Chapter 1.7
1.6 Configure and verify IPv4 addressing and subnetting.
IPv4 addresses are 32-bit binary numbers, typically represented in decimal format (dotted-decimal notation) consisting of four octets separated by periods.
Each octet represents 8 bits, ranging from 0 to 255, giving a total of 2^32 (approximately 4.3 billion) unique IPv4 addresses. IPv4 addresses are divided into.
Class A
First bit set to 0 and range is from 1.0.0.0 to 126.0.0.0. It is primarily used for large networks.
Class B
First two bits set to 10 and range is from 128.0.0.0 to 191.255.0.0. It is used for medium-sized networks.
Class C
First three bits set to 110 and is from 192.0.0.0 to 223.255.255.0. It is used for small networks.
Class D
First four bits set to 1110 and used for multicast addresses. It is not assigned to individual hosts or networks.
Class E
First four bits set to 1111 and reserved for experimental and future use.
There are two types of IPv4 addresses.
1. Public IPv4 addresses: They are globally routable and can be accessed over the Internet.
1.0.0.0 - 126.255.255.255
128.0.0.0 - 191.255.255.255
192.0.0.0 - 223.255.255.255
2. Private IPv4 addresses: They are used in private networks which are not routable on the Internet.
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
NAT (Network Address Translation) converts private IPv4 addresses into public addresses or vice versa. It helps private network to communicate over the internet once they are converted to public addresses.
Subnetting divides a network into smaller subnets which allows an efficient utilization of IP addresses with network segmentation. It has several benefits such as improved network management, enhanced security, and optimized routing.
In order to calculate subnets, the following needs to be determined.
IP Address
Start with an IP address that you want to subnet. This can be a network address or a host address within the network.
Subnet Mask
Decide on the subnet mask that will define the size of each subnet. The subnet mask consists of a series of contiguous 1s followed by a series of contiguous 0s and is represented in decimal format (dotted-decimal notation).
Subnet Bits
Count the number of 1s in the subnet mask. This represents the number of bits dedicated to the network portion of the IP address.
Subnet Formula
Use the formula 2^n - 2, where n is the number of subnet bits. Subtract 2 to account for the network and broadcast addresses, as they cannot be assigned to hosts.
Network Address
Calculate the network address by performing a bitwise AND operation between the IP address and the subnet mask.
Subnet Range
Determine the range of valid host addresses within each subnet. Usable hosts address range is between (network address + 1) to the last usable address (broadcast address - 1).
Broadcast Address
Calculate the broadcast address for each subnet by setting all host bits to 1.
Topology Diagram
Tasks
● Begin by logging into device R01 and observe that it already has a customized configuration, evident from its host name. Reset this device to its factory default configuration.
● Login into each device and perform the following configurations:
✓ Set the hostname to match the device name as indicated in the topology diagram.
✓ Implement a command to prevent the device from attempting DNS resolution for mistyped commands.
✓ Configure a command to display the most recent input/typing on the screen after an interruption caused by a SYSLOG or other console message.
✓ Require a password of "CISCO" whenever anyone attempts to access Privileged EXEC mode. Ensure that this password is not visible in plaintext in the configuration file.
✓ Enable all interfaces shown in the topology diagram and provide brief interface descriptions to indicate their respective connections.
✓ Once these steps are completed, use CDP on SW02, R05, and R04 to verify that these devices can recognize other connected Cisco devices as CDP neighbors.
● Proceed to configure devices R01 and R03 to allow inbound Telnet connections, authenticated against a preconfigured password of "CISCO".
● For devices R02 and R05, configure them to allow inbound SSH (version 2) connections, authenticated using the username "admin" and a password of "CISCO" at Privilege Level 15. Feel free to include any additional required keywords or features for SSH configuration at your discretion.
● To drive an IP addressing scheme for network segments A through F, adhere to the following guidelines:
✓ Begin with the starting network of 170.50.0.0/16.
✓ Allocate the first and largest subnet as 170.50.0.0 with a new or different subnet mask.
● Utilize the Variable Length Subnet Masking (VLSM) method, ensuring that each network has the fewest or least host bits possible based on the below provided host requirements.
Network Segment Required Hosts Subnet Mask Prefix
A 99
B 13
C 6
D 11
E 26
F 30
● Assign IPv4 addresses to your router interfaces using these guidelines:
✓ Routers connecting to network segments A through D should be assigned the first available host address within each respective subnet.
✓ The addressing of router R03's E0/2 interface for Segments E and F will be covered in another lab.
✓ Configure IP addresses of routers R03 (E0/0: 20.1.3.3/24 and E0/1: 20.1.34.3/24), R04 (E0/0: 20.1.45.4/24 and E0/1: 20.1.34.4/24), and R05 (E0/0: 20.1.45.5/24, E0/1: 50.1.23.5/24 and E0/2: 20.1.5.5/24).
● To verify your IPv4 addressing configuration, perform the following actions:
✓ Confirm successful Telnet connectivity from R02 to R01.
✓ Verify Telnet connectivity from R04 to R03.
✓ Ensure SSH connectivity from R01 to R02.
✓ Validate SSH connectivity from R04 to R05.
Configuration and Verifications
Login to R01, press enter and go to the user mode using command "enable". Use command "write erase" or "erase startup-config" to remove the configuration and press enter to confirm. Then use "reload" command to restart the device and press enter to confirm.
When R01 device comes up again it will be in factor default state. It asks for System Configuration Dialog, Type "no" to proceed as
Login to all devices and configure using the following commands.
enable
- command to enter in user mode
configure terminal
- command to enter in configuration mode
no ip domain-lookup
- command to prevent the device from attempting DNS resolution for mistyped commands
line console 0
logging synchronous
- command to display the most recent input/typing on the screen after an interruption caused by a console message
enable secret CISCO
- command for configuring password to enter in privileged exec mode
interface <>
description <>
- command to enter into interface mode and give description to it, note <> give interface name here
Note: All devices are in factory default, and it asks for System Configuration Dialog, Type "no" to proceed. By default, router's interfaces are shutdown, so need to unshut them using command "no shutdown". Save the devices configuration using "write" command.
R01:
!
enable
configure terminal
hostname R01
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/2
description "Connection-to-SW01"
no shutdown
!
interface E0/1
description "Connection-to-SW02"
no shutdown
!
interface E0/0
description "Connection-to-R02"
no shutdown
!
end
!
write
!
R02:
!
enable
configure terminal
hostname R02
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/3
description "Connection-to-SW01"
no shutdown
!
interface E0/2
description "Connection-to-SW02"
no shutdown
!
interface E0/0
description "Connection-to-R01"
no shutdown
!
interface E0/1
description "Connection-to-PC02"
no shutdown
!
end
!
write
!
R03:
!
enable
configure terminal
hostname R03
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/2
description "Connection-to-SW03"
no shutdown
!
interface E0/0
description "Connection-to-PC04"
no shutdown
!
interface E0/1
description "Connection-to-R04"
no shutdown
!
end
!
write
!
R04:
!
enable
configure terminal
hostname R04
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/0
description "Connection-to-R05"
no shutdown
!
interface E0/1
description "Connection-to-R03"
no shutdown
!
end
!
write
!
R05:
!
enable
configure terminal
hostname R05
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/0
description "Connection-to-R04"
no shutdown
!
interface E0/2
description "Connection-to-R02"
no shutdown
!
end
!
write
!
Note: The switch's interfaces are already in no shutdown state by default. Please shutdown all the unused interfaces using command "shutdown". Using interface range <> command, you can configure multiple interfaces at the same time. Save the devices configuration using "write" command.
SW01:
!
enable
configure terminal
hostname SW01
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/0
description "Connection-to-PC01"
!
interface E0/2
description "Connection-to-R01"
!
interface E0/3
description "Connection-to-R02"
!
interface range E0/1
description "unused interface"
shutdown
!
end
!
write
!
SW02:
!
enable
configure terminal
hostname SW02
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/0
description "Connection-to-SW03"
!
interface E0/1
description "Connection-to-R01"
!
interface E0/2
description "Connection-to-R02"
!
interface E0/3
description "Connection-to-SW04"
!
interface E1/0
description "Connection-to-SW04"
!
interface range E1/1-3
description "unused interface"
shutdown
!
end
!
write
!
SW03:
!
enable
configure terminal
hostname SW03
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/0
description "Connection-to-PC03"
!
interface E0/1
description "Connection-to-SW02"
!
interface E0/2
description "Connection-to-SW04"
!
interface E0/3
description "Connection-to-R03"
!
interface E1/0
description "Connection-to-PC"
!
interface E1/1
description "Connection-to-SW04"
!
interface range E1/2-3
description "unused interface"
shutdown
!
end
!
write
!
SW04:
!
enable
configure terminal
hostname SW04
no ip domain-lookup
line console 0
logging synchronous
exit
enable secret CISCO
!
interface E0/0
description "Connection-to-SW02"
!
interface E0/1
description "Connection-to-R05"
!
interface E0/2
description "Connection-to-SW03"
!
interface E1/0
description "Connection-to-SW02"
!
interface E1/1
description "Connection-to-SW03"
!
interface range E0/3, E1/2-3
description "unused interface"
shutdown
!
end
!
write
!
Use "show cdp neighbor" command on SW02, R05, and R04 to verify that these devices can recognize other connected Cisco devices as CDP neighbors.
Note: Now whenever you login to any device, you have to first use enable command for privileged mode and it will then also ask for password (which you previously configured as "CISCO")
Here in the output Device IDs are the neighbors, Local Interface are this device interfaces and Port IDs are the neighbor devices interfaces on which this device is connected.
SW02:
In the output above SW02 is connected to R01, R02, SW03 and SW04 on interfaces E0/1, E0/2, E0/0 and E0/3 & E1/0 respectively.
R05:
In the output above R05 is connected to R04 and SW04 on interfaces E0/0 and E0/2 respectively.
R04:
In the output above R04 is connected to R03 and R05 on interfaces E0/1, E0/0 respectively.
Now configure devices R01 and R03 to allow inbound Telnet connections and authenticated them against a preconfigured password of "CISCO". This will be configured in vty line, there are 5 lines in these routers i.e., 0-4 (in high end devices there are 15 lines) meaning 5 users can login to this device at the same time.
Note: By default, telnet is allowed, and any user (who has this device password) can telnet to this device.
Now onwards, it will be assumed that you are already logged into the devices and have entered the enable password.
R01 and R03:
!
configure terminal
!
line vty 0 4
transport input telnet
password CISCO
exit
!
end
!
write
!
Configure R02 and R05 to allow inbound SSH (version 2) connections, authenticated using the username "admin" and a password of "CISCO" at Privilege Level 15
Note: By default, SSH is not allowed in many low-end or old devices so first need to enable SSH on these devices as follows
Note: When generating rsa key, select 1024-bit long key
R02 and R05:
!
configure terminal
!
ip domain-name cisco.com
!
crypto key generate rsa
!
ip ssh version 2
!
end
!
write
!
Now similar to allowing telnet under vty lines in the previous scenario, in this case allow ssh as follows, remember here username and password is to be configured at privileged level 15 instead of under vty line. This needs to specify under vty line that local password will be used using command "login local".
R02 and R05:
!
configure terminal
!
username admin password CISCO
!
line vty 0 4
transport input ssh
login local
exit
!
end
!
write
!
Drive an IP addressing scheme for network segments A through F as per the provided table from a major subnet 170.50.0.0/16. The following bits are required to have these hosts in the Network Segments (A, B, C, D, E, F). If you subtract these bits from 32 then you will get subnet mask.
A = 99 requires 7-bits => 32-7 = 25 or 255.255.255.128
B = 13 requires 4-bits => 32-4 = 28 or 255.255.255.240
C = 6 requires 3-bits => 32-3 = 29 or 255.255.255.248
D = 11 requires 4-bits => 32-4 = 28 or 255.255.255.240
E = 26 requires 5-bits => 32-5 = 27 or 255.255.255.224
F = 30 requires 5-bits => 32-5 = 27 or 255.255.255.224
As per given in the task, the first and largest subnet should be 170.50.0.0 and other are as follows, so first subnet 170.50.0.0/25 and add 128, 32, 32, 16, and 16 in the last octate for segment F, B, E, D and C respectively.
A => 170.50.0.0 255.255.255.128
F => 170.50.0.128 255.255.255.224
E => 170.50.0.160 255.255.255.224
B => 170.50.0.192 255.255.255.240
D => 170.50.0.208 255.255.255.240
C => 170.50.0.224 255.255.255.248
Now configure R01 and R02's interfaces using network segments A, B and D as per topology. Use initial available IP addresses. Note: By default, router's interfaces are in shutdown state, here we are adding command "no shutdown" on interfaces just for consistency.
R01:
!
configure terminal
!
interface E0/2
description "Segment A"
ip address 170.50.0.1 255.255.255.128
no shutdown
!
interface E0/0
description "Segment B"
ip address 170.50.0.193 255.255.255.240
no shutdown
!
interface E0/1
description "Segment D"
ip address 170.50.0.209 255.255.255.240
no shutdown
!
end
!
write
!
R02:
!
configure terminal
!
interface E0/3
description "Segment A"
ip address 170.50.0.2 255.255.255.128
no shutdown
!
interface E0/2
description "Segment D"
ip address 170.50.0.210 255.255.255.240
no shutdown
!
interface E0/0
description "Segment B"
ip address 170.50.0.194 255.255.255.240
no shutdown
!
interface E0/1
description "Segment C"
ip address 170.50.0.225 255.255.255.248
no shutdown
!
end
!
write
!
Now configure interface IP addresses on R03, R04 and R05 as per provided in the tasks.
R03:
!
configure terminal
!
interface E0/0
description "connected to PC04"
ip address 20.1.3.3 255.255.255.0
!
interface E0/1
description "connected to R04"
ip address 20.1.34.3 255.255.255.0
!
end
!
write
!
R04:
!
configure terminal
!
interface E0/0
description "connected to R05"
ip address 20.1.45.4 255.255.255.0
!
interface E0/1
description "connected to R03"
ip address 20.1.34.4 255.255.255.0
!
end
!
write
!
R05:
!
configure terminal
!
interface E0/0
description "connected to R04"
ip address 20.1.45.5 255.255.255.0
!
interface E0/1
description "future use"
ip address 50.1.23.5 255.255.255.0
!
interface E0/2
description "connected to SW04"
ip address 20.1.5.5 255.255.255.0
!
end
!
write
!
Now checking the direct IP connectivity between the devices using PING command. R01 is able to reach R02 from segment A, B and D. Also use "show ip interface brief" command to check the configured IP address on interfaces and make sure both interface status and protocol are showing up/up.
R01:
Check the IP connectivity from R04 to R03 and R05. Also use "show ip interface brief" command to check the configured IP address on interfaces and make sure both interface status and protocol are showing up/up.
R04:
Further verifications can be performed by, use password CISCO for telnet or SSH into other devices (as configured in the tasks) and use "exit" to come out from the terminal of the logged device.
Telnet connectivity from R02 to R01
Telnet connectivity from R04 to R03
SSH connectivity from R01 to R02, login using username "admin" and password "CISCO"
SSH connectivity from R04 to R05, login using username "admin" and password "CISCO"
Exploring Subnetting: Understanding the Subnet Mask
Understanding IPv6 Addressing on Cisco Devices
He is a senior solution network architect and currently working with one of the largest financial company. He has an impressive academic and training background. He has completed his B.Tech and MBA, which makes him both technically and managerial proficient. He has also completed more than 450 online and offline training courses, both in India and ... more...