IP SERVICES 4/6

DHCP Tutorial
In IP environment, before a computer can communicate to another one, they need to have their
own IP addresses. There are two ways of configuring an IP address on a device:
+ Statically assign an IP address. This means we manually type an IP address for this computer
+ Use a protocol so that the computer can obtain its IP address automatically (dynamically). The
most popular protocol nowadays to do this task is called Dynamic Host Configuration Protocol
(DHCP) and we will learn about it in this tutorial.

A big advantage of using DHCP is the ability to join a network without knowing detail about it. For
example you go to a coffee shop, with DHCP enabled on your computer, you can go online without
doing anything. Next day you go online at your school and you don’t have to configure anything
either even though the networks of the coffee shop and your school are different (for example, the
network of the coffee shop is 192.168.1.0/24 while that of your company is 10.0.0.0/8). Really
nice, right? Without DHCP, you have to ask someone who knows about the networks at your
location then manually choosing an IP address in that range. In bad situation, your chosen IP can
be same as someone else who is also using that network and an address conflict may occur. So
how can DHCP obtain an suitable IP address for you automatically? Let’s find out.

How DHCP works

1. When a client boots up for the first time (or try to join a new network), it needs to obtain an IP
address to communicate. So it first transmits a DHCPDISCOVER message on its local subnet.
Because the client has no way of knowing the subnet to which it belongs, the DHCPDISCOVER is
an all-subnets broadcast (destination IP address of 255.255.255.255, which is a layer 3 broadcast
address) and a destination MAC address of FF-FF-FF-FF-FF-FF (which is a layer 2 broadcast
address). The client does not have a configured IP address, so the source IP address of 0.0.0.0 is
used. The purpose of DHCPDISCOVER message is to try to find out a DHCP Server (a server that
can assign IP addresses).
2. After receiving the discover message, the DHCP Server will dynamically pick up an unassigned
IP address from its IP pool and broadcast a DHCPOFFER message to the client(*). DHCPOFFER
message could contain other information such as subnet mask, default gateway, IP address lease
time, and domain name server (DNS).

(*)Note: In fact, the DHCPOFFER is a layer 3 broadcast message (the IP destination is

255.255.255.255) but a layer 2 unicast message (the MAC destination is the MAC of the DHCP
Client, not FF-FF-FF-FF-FF-FF). So in some books they may say it is a broadcast or unicast
message.

3. If the client accepts the offer, it then broadcasts a DHCPREQUEST message saying it will take
this IP address. It is called request message because the client might deny the offer by requesting
another IP address. Notice that DHCPREQUEST message is still a broadcast message because the
DHCP client has still not received an acknowledged IP. Also a DHCP Client can receive DHCPOFFER
messages from other DHCP Servers so sending broadcast DHCPREQUEST message is also a way to
inform other offers have been rejected.

4. When the DHCP Server receives the DHCPREQUEST message from the client, the DHCP Server
accepts the request by sending the client a unicast DHCPACKNOWLEDGEMENT message
(DHCPACK).
In conclusion there are four messages sent between the DHCP Client and DHCP Server:
DHCPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACKNOWLEDGEMENT. This process is
often abbreviated as DORA (for Discover, Offer, Request, Acknowledgement).

After receiving DHCPACKNOWLEDGEMENT, the IP address is leased to the DHCP Client. A client
will usually keep the same address by periodically contacting the DHCP server to renew the lease
before the lease expires.

If the DHCP Server is not on the same subnet with the DHCP Client, we need to configure the
router on the DHCP client side to act as a DHCP Relay Agent so that it can forward DHCP messages
between the DHCP Client & DHCP Server. To make a router a DHCP Relay Agent, simply put the
“ip helper-address <IP-address-of-DHCP-Server>” command under the interface that receives the
DHCP messages from the DHCP Client.

As we know, router does not forward broadcast packets (it drops them instead) so DHCP messages
like DHCPDISCOVER message will be dropped. But with the “ip helper-address …” command, the
router will accept that broadcast message and cover it into a unicast packet and forward it to the
DHCP Server. The destination IP address of the unicast packet is taken from the “ip helper-address
…” command.

When a DHCP address conflict occurs

During the IP assignment process, the DHCP Server uses ping to test the availability of an IP
before issuing it to the client. If no one replies then the DHCP Server believes that IP has not been
allocated and it can safely assign that IP to a client. If someone answers the ping, the DHCP
Server records a conflict, the address is then removed from the DHCP pool and it will not be
assigned to a client until the administrator resolves the conflict manually.

Configure a DHCP Server on Cisco router

Instead of using a separate computer/server as a DHCP Server, we can save the cost and
configure a Cisco router (even a Layer 3 Cisco switch) to work as a DHCP Server. The following
example configuration will complete this task:
 Configuration Description

Router(config)#ip dhcp Create a DHCP Pool named CLIENTS

pool CLIENTS

Router(dhcp- Specifies the subnet and mask of the DHCP address pool
config)#network 10.1.1.0
/24

Router(dhcp- Set the default gateway of the DHCP Clients

config)#default-router
10.1.1.1

Router(dhcp-config)#dns- Configure a Domain Name Server (DNS)

server 10.1.1.1

Router(dhcp- Configure a domain-name

config)#domain-name
9tut.com

Router(dhcp-config)#lease Duration of the lease (the time during which a client

0 12 computer can use an assigned IP address). The syntax is
“lease {days[hours] [minutes] | infinite}”. In this case the
lease is 12 hours. The default is a one-day lease.
Before the lease expires, the client typically needs to renew
its address lease assignment with the server

Router(dhcp-config)#exit

Router(config)# ip dhcp The IP range that a DHCP Server should not assign to
excluded-address 10.1.1.1 DHCP Clients. Notice this command is configured under
10.1.1.10 global configuration mode

Simple Network Management Protocol SNMP

Tutorial
Building a working network is important but monitoring its health is as important as building it.
Luckily we have tools to make administrator’s life easier and SNMP is one among of them. SNMP
presents in most of the network regardless of the size of that network. And understanding how
SNMP works is really important and that what we will learn in this tutorial.

Understand SNMP

SNMP consists of 3 items:

+ SNMP Manager (sometimes called Network Management System – NMS): a software runs on
the device of the network administrator (in most case, a computer) to monitor the network.
+ SNMP Agent: a software runs on network devices that we want to monitor (router, switch,
server…)
+ Management Information Base (MIB): is the collection of managed objects. This components
makes sure that the data exchange between the manager and the agent remains structured. In
other words, MIB contains a set of questions that the SNMP Manager can ask the Agent (and the
Agent can understand them). MIB is commonly shared between the Agent and Manager.

For example, in the topology above you want to monitor a router, a server and a Multilayer Switch.
You can run SNMP Agent on all of them. Then on a PC you install a SNMP Manager software to
receive monitoring information. SNMP is the protocol running between the Manager and Agent.
SNMP communication between Manager and Agent takes place in form of messages. The
monitoring process must be done via a MIB which is a standardized database and it contains
parameters/objects to describe these networking devices (like IP addresses, interfaces, CPU
utilization, …). Therefore the monitoring process now becomes the process of GET and SET the
information from the MIB.

SNMP Versions

SNMP has multiple versions but there are three main versions:

+ SNMP version 1
+ SNMP version 2c
+ SNMP version 3

SNMPv1 is the original version and is very legacy so it should not be used in our network.
SNMPv2c updated the original protocol and offered some enhancements. One of the noticeable
enhancement is the introduction of INFORM and GETBULK messages which will be explain later in
this tutorial.

Both SNMPv1 and v2 did not focus much on security and they provide security based
on community string only. Community string is really just a clear text password (without
encryption). Any data sent in clear text over a network is vulnerable to packet sniffing and
interception. There are two types of community strings in SNMPv2c:

+ Read-only (RO): gives read-only access to the MIB objects which is safer and preferred to
other method.
+ Read-write (RW): gives read and write access to the MIB objects. This method allows SNMP
Manager to change the configuration of the managed router/switch so be careful with this type.
The community string defined on the SNMP Manager must match one of the community strings on
the Agents in order for the Manager to access the Agents.

SNMPv3 provides significant enhancements to address the security weaknesses existing in the
earlier versions. The concept of community string does not exist in this version. SNMPv3 provides
a far more secure communication using entities, users and groups. This is achieved by
implementing three new major features:
+ Message integrity: ensuring that a packet has not been modified in transit.
+ Authentication: by using password hashing (based on the HMAC-MD5 or HMAC-SHA
algorithms) to ensure the message is from a valid source on the network.
+ Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the
contents of a packet.

Note: Although SNMPv3 offers better security but SNMPv2c however is still more common. Cisco
has supported SNMPv3 in their routers since IOS version 12.0.3T.

In the next part we will learn the SNMP messages used in each version.

SNMP Messages

SNMP Messages are used to communicate between the SNMP Manager and Agents. SNMPv1
supports five basic SNMP messages:

+ SNMP GET
+ SNMP GET-NEXT
+ SNMP GET-RESPONSE
+ SNMP SET
+ SNMP TRAP

In general, the GET messages are sent by the SNMP Manager to retrieve information from the
SNMP Agents while the SET messages are used by the SNMP Manager to modify or assign the
value to the SNMP Agents.

Note: GET-NEXT retrieves the value of the next object in the MIB.

The GET-RESPONSE message is used by the SNMP Agents to reply to GET and GET-NEXT
messages.

Unlike GET or SET messages, TRAP messages are initiated from the SNMP Agents to inform the
SNMP Manager on the occurrence of an event. For example, suppose you want to be alarmed
when the CPU usage of your server goes above 80%. But it would be very annoying if the
administrator has to actively use the GET message to check the CPU usage from time to time. In
this case, the TRAP message is very suitable for that purpose because the administrator would
only be informed from the CPU itself when that event occurs. The figure below shows the direction
of SNMP messages:
From SNMPv2c, two new messages were added: INFORM and GETBULK.

INFORM: An disadvantage of TRAP message is unreliable. SNMP communicates via UDP so it is

unreliable because when the SNMP Agents send TRAP message to the SNMP Manager it cannot
know if its messages arrive to the SNMP Manager. To amend this problem, a new type of message,
called INFORM, was introduced from SNMPv2. With INFORM message, the SNMP Manager can now
acknowledge that the message has been received at its end with an SNMP response protocol data
unit (PDU). If the sender never receives a response, the INFORM can be sent again. Thus,
INFORMs are more likely to reach their intended destination.

GETBULK: The GETBULK operation efficiently retrieve large blocks of data, such as multiple rows
in a table. GETBULK fills a response message with as much of the requested data as will fit.

Note: There is no new message types on SNMPv3 compared to SNMPv2c.

Syslog Tutorial
Go to comments
As an administrator of a network, you have just completed all the configuration and they are
working nicely. Now maybe the next thing you want to do is to set up something that can alert you
when something goes wrong or down in your network. Syslog is an excellent tool for system
monitoring and is almost always included in your distribution.

Places to store and display syslog messages

There are some places we can send syslog messages to:

Place to store syslog messages Command to use

Internal buffer (inside a switch or router) logging buffered [size]

Syslog server logging

Flash memory logging file flash:filename

Nonconsole terminal (VTY connection…) terminal monitor

Console line logging console

Note: If sent to a syslog server, messages are sent on UDP port 514.
By default, Cisco routers and switches send log messages to the console. We should use a syslog
server to contain our logging messages with the logging command. Syslog server is the most
popular place to store logging messages and administrators can easily monitor the wealth of their
networks based on the received information.

Syslog syntax

A syslog message has the following format:

seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text

Each portion of a syslog message has a specific meaning:

+ Seq no: a sequence number only if the service sequence-numbers global configuration
command is configured
+ Timestamp: Date and time of the message or event. This information appears only if
the service timestamps global configuration command is configured.
+ FACILITY: This tells the protocol, module, or process that generated the message. Some
examples are SYS for the operating system, IF for an interface…
+ SEVERITY: A number from 0 to 7 designating the importance of the action reported.

The Syslog levels are:

Level Keyword Description

0 emergencies System is unusable

1 alerts Immediate action is needed

2 critical Critical conditions exist

3 errors Error conditions exist

4 warnings Warning conditions exist

5 notification Normal, but significant, conditions exist

6 informational Informational messages

7 debugging Debugging messages

Note: You can remember the order above with the sentence: “Eventually All Critical Errors
Will Not Involve Damage”.

The highest level is level 0 (emergencies). The lowest level is level 7. To change the minimum
severity level that is sent to syslog, use the logging trap level configuration command. If you
specify a level, that level and all the higher levels will be displayed. For example, by using
the logging console warnings command, all the logging of emergencies, alerts, critical, errors,
warnings will be displayed. Levels 0 through 4 are for events that could seriously impact the
device, whereas levels 5 through 7 are for less-important events. By default, syslog servers
receive informational messages (level 6).

+ MNEMONIC: A code that identifies the action reported.

+ message text: A plain-text description of the event that triggered the syslog message.
Let’s see an example of the syslog message:

39345: May 22 13:56:35.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface

Serial0/0/1, changed state to down

+ seq no: 39345

+ Timestamp: May 22 13:56:35.811
+ FACILTY: LINEPROTO
+ SEVERITY level: 5 (notification)
+ MNEMONIC: UPDOWN
+ message text: Line protocol on Interface Serial0/0/1, changed state to down

Note: Facility levels and syslog levels are different. The facility represents the machine process
that created the syslog event. Therefore the Facility value is a way of determining which process of
the machine created the message. For example, is the event created by the kernel, by the mail
system, by security/authorization processes, etc.

Facility Description

Auth Authorization system

Cron Cron/at facility

Daemon System daemons

Kern Kernel

local0 to local7 Local use

Lpr Line printer system

Mail Mail system

News USENET news

sys9 to sys14 System use

Syslog Syslog itself

User User process

Uucp Unix-to-Unix copy system

The default syslog facility setting is local7.

Syslog Configuration

The following example tells the device to store syslog messages to a server on 10.10.10.150 and
limit the messages for levels 4 and higher (0 through 4):
 Router(config)#logging 10.10.10.150
Router(config)#logging trap 4

Of course on the server 10.10.10.150 we have to use a syslog software to capture the syslog
messages sent to this server.

Network Address Translation NAT Tutorial

To go to the Internet we need to get an public IP address and it is unique all over the world. If
each host in the world required a unique public IP address, we would have run out of IP address
years ago. But by using Network Address Translation (NAT) we can save tons of IP addresses for
later uses. We can understand NAT like this:

“NAT allows a host that does not have a valid registered IP address to communicate with other
hosts through the Internet”

For example your computer is assigned a private IP address of 10.0.0.9 and of course this address
can not be routed on the internet but you can still access the internet. This is because your router
(or modem) translates this address into a public IP address, 123.12.23.1 for example, before
routing your data into the internet.

Of course when your router receives a reply packet destined for 123.12.23.1 it will convert back to
your private IP 10.0.0.9 before sending that packet to you.

Maybe you will ask “hey, I don’t see any difference of using NAT to save tons of IP addresses
because you still need a public IP address for each host to access the Internet and it doesn’t save
you anything, why you need to use NAT?”

Ok, you are right :), in the above example we don’t see its usefulness but you now understand the
fundamental of NAT!

Let’s take another example!

Suppose your company has 500 employees but your Internet Service Provider (ISP) only gives you
50 public IP addresses. It means that you can only allow 50 hosts to access the internet at the
same time. Here NAT comes to save your life!

One thing you should notice that in real life, not all of your employees uses internet at the same
time. Say, maybe 50 of them use internet to read newspaper at the morning; 50 others use
internet at noon for checking mail… By using NAT you can dynamically assign these 50 public IP
addresses to those who really need them at that time. This is called dynamic NAT.

But the above NAT solution does not solve our problem completely because in some days there
can be more than 50 people surfing web at the morning. In this case, only the first 50 people can
access internet, others must wait to their turns.
Another problem is, in fact, your ISP only gives you much lesser IP addresses than the number 50
because each public IP is very precious now.

To solve the two problems above, another feature of NAT can be used: NAT Overload or
sometimes called Port Address Translation (PAT)

PAT permits multiple devices on a local area network (LAN) to be mapped to a single public IP
address with different port numbers. Therefore, it’s also known as port address translation (PAT).
When using PAT, the router maintains unique source port numbers on the inside global IP
address to distinguish between translations. In the below example, each host is assigned to the
same public IP address 123.1.1.1 but with different port numbers (from 1000 to 1002).

Note: Cisco uses the term inside local for the private IP addresses and inside global for the
public IP addresses replaced by the router.

The outside host IP address can also be changed with NAT. The outside global address
represents the outside host with a public IP address that can be used for routing in the public
Internet.

The last term, outside local address, is a private address of an external device as it is referred to
by devices on its local network. You can understand outside local address as the inside local
address of the external device which lies at the other end of the Internet.

Maybe you will ask how many ports can we use for each IP? Well, because the port number field
has 16 bits, PAT can support about 216 ports, which is more than 64,000 connections using one
public IP address.

Now you has learned all the most useful features of NAT but we should summary all features of
NAT:

There are two types of NAT translation: dynamic and static.

Static NAT: Designed to allow one-to-one mapping between local and global addresses. This
flavor requires you to have one real Internet IP address for every host on your network.

Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a

pool of registered IP addresses. You don’t have to statically configure your router to map an inside
to an outside address as in static NAT, but you do have to have enough real IP addresses for
everyone who wants to send packets through the Internet. With dynamic NAT, you can configure
the NAT router with more IP addresses in the inside local address list than in the inside global
address pool. When being defined in the inside global address pool, the router allocates registered
public IP addresses from the pool until all are allocated. If all the public IP addresses are already
allocated, the router discards the packet that requires a public IP address.
PAT (NAT Overloading): is also a kind of dynamic NAT that maps multiple private IP addresses
to a single public IP address (many-to-one) by using different ports. Static NAT and Dynamic NAT
both require a one-to-one mapping from the inside local to the inside global address. By using
PAT, you can have thousands of users connect to the Internet using only one real global IP
address. PAT is the technology that helps us not run out of public IP address on the Internet. This
is the most popular type of NAT.

Besides NAT gives you the option to advertise only a single address for your entire network to the
outside world. Doing this effectively hides the internal network from the public world really well,
giving you some additional security for your network.

NAT terms:

* Inside local address – The IP address assigned to a host on the inside network. The address is
usually not an IP address assigned by the Internet Network Information Center (InterNIC) or
service provider. This address is likely to be an RFC 1918 private address.
* Inside global address – A legitimate IP address assigned by the InterNIC or service provider
that represents one or more inside local IP addresses to the outside world.
* Outside local address – The IP address of an outside host as it is known to the hosts on the
inside network.
* Outside global address – The IP address assigned to a host on the outside network. The
owner of the host assigns this address.

To learn how to configure NAT please read my Configure NAT GNS3 Lab tutorial

Forwarding per-hop behavior (PHB) for QoS Tutorial

Quality of Service (QoS) is a tool that allows our network to prioritize certain types of traffic. QoS
defines the actions that a device can apply to a message between the time it enters the device
until it exits the device. These actions are called per-hop behaviors (PHBs). With PHBs, we can
discard, delay, or even change the header field of each packet. The goal of a PHB is to provide a
specified amount of network resources to a class of traffic on a contiguous network.

PHB uses a set of codepoints to mark packets with different levels of priority. These codepoints are
embedded in the Differentiated Services Code Point (DSCP) field of the Type Of Service (ToS) field
of the IP header.
The key components of PHB are listed below:

+ Classification: When receiving a packet, the first thing a networking device does is to examine
the packet’s header to determine what kind of data is inside. This is called classification and
involves categorizing network traffic into different groups based on specific criteria like IP address,
protocol, port, or application type. An example of classification is shown below:

class-map match-all CLASSIFICATION_HTTP

match access-group 100
!
access-list 100 permit tcp any any eq 80

In this example, we have created a class map named “CLASSIFICATION_HTTP” that matches all
traffic matching access-group 100. Access-group 100 permits TCP traffic with destination port 80.

+ Marking: A packet can be classified when entering or leaving a device but there may be many
other devices on its journey to the destination and this repeated process is time-consuming. A
more efficient way is to classify the packets once as close to the source as possible and mark them
to a QoS standard. This is called marking, which is the process of changing the packet’s header so
that other devices know which level (quality) of service should be applied to the packets by just
reading the marking. With IP packets, we can mark with either a precedence or DSCP value.

An example of marking is shown below:

policy-map MARKING_HTTP
class CLASSIFICATION_HTTP
set dscp af21
!

In this example, we have created a policy map named “MARKING_HTTP” that marks all traffic
matching the “CLASSIFICATION_HTTP” class with DSCP value of “af21”.

Apply (activate) the policy-map to an interface:

interface FastEthernet0/1
service-policy output MARKING_HTTP
!
In this example, we have applied the “MARKING_HTTP” policy map to FastEthernet0/1 interface for
outbound traffic.

+ Queuing: the process of holding packets in a queue and scheduling their transmission based on
priority. Utilizing algorithms such as Weighted Fair Queuing (WFQ), this process ensures high-
priority packets are transmitted before their low-priority counterparts.

An example of configuring queuing is shown below:

interface FastEthernet0/1
priority-queue out

+ Congestion: occurs when network bandwidth is insufficient to accommodate all traffic. PHB
includes mechanisms like Random Early Detection (RED) to manage congestion by discarding low-
priority packets before higher-priority ones.

+ Policing: involves monitoring network traffic and enforcing predetermined traffic rate limits.
Packets exceeding specified rate limits may be discarded or marked with a lower priority.

+ Shaping: Shaping is the control of the rate at which packets enter the network, preventing
congestion and ensuring timely transmission of all packets. Excess traffic is stored in a buffer and
released at a controlled rate, shaping the traffic to conform to the desired profile. Shaping is a
more gentle approach that attempts to smooth out bursts of traffic. Traffic shaping is applicable
only on outbound interfaces as buffering and queuing happens only on outbound interfaces

The figure above shows the difference between Policing and Shaping. With traffic policing, excess
traffic is usually dropped while with traffic shaping, excess traffic is buffered and sent again with a
little delay.

Configure SSH for Remote Access on Cisco Router

One of the most popular way to access a Cisco router remotely is using Telnet but it is an
unsecured method as the data is sent unencrypted. If a bad person grabs data from a Telnet
session, he can see details like a user’s username and password, giving them access to your
router.
SSH (Secure Shell) is a secure method for remote access as it includes authentication and
encryption. To do this, it uses a RSA public/private keypair. In this tutorial we are going to learn
how to configure SSH for R1 to accept remote SSH access with the topology below.

Configuration

The first thing we need to do is generating a RSA keypair. The name of the RSA keypair will be
the hostname and domain name of the router so we have to configure these two things first.

1. Configure a hostname for the router

Router(config)#hostname R1

2. Configure a domain name

R1(config)#ip domain-name 9tut.com

3. Generate the RSA keypair

This RSA keypair will be used to encrypt the SSH packets with the crypto key generate
rsa command.

R1(config)#crypto key generate rsa

The name for the keys will be: R1.9tut.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 2048

% Generating 2048 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 3 seconds)

The message that is displayed right after we enter this command: “The name for the keys will be:
R1.9tut.com”, which combines the hostname of the router along with the domain name we
configured to get the name of the encryption key generated; this is why we have to configure
hostname and domain name first.

The router also asks to choose a size of modulus for the key we are about to generate. The higher
the modulus, the stronger the encryption of the key. For our example, we’ll use a modulus of 2048
which is safe nowadays.

4. Configure VTY lines to use SSH only (Telnet will be refused)

R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local

If for some reasons we still want to allow Telnet along with SSH then we can use the “transport
input ssh telnet” instead.
5. Create a username/password in local database on the router

R1(config)#username admin password password_SSH

Verification

1. SSH from another Cisco device

Cisco routers also support a simple SSH client via CLI so we can connect to R1 easily. On R2 we
can use the “ssh” command to SSH to R1:

R2#ssh -l admin 192.168.12.1

Password: ************ //type "password_SSH' here
R1>

“-l” means we will provide the username (“admin” in this case) along with this parameter.

Yes! we can now SSH to R1!

2. SSH from a computer

A normal computer usually has not supported SSH Client so we need to install one. One of the
most popular and free SSH Client software is Putty so we should download and use it.

Suppose we replace R2 with a configured PC. Open Putty and type “192.168.12.1” for the “Host
Name” field, Port 22 (SSH) and click “Open” to connect to the router via SSH.