HongLeDangKhoa SE182425

LAB 15.4.
8
Hồng Lê Đăng Khoa SE182425
Lab - Observe DNS Resolution

Objectives
Part 1: Observe the DNS Conversion of a URL to an IP Address
Part 2: Observe DNS Lookup Using the nslookup Command on a Web Site
Part 3: Observe DNS Lookup Using the nslookup Command on Mail Servers
Background / Scenario
The Domain Name System (DNS) is invoked when you type a Uniform Resource Locator (URL), such as
http://www.cisco.com, into a web browser. The first part of the URL describes which protocol is used. Common
protocols are Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol over Secure Socket Layer (HTTPS), and
File Transfer Protocol (FTP).
DNS uses the second part of the URL, which in this example is www.cisco.com. DNS translates the domain name
(www.cisco.com) to an IP address to allow the source host to reach the destination server. In this lab, you will observe
DNS in action and use the nslookup (name server lookup) command to obtain additional DNS information.
Required Resources
1 PC (Windows with internet and command prompt access)
Part 1: Observe the DNS Conversion of a URL to an IP Address

a. Open a Windows command prompt.
b. At the command prompt, ping the URL for the Internet Corporation for Assigned Names and Numbers (ICANN)
at www.icann.org. ICANN coordinates the DNS, IP addresses, top-level domain name system management, and
root server system management functions. The computer must translate www.icann.org into an IP address to know
where to send the Internet Control Message Protocol (ICMP) packets.
The first line of the output displays www.icann.org converted to an IP address by DNS. You should be able to see
the effect of DNS, even if your institution has a firewall that prevents pinging, or if the destination server has
prevented you from pinging its web server.
Note: If the domain name is resolved to an IPv6 address, use the command ping -4 www.icann.org to
translate into an IPv4 address if desired.
C:\> ping www.icann.org
Pinging www.vip.icann.org [2620:0:2d0:200::7] with 32 bytes of data:

Reply from 2620:0:2d0:200::7: time=43ms
 2013 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 33 www.netacad.com
Ping statistics for 2620:0:2d0:200::7:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 44ms, Average = 41ms
C:\> ping -4 www.icann.org
Pinging www.vip.icann.org [192.0.32.7] with 32 bytes of data:

Reply from 192.0.32.7: bytes=32 time=41ms TTL=241
Ping statistics for 192.0.32.7:

Record the IP addresses for www.icann.org.
Ipv6: 2620:0:2d0:200::7
Ipv4: 192.0.32.7
c. Type the IPv4 addresses from step b into a web browser, instead of the URL. Enter https://192.0.32.7 in the web
browser. If your computer has an IPv6 address you can enter the IPv6 address. https://[2620:0:2d0:200::7] in
the web browser.
d. Notice that the ICANN home web page is displayed without using DNS.
Most humans find it easier to remember words, rather than numbers. If you tell someone to go to www.icann.org,
they can probably remember that. If you told them to go to 192.0.32.7, they would have a difficult time
remembering an IP address. Computers process in numbers. DNS is the process of translating words into numbers.
Additionally, there is a second translation that takes place. Humans think in Base 10 numbers. Computers process in
Base 2 numbers. The Base 10 IP address 192.0.32.7 in Base 2 numbers is 11000000.00000000.00100000.00000111.
What happens if you cut and paste these Base 2 numbers into a browser?
The website does not display. The software code used in web browsers recognizes base
10 numbers.
e. At a command prompt, ping www.cisco.com.
Note: If the domain name is resolved to an IPv6 address, use the command ping -4 www.cisco.com to
translate into an IPv4 address if desired.
C:\> ping www.cisco.com
Pinging origin-www.cisco.com [2600:1408:7:1:9300::90] with 32 bytes of data:

Reply from 2600:1408:7:1:9300::90: time=70ms
Ping statistics for 2600:1408:7:1:9300::90:

C:\> ping -4 www.cisco.com
Pinging e2867.dsca.akamaiedge.net [172.230.155.162] with 32 bytes of data:

Ping statistics for 172.230.155.162:

When you ping www.cisco.com, do you get the same IP address as the example? Explain.
Answer will vary depending upon where you are geographically. Cisco hosts its
web content on a series of mirror servers. This means that Cisco uploads the
exact same content to geographically diverse servers. When someone tries to
reach www.cisco.com, the traffic is directed to the closest mirror server.
Type the IP address that you obtained when you pinged www.cisco.com into a browser. Does the web site
display? Explain.
The Cisco website does not display. Because

- Some web servers are configured to accept IP addresses sent from a browser and some are
not.
- It may be a firewall rule in the Cisco security system that prohibits an IP address from being
sent via a browser. Depending on the Web Browser you can also get a message saying the
connection is not secure or there is a certificate error.
Part 2: Observe DNS Lookup Using the nslookup Command on a Web Site
a. At the command prompt, type the nslookup command.
C:\> nslookup
What is the default DNS server used?
Default Server: UnKnown

Address: 2402:800:20ff:6666::1
b. Notice how the command prompt changed to a greater than (>) symbol. This is the nslookup prompt. From
this prompt, you can enter commands related to DNS.
At the prompt, type ? to see a list of all the available commands that you can use in nslookup mode.
c. At the nslookup prompt, type www.cisco.com.

> www.cisco.com
Default Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: e2867.dsca.akamaiedge.net
Addresses: 2600:1404:a:395::b33
2600:1404:a:38e:::b33
172.230.155.162
Aliases: www.cisco.com
www.cisco.com.akadns.net
wwwds.cisco.com.edgekey.net
wwwds.cisco.com.edgekey.net.globalredir.akadns.net
What is the translated IPv4 address?

23.195.113.107
Note: The IP address from your location will most likely be different because Cisco uses mirrored servers in
various locations around the world.
Is it the same as the IP address shown with the ping command?
Under addresses, in addition to the 172.230.155.162 IP address, there are the following numbers: 2600:1404:a:395::b33 and
2600:1404:a:38e:::b33. What are these?
IPv6 . IP addresses at which the web site is reachable.
d. At the nslookup prompt, type the IP address of the Cisco web server that you just found. You can use
nslookup to get the domain name of an IP address if you do not know the URL.
> 172.230.155.162
Default Server: one.one.one.one
Address: 1.1.1.1
Name: a172-230-155-162.deploy.static.akamaitechnologies.com
Address: 172.230.155.162
You can use the nslookup tool to translate domain names into IP addresses. You can also use it to translate IP
addresses into domain names.
Using the nslookup tool, record the IP addresses associated with www.google.com.
Part 3: Observe DNS Lookup Using the nslookup Command on Mail Servers
a. At the nslookup prompt, type set type=mx to use nslookup to identify mail servers.
> set type=mx
b. At the nslookup prompt, type cisco.com.
> cisco.com
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
cisco.com MX preference = 20, mail exchanger = rcdn-mx-01.cisco.com
cisco.com MX preference = 30, mail exchanger = aer-mx-01.cisco.com
cisco.com MX preference = 10, mail exchanger = alln-mx-01.cisco.com
A fundamental principle of network design is redundancy (more than one mail server is configured). In this way, if
one of the mail servers is unreachable, then the computer making the query tries the second mail server. Email
administrators determine which mail server is contacted first by using MX preference. The mail server with the
lowest MX preference is contacted first.
Based upon the output above, which mail server will be contacted first when the email is sent to cisco.com?
alln-mx-01.cisco.com
c. At the nslookup prompt, type exit to return to the regular PC command prompt.
d. At the PC command prompt, type ipconfig /all.
Write the IP addresses of all the DNS servers that your school uses.
DNS Servers.......................: 2402:800:20ff:6666::1

2402:800:20ff:5555::1
203.113.131.2
203.113.188.8
Reflection Question
What is the fundamental purpose of DNS?
DNS basically acts like the phonebook for the Internet. So DNS translates names
to numbers. The numbers can be either IPv4 or IPv6.
16.4.7
Topology
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
R1 G0/0/1 192.168.1.1 255.255.255.0 N/A

S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1
Objectives
Part 1: Configure Basic Device Settings
Part 2: Configure the Router for SSH
Access Part 3: Configure the Switch for
SSH Access Part 4: SSH from the CLI on the
Switch
In the past, Telnet was the most common network protocol used to remotely configure network devices. Telnet does
not encrypt the information between the client and server. This allows a network sniffer to intercept passwords and
configuration information.
Secure Shell (SSH) is a network protocol that establishes a secure terminal emulation connection to a router or other
networking device. SSH encrypts all information that passes over the network link and provides authentication of the
remote computer. SSH is rapidly replacing Telnet as the remote login tool of choice for network professionals. SSH is
most often used to log in to a remote device and execute commands.
However, it can also transfer files using the associated Secure FTP (SFTP) or Secure Copy (SCP) protocols.
The network devices that are communicating must be configured to support SSH in order for SSH to function. In this
lab, you will enable the SSH server on a router and then connect to that router using a PC with an SSH client installed.
On a local network, the connection is normally made using Ethernet and IP.
Note: The routers used with CCNA hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9
image). The switches used in the labs are Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other
routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands
available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary
Table at the end of the lab for the correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure,
contact your instructor.
Required Resources
 1 Router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable)
 1 Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable)
 1 PC (Windows with a terminal emulation program, such as Tera Term)
 Console cables to configure the Cisco IOS devices via the console ports
 Ethernet cables as shown in the topology
Instructions

In Part 1, you will set up the network topology and configure basic settings, such as the interface IP addresses, device
access, and passwords on the router.
Step 1: Cable the network as shown in the topology.
Step 2: Initialize and reload the router and switch.
Step 3: Configure the router.

a) Console into the router and enable privileged EXEC mode.
b) Enter configuration mode.
c) Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as though
they were host names.
d) Assign class as the privileged EXEC encrypted password.
e) Assign cisco as the console password and enable login.
f) Assign cisco as the VTY password and enable login.
g) Encrypt the plaintext passwords.
h) Create a banner that will warn anyone accessing the device that unauthorized access is prohibited.
i) Configure and activate the G0/0/1 interface on the router using the information contained in the
Addressing Table.
j) Save the running configuration to the startup configuration file.
Step 4: Configure PC-A.

a) Configure PC-A with an IP address and subnet mask.
b) Configure a default gateway for PC-A.
Step 5: Verify network connectivity.

Ping R1 from PC-A. If the ping fails, troubleshoot the connection.
Part 2: Configure the Router for SSH Access

Using Telnet to connect to a network device is a security risk because all the information is transmitted in a clear text
format. SSH encrypts the session data and provides device authentication, which is why SSH is
recommended for remote connections. In Part 2, you will configure the router to accept SSH connections over the VTY
lines.
Step 1: Configure device authentication.

The device name and domain are used as part of the crypto key when it is generated. Therefore, these names must be
entered prior to issuing the crypto key command.
a) Configure device name.

b) Configure the domain for the device.
Step 2: Configure the encryption key method.
Step 3: Configure a local database username.
Configure a username using admin as the username and Adm1nP@55 as the password.
Step 4: Enable SSH on the VTY lines.

a) Enable Telnet and SSH on the inbound VTY lines using the transport input command.
b) Change the login method to use the local database for user verification.
Step 5: Save the running configuration to the startup configuration file.
Step 6: Establish an SSH connection to the router.

a) Start Tera Term from PC-A.
b) Establish an SSH session to R1. Use the username admin and password Adm1nP@55. You should be able
to establish an SSH session with R1.
Part 3: Configure the Switch for SSH Access

In Part 3, you will configure the switch to accept SSH connections. After the switch has been configured, establish an
SSH session using Tera Term.
Step 1: Configure the basic settings on the switch.

a) Console into the switch and enable privileged EXEC mode.
b) Enter configuration mode.
c) Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as though
they were host names.
d) Assign class as the privileged EXEC encrypted password.
e) Assign cisco as the console password and enable login.

f) Assign cisco as the VTY password and enable login.
g) Encrypt the plain text passwords.
h) Create a banner that will warn anyone accessing the device that unauthorized access is prohibited.
i) Configure and activate the VLAN 1 interface on the switch according to the Addressing Table.
j) Save the running configuration to the startup configuration file.
fix
Use the same commands that you used to configure SSH on the router in Part 2 to configure SSH for the switch.
a) Configure the device name as listed in the Addressing Table.
b) Configure the domain for the device.
c) Configure the encryption key method.
d) Configure a local database username.
e) Enable Telnet and SSH on the VTY lines.
f) Change the login method to use the local database for user verification.
Step 3: Establish an SSH connection to the switch.

Start Tera Term from PC-A, and then SSH to the SVI interface on S1.
Are you able to establish an SSH session with the switch?

Yes, are the same.
Part 4: SSH From the CLI on the Switch

The SSH client is built into the Cisco IOS and can be run from the CLI. In Part 4, you will SSH to the router from the
CLI on the switch.
Step 1: View the parameters available for the Cisco

Use the question mark (?) to display the parameter options available with the ssh command.
S1# ssh ?
-c Select encryption algorithm
-l Log in using this user name
-m Select HMAC algorithm
-o Specify options
-p Connect to this port
-v Specify SSH Protocol Version
-vrf Specify vrf name
WORD IP address or hostname of a remote system
Step 2: SSH to R1 from S1.

a) You must use the –l admin option when you SSH to R1. This allows you to log in as user admin. When
prompted, enter Adm1nP@55 for the password.
S1# ssh -l admin 192.168.1.1
Password:
Authorized Users Only!
R1>
b) You can return to S1 without closing the SSH session to R1 by pressing Ctrl+Shift+6. Release the
Ctrl+Shift+6 keys and press x. The switch privileged EXEC prompt displays.
R1>
S1#
c) To return to the SSH session on R1, press Enter on a blank CLI line. You may need to press Enter a second
time to see the router CLI prompt.
S1#
[Resuming connection 1 to 192.168.1.1 ... ]
R1>
d) To end the SSH session on R1, type exit at the router prompt.
R1# exit
[Connection to 192.168.1.1 closed by foreign host]

S1#
What versions of SSH are supported from the CLI?
1 Protocol Version 1
2 Protocol Version 2
Reflection Question
How would you provide multiple users, each with their own username, access to a network device?
You would add each user’s username and password to the local database using the
username command.
Router Interface Summary Table

Router Model Ethernet Interface #1 Ethernet Interface #2 Serial Interface #1 Serial Interface #2
Fast Ethernet 0/0 Fast Ethernet 0/1

1800 (F0/0) (F0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0 Gigabit Ethernet 0/1
1900 (G0/0) (G0/1) Serial 0/0/0 (S0/0/0) Serial 0/0/1 (S0/0/1)
Gigabit Ethernet 0/0/0 Gigabit Ethernet 0/0/1
4221 (G0/0/0) (G0/0/1) Serial 0/1/0 (S0/1/0) Serial 0/1/1 (S0/1/1)
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces
the router has. There is no way to effectively list all the combinations of configurations for each router class. This table
includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include
any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI
interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the
interface.
16.5.2
Topology
Addressing Table
Device Interface IP Address Subnet Mask Default Gateway
R1 G0/0/1 192.168.1.1 255.255.255.0 N/A

S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1
PC-A NIC 192.168.1.3 255.255.255.0 192.168.1.1
Objectives
Part 2: Configure Basic Security Measures on the
Router Part 3: Configure Basic Security Measures on
the Switch
It is recommended that all network devices be configured with at least a minimum set of best practice security commands. This
includes end user devices, servers, and network devices, such as routers and switches.
In this lab, you will configure the network devices in the topology to accept SSH sessions for remote management. You
will also use the IOS CLI to configure common, basic best practice security measures. You will then test the security
measures to verify that they are properly implemented and working correctly.
Note: The routers used with CCNA hands-on labs are Cisco 4221 with Cisco IOS XE Release 16.9.4 (universalk9
image). The switches used in the labs are Cisco Catalyst 2960s with Cisco IOS Release 15.2(2) (lanbasek9 image). Other
routers, switches, and Cisco IOS versions can be used. Depending on the model and Cisco IOS version, the commands
available and the output produced might vary from what is shown in the labs. Refer to the Router Interface Summary
Table at the end of the lab for the correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you are unsure,
contact your instructor.
Required Resources
1 Router (Cisco 4221 with Cisco IOS XE Release 16.9.4 universal image or comparable) 1
Switch (Cisco 2960 with Cisco IOS Release 15.2(2) lanbasek9 image or comparable) 1 PC
(Windows with a terminal emulation program, such as Tera Term)
Console cables to configure the Cisco IOS devices via the console ports
Ethernet cables as shown in the topology
Instructions
In Part 1, you will set up the network topology and configure basic settings, such as the interface IP addresses, device
access, and passwords on the devices.
Step 1: Cable the network as shown in the topology.
Attach the devices shown in the topology and cable as necessary.
Step 2: Initialize and reload the router and switch.
Step 3: Configure the router and switch.
a. Console into the device and enable privileged EXEC mode.
b. Assign the device name according to the Addressing Table.
c. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were hostnames.
d. Assign class as the privileged EXEC encrypted password.
e. Assign cisco as the console password and enable login.
f. Assign cisco as the VTY password and enable login.
g. Create a banner that warns anyone accessing the device that unauthorized access is prohibited.
h. Configure and activate the G0/0/1 interface on the router using the information contained in the
Addressing Table.
i. Configure the default SVI on the switch with the IP address information according to the Addressing Table.
j. Save the running configuration to the startup configuration file.
Step 4: Configure PC-A.

a. Configure PC-A with an IP address and subnet mask.
b. Configure a default gateway for PC-A.
Step 5: Verify network connectivity.

Ping R1 and S1 from PC-A. If any of the pings fail, troubleshoot the connection.
Part 2: Configure Basic Security Measures on the Router

Step 1: Configure security measures.
a. Encrypt all clear-text passwords.
b. Configure the system to require a minimum 12-character password.
c. Change the passwords (privileged exec, console, and vty) to meet the new length requirement.
1) Set the privileged exec password to $cisco!PRIV*

2) Set the console password to $cisco!!CON*
3) Set the vty line password to $cisco!!VTY*
d. Configure the router to accept only SSH connections from remote locations
1) Configure the username SSHadmin with an encrypted password of 55HAdm!n2020
2) The router’s domain name should be set to ccna-lab.com
3) The key modulus should be 1024 bits.
e. Set security and best-practice configurations on the console and vty lines.
1) Users should be disconnected after 5 minutes of inactivity.
2) The router should not allow vty logins for 2 minutes if 3 failed login attempts occur within 1
minute.
Part 3: Configure security measures.

Step1: Verify that all unused ports are disabled.
Router ports are disabled by default, but it is always prudent to verify that all unused ports are in an administratively
down state. This can be quickly checked by issuing the show ip interface brief command. Any unused ports that
are not in an administratively down state should be disabled using the shutdown command in interface
configuration mode.
Step 2: Verify that your security measures have been implemented correctly.
a. Use Tera Term on PC-A to telnet to R1. Does
R1 accept the Telnet connection? Explain.

No, the connection is refused. Telnet was disabled with the transport input ssh command.
b. Use Tera Term on PC-A to SSH to R1.
Does R1 accept the SSH connection?

Yes.
c. Intentionally mistype the user and password information to see if login access is blocked after two
attempts.
What happened after you failed to login the second time?
The connection to R1 was disconnected. If you attempt to reconnect within 30 seconds,

the connection will be refused.
d. From your console session on the router, issue the show login command to view the login status. In the
example below, the show login command was issued within the 120 second login blocking period and shows that
the router is in Quiet-Mode. The router will not accept any login attempts for 111 more
seconds.
e. After the 120 seconds has expired, SSH to R1 again and login using the SSHadmin username and
55HAdm!n2020 for the password.
After you successfully logged in, what was displayed?
Unauthorized access is prohibited

f. Enter privileged EXEC mode and use $cisco!PRIV* for the password.
If you mistype this password, are you disconnected from your SSH session after three failed attempts within 60
seconds? Explain.
No. The login block-for 120 attempts 3 within 60 command only monitors session login
attempts on VTY lines.
g. Issue the show running-config command at the privileged EXEC prompt to view the security settings you
have applied.
Part 4: Configure Basic Security Measures on the Switch

Step1: Configure security measures.
a) Encrypt all clear-text passwords.
b) Change the passwords (privileged EXEC, console, and vty).
1) Set the privileged exec password to $cisco!PRIV*
2) Set the console password to $cisco!!CON*
3) Set the vty line password to $cisco!!VTY*
c) Configure the switch to accept only SSH connections from remote locations.
1) Configure the username SSHadmin with an encrypted password of 55HAdm!n2020
2) The switches domain name should be set to ccna-lab.com
3) The key modulus should be 1024 bits.
d) Set security and best-practice configurations on the console and vty lines.
1) Users should be disconnected after 5 minutes of inactivity.
2) The switch should not allow logins for 2 minutes if 3 failed login attempts occur within 1 minute.
e) Disable all of the unused ports.
Step 2: Verify all unused ports are disabled.

Switch ports are enabled, by default. Shut down all ports that are not in use on the switch.
a. You can verify the switch port status using the show ip interface brief command.
b. Use the interface range command to shut down multiple interfaces at a time.
c. Verify that all inactive interfaces have been administratively shut down.
Step 3: Verify that your security measures have been implemented correctly.
f) Verify that Telnet has been disabled on the switch.
g) SSH to the switch and intentionally mistype the user and password information to see if login access is blocked.
h) After the 30 seconds has expired, SSH to S1 again and log in using the SSHadmin username and
55HAdm!n2020 for the password.
Did the banner appear after you successfully logged in?
Yes.
i) Enter privileged EXEC mode using $cisco!PRIV* as the password.
j) Issue the show running-config command at the privileged EXEC prompt to view the security settings you
have applied.
Reflection Questions
1. The password cisco command was entered for the console and VTY lines in your basic configuration in Part 1.
When is this password used after the best practice security measures have been applied?
This password will not be used any longer.This command was disabled as soon as the
login local command was entered for those lines.
2. Are preconfigured passwords shorter than 10 characters affected by the security passwords min-length 12
command?
No. The security passwords min-length command only affects passwords that are entered after this
command is issued. Any pre-existing passwords remain in effect. If they are changed, they will
need to be at least 12 characters long.
Router Interface Summary Table



Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many interfaces
the router has. There is no way to effectively list all the combinations of configurations for each router class. This table
includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device. The table does not include
any other type of interface, even though a specific router may contain one. An example of this might be an ISDN BRI
interface. The string in parenthesis is the legal abbreviation that can be used in Cisco IOS commands to represent the
interface.

HongLeDangKhoa SE182425

Uploaded by

Copyright:

Available Formats

HongLeDangKhoa SE182425

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HongLeDangKhoa SE182425

Uploaded by

Copyright:

Available Formats

LAB 15.4.

Lab - Observe DNS Resolution

Part 1: Observe the DNS Conversion of a URL to an IP Address

Pinging www.vip.icann.org [2620:0:2d0:200::7] with 32 bytes of data:

Ping statistics for 2620:0:2d0:200::7:

C:\> ping -4 www.icann.org

Pinging www.vip.icann.org [192.0.32.7] with 32 bytes of data:

Ping statistics for 192.0.32.7:

C:\> ping www.cisco.com

Pinging origin-www.cisco.com [2600:1408:7:1:9300::90] with 32 bytes of data:

Ping statistics for 2600:1408:7:1:9300::90:

Pinging e2867.dsca.akamaiedge.net [172.230.155.162] with 32 bytes of data:

Reply from 172.230.155.162: bytes=32 time=7ms TTL=54

Ping statistics for 172.230.155.162:

The Cisco website does not display. Because

Default Server: UnKnown

c. At the nslookup prompt, type www.cisco.com.

What is the translated IPv4 address?

IPv6 . IP addresses at which the web site is reachable.

DNS Servers.......................: 2402:800:20ff:6666::1

R1 G0/0/1 192.168.1.1 255.255.255.0 N/A

Part 1: Configure Basic Device Settings

Step 1: Cable the network as shown in the topology.

Step 2: Initialize and reload the router and switch.

Step 3: Configure the router.

g) Encrypt the plaintext passwords.

Step 4: Configure PC-A.

Step 5: Verify network connectivity.

Part 2: Configure the Router for SSH Access

Step 1: Configure device authentication.

a) Configure device name.

Step 2: Configure the encryption key method.

Step 3: Configure a local database username.

Step 4: Enable SSH on the VTY lines.

Step 5: Save the running configuration to the startup configuration file.

Step 6: Establish an SSH connection to the router.

Part 3: Configure the Switch for SSH Access

Step 1: Configure the basic settings on the switch.

e) Assign cisco as the console password and enable login.

Step 3: Establish an SSH connection to the switch.

Are you able to establish an SSH session with the switch?

Part 4: SSH From the CLI on the Switch

Step 1: View the parameters available for the Cisco

Step 2: SSH to R1 from S1.

[Connection to 192.168.1.1 closed by foreign host]

What versions of SSH are supported from the CLI?

Router Interface Summary Table

Fast Ethernet 0/0 Fast Ethernet 0/1

R1 G0/0/1 192.168.1.1 255.255.255.0 N/A

j. Save the running configuration to the startup configuration file.

Step 4: Configure PC-A.

Step 5: Verify network connectivity.

Part 2: Configure Basic Security Measures on the Router

b. Configure the system to require a minimum 12-character password.

1) Set the privileged exec password to $cisco!PRIV*

Part 3: Configure security measures.

R1 accept the Telnet connection? Explain.

Does R1 accept the SSH connection?

What happened after you failed to login the second time?