 → Configure an IP address on VLAN1
Switch1(config)# line vty 0 4
o ip address → assign an ip address for interface vlan 1
Switch1(config-line)# password telnet123
Switch1(config-line)# login
o no shutdown → remain up the interface
Switch1(config-line)# exit o do wr → Saves configuration to NVRAM.
Switch1(config)# interface vlan 1
Switch1(config-if)# ip address [Link] [Link]
Switch1(config-if)# no shutdown
Switch1(config-if)# exit
Switch1# write memory
Telenet/SSH Configuration
o Set a domain name (required for SSH key generation)
SSH
o Generate RSA key pair for SSH
Switch> enable o For lab, 1024 bits is enough
Switch# configure terminal o It will ask: "How many bits in the modulus [512]: 1024"
Switch1(config)# hostname Switch1 o Create a local user
Switch1(config)# ip domain-name [Link] o Configure VTY lines for SSH
Switch1(config)# crypto key generate rsa o Optional: Set idle timeout
Switch1(config)# username admin privilege 15 secret admin123 o Save configuration
Switch1(config)# line vty 0 4
************************************************
Switch1(config-line)# login local o show running-config # Verify passwords, VTY lines
Switch1(config-line)# transport input ssh
o show ip interface brief # Verify VLAN/interface status
Switch1(config-line)# exit
o show crypto key mypubkey rsa # Verify SSH keys
Switch1# write memory
o show users # See active sessions
VLAN
Configuration

What is VLAN ?
A LAN is a grouping of two or more devices on a network. A
VLAN is a virtual LAN, a subgroup within a local network.
VLANs make it easy for network administrators to separate a
single switched network into multiple groups to match the
functional and security requirements of their systems.
VLAN Configuration

Why ?
o Optimizing Network Performance
o Enhancing Security
o Simplified Device Management:
VLAN Configuration

How ?
o Create VLAN
o Assign Ports to VLAN
o Verify VLAN
o Configure VLAN Trunking (Optional, for multiple switches)If you
connect two switches and want to pass multiple VLANs
o Inter-VLAN Routing (Router or Layer 3 Switch) If devices in
VLAN 10 want to talk to devices in VLAN 20
Create VLAN

Switch> enable
Switch# configure terminal
o Vlan → set vlan
Switch(config)# vlan 10
o Name → set name for Vlan
Switch(config-vlan)# name Sales
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name HR
Switch(config-vlan)# exit
Assign Ports to VLAN

Switch(config)# interface FastEthernet 0/1 o Switchport mode access →

Switch(config-if)# switchport mode access port mode changed to access
Switch(config-if)# switchport access vlan 10 o Switchport access →
Switch(config-if)# exit set/assign port to access vlan
Switch(config)# interface FastEthernet 0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)# exit
Verify VLAN

Switch# show vlan brief

Switchport Security
What is Switchport Security?
Switchport Security is a feature on Cisco switches that helps protect
access ports from unauthorized devices.
Purpose:
o Prevents unauthorized MAC addresses from connecting.
o Limits the number of devices per port.
o Helps protect against attacks like MAC flooding.
Switchport Security
Types of Port Security

Static MAC Address

o You manually configure a MAC address that is allowed on the port. Only that device can
connect.
Dynamic MAC Address
o Switch learns MAC addresses dynamically and stores them in the running configuration.
Sticky MAC Address
o Switch learns MAC addresses dynamically and saves them in running configuration as static.
o Survives reboot if saved to startup config.
Switchport Security
Violation Modes

When an unauthorized device connects, the switch can respond in three ways:
Mode Action
o Protect Drops packets from unknown MACs (no log).
o Restrict Drops packets + logs violation (SNMP alert).
o Shutdown Shuts down the port (err-disabled state).
Default mode: Shutdown
Switchport Security
Configuration
Switch> enable
Switch# configure terminal
Switch(config)# interface FastEthernet 0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address [Link]
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# exit
Verify Switchport Security
Configuration Using
1. Check Switchport Security on a Specific Interface
o Switch# show port-security interface fastEthernet 0/1
2. Check Overall Switchport Security Status
o Switch# show port-security
3. Check Secure MAC Addresses
o Switch# show port-security address
• Displays all secure MAC addresses learned/configured, and which ports
they’re bound to.
Multilayer Switch / Layer 3
Switch Configuration
Multilayer Switch (MLS).Multilayer switches are like switches + routers
combined, because they can do both Layer 2 switching and Layer 3 routing.
Regular Switch (Layer 2 Switch) Multilayer Switch (MLS / Layer 3 Switch)
o Works at OSI Layer 2 (Data Link Layer). o Works at both Layer 2 (switching) and Layer 3 (routing).
o Uses MAC addresses to forward frames. o Can do everything a switch does + routing functions.
o Creates and manages VLANs, but cannot route traffic o Uses IP addresses (routing) in addition to MAC addresses
(switching).
between VLANs on its own.
o Supports SVIs (Switch Virtual Interfaces) → enables Inter-VLAN
o Needs an external router (Router-on-a-Stick setup) for
routing directly.
Inter-VLAN routing. o Runs routing protocols (like RIP, OSPF, EIGRP) if configured.
o Cheaper, simpler, less processing power required. o Faster than a router-on-a-stick because routing is done in
o Commonly used for access layer (end devices) in hardware (ASICs).
networks. o Typically used in distribution/core layer of networks.
Multilayer Switch / Layer 3
Switch Configuration
1. Set Hostname and Enable Password
• Switch> enable
• Switch# configure terminal
• Switch(config)# hostname MLS1
• MLS1(config)# enable secret StrongPass1232.
2. Disable DNS Lookup (to avoid delays from mistyped commands)
• MLS1(config)# no ip domain-lookup.
3. Assign Interfaces to Trunk
• MLS1(config)# interface range fastEthernet0/1 – 0/3
• MLS1(config-if)#switchport trunk encapsulation dot1q
• MLS1(config-if)# switchport mode trunk
• MLS1(config-if)# exit
Multilayer Switch / Layer 3
Switch Configuration
5. Create Switch Virtual Interfaces (SVIs)
• MLS1(config)# interface vlan 10
• MLS1(config-if)# ip address [Link] [Link]
• MLS1(config-if)# no shutdown
• MLS1(config)# interface vlan 20
• MLS1(config-if)# ip address [Link] [Link]
• MLS1(config-if)# no shutdown
6. Enable Routing on the Switch
• MLS1(config)# ip routing
Make Sure you have configured default gatway if you want to success inter vlan configuration
Verify Multilayer Switch /
Layer 3 Switch Configuration
Check trunk:
• show interfaces trunk
Check VLANs:
• show vlan brief
Check SVIs:
• show ip interface brief
Lab Demo Day
Network Topology

Devices:
1 Multilayer Switch
(MLSW1)
2 Switches (SW1, SW2)
4 PCs (PC1–PC4)
1 PC (Management)
Console Cable for local access
IP addressing for VLANs
Lab Demo Day
Network Design
| VLAN | Name | Subnet | Devices
| ---- | ---------- | --------------- | -----------------
| 20 | CS | [Link]/24 | PC1, PC2
| 30 | IT | [Link]/24 | PC3, PC4
| 10 | Management | [Link]/24 | Switch Management PC

Objectives
1. Configure basic switch settings
2. Create and assign VLANs
3. Configure switchport security
4. Configure console password
5. Configure Telnet & SSH
6. Use router-on-a-stick to allow inter-VLAN communication
Lab Demo Day
Network Design
PC IP Configuration
PC VLAN IP Address Gateway
PC1 20 [Link] [Link]
PC2 20 [Link] [Link]
PC3 30 [Link] [Link]
PC4 30 [Link] [Link]
PC5 10 [Link] [Link]
Lab Demo Day
Verification Commands
Task Command
Check VLANs show vlan brief
Check Trunk show interfaces trunk
Check Port Security show port-security interface fa0/1
Check SSH show ip ssh
Check Inter-VLAN ping [Link]
Check Login show users
Next

1. Router Configuration
Router Configuration
What ?
o A router is a network device designed to connect multiple networks and
forward data packets between them.
o It operates at Layer 3 (Network Layer) of the OSI model and uses IP
addressing and routing protocols to decide the best path for data
transmission.
o Routers play a crucial role in both home networks and enterprise-level
networks, enabling communication between devices across different
networks or subnets.
Router Configuration
Why?
o Network Connection: Connects a local network (LAN) to other networks like the internet (WAN).
o Path Selection: Determines the best path for data using routing protocols (e.g., OSPF, EIGRP,
RIP).
o NAT (Network Address Translation): Allows multiple devices with private IP addresses to share
a single public IP for internet access.
o Security: Implements ACLs (Access Control Lists), firewall features, and VPN (Virtual Private
Network) tunnels.
o QoS (Quality of Service): Prioritizes network traffic (e.g., VoIP over regular data).
o Inter-VLAN Routing: Connects devices in different VLANs.
o Load Balancing & Failover: Provides high availability for enterprise networks.
Router Configuration
Types of Routing
1. Static Routing
o Manually configured routes. Simple but doesn’t adapt to network changes. Like ip
route [Link] [Link] [Link]
2. Dynamic Routing
o Routers exchange information automatically using routing protocols. Like RIP,
OSPF, EIGRP, BGP
Router Configuration
Categories of Dynamic Routing Protocols
1. IGP (Interior Gateway Protocol)
o RIP, OSPF, EIGRP
o Inside one organization
2. EGP (Exterior Gateway Protocol)
o BGP
o Between organizations / ISPs
Router Configuration
RIP (Routing Information Protocol)
Type: Distance Vector
Metric: Hop Count (Max 15 hops)
Updates: Every 30 seconds
Version: RIP v1 (classful), RIP v2 (classless, supports subnetting)
Best for: Small networks R1 will advertise [Link]/16 instead of
Basic Config: [Link]/24,and R2 will advertise
[Link]/16 instead of [Link]/24. So,
Router(config)# router rip
both routers think they are connected to the same
Router(config-router)# version 2 classful network ([Link]/16) causing routing
Router(config-router)# network [Link] loops or incorrect routing.
Router(config-router)# network [Link]
Router(config-router)# no auto-summary # “Don’t hide my subnet mask — advertise the full, exact network.”
Router Configuration
OSPF (Open Shortest Path First)
Type: Link-State
Metric: Cost (based on bandwidth)
Scalability: Very high
Uses: Areas (Area 0 is backbone)
Best for: Medium to large enterprise networks
Basic Config:
Router(config)# router ospf 1
Router(config-router)# network [Link] [Link] area 0
Router(config-router)# network [Link] [Link] area 0
Router Configuration
EIGRP (Enhanced Interior Gateway Routing Protocol)
Type: Hybrid (distance vector + link state features)
Metric: Bandwidth + Delay
Proprietary: Cisco-only (was, now partly open)Faster convergence than RIP/OSPF
Best for: Medium to large Cisco environments
“100” here is the EIGRP AS /Autonomous System/
Basic Config: number. Any router configured with AS 100 will
Router(config)# router eigrp 100 form neighbor relationships with other routers in AS
Router(config-router)# network [Link] [Link] 100.
Router(config-router)# network [Link] [Link]
Router(config-router)# no auto-summary # “Don’t hide my subnet mask — advertise the full, exact
network.”
Router Configuration
BGP (Border Gateway Protocol)
Type: Path Vector
Metric: AS Path
Used for: Internet routing between Autonomous Systems (AS)
Scalable: Very large, used by ISPs and large enterprises
Basic Config:
Router(config)# router bgp 65001
Router(config-router)# neighbor [Link] remote-as 65002
Router(config-router)# network [Link] mask [Link]
Router Configuration
Metrics Summery
Protocol Metric Max Hop Type
| RIP | Hop Count | 15 | Distance Vector
| OSPF | Cost | Unlimited | Link-State
| EIGRP | Bandwidth + Delay | 224 | Hybrid
| BGP | AS Path | 255 | Path Vector
Router Configuration
Protocol Summery
Protocol | Best For | Speed | Scalability | Complexity
| RIP | Small LAN | Slow | Low | Easy
| OSPF | Enterprise LAN | Fast | High | Medium
| EIGRP | Cisco Enterprise | Very Fast | High | Medium
| BGP | Internet / ISP | Slow | Very High | Complex
Router Configuration
How to Verify?
show ip route #See all learned routes
show ip protocols #Show active routing protocols
show ip ospf neighbor #Check OSPF neighbors
show ip eigrp neighbors #Check EIGRP neighbors
ping <IP> #Test connectivity between LANs
traceroute <IP> #See path packets take
Router Configuration LAB
Demo

Topology
Router Configuration LAB
Demo
Device Interface IP Address Description
R1 G0/0 [Link]/24 LAN 1
IP Address Plan S0/0/0 [Link]/30 Link to R2
R2 S0/0/0 [Link]/30 Link to R1
S0/0/1 [Link]/30 Link to R3
R3 S0/0/1 [Link]/30 Link to R2
G0/0 [Link]/24 LAN 3
PC 1 Fa0/1 [Link]/24 -
PC 2 Fa0/1 [Link]/24 -
Router Configuration LAB
Demo
Configuration Command R1
R1> enable ! Enable RIP
R1# configure terminal R1(config)# router rip
R1(config)# hostname R1 R1(config-router)# version 2
R1(config-router)# network [Link]
! Assign IP addresses R1(config-router)# network [Link]
R1(config)# interface g0/0 R1(config-router)# no auto-summary
R1(config-if)# ip address [Link] [Link] R1(config-router)# exit
R1(config-if)# no shutdown
R1(config-if)# exit

R1(config)# interface s0/0/0

R1(config-if)# ip address [Link] [Link]
R1(config-if)# clock rate 64000
R1(config-if)# no shutdown
R1(config-if)# exit
Router Configuration LAB
Demo
Configuration Command R2
R2> enable ! Enable OSPF
R2# configure terminal R2(config)# router ospf 1
R2(config)# hostname R2 R2(config-router)# network [Link] [Link] area 0
R2(config-router)# network [Link] [Link] area 0
! Assign IP addresses R2(config-router)# exit
R2(config)# interface s0/0/0
R2(config-if)# ip address [Link] [Link]
R2(config-if)# no shutdown
R2(config-if)# exit

R2(config)# interface s0/0/1

R2(config-if)# ip address [Link] [Link]
R2(config-if)# no shutdown
R2(config-if)# exit
Router Configuration LAB
Demo
Configuration Command R3
R3> enable ! Enable EIGRP
R3# configure terminal R3(config)# router eigrp 100
R3(config)# hostname R3 R3(config-router)# network [Link] [Link]
R3(config-router)# network [Link] [Link]
! Assign IP addresses R3(config-router)# no auto-summary
R3(config)# interface s0/0/1 R3(config-router)# exit
R3(config-if)# ip address [Link] [Link]
R3(config-if)# no shutdown
R3(config-if)# exit

R3(config)# interface g0/0

R3(config-if)# ip address [Link] [Link]
R3(config-if)# no shutdown
R3(config-if)# exit
Router Configuration LAB
Demo
Optional: Redistribute Routes (to connect all protocols)
R2(config)# router ospf 1
R2(config-router)# redistribute rip subnets
R2(config-router)# redistribute eigrp 100 subnets
R2(config-router)# exit

R2(config)# router rip

R2(config-router)# redistribute ospf 1 metric 1
R2(config-router)# exit

R2(config)# router eigrp 100

R2(config-router)# redistribute ospf 1 metric 10000 100 255 1 1500
R2(config-router)# exit
Next

1. Server Configurations
o DHCP
o HTTP
o DNS
o FTP
o NTP
o POP3 / SMTP
Next

1. Lab Exam
2. Group Project Work
3. Individual Assignment
Thank you
Binyam Eshetu