CyberPatriot Packet Tracer Tool Kit

★ https://www.uscyberpatriot.org/competition/training-materials/training-modules ★ https://www.netacad.com/ ★ http://www.uscyberpatriot.org/Documents/Training%20Documents/Cyberpatriot%20Route

_Switch_Packet%20Tracer%20Lab%20Review.pdf ★ https://www.uscyberpatriot.org/Documents/Training%20Documents/Cisco%20Networking

%20Training%20WebExs.pdf ★ http://rdmills.aurorak12.org/packet-tracer-information/ ★ https://www.netacad.com/c/portal/saml/sso?entityId=http://150566673.netacad.com/saml2

&RelayState=/courses/587813

❏ .Vocabulary:CHECK MODULE 5 and 15

❏ Unicast: sends packet from 1 host to another host ❏ Broadcast:sends packet from 1 host to all hosts on a network ❏ Multicast:sends a packet from 1 host to a specific set of hosts

NVD: National Vulnerability Database(website) How to do this: VTY password of c1$c0 (where 0 is the number zero) -

- Disable unused ports. IP Addressing  HOW TO SET DEFAULT GATEWAY

● (switch)To configure default gateway, type,”ip default-gateway “(specified address)

● To save the running configuration to the startup configuration, type,”copy running-config startup-config”in priviledged EXEC mode.

● How to assign an ipv4 address

● (router) ● In global configuration mode , in order to assign the ip address to a

certain port, type,”interface “(then specified port) ● Once in that port’s configuration mode, type,”ip address “(then

specified ip address WITH Subnet Mask) ● (For SERVERS and END DEVICES) ● Find your way to the IP configuration tab(No command line) ● Type in the specified ip address(es)

How to assign an ipv6 address

● (ROUTER) ● In global Configuration mode, type,”ipv6 unicast-routing ● *NOTE: This allows for ipv6 packets to be forwarded. ● For congifuring the ipv6 address on a certain port, enter said port’s

configuration mode, then type,” ipv6 address “(then specified ipv6 address)

● After, do the same thing, except with the link local address. Format: the same, but the ipv6 address is replaced with the ipv6 link-local address, and the link-local is at the end. Example,” ipv6 address FE80 : : 1 link-local”

● (SERVERS) ● Find your way to the IP configuration tab(No command line) ● *NOTE IPv6 Gateway refers to the link-local address.

● (HOSTS) ● Find your way to the IP configuration tab(No command line)

How to find the subnet ● Find the difference between the binary forms of the ip address and

the subnet mask. How to Verify ip addressing

● (PC’s) go to the command Prompt in the desktop tab, and type,”ipconfig /all” for ipv4, and ,”ipv6config /all” for ipv6

Subnet Mask guide with wildcards

General Knowledge  

Type,”enable”to enter privileged EXEC mode. From there, you can type,”show running-config” to show current configurations How to access simulation tab Bottom right corner Configuration modes

1. Terminal is the default(press ,”enter” to enter this configuration mode, OR type,” configure terminal”

Terms of simulation tab

How to configure a port ● From global configuration mode, type,”interface “(then specified

port)

● NOTE: The same rule applies to switch 

vlan’s. How to assign host name

● In terminal configuration mode, type,”hostname” (specified name) How to document the network

1. How to assign ports

1. How to configure remote management access  

Ip default Gateway is ip address.1(3 octets, .1 as the last octet. This is gateway to ISP)  

How to configure SSH version 2 1.

How to assign VLANs How to disable all other unused ports

1. How to configure inter-VLAN routing  

What is a Case-sensitive name? What is an address space? 

 

What devices should have OSPF? What does NAT do? NAT: network address translation Lets multiple hosts connect thorugh the internet through the same ip address. Keeps port numbers attack What is FTP? File Transfer Protocol: What is ICMP?

● ICMP allows for end devices to ping each other ● NOTE: Usually used with the “ping command”, since it is such a

small packet.(1 byte) What is TCP?

● Transmission control protocol, which means that What is ACL? ACL: Access Control List(who can do what[read, write and delete]) What is STATIC NAT? How to ping other devices

● Type,”ping” then the ip address to ping ● Pinging gives a response from the other host, website, etc;.

How to use SSH How to configure access ports How to create VLANs How to configure 1 statement standard ACL #1

What is DYNAMIC NAT? What is a PAT? Port address translation Maps multiple address using different port Understanding NAT What is an NIC? Network interface controller: What is the DHCP? Dynamic Host configuration protocol: admin does not have to manually assign ip addresses. What is a Subinterface? What’s an ISP network? Internet service provider(AT&T) Class C subnet mask: /24 Class B subnet mask: /16 Class A subnet mask: /8

 

 

 

 

 

 

 

Port Security HOW TO CONFIGURE PORT SECURITY ON FAST ETHERNET PORTS

● HOW TO CONFIGURE PORT SECURITY ● Go to the interface configuration mode of the port, then

type,”switchport mode access” to access the interface, then type,”switchport port-security” to enable port security.

● To disable unused ports, use the,”shutdown” when configuring the

port’s interface. When changing multiple ports, use the ,”interface range (specified module/first number-last number)” global configuration command.

HOW TO CONFIGURE DHCP(Refer to chapter 10.1.2.1) ● To enable DHCP snooping for the switch, type,”ip dhcp snooping”,

and for a specific VLAN, type,”ip dhcp snooping vlan (specified number)

● To define a trusted port, go to the ports interface configuration mode and type,”ip dhcp snooping trust”

● NOTE:trusted ports source ALL DHCP messages, untrusted can only source requests. An untrusted port is a port not specified as trusted.

● To name a DHCPv4 Pool, type,”ip dhcp pool “(then specified name) in global configuration mode ON A ROUTER!!!!

HOW TO CONFIGURE MAC ADDRESSES

● NOTE: there is a static secure MAC address(manually added to configuration file), dynamic secure MAC address(automatically added, but temporary) and sticky secure MAC address(added automatically to configuration file, or manually.)

● On a particular port, to change a dynamic MAC address to a sticky MAC address, type,”switchport port-security mac-address sticky” to the interface configuration mode. Type the same command with the specified MAC address on the end to convert those MAC addresses to sticky.

● To remove sticky MAC addresses from the configuration file, type, ”no switchport port-security mac-address sticky” .

● To set the maximum limit of MAC addresses on a port, type,”switchport port-security maximum”(then specified number)

VIOLATION MODES ➢ PROTECT ➢ This mode makes no notification of violation(or there being an

unrecorded MAC address and not enough space to record it), but rather stops the unknown MAC address from sending packets.

➢ To change to this mode type,”switchport port-security violation protect”

❖ RESTRICT ❖ This mode is like the protect mode, but it sends a SYSLOG

MESSAGE when there is a security violation. ❖ To change to this mode on a switch port, type,”switchport

port-security violation restrict”

● SHUTDOWN ● This mode turns of the port LED and makes it error-disabled from a

violation. If this happens, to reset it type,”shutdown”, then “no shutdown”.

● NOTE: this mode is default on switch ports!!!

● To change to this mode on a switch port, type,”switchport port-security violation shutdown”

Switch Security go to chapter 

2.3.2.4 How to configure SVI(switch virtual interface)

● In global configuration mode, type,” interface vlan 1” ● NOTE: vlan 1 is the actual SVI ● NOTE 2: Just type ,”ip address” to assign the ipv4 address. ● Enable SVI by using the command,” no shutdown”

How to set a password to the console line(this locks the command line if exitted, so REMEMBER THIS PASSWORD)

● From terminal configuration mode, type,”line console” (then specified number)

● The next line should say”config-line” in the parenthesis ● Then, type,” password”(specified password) ● After, type ,”login” ● DONE! ● To check, exit terminal configuration mode by typing,”exit” ● There should be a line asking for a password

How to set a password for the privileged mode(there should be a # in front of the host name)

● Enter terminal configuration mode

● Type,” enable password” then (specified password) ● Then exit configuration mode

How to configure an encrypted password for privileged mode ● Enter terminal configuration mode ● Type,” enable secret “ (then specified encrypted password) ● The type,”exit” ● NOTE: This overrides the usual privileged mode access password. If

both are set, you have to use the specified password from now on) How to encrypt a password(enable and console passwords) *NOTE: The plain text passwords shown when checking the configuration are not encrypted!

● Enter terminal configuration mode ● Type,” service password-encryption” then enter ● Exit configuration mode

How to assign an MOTD banner(Message Of The Day) ● Enter terminal configuration mode ● Type,” banner motd” (then in quotation marks the specified

message) ● Then exit configuration mode

How to save all of these configurations ● From the privileged EXEC mode(with this symbol #), type,” copy

running-config startup-config” Trunking: Puts 2 separate network together How to configure SSH(REFER To RSE Chapter 2.2.1.1)

● First, it must have a hostname and network connectivity settings. ● Type,”show ip ssh” to see if the switch allows SSH. ● Then, in global configuration mode, type,”ip domain-name” (then

specified domain name) to

● NOTE: to configure SSH version 2, type,”ip ssh version 2” global configuration command.

● NOTE: Creating an RSA key pair automatically enables SSH. ● Type,”crypto key generate rsa” to start an ssh server on the switch.

You will be prompted to enter a bit(modulus) length. Recommended: 1024 bits.

● HOW TO DISABLE SSH: use this command in global configuration mode,”crypto key zeroize rsa”. This deletes the RSA key pair and disables SSH.

● HOW TO CONFIGURE USER AUTHENTICATION: type,”username (designated username) secret (designated password)”. Typed in global configuration mode.

● HOW TO ENABLE SSH ON VTY LINES: type,”transport input ssh” in line configuration mode. To get there, type,”line vty(designated line number)” in global configuration mode.

● Type,” login local” to require a login for ssh connections. ● NOTE: if the information shown from “show ip ssh” command shows

that the switch supports ssh version 1.99, then the switch supports both versions of ssh.

● TEST ON RSE CHAPTER 2.2.1.2

VLAN Security 

 

VLAN configuration ● To set an ip address, type,”ip address” in the vlan configuration mode ● To get to a vlan’s configuration mode, type”interface vlan “(then

specified vlan number) from global configuration mode. ● VLAN numbers 1-1005 are normal ranged vlans. Used for

small-medium sized businesses.

Packet Guiding How to capture a syslog message How to configure a default route to the internet How to keep addresses from being sent to devices How to configure backup route How to configure primary route How to configure summary routes How to configure static routes How to record MAC addresses

 

UNKNOWN COMMANDS REFER TO RSE Chapter 2.2.4.8 for NTP configuration REFER TO RSE Chapter

1.

How to configure OSPF process ID 1

1. How to configure a network statement How to disable OSPF How to implement NAT How to Configure an ACL(access control list) to permit FTP and ICMP(RSE CHAPTER 9 PACKET TRACER MODULE)

1. From global configuration mode, enter this,”(space) access-list(space)?”... This shows____________

2. Add first number of EXTENDED access list, followed by a question mark(In between list and the ?)

3. To permit FTP traffic, enter,”permit” in between the number and the question mark, with spaces. A list of Protocols will be shown

4. If FTP is not permitted, then add ,”tcp”between permit and the question mark, since FTP uses TCP

5. NOTE: There is a space between everything, including the question mark!

6. Then, enter specified network address 7. Find mask of the “wildcard”(take the binary opposite of the

subnet mask) 8. Then, on top of everything else, add the mask onto the end of

the command, including the network 9. For a single destination, enter host after the wildcard, then the

destination’s ip address. 10. To display options, enter “eq”before the questionmark 11. Then, type ftp and enter, WITH NO QUESTION MARK!

How to configure static NAT for the File server How to Configure DYNAMIC NAT How to configure a PAT How to create a DHCP Pool How to configure DHCP to give default gateway How to create a DHCP client How to configure OSPF v1 How to configure OSPF v2 Link-State Protocol: How to configure OSPF v3 How to configure VTY to only accept SSH RSA key-pair configuration OSPF : Open Shortest Path Protocol

DOCUMENTATION 

Troubleshooting(Chapter 

7.3.2.9) [RSE CHAPTER 2.1.2] 

●  

Ip addressing 

 

Vlan and Port Assignments 

 

Filling in the Blanks 

 

Subnetting(Chapter 8) 

❖ What does it do? ● Subnetting reduces overall network traffic and improves network

performance. ● Subnetting determines the number of hosts on a network using an ip address

and the subnet mask. ● Add a number at the host portion of the subnet mask starting from left to

right to change the subnet mask. Every bit changed starting from left to right CONSECUTIVALEY, will add another exponent to the number 2. The resulting number will be the number of subnetworks made. The number of host bits left (as the exponent of 2)minus the number of changed bits(as the exponent of 2) equals the number of available hosts and what addresses they are located in. (Host bits mulatiplied by the number of subnets determines their locations. In other words: 2^n-2=number of hosts on a subnet, 2^n=number of subnets created, and look at the position of the last one in the subnet mask in order to find the number each subnet goes up by.

● NOTE: Subnet mask stays the same for all subnets. ● Last network in the network address is the broadcast address ● AND the ip address(ipv4) and the subnet mask to get the network address ● How to make 2 equal sized subnets with the same mask: only borrow 1 host

bit!

USE CHAPTER 11!!! Windows Server 2008 checklist: https://ca-cyberhub.org/images/Resources/Checklist_-_Server2008_-_Marlow_High_School.pdf

Verification PORT SECURITY 

● Type,”show port-security interface “(specified full port name and number)

● To show all secure MAc addresses, type,”show port-security address” ● If the port is shutdown, document the threat and eliminate the threat

before the port is re-enabled.

VLAN ASSIGNMENTS 

 

NAT TRANSLATIONS 

 

 

OSPF 

 

REMOTE ACCESS 

 

SSH REFER TO RSE Chapter 2.2.1.3

 

Switch To look at the statuses of interfaces, type,”show ip interface brief” in

priviledged EXEC mode. REFER to RSE Chapter 2.1.2.4 for switch port verification