CyberPatriot Packet Tracer Tool Kit https://www.uscyberpatriot.org/competition/training-materials/training-modules https://www.netacad.com/ http://www.uscyberpatriot.org/documents/training%20documents/cyberpatriot%20route _Switch_Packet%20Tracer%20Lab%20Review.pdf https://www.uscyberpatriot.org/documents/training%20documents/cisco%20networking %20Training%20WebExs.pdf http://rdmills.aurorak12.org/packet-tracer-information/ https://www.netacad.com/c/portal/saml/sso?entityid=http://150566673.netacad.com/saml2 &RelayState=/courses/587813.Vocabulary: CHECK MODULE 5 and 15 Unicast: sends packet from 1 host to another host Broadcast: sends packet from 1 host to all hosts on a network Multicast: sends a packet from 1 host to a specific set of hosts NVD: National Vulnerability Database(website) How to do this: VTY password of c1$c0 (where 0 is the number zero) - - Disable unused ports. IP Addressing HOW TO SET DEFAULT GATEWAY
(switch) To configure default gateway, type, ip default-gateway (specified address) To save the running configuration to the startup configuration, type, copy running-config startup-config in priviledged EXEC mode. How to assign an ipv4 address (router) In global configuration mode, in order to assign the ip address to a certain port, type, interface (then specified port) Once in that port s configuration mode, type, ip address (then specified ip address WITH Subnet Mask) ( For SERVERS and END DEVICES) Find your way to the IP configuration tab(no command line) Type in the specified ip address(es) How to assign an ipv6 address (ROUTER) In global Configuration mode, type, ipv6 unicast-routing *NOTE: This allows for ipv6 packets to be forwarded. For congifuring the ipv6 address on a certain port, enter said port s configuration mode, then type, ipv6 address (then specified ipv6 address) After, do the same thing, except with the link local address. Format: the same, but the ipv6 address is replaced with the ipv6 link-local address, and the link-local is at the end. Example, ipv6 address FE80 : : 1 link-local (SERVERS) Find your way to the IP configuration tab(no command line) *NOTE IPv6 Gateway refers to the link-local address.
(HOSTS) Find your way to the IP configuration tab(no command line) How to find the subnet Find the difference between the binary forms of the ip address and the subnet mask. How to Verify ip addressing (PC s) go to the command Prompt in the desktop tab, and type, ipconfig /all for ipv4, and, ipv6config /all for ipv6 Subnet Mask guide with wildcards
General Knowledge Type, enable to enter privileged EXEC mode. From there, you can type, show running-config to show current configurations How to access simulation tab Bottom right corner Configuration modes 1. Terminal is the default(press, enter to enter this configuration mode, OR type, configure terminal Terms of simulation tab
How to configure a port From global configuration mode, type, interface (then specified port) NOTE: The same rule applies to switch vlan s. How to assign host name In terminal configuration mode, type, hostname (specified name) How to document the network 1. How to assign ports 1. How to configure remote management access Ip default Gateway is ip address.1(3 octets,.1 as the last octet. This is gateway to ISP) How to configure SSH version 2 1. How to assign VLANs How to disable all other unused ports 1. How to configure inter-vlan routing What is a Case-sensitive name? What is an address space?
What devices should have OSPF? What does NAT do? NAT: network address translation Lets multiple hosts connect thorugh the internet through the same ip address. Keeps port numbers attack What is FTP? File Transfer Protocol: What is ICMP? ICMP allows for end devices to ping each other NOTE: Usually used with the ping command, since it is such a small packet.(1 byte) What is TCP? Transmission control protocol, which means that What is ACL? ACL: Access Control List(who can do what[read, write and delete]) What is STATIC NAT? How to ping other devices Type, ping then the ip address to ping Pinging gives a response from the other host, website, etc;. How to use SSH How to configure access ports How to create VLANs How to configure 1 statement standard ACL #1
What is DYNAMIC NAT? What is a PAT? Port address translation Maps multiple address using different port Understanding NAT What is an NIC? Network interface controller: What is the DHCP? Dynamic Host configuration protocol: admin does not have to manually assign ip addresses. What is a Subinterface? What s an ISP network? Internet service provider(at&t) Class C subnet mask: /24 Class B subnet mask: /16 Class A subnet mask: /8
Port Security HOW TO CONFIGURE PORT SECURITY ON FAST ETHERNET PORTS HOW TO CONFIGURE PORT SECURITY Go to the interface configuration mode of the port, then type, switchport mode access to access the interface, then type, switchport port-security to enable port security. To disable unused ports, use the, shutdown when configuring the port s interface. When changing multiple ports, use the, interface range (specified module/first number-last number) global configuration command. HOW TO CONFIGURE DHCP(Refer to chapter 10.1.2.1) To enable DHCP snooping for the switch, type, ip dhcp snooping, and for a specific VLAN, type, ip dhcp snooping vlan (specified number) To define a trusted port, go to the ports interface configuration mode and type, ip dhcp snooping trust NOTE:trusted ports source ALL DHCP messages, untrusted can only source requests. An untrusted port is a port not specified as trusted. To name a DHCPv4 Pool, type, ip dhcp pool (then specified name) in global configuration mode ON A ROUTER!!!! HOW TO CONFIGURE MAC ADDRESSES
NOTE: there is a static secure MAC address(manually added to configuration file), dynamic secure MAC address(automatically added, but temporary) and sticky secure MAC address(added automatically to configuration file, or manually.) On a particular port, to change a dynamic MAC address to a sticky MAC address, type, switchport port-security mac-address sticky to the interface configuration mode. Type the same command with the specified MAC address on the end to convert those MAC addresses to sticky. To remove sticky MAC addresses from the configuration file, type, no switchport port-security mac-address sticky. To set the maximum limit of MAC addresses on a port, type, switchport port-security maximum (then specified number) VIOLATION MODES PROTECT This mode makes no notification of violation(or there being an unrecorded MAC address and not enough space to record it), but rather stops the unknown MAC address from sending packets. To change to this mode type, switchport port-security violation protect RESTRICT This mode is like the protect mode, but it sends a SYSLOG MESSAGE when there is a security violation. To change to this mode on a switch port, type, switchport port-security violation restrict SHUTDOWN This mode turns of the port LED and makes it error-disabled from a violation. If this happens, to reset it type, shutdown, then no shutdown. NOTE: this mode is default on switch ports!!!
To change to this mode on a switch port, type, switchport port-security violation shutdown Switch Security go to chapter 2.3.2.4 How to configure SVI(switch virtual interface) In global configuration mode, type, interface vlan 1 NOTE: vlan 1 is the actual SVI NOTE 2: Just type, ip address to assign the ipv4 address. Enable SVI by using the command, no shutdown How to set a password to the console line(this locks the command line if exitted, so REMEMBER THIS PASSWORD) From terminal configuration mode, type, line console (then specified number) The next line should say config-line in the parenthesis Then, type, password (specified password) After, type, login DONE! To check, exit terminal configuration mode by typing, exit There should be a line asking for a password How to set a password for the privileged mode(there should be a # in front of the host name) Enter terminal configuration mode
Type, enable password then (specified password) Then exit configuration mode How to configure an encrypted password for privileged mode Enter terminal configuration mode Type, enable secret (then specified encrypted password) The type, exit NOTE: This overrides the usual privileged mode access password. If both are set, you have to use the specified password from now on) How to encrypt a password(enable and console passwords) *NOTE: The plain text passwords shown when checking the configuration are not encrypted! Enter terminal configuration mode Type, service password-encryption then enter Exit configuration mode How to assign an MOTD banner(message Of The Day) Enter terminal configuration mode Type, banner motd (then in quotation marks the specified message) Then exit configuration mode How to save all of these configurations From the privileged EXEC mode(with this symbol #), type, copy running-config startup-config Trunking: Puts 2 separate network together How to configure SSH(REFER To RSE Chapter 2.2.1.1) First, it must have a hostname and network connectivity settings. Type, show ip ssh to see if the switch allows SSH. Then, in global configuration mode, type, ip domain-name (then specified domain name) to
NOTE: to configure SSH version 2, type, ip ssh version 2 global configuration command. NOTE: Creating an RSA key pair automatically enables SSH. Type, crypto key generate rsa to start an ssh server on the switch. You will be prompted to enter a bit(modulus) length. Recommended: 1024 bits. HOW TO DISABLE SSH: use this command in global configuration mode, crypto key zeroize rsa. This deletes the RSA key pair and disables SSH. HOW TO CONFIGURE USER AUTHENTICATION: type, username (designated username) secret (designated password). Typed in global configuration mode. HOW TO ENABLE SSH ON VTY LINES: type, transport input ssh in line configuration mode. To get there, type, line vty(designated line number) in global configuration mode. Type, login local to require a login for ssh connections. NOTE: if the information shown from show ip ssh command shows that the switch supports ssh version 1.99, then the switch supports both versions of ssh. TEST ON RSE CHAPTER 2.2.1.2 VLAN Security VLAN configuration To set an ip address, type, ip address in the vlan configuration mode To get to a vlan s configuration mode, type interface vlan (then specified vlan number) from global configuration mode. VLAN numbers 1-1005 are normal ranged vlans. Used for small-medium sized businesses.
Packet Guiding How to capture a syslog message How to configure a default route to the internet How to keep addresses from being sent to devices How to configure backup route How to configure primary route How to configure summary routes How to configure static routes How to record MAC addresses UNKNOWN COMMANDS REFER TO RSE Chapter 2.2.4.8 for NTP configuration REFER TO RSE Chapter 1.
How to configure OSPF process ID 1 1. How to configure a network statement How to disable OSPF How to implement NAT How to Configure an ACL(access control list) to permit FTP and ICMP(RSE CHAPTER 9 PACKET TRACER MODULE) 1. From global configuration mode, enter this, (space) access-list(space)?... This shows 2. Add first number of EXTENDED access list, followed by a question mark(in between list and the?) 3. To permit FTP traffic, enter, permit in between the number and the question mark, with spaces. A list of Protocols will be shown 4. If FTP is not permitted, then add, tcp between permit and the question mark, since FTP uses TCP 5. NOTE: There is a space between everything, including the question mark! 6. Then, enter specified network address 7. Find mask of the wildcard (take the binary opposite of the subnet mask) 8. Then, on top of everything else, add the mask onto the end of the command, including the network 9. For a single destination, enter host after the wildcard, then the destination s ip address. 10. To display options, enter eq before the questionmark 11. Then, type ftp and enter, WITH NO QUESTION MARK!
How to configure static NAT for the File server How to Configure DYNAMIC NAT How to configure a PAT How to create a DHCP Pool How to configure DHCP to give default gateway How to create a DHCP client How to configure OSPF v1 How to configure OSPF v2 Link-State Protocol: How to configure OSPF v3 How to configure VTY to only accept SSH RSA key-pair configuration OSPF : Open Shortest Path Protocol
DOCUMENTATION Troubleshooting(Chapter 7.3.2.9) [RSE CHAPTER 2.1.2] Ip addressing Vlan and Port Assignments
Filling in the Blanks Subnetting(Chapter 8) What does it do? Subnetting reduces overall network traffic and improves network performance. Subnetting determines the number of hosts on a network using an ip address and the subnet mask. Add a number at the host portion of the subnet mask starting from left to right to change the subnet mask. Every bit changed starting from left to right CONSECUTIVALEY, will add another exponent to the number 2. The resulting number will be the number of subnetworks made. The number of host bits left (as the exponent of 2)minus the number of changed bits(as the exponent of 2) equals the number of available hosts and what addresses they are located in. (Host bits mulatiplied by the number of subnets determines their locations. In other words: 2^n-2=number of hosts on a subnet, 2^n=number of subnets created, and look at the position of the last one in the subnet mask in order to find the number each subnet goes up by. NOTE: Subnet mask stays the same for all subnets. Last network in the network address is the broadcast address AND the ip address(ipv4) and the subnet mask to get the network address How to make 2 equal sized subnets with the same mask: only borrow 1 host bit!
USE CHAPTER 11!!! Windows Server 2008 checklist: https://ca-cyberhub.org/images/resources/checklist_-_server2008_-_ Marlow_High_School.pdf Verification PORT SECURITY Type, show port-security interface (specified full port name and number) To show all secure MAc addresses, type, show port-security address If the port is shutdown, document the threat and eliminate the threat before the port is re-enabled. VLAN ASSIGNMENTS NAT TRANSLATIONS
OSPF REMOTE ACCESS SSH REFER TO RSE Chapter 2.2.1.3 Switch To look at the statuses of interfaces, type, show ip interface brief in priviledged EXEC mode. REFER to RSE Chapter 2.1.2.4 for switch port verification