Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,199 --> 00:00:06,000 Welcome to Jeremy’s IT Lab. This is\xa0\n 2 00:00:06,719 --> 00:00:10,960 If you like these videos, please subscribe\xa0\n 3 00:00:10,960 --> 00:00:15,679 please like and leave a comment, and share the\xa0\n 4 00:00:15,679 --> 00:00:20,480 Thanks for your help. Also, remember to sign\xa0\n 5 00:00:20,480 --> 00:00:24,640 of the lab files for this course, so you\xa0\n 6 00:00:25,920 --> 00:00:31,520 If you want more labs like these, I highly\xa0\n 7 00:00:31,519 --> 00:00:36,159 click the link in the video description to check\xa0\n 8 00:00:36,159 --> 00:00:40,719 tracer, but it’s even better, and it includes\xa0\n 9 00:00:40,719 --> 00:00:45,679 hands-on practice configuring and troubleshooting,\xa0\n 10 00:00:45,679 --> 00:00:50,479 topics. If you want to get NetSim, please\xa0\n 11 00:00:53,039 --> 00:00:58,879 In this lab we will use Laptop1 to connect to SW2,\xa0\n 12 00:00:59,759 --> 00:01:04,480 Now, in reality you would probably configure\xa0\n 13 00:01:04,480 --> 00:01:11,439 but I’ve already connected SW2 to R2. So, let’s\xa0\n 14 00:01:11,439 --> 00:01:17,759 to SW2’s console port and perform some basic\xa0\n 15 00:01:17,760 --> 00:01:25,600 the console cable, it’s this light blue one. Then,\xa0\n 16 00:01:25,599 --> 00:01:32,879 SW2’s console port. Now let’s go on to Laptop1,\xa0\n 17 00:01:33,680 --> 00:01:40,080 These default terminal settings are correct,\xa0\n 18 00:01:41,680 --> 00:01:45,520 Now let’s perform some basic\xa0\n 19 00:01:46,400 --> 00:01:53,840 ENABLE. CONF T. HOSTNAME SW2. Okay, you\xa0\n 20 00:01:54,879 --> 00:02:01,679 Next let’s set an enable secret. If no enable\xa0\n 21 00:02:01,680 --> 00:02:06,960 it won’t let you access privileged exec mode. Now,\xa0\n 22 00:02:06,959 --> 00:02:12,319 set a high privilege level on the user you create,\xa0\n 23 00:02:13,360 --> 00:02:18,160 For now just make sure you have an enable secret\xa0\n 24 00:02:18,159 --> 00:02:25,680 when connecting remotely. So, ENABLE SECRET ccna.\xa0\n 25 00:02:27,039 --> 00:02:31,919 Next, let’s create a login account. I’ll\xa0\n 26 00:02:31,919 --> 00:02:38,000 the security section, but the basic command is\xa0\n 27 00:02:38,639 --> 00:02:43,839 then either PASSWORD or SECRET, I’ll use\xa0\n 28 00:02:43,840 --> 00:02:51,120 ccna. As I mentioned earlier in the course, if you\xa0\n 29 00:02:51,120 --> 00:02:55,920 not encrypted. Even if you use the\xa0\n 30 00:02:55,919 --> 00:02:59,199 the encryption isn’t as strong\xa0\nas if you use SECRET instead. 31 00:03:01,120 --> 00:03:07,120 Next let’s configure SW2 for remote management\xa0\n 32 00:03:08,080 --> 00:03:19,520 INTERFACE VLAN1. IP ADDRESS 192.168.2.253\xa0\n 33 00:03:19,520 --> 00:03:25,280 this model of switch, the SVI is shutdown by\xa0\n 34 00:03:26,159 --> 00:03:32,319 Then we get two Syslog messages saying the\xa0\n 35 00:03:32,319 --> 00:03:43,359 SW2’s default gateway. EXIT. IP DEFAULT-GATEWAY\xa0\n 36 00:03:44,000 --> 00:03:49,199 SW2 can communicate directly with it. However\xa0\n 37 00:03:49,199 --> 00:03:54,239 subnet, SW2 needs to know its default gateway,\xa0\n 38 00:03:56,159 --> 00:04:00,079 Next, in step 2 we’ll configure a few\xa0\n 39 00:04:01,039 --> 00:04:05,919 LINE CONSOLE 0. There is only one\xa0\n 40 00:04:06,639 --> 00:04:10,000 Now let’s configure local authentication. LOGIN\xa0\xa0 41 00:04:10,000 --> 00:04:15,919 LOCAL. So, to connect to the console line a user\xa0\n 42 00:04:17,040 --> 00:04:24,720 Then, I’ll set the exec timeout. EXEC-TIMEOUT 5.\xa0\n 43 00:04:24,720 --> 00:04:31,440 you can just specify 5 minutes and then hit enter.\xa0\n 44 00:04:31,439 --> 00:04:38,000 to return to privileged exec mode, and then\xa0\n 45 00:04:38,000 --> 00:04:44,879 for a username, jeremy, and a password,\xa0\n 46 00:04:46,399 --> 00:04:50,639 Okay, now step 3 is to configure\xa0\n 47 00:04:51,759 --> 00:04:57,680 First, let me try to generate\xa0\n 48 00:04:57,680 --> 00:05:04,720 GENERATE RSA. Since SW2 doesn’t have a domain\xa0\n 49 00:05:04,720 --> 00:05:11,120 let’s specify the domain name.\xa0\n 50 00:05:11,920 --> 00:05:18,319 And now I’ll try to generate the keys again.\xa0\n 51 00:05:18,319 --> 00:05:26,159 the key modulus size of 2048 bits, and it works.\xa0\n 52 00:05:26,160 --> 00:05:31,760 by the way. I’ll give some more detail in\xa0\n 53 00:05:31,759 --> 00:05:37,839 now before configuring the VTY lines I’m going\xa0\n 54 00:05:38,959 --> 00:05:48,799 I’ll just use a simple standard ACL. ACCESS-LIST\xa0\n 55 00:05:48,800 --> 00:05:55,680 to SSH only, no Telnet, but we can do that with\xa0\n 56 00:05:55,680 --> 00:06:05,840 actually any need to specify the port in the ACL.\xa0\n 57 00:06:06,399 --> 00:06:12,879 First I’ll configure local authentication. LOGIN\xa0\n 58 00:06:12,879 --> 00:06:22,079 on the console lines. EXEC-TIMEOUT 5. Then I’ll\xa0\n 59 00:06:23,279 --> 00:06:29,439 And finally, apply the ACL I configured\xa0\n 60 00:06:31,680 --> 00:06:36,480 So, let’s test it out. First, I’ll try from R2,\xa0\n 61 00:06:36,480 --> 00:06:50,080 the ACL. First, I’ll try a ping. ENABLE. PING\xa0\n 62 00:06:50,879 --> 00:07:02,319 How about SSH? SSH -L jeremy 192.168.2.253.\xa0\n 63 00:07:03,199 --> 00:07:08,879 Next I’ll try from PC1, which should be able\xa0\n 64 00:07:10,079 --> 00:07:15,839 First I’ll try to ping SW2\xa0\n 65 00:07:18,319 --> 00:07:24,240 The ARP process can be slow in packet tracer, so\xa0\n 66 00:07:24,240 --> 00:07:38,319 will succeed. So, PC1 can reach SW2 with ping,\xa0\n 67 00:07:38,319 --> 00:07:46,079 enter the password of ccna and we’re in. So, PC1\xa0\n 68 00:07:47,680 --> 00:07:50,480 In this lab we configured\xa0\n 69 00:07:50,480 --> 00:07:53,520 and enabled SW2 for remote access via SSH.\xa0\xa0 70 00:07:54,319 --> 00:08:00,639 That’s all for this lab. Now let’s take a look at\xa0\n 71 00:08:02,399 --> 00:08:08,079 Okay here's today's Boson NetSim practice lab.\xa0\n 72 00:08:10,079 --> 00:08:16,719 So, we will configure SSH here on Router1 in this\xa0\n 73 00:08:17,439 --> 00:08:22,000 We covered almost all of the commands, but there\xa0\n 74 00:08:22,000 --> 00:08:30,079 video. Okay, so those are the commands, and\xa0\n 75 00:08:30,079 --> 00:08:33,759 a few steps but they're all pretty quick so\xa0\n 76 00:08:34,799 --> 00:08:41,759 So let's get right to it. First, from PC1 we'll\xa0\n 77 00:08:44,399 --> 00:09:00,000 So, 10.10.0.1. And okay, so two of\xa0\n 78 00:09:00,000 --> 00:09:05,039 went through. So PC1 does have\xa0\n 79 00:09:07,120 --> 00:09:12,799 Next, in step 2 we will attempt to\xa0\n 80 00:09:15,759 --> 00:09:21,840 Okay, looks like it works. What is the\xa0\n 81 00:09:22,799 --> 00:09:25,120 Okay, so we are able to Telnet to Router1.\xa0\xa0 82 00:09:26,320 --> 00:09:35,760 And then for step 3 I exited out of that Telnet\xa0\n 83 00:09:44,159 --> 00:09:52,159 And the connection is refused by Router1. Okay,\xa0\n 84 00:09:53,360 --> 00:10:00,320 okay let me open up a connection, determine\xa0\n 85 00:10:00,320 --> 00:10:13,120 command is SHOW IP SSH. And it is disabled. Okay,\xa0\n 86 00:10:13,919 --> 00:10:23,279 Let me see, IP SSH VERSION 2 is the command. And\xa0\n 87 00:10:25,519 --> 00:10:35,439 Okay, so next in step 7 let's create those RSA\xa0\n 88 00:10:35,440 --> 00:10:42,960 work because Router1 does not have a domain name\xa0\n 89 00:10:44,159 --> 00:10:53,679 boson.com. And then one more time, in step 9 we\xa0\n 90 00:10:53,679 --> 00:11:04,479 modulus size is 1024 bits, okay. Next, step 10.\xa0\n 91 00:11:06,639 --> 00:11:09,600 Okay, so this is a command I didn't\xa0\n 92 00:11:11,120 --> 00:11:14,799 It is..actually first, let me check\xa0\n 93 00:11:15,679 --> 00:11:22,479 and maximum timeout value? You can view that\xa0\n 94 00:11:23,919 --> 00:11:30,879 So, to configure it it's IP SSH\xa0\n 95 00:11:33,919 --> 00:11:38,559 Okay, and then finally enable SSH\xa0\n 96 00:11:40,080 --> 00:11:46,160 it says it here. But I'll enter that\xa0\n 97 00:11:49,120 --> 00:11:55,519 Okay, step 12. Configure a local username that has\xa0\n 98 00:11:55,519 --> 00:12:01,199 so we will configure a privilege level. I didn't\xa0\n 99 00:12:02,000 --> 00:12:13,039 admin PRIVILEGE 15, that's the maximum, and it\xa0\n 100 00:12:15,919 --> 00:12:23,839 Okay and then step 13, we will configure\xa0\n 101 00:12:27,120 --> 00:12:40,240 0 15. And TRANSPORT INPUT SSH. Okay so now let's\xa0\n 102 00:12:43,200 --> 00:12:48,720 So from PC1 let's try that again. Same command,\xa0\n 103 00:12:48,720 --> 00:12:56,080 means we were able to connect. The password is\xa0\n 104 00:12:56,080 --> 00:13:04,480 okay. While, the SSH session is active, verify the\xa0\n 105 00:13:04,480 --> 00:13:09,680 we didn't set an enable password, so I can't\xa0\n 106 00:13:10,639 --> 00:13:20,639 Here, I'll tell you what. ENABLE SECRET boson.\xa0\n 107 00:13:21,600 --> 00:13:30,800 And now we are able to use ENABLE. The\xa0\n 108 00:13:32,240 --> 00:13:36,879 gives us information about the current SSH\xa0\n 109 00:13:36,879 --> 00:13:44,480 IP SSH. SHOW SSH tells you about the current\xa0\n 110 00:13:44,480 --> 00:13:51,519 2. This is the kind of encryption used. It gives\xa0\n 111 00:13:55,679 --> 00:14:00,719 Okay, while the SSH session is active, determine\xa0\n 112 00:14:00,720 --> 00:14:09,840 it's here, admin. Exit the SSH session.\xa0\n 113 00:14:09,840 --> 00:14:16,879 so we configured TRANSPORT INPUT SSH,\xa0\n 114 00:14:17,440 --> 00:14:24,080 And the connection is refused. Okay, so that was\xa0\n 115 00:14:25,840 --> 00:14:28,800 As you can see here there are tons\xa0\n 116 00:14:29,600 --> 00:14:34,399 so if you want some extra guided, detailed\xa0\n 117 00:14:34,399 --> 00:14:38,720 NetSim. If you want to get NetSim, please\xa0\n 118 00:14:41,519 --> 00:14:45,919 Before finishing today’s video I want\xa0\n 119 00:14:46,559 --> 00:14:52,319 To join, please click the ‘Join’ button under\xa0\n 120 00:14:52,320 --> 00:14:58,000 H W, Brandon, Samil, Aaron, Marcel, Kone,\xa0\n 121 00:14:58,000 --> 00:15:03,840 Benjamin, Tshepiso, Justin, Prakaash, Nasir,\xa0\n 122 00:15:03,840 --> 00:15:10,320 John, Funnydart, Velvijaykum, Mark, Yousif, Boson\xa0\n 123 00:15:10,320 --> 00:15:15,120 if I pronounced your name incorrectly, but\xa0\n 124 00:15:15,120 --> 00:15:21,840 the list of JCNP-level members at the time of\xa0\n 125 00:15:21,840 --> 00:15:26,560 you signed up recently and your name isn’t on\xa0\n 126 00:15:28,720 --> 00:15:31,759 Thank you for watching. Please\xa0\n 127 00:15:31,759 --> 00:15:36,559 like the video, leave a comment, and share the\xa0\n 128 00:15:37,600 --> 00:15:43,200 If you want to leave a tip, check the links in the\xa0\n 129 00:15:43,200 --> 00:15:49,759 and accept BAT, or Basic Attention Token, tips\xa0\n 10981