‭University of Education‬

‭Jauharabad Campus‬

‭Laboratory Exercises‬
‭For‬
‭Network Design & Management‬
‭Lab‬

‭Lab Instructor‬ ‭Hafiz Muhammad Shafiq‬

‭Course Instructor‬ ‭Hafiz Muhammad Shafiq‬

‭Course code‬ ‭ITEC4117‬

‭Semester‬ ‭8‬

‭Department of Information and Technology‬

‭Lab : 06‬
‭Learning Objectives‬
‭•‬ ‭Accessing the Router Remotely & WAN‬

‭WAN:‬
‭ ‬‭wide‬‭area‬‭network‬‭(WAN)‬‭is‬‭a‬‭telecommunications‬‭network‬‭or‬‭computer‬‭network‬‭that‬‭extends‬
A
‭over‬ ‭a‬ ‭large‬ ‭geographical‬ ‭distance.‬ ‭Wide‬ ‭area‬ ‭networks‬ ‭often‬ ‭are‬ ‭established‬ ‭with‬ ‭leased‬
‭telecommunication circuits.‬
‭Business,‬ ‭education‬ ‭and‬ ‭government‬ ‭entities‬ ‭use‬‭wide‬‭area‬‭networks‬‭to‬‭relay‬‭data‬‭among‬‭staff,‬
‭students, clients, buyers, and suppliers from various geographical locations.‬

‭VTY‬‭stands for Virtual Teletype. I’m sure you already‬‭know the virtual interfaces, so the “vty”‬
i‭s a kind of virtual interface that is used to get CLI access to a Cisco Router or Switch over‬
‭Telnet/SSH. All the connections are remotely over the network, so there is no hardware‬
‭associated with it.‬

‭ he command, line vty 0 4, will open 5 virtual interfaces, i.e. (0,1,2,3,4) for remote access. That‬
T
‭means, 5 different administrators/connections can access the Cisco Router/Switch‬
‭simultaneously using Telnet or SSH. Cisco hardware supports a maximum of 16 line virtual‬
‭interfaces, i.e. (0,1,2,3,…,15).‬

‭Telnet:‬
‭ elnet‬ ‭is‬ ‭a‬ ‭user‬ ‭command‬ ‭and‬ ‭an‬ ‭underlying‬‭TCP/IP‬‭protocol‬‭for‬‭accessing‬‭remote‬‭computers,‬
T
‭routers‬‭or‬‭switches.‬‭Through‬‭Telnet,‬‭an‬‭administrator‬‭or‬‭another‬‭user‬‭can‬‭access‬‭someone‬‭else's‬
‭computer,‬ ‭router‬ ‭or‬ ‭switch‬ ‭remotely.With‬ ‭Telnet,‬ ‭you‬ ‭log‬ ‭on‬ ‭as‬ ‭a‬ ‭regular‬ ‭user‬ ‭with‬ ‭whatever‬
‭privileges‬ ‭you‬ ‭may‬ ‭have‬ ‭been‬ ‭granted‬ ‭to‬ ‭the‬ ‭specific‬ ‭application‬ ‭and‬ ‭data‬ ‭on‬ ‭that‬ ‭computer,‬
‭router or switch. Telnet uses VTY lines on Cisco IOS. Telnet is less secure and not encrypted.‬

‭SSH:‬
‭ ecure‬‭Shell‬‭(SSH),‬‭is‬‭a‬‭protocol‬‭for‬‭securely‬‭getting‬‭access‬‭to‬‭a‬‭remote‬‭router.‬‭It‬‭is‬‭widely‬‭used‬
S
‭by‬‭network‬‭administrators‬‭to‬‭control‬‭routers‬‭remotely.‬‭SSH‬‭commands‬‭are‬‭encrypted‬‭and‬‭secure‬
‭in‬ ‭several‬ ‭ways.‬ ‭Both‬ ‭ends‬ ‭of‬ ‭the‬ ‭client/server‬ ‭connection‬ ‭are‬ ‭authenticated‬ ‭using‬ ‭a‬ ‭digital‬
‭certificate, and passwords are protected by being encrypted.‬

‭Enable Telnet and SSH on Cisco Router:‬

‭Go to the router console and configure telnet with the “line vty” command.‬

‭Router>‬‭enable‬
‭Router#‬‭config t‬

‭ outer(config)#‬‭line‬ ‭vty‬ ‭0‬

R ‭//‬‭The‬‭“‭l‬ine‬‭vty‬‭”‬‭vty(virtual‬‭terminal)‬‭command‬
‭enable‬ ‭the‬ ‭telnet‬ ‭and‬ ‭the‬ ‭“‭0‬ ″‬ ‭is‬ ‭just‬ ‭let‬ ‭a‬ ‭single‬‭line‬‭or‬‭session‬‭to‬‭the‬‭router.‬‭If‬‭you‬‭need‬‭more‬
‭sessions simultaneously, you must type “‬‭line vty 0‬‭10‬‭“.‬

‭ outer(config-line)#‬‭password‬‭Pass123‬
R ‭//‬‭The‬‭“‬‭password‬‭”‬‭command‬‭set‬‭the‬‭“‭P
‬ ass123‬‭”‬‭as‬
‭password for telnet. You can set your own password.‬

‭ outer(config-line)#‬‭login‬
R ‭//‬‭The‬‭“‬‭login‬‭”‬‭command‬‭authenticate‬‭and‬‭ask‬‭you‬
‭the‬ ‭password‬ ‭of‬ ‭telnet.‬ ‭If‬ ‭you‬ ‭type‬ ‭“‭n
‬ o‬ ‭login‬‭”‬ ‭command,‬‭the‬‭telnet‬‭never‬‭authenticates‬‭for‬‭the‬
‭password which is not a good practice in a real network environment.‬

‭ outer(config-line)#‬‭logging‬‭synchronous‬ ‭//‬‭The‬‭“‭l‬ogging‬‭synchronous‬‭”‬‭command‬‭stops‬‭any‬
R
‭message output from splitting your typing.‬
‭Router(config-line)#‬‭exec-timeout‬ ‭40‬ ‭//‬‭The‬ ‭“‬‭exec-timeout”‬ ‭command‬ ‭just‬ ‭sets‬ ‭the‬
‭time-out limit on the line from the default to “‬‭40″‬‭minutes.‬

‭ outer(config-line)#‬‭motd-banner‬
R ‭//‬‭The‬‭motd-banner‬‭forces‬‭a‬‭banner‬‭message‬‭to‬
‭appear when logging in.‬

‭ outer(config-line)#‬‭exit‬
R
‭OK,‬ ‭the‬ ‭Telnet‬ ‭services‬ ‭enabled‬ ‭successfully.‬ ‭But‬ ‭you‬ ‭must‬ ‭set‬ ‭the‬ ‭enable‬ ‭password‬ ‭for‬ ‭the‬
‭router in order to control it remotely.‬

‭Router(config)#‬‭enable password Pass123‬

‭Router(config)#‬‭exit‬
‭Testing Telnet Connectivity:‬
‭C‭o
‬ nnect the PC to the router using an Ethernet cable‬‭and assign IP address 192.168.10.1 to the‬
‭PC.‬
‭Assign IP address to router interface using the following commands:‬
‭Router>enable‬
‭Router#config t‬
‭Router(config-if)#interface GigabitEthernet 0/0/0‬
‭Router(config-if)# ip address 192.168.10.3 255.255.255.0‬
‭Router(config-if)# no shutdown‬
‭Router(config-if)#exit‬
‭Router(config)#exit‬
‭Ensure that the PC and router are on the same network.‬
‭Open Command Prompt on the PC.‬
‭ ype the Telnet command followed by the IP address of the router (e.g., 192.168.10.3) to test‬
T
‭connectivity,‬‭then enter the telnet password. Next‬‭type enable command and press enter, then‬
‭type the router password‬
‭SSH Configuration:‬
‭ ecure‬ ‭Shell‬ ‭or‬ ‭SSH‬ ‭is‬ ‭a‬ ‭secure‬ ‭protocol‬ ‭and‬ ‭the‬ ‭replacement‬ ‭for‬ ‭Telnet‬ ‭and‬ ‭other‬ ‭insecure‬
S
‭remote‬ ‭shell‬ ‭protocols.‬ ‭So‬ ‭for‬ ‭secure‬ ‭communication‬ ‭between‬ ‭network‬ ‭devices,‬ ‭I‬ ‭strongly‬
‭recommend using SSH instead of Telnet.‬

‭ efore‬ ‭configuring‬ ‭SSH‬‭,‬ ‭firstly,‬ ‭we‬ ‭will‬‭configure‬‭IP‬‭addresses‬‭of‬‭the‬‭router‬‭interface‬‭and‬‭the‬

B
‭PC. We will use the below IP addresses:‬
‭Router Interface‬

‭IP : 192.168.10.3‬

‭Subnet : 255.255.255.0‬

‭PC‬

‭IP : 192.168.10.2‬

‭Subnet : 255.255.255.0‬

‭Router #‬‭configure terminal‬

‭Router (config) #‬‭interface GigabitEthernet‬

‭Router (config-if) #‬‭ip address 192.168.10.3 255.255.255.0‬

‭Router (config-if) #‬‭no shutdown‬

‭Router(config-if)#‬‭exit‬

‭ e‬ ‭need‬ ‭to‬ ‭change‬ ‭the‬ ‭default‬ ‭router‬ ‭name‬ ‭to‬ ‭generate‬ ‭an‬ ‭rsa‬ ‭key.‬ ‭Here,‬ ‭the‬ ‭default‬
W
‭name is Router, let’s change this name to‬‭Admin‬‭.‬

‭Router(config)#‬‭hostname Admin‬

‭Domain Name and Data Encryption:‬

I‭ n‬‭this‬‭step,‬‭we‬‭will‬‭set‬‭the‬‭domain‬‭name.‬‭Our‬‭domain‬‭name‬‭will‬‭be‬‭SSHabc‬‭.‬‭And‬‭after‬‭that,‬‭we‬
‭will encrypt the data in it with the “‬‭crypto key generate‬‭rsa‬‭” command.‬

‭Admin (config) #‬‭ip domain-name SSHabc‬

‭ dmin‬ ‭(config)#‬‭crypto‬‭key‬‭generate‬‭rsa‬ ‭/‭/‬Type‬‭“crypto‬‭key‬‭generate‬‭rsa”‬‭command‬

A
‭and‬ ‭press‬ ‭enter,‬ ‭when‬ ‭ask‬ ‭you‬ ‭“How‬ ‭many‬ ‭bits‬ ‭in‬ ‭the‬ ‭modulus‬‭[512]:”‬‭just‬‭type‬‭“1024″‬
‭and‬ ‭press‬ ‭enter.‬ ‭The‬‭system‬‭will‬‭generate‬‭1024‬‭bits‬‭keys‬‭to‬‭secure‬‭session‬‭lines.‬‭You‬‭can‬
‭choose modulus in the range of 360 to 2048‬

‭Set an enable password.‬

‭ dmin(config)#enable‬ ‭password‬ ‭admin‬ ‭//here‬ ‭password‬ ‭is‬ ‭admin‬ ‭you‬ ‭can‬ ‭use‬ ‭any‬
A
‭password of your choice‬

‭Set username and password for local login.‬

‭Admin(config)#username Admin password admin‬

‭Specify the SSH version to use.‬

‭Admin(config)#ip ssh version 2‬

‭Now connect to the VTY lines of the switch and configure SSH on the lines.‬

‭Admin(config)#line vty 0 15 //configure SSH for‬‭16 users‬‭from‬‭0 to 15‬

‭Admin(config-line)#transport input ssh‬

‭Admin(config-line)#login local‬

‭ hat’s‬ ‭all‬ ‭for‬ ‭SSH‬ ‭configuration‬ ‭on‬ ‭the‬ ‭switch.‬ ‭Move‬ ‭on‬ ‭and‬‭try‬‭to‬‭access‬‭the‬‭router‬‭remotely‬
T
‭from the PC.‬
‭So then:‬

‭ n‬‭the‬‭command‬‭prompt‬‭of‬‭the‬‭Admin‬‭PC,‬‭open‬‭a‬‭SSH‬‭session‬‭to‬‭the‬‭switch‬‭using‬‭the‬‭command‬
O
‭ssh -l Admin 192.168.10.3‬

‭ ote‬ ‭that:‬ ‭admin‬ ‭is‬ ‭the‬ ‭username‬ ‭defined‬ ‭in‬ ‭step‬‭5‬‭while‬‭192.168.10.3‬‭is‬‭the‬‭IP‬‭address‬‭of‬‭the‬

N
‭VLAN interface of then switch‬
‭Activity 1:‬‭Build and test below topology using Telnet‬

‭Activity 2:‬‭Build and test below topology using SSH‬

‭References:‬
‭1.‬ h ‭ ttps://computernetworking747640215.wordpress.com/2018/07/05/configuring-telnet-on-a-swi‬
‭tch-and-a-router-in-packet-tracer/‬
‭2.‬ ‭https://ipcisco.com/lesson/ssh-configuration-on-packet-tracer/‬
‭3.‬ ‭https://linuxtiwary.com/2017/03/05/ssh-configuration-on-cisco-router-ccna-lab/‬
‭4.‬ ‭https://www.gns3network.com/cisco-line-vty-0-4/‬