M11: Build Small Cisco Network

M11 Cisco Devices: Build a simple computer network using Cisco devices.

VTY

The Virtual terminal lines you use for remote access (Telnet/SSH)

Switch Virtual Interface

It is a virtual Layer 3 interface. It is used for management only on Layer 2 switches. It is assigned an IP address, subnet mask, and usually a default gateway.

VLAN 1

It is the default SVI on basic switches.

passphrase

Is a sequence of words or a long string of characters used for authentication, offering stronger security than a traditional password.

2 Main ways a Network Devices can be accessed

1. Locally - using the console port

2. Remotely - using Telnet or SSH over the network

SSH

Is the preferred way of accessing network devices remotely because it encrypts usernames and passwords, while Telnet sends them in plaintext

show running-config

Use this command to see console and VTY passwords in plaintext unless encryption is enabled. In short use this command to verify configuration.

Console access

Can be secured with line console 0

Remote access

Can be secured with line vty 0 15

SSH preferred

Use command transport input ssh

transport input ssh

Commands that blocks Telnet

login local

Commands that forces the switch to use the local username database

show ip ssh

It verify SSH status

crypto key generate rsa

it enables SSH

username admin secret password

This configure local user authentication. SSH requires local username and secret. This creates a secure, encrypted password.

ip damain-name (name)

To configure the domain name. SSH requires a hostname + domain name to generate RSA keys.

crypto key generate rsa

This step enables SSH automatically. It generates RSA key pair

ip ssh version 2

This ensures only SSHv2 is allowed. It avoid using version 1 which has vulnerabilities.