Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jose Luis Flores / Amel Walkinshaw

Published byBrittney Blake Modified over 9 years ago

Similar presentations

Presentation on theme: "Jose Luis Flores / Amel Walkinshaw"— Presentation transcript:

1 Jose Luis Flores / Amel Walkinshaw
CCNA Training 2.4 Verify network status and switch operation using basic utilities such as Aug, 2015 Jose Luis Flores / Amel Walkinshaw

2 2.0 LAN Switching Technologies
2.4 Verify network status and switch operation using basic utilities such as 2.4.a ping 2.4.b telnet 2.4.c SSH

3 2.4.a ping The ping command uses Internet Control Message Protocol (ICMP) Echo Request and Echo Reply messages. Packet filtering policies on routers, firewalls, or other types of security gateways might prevent the forwarding of this traffic.

4 2.4.a ping DOS

5 2.4.a ping

6 2.4.a ping

7 2.4.a ping Warning: Using the debug ip packet detail command on a production router can cause high CPU utilization. This may result in a severe performance degradation or a network outage. We recommend that you carefully read Use the Debug Command before issuing debug commands.

8 2.4.a ping Router1#debug ip packet detail IP packet debugging is on (detailed) Router1#ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms Router1# Jan 20 15:54:47.487: IP: s= (local), d= (Serial0), len 100, sending Jan 20 15:54:47.491: ICMP type=8, code=0 !--- This is the ICMP packet sent to !--- ICMP type=8 corresponds to the echo message. Jan 20 15:54:47.523: IP: s= (Serial0), d= (Serial0), len 100, rcvd 3 Jan 20 15:54:47.527: ICMP type=0, code=0 !--- This is the answer we get from !--- ICMP type=0 corresponds to the echo reply message. !--- By default, the repeat count is five times, so there will be five !--- echo requests, and five echo replies.

9 2.4.a ping

10 2.4.a ping

11 2.4.a ping Router1#ping 34.0.0.4 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: Jan 20 16:00:25.603: IP: s= (local), d= , len 100, unroutable. Jan 20 16:00:27.599: IP: s= (local), d= , len 100, unroutable. Jan 20 16:00:29.599: IP: s= (local), d= , len 100, unroutable. Jan 20 16:00:31.599: IP: s= (local), d= , len 100, unroutable. Jan 20 16:00:33.599: IP: s= (local), d= , len 100, unroutable. Success rate is 0 percent (0/5)

12 2.4.a ping Router1#ping 34.0.0.4 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) Jan 20 16:05:30.659: IP: s= (local), d= (Serial0), len 100, sending Jan 20 16:05:30.663: ICMP type=8, code=0 Jan 20 16:05:30.691: IP: s= (Serial0), d= (Serial0), len 56, rcvd 3 Jan 20 16:05:30.695: ICMP type=3, code=1 Jan 20 16:05:30.699: IP: s= (local), d= (Serial0), len 100, Jan 20 16:05:30.703: ICMP type=8, code=0 Jan 20 16:05:32.699: IP: s= (local), d= (Serial0), len 100, Jan 20 16:05:32.703: ICMP type=8, code=0 Jan 20 16:05:32.731: IP: s= (Serial0), d= (Serial0), len 56, Jan 20 16:05:32.735: ICMP type=3, code=1 Jan 20 16:05:32.739: IP: s= (local), d= (Serial0), len 100, Jan 20 16:05:32.743: ICMP type=8, code=0 Now let us add a static route to Router1: Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip route Serial0 We now have: Router1#debug ip packet detail IP packet debugging is on (detailed)

13 2.4.a ping From the CCNA ICND2 Exam book: “Routers decrement the TTL by 1 every time they forward a packet; if a router decrements the TTL to 0, it throws away the packet. This prevents packets from rotating forever. ” I want to make it clear that before the router forwards a packet, the TTL is still remain the same. For example in the topology above, pings to S0/1 and S0/0 of Router 2 have the same TTL. The picture below shows TTL values for each interface of each router and for Host B. Notice that Host A initializes ICMP packet with a TTL of 255: Host A pings interface S0/0 on router 3. What is the TTL value for that ping? A. 252 B. 253 C. 254 D. 255

14 2.4.a ping Interface Down This is a situation where the interface stops working. In the example below, we try to ping Router4 from Router1: Router1#ping Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) Since the routing is fine, we will do the troubleshooting step-by-step. First, let us try to ping Router2: Router1#ping Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

15 2.4.a ping From the above, we see that the problem lies between Router2 and Router3. One possibility is that the serial interface on Router3 has been shut down: Router3#show ip interface brief Serial YES manual up up Serial YES manual administratively down down This is quite simple to fix: Router3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router3(config)#interface s1 Router3(config-if)#no shutdown Router3(config-if)# Jan 20 16:20:53.900: %LINK-3-UPDOWN: Interface Serial1, changed state to up Jan 20 16:20:53.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up

16 2.4.a ping

17 2.4.a ping When a host needs to reach a device on another subnet, the ARP cache entry will be that of the Ethernet address of the local router (default gateway) for the physical MAC address. The destination IP address will not change, and will be that of the remote host (HostB).

18 2.4.a ping Which command can be used from a PC to verify the connectivity between hosts that connect through a switch in the same LAN? A. ping address B. tracert address C. traceroute address D. arp address

19 2.4.a ping Explanation: ICMP pings are used to verify connectivity between two IP hosts. Traceroute is used to verify the router hop path traffic will take but in this case since the hosts are in the same LAN there will be no router hops involved.

20 2.4.b Telnet

21 2.4.b Telnet The network administrator normally establishes a Telnet session with the switch from host A. However, host A is unavailable. The administrator's attempt to telnet to the switch from host B fails, but pings to the other two hosts are successful. What is the issue? A. Host B and the switch need to be in the same subnet. B. The switch interface connected to the router is down. C. Host B needs to be assigned an IP address in VLAN 1. D. The switch needs an appropriate default gateway assigned. E. The switch interfaces need the appropriate IP addresses assigned.

22 2.4.b Telnet Explanation: Ping was successful form host B to other hosts because of intervlan routing configured on router. But to manage switch via telnet the VLAN32 on the switch needs to be configured interface vlan32 along with ip address and its appropriate default-gateway address. Since VLAN1 interface is already configure on switch Host A was able to telnet switch.

23 2.4.b Telnet A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the configuration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task? A. service password-encryption access-list 1 permit line vty 0 4 login password cisco access-class 1 B. enable password secret line vty 0 login password cisco C. service password-encryption line vty 1 login password cisco D. service password-encryption line vty 0 4 login password cisco

24 2.4.b Telnet Explanation: Only one VTY connection is allowed which is exactly what's requested. Incorrect answer: command. Line vty0 4 would enable all 5 vty connections.

25 2.4.b Telnet Which command shows your active Telnet connections? A. show cdp neigbors B. show session C. show users D. show vty logins

26 2.4.b Telnet Explanation: The “show users” shows telnet/ssh connections to your router while “show sessions” shows telnet/ssh connections from your router (to other devices). The question asks about “your active Telnet connections”, meaning connections from your router so the answer should be B.

27 2.4.c SSH

28 2.4.c SSH Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices. Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. Implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm.

29 2.4.c SSH

30 2.4.c SSH Test Authentication aaa new-model
Authentication Test without SSH First test the authentication without SSH to make sure that authentication works with the router Carter before you add SSH. Authentication can be with a local username and password or with an authentication, authorization, and accounting (AAA) server that runs TACACS+ or RADIUS. (Authentication through the line password is not possible with SSH.) This example shows local authentication, which lets you Telnet into the router with username "cisco" and password "cisco." !--- The aaa new-model command causes the local username and password on the router !--- to be used in the absence of other AAA statements. aaa new-model username cisco password 0 cisco line vty 0 4 transport input telnet !--- Instead of aaa new-model, you can use the login local command.

31 2.4.c SSH Authentication Test with SSH In order to test authentication with SSH, you have to add to the previous statements in order to enable SSH on Carter and test SSH from the PC and UNIX stations. ip domain-name rtp.cisco.com !--- Generate an SSH key to be used with SSH. crypto key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2 At this point, the show crypto key mypubkey rsa command must show the generated key. After you add the SSH configuration, test your ability to access the router from the PC and UNIX station.

32 Bibliography

33 Q&A

Download ppt "Jose Luis Flores / Amel Walkinshaw"

Similar presentations

Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.

Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.
Chapter 7 RIP version 2.

Chapter 7 RIP version 2.
Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.

Ver 1,12/09/2012Kode :CIJ 340,Jaringan Komputer Lanjut FASILKOM Routing Protocols and Concepts – Chapter 2 Static Routing CCNA.
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.

Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Static Routing Routing Protocols and Concepts – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Static Routing Routing Protocols and Concepts – Chapter 2.
Question N°1 You are logged into a router and with to view the layer 3 information about your neighboring Cisco routers. What IOS command gives layer 3.

Question N°1 You are logged into a router and with to view the layer 3 information about your neighboring Cisco routers. What IOS command gives layer 3.
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Accessing Remote Devices.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Accessing Remote Devices.
1 CCNA 2 v3.1 Module 9. 2 Basic Router Troubleshooting CCNA 2, Module 9.

1 CCNA 2 v3.1 Module 9. 2 Basic Router Troubleshooting CCNA 2, Module 9.
PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.

PIX Firewall. Stateful Packet Filter Runs on its own Operating System Assigning varying security levels to interfaces (0 – 100) Access Control Lists Extensive.
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 7 TCP/IP Suite Error and Control Messages CCNA2: Module 8, 9.

WXES2106 Network Technology Semester /2005 Chapter 7 TCP/IP Suite Error and Control Messages CCNA2: Module 8, 9.
ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.

ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.
1 ICMP – Using Ping and Trace CCNA Semester 2. 2 172.30.1.20 172.30.1.25.

1 ICMP – Using Ping and Trace CCNA Semester
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Similar presentations

Ads by Google