Cisco/Packet tracer

AEtherchannel is the port link aggregation technology invented by a company named Kalpana. This company was acquired by Cisco systems in 1994.  Etherchannel allows us to group several ( practically eight ) physical Ethernet links on a Cisco switch into one logical link. Advantages of etherchannel include increased bandwidth and fault tolerance. For example, when we group eight physical ports into one logical port, considering bandwidth of each port is 100 Mbps, the combined bandwidth is 800 Mbps. What if one of the port fails?. Well the rest of the ports take over thus preventing any failure. Let’ see it a little bit practically.

Imagine we have a network as shown below. There are two separate departments named Sales and Engg  in a company which are connected through a router.



There comes a time when the traffic between these two significant departments becomes so intense that the network administrator decides to interconnect the two switches of the respective departments as shown below so that the traffice doesn’t disturb the router. ( CCNA guys, always remember that  switches are interconnected using crossover cables only ).



Considering the importance of the two departments, the network administrator decides not only to provide additional bandwidth but also provide fault tolerance between the departments. Etherchannel satisfies both these requirements.

Now let’s see how to configure etherchannel.  To configure etherchannel, login to SWITCH1. Enter global configuration mode by typing command “config t”. Type the command “interface port-channel 1″ to create etherchannel port trunk. Type command “interface range fastethernet 0/1-8″ to select eight interfaces to assign to our etherchannel port trunk. Type command “channel-group 1 mode on” to assign the interfaces to the etherchannel port trunk.



We can see below that we have successfully configured  etherchannel  on our switch.



Now let’s configure VLAN trunk over the etherchannel logical port trunk. Type command “interface port-channel 1″ to select the etherchannel port. Type command “switchport mode trunk” to  set etherchannel port as trunk port.



Hope this was helpful.

According to Wikipedia, “In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area NetworkVirtual LAN or VLAN.”

VLAN’s simplify network management, limit the size of a broadcast domain and improve network efficiency. VLANs are of two types.

  • Static VLAN
  • Dynamic VLAN

In a static VLAN, we assign specific ports to a specific VLAN. whereas in dynamic VLAN we assign MAC addresses to a specific VLAN. In this article we are going to see how to create and configure a static VLAN. We are going to create three VLANs and assign ports to them. For this example, we will create three VLANs named Java, SAP and HR.



We need to be in global configuration mode to create VLANs. The command “vlan 2″ assigns number 2 to the VLAN we are going to create. We can assign any number from 2 to 4094 to the vlan. The command “name java” names our vlan as java. Similarly we can create the vlans SAP and HR.  Before assigning ports to the VLAN let’s see the port states in our switch.



We can see above that all the ports of the switch are members of VLAN 1. VLAN 1 is a special purpose VLAN used for administration. It is the only precreated VLAN on the Cisco switch. All ports are members of this VLAN by default. So when you are assigning a port to a specific VLAN, you are just changing the port from VLAN1 to that VLAN.

Now let’s assign ports to the VLANs we just created. First,  let’s assign three ports to the VLAN java.



The “interface fastethernet 0/1″ command selects the fastethernet port 1. The “switchport access vlan2″ command assigns this port to VLAN java. Similarly we can add the fastethernet ports 2 and 3 to the vlan 2. Now let’s see the port states once again.



We can see that the first three fastethernet ports have been assigned to the VLAN java. Now we will assign fastethernet ports 4 and 5 to VLANs SAP and HR respectively.



This is how our network  will look like if we connect the host devices.



And our port states will look like this.



Imagine you are a network administrator in a large organization with number of switches and routers. To configure a switch or router on a far off location, there are two choices. One is to go near the switch or router to configure it. This is good but imagine how much trouble it is  to go near each and every device to configure it. The second and easy option is the remote configuration of the switch or router.

Remote configuration of a switch/router can be done using telnet or ssh protocols. But using telnet has a disadvantage. It sends data in plain text. So if you happen to type a username ad password for authentication with the switch from a remote location, it will be passed in plain text and anyone sniffing on the network can easily find out your login credentials. This is a big security risk. To overcome this problem, we should use ssh protocol for remote configuration of the switch or router.  SSH protocol is as same as telnet but it uses encryption during the communication. This makes it difficult for hackers to detect the credentials. Let’s see how to enable ssh on cisco routers and switches using IOS. Here I am using a router.



The command “conf t” enables global configuration mode of the switch or router. The “hostname R1″ command changes the default name of router to R1. The name of the router is used to generate names for the keys  by the ssh protocol. So it is necessary to change the default name of the router. The “ip domain-name” command sets the domain name for the router. The domain name is also needed for setting name for encryption keys. ( is a fictional domain name I used. you can use your own domain name ).  It’s  time to set login credentials on the router. The “username admin password 123456″ command sets the username and password to admin and 123456 respectively. The “line vty 0 15″ command selects the vty lines from 0 to 15 for line configuration. The “login local” command sets the login to local router. The “exit” command takes us out of the line configuration mode to global configuration mode. it’s time to generate ssh keys.



The “crypto key generate rsa” command generates the cryptographic keys using Rivest Shamir Adlemann algorithm. You will be prompted to enter the number of bits in the modulus. Setting it too low will be too easy to crack. Setting it too high will be time consuming. I set it to 1024.

Let’s see the information about ssh protocol we enabled on the router.



The “show ip ssh” command does this. The reason for prepending this command with “do” is that the “show ip ssh”  is a privileged exec mode command and cannot be executed in global configuration mode. We can also see from the information displayed that the authentication timeout has been set to 120 secs and authentication retries are set to three. Let’s change them. The command “ip ssh time-out 60″ command changes authentication time-out  to 60 secs.  The command “ip ssh authentication-retries” command is used to change the authentication retries.

Finally we will have to set ssh as input transport protocol on vty access lines.



The “line vty 0 15″ command selects all the vty lines. The “transport input ssh” command sets ssh as a input transport protocol.  The “exit” command as already said takes us out of the line configuration mode. We have successfully enabled ssh protocol on our router.

Let’s once again see the information about the ssh we just enabled using “do show ip ssh”.



We have seen how to set passwords on cisco switches or routers here. Of course setting passwords does add to the security of the device but there is small problem. The password is stored in plain text.  Anyone who gets access to the switch can easily see all the passwords by typing command “show running-config or show startup-config”. Today we will see how to encrypt passwords on Cisco routers and switches.


Encrypting passwords can further enhance the security of the device. Privileged password can be encrypted by using the command “enable secret” instead of “enable password”. This command should be set from privileged global configuration mode.


Lets see what can we see  when we use the command “show running-config”.


We can see that the password we set has been encrypted. but what about other passwords. The  console, auxiliary and vty lines passwords cannot be encrypted even if we use “enable secret” command. To encrypt those passwords, we have to use another command “service password-encryption” as shown below.


This command will encrypt all the passwords stored in plain text on the device.

Good evening friends, Today we will see how to configure passwords on Cisco routers and switches. Cisco devices have four types of passwords.

  • Console password : Used to set password for the console access.
  • Auxiliary password : It is used to set password to auxiliary port ( if the switch has one.)
  • VTY lines password : Used to set password for  for telnet and ssh access.
  • Privileged password : Used to set password for privileged access to the switch.

I am not going to show you how to set up auxiliary password here. To see how to set up console password and VTY lines password, go here.

Privileged mode of a Cisco device has some advanced IOS commands that can have disastrous consequences if used by wrong hands. So it is very important to set up a password to access privileged commands. Use the following commands



The “enable” command takes us into privileged mode. The “conf t” mode takes us into global configuration mode which pertains to the configuration settings of the whole switch. The “enable password”  sets a password for the privileged mode. ‘123456’ is the password. The “exit”  command takes us out of the privileged mode. To see if a password has been set for the privileged mode, try entering into privileged mode by typing “en” command. We can see that it prompts us for the password.

Basic configuration of a Cisco switch can be done  in three ways, using Cisco Device manager web tool, using Cisco Networking Assistant(CNA) and Cisco IOS setup mode. The first two are GUI tools and the latter is a CLI option. Since Cisco IOS plays a very important part in CCNA exam,  we are going to see how to configure a switch using Cisco IOS setup mode commands.

In this tut, we are going to configure the name of the switch, set management ip address to the switch, configure console and telnet passwords and lastly configure message of the day banner for the switch. To configure a Cisco switch using Cisco IOS, we must connect a computer to the console part of the switch using a rollover cable. For this article however, I am going to use Cisco Packet Tracer software.


Naming the switch: 

Naming the switch can ease management and identification of the switch. Run the following commands for naming the switch. A switch can be named using “hostname” command.



The first two commands allow us to access the global configuration of the switch. If you are not aware of different modes of a Cisco switch, see here. The “hostname” command renames the switch. The rest of the commands are used to exit from global configuration mode.

Configure management IP address:

Configuring management IP address to the switch allows us to connect to the switch from remote locations using either Telnet or HTTP. To configure management IP address on the switch, run the folllowing commands.



The first two commands (“en” and “conf t”) set the IOS in privileged global configuration mode. This mode enables us to run commands that configure switch settings that apply to the whole switch.

The “interface vlan1″ command selects an interface to work with.  VLAN 1, is  called the management VLAN and is reserved for management of the switch.  We set IP address and the management default IP gateway on this Vlan.

“ip address” command sets the ip address and the subnet mask of the switch on interface vlan1. The no shutdown command turns on the interface vlan1. The exit command brings us back into global configuration mode from specific configuration mode.

The “ip default-gateway″ command sets the default gateway of the switch to . We can see that we first exit from the interface configuration mode ((config-if)# exit) because the default gateway applies to the whole switch, not just to an interface.

Configuring Console password:

To set up a console password on the switch, run the following commands.



The “line console 0″ command selects the console line. There is only one console line on a cisco switch. The “password 123456″ command sets the password of the console line to 123456. The “login” command instructs the IOS to prompt for authentication when somebody logs into console line.

Configuring telnet password:

To configure telnet password on the switch, run the following commands.



The “line vty 0 ?” command shows the number of vty lines available on the switch. The response <1-15>  shows that 15 VTY lines are available, which means we can have 15 simultaneous sessions on this switch.  We will configure telnet password on line 1. The “line vty 1″ command selects the line 1. The “password telnet” command sets the telnet password of the line to telnet. The “login” command instructs the IOS to prompt for authentication.

Configuring banners:

Banners can be used to display a brief message about the switch when someone logs in. It helps identifying the switch we log into and its configuration and usage guidelines. We can also add a security warning in the banner message to warn users against unauthorized access to the switch. We should run the following commands to configure banners on the switch.



We will configure message of the day on the switch. The “banner motd -“ command ( note that there is a space between motd and – ) is used to configure the message of the day banner on the switch. When we run this command, it prompts us to enter the message whcich should be ended by .

This is the basic configuration of he switch. Hope this was hepful.

Understanding subnetting is very important not only for those preparing for CCNA exam but also network administrators. Today, I am going to teach you how to create a subnet in a network. For this, I will use Packet Tracer software. To know what is subnetting and why we need it go here. So let’s start.

Imagine I formed a small software company named shunya whose network looks like below. I hired one Java developer, one software tester, one HR and one network administrator. I have been assigned the IP address range from to



I have enabled DHCP on my router as below.




After one year, imagine my company has received Abrahamic blessings from GOD and has seen rapid growth. Now the company has three Java developers, three software testers and  a dedicated HR team. Not only that, my company now has moved into Remote Infrastructure Management(RIM) and has a Network Operation Center(NOC) and Security Operation Center(SOC).  Total I have 15 computers in my network which looks like below.



Now see the image below. Here the machine “JD1″ sends a packet to machine “Testing3″. We can see here that for communication between machines “JD1: and “Testing3″ other machines have also been disturbed.



So for this reason, I decided to subnet the network. I decide to divide the network into three subnets as shown below.



To create a subnet, first we need to have proper planning as to how many subnets we need and how many we may need in the future. Presently, I need three subnets. The number of subnets should always be calcutated in the powers of 2.

2 to the power of 1 = 2

This doesn’t satisfy our requirement as we need three subnets.

2 to the power of 2 = 4

This satisfies our requirement. So we need to take two bits from the host portion of the IP address. to is the address range available to us with subnet mask,  Writing the subnet mask in the binary notation, it is

11111111 11111111 11111111 00000000

 255            255          255             0  

The first 24 bits are network bits and the last eight bits are host bits. To create three subnets, we need to take two bits from the host portion of the address as explained above.

11111111 111111111 11111111 11000000

   255              255            255         192

Four subnets which can be created from the above subnet mask are, to ( with host bits 00000000 ) to ( with host bits 01000000 ) to ( with host bits 10000000 ) to ( with host bits 11000000 )

Since we require only three subnets, we will create the first three subnets. The first subnet ( to ) comprises of Java Developers and Software testers. The commands are as below on the interface.



If you go to any machine on this subnet and look at its IP address, it will be like below.


Now the subnet for the Human Resource Department ( to ) . This will be like below.






The third subnet ( to ) comprises of NOC and SOC.







Now our network has been successfully subnetted into three subnets and we still have another subnet to use for future use.




Hope this was helpful. If you have any doubts regarding this article please comment below. Thank you.


Cisco IOS is the internetwork operating system of both the Cisco switches and routers. It has two interfaces command line interface(CLI) and Graphical User Interface(GUI). Since CCNA exam will surely test your knowledge on these interfaces, it is important to get familiar with them.

Cisco’s IOS command-line interface (CLI) is a text-based interface integrated with the IOS. When a switch or router boots up, the IOS loads the startup configuration from NVRAM and displays the IOS prompt, waiting for commands. We can enter the IOS commands at the IOS prompt.

In this article, we will see various command line modes on Cisco routers and switches. For this, we are going to use Packet Tracer. To see what is Packet Tracer and how to install it in both Linux and Windows, go here. For a startup guide on Packet Tracer, see here. Open Packet Tracer  and select a Cisco 2960 switch.



Hover on the switch to see its ports.


Select a Computer from the End Devices and connect them with a Console wire. What we are simulating here is connecting to the switch from a PC through console.



Click on the Host device( Computer ). On the window that opens, click on Desktop tab and Click on Terminal.


The console opens with the switch booting. Switch finishes its booting operation and loads  into user EXEC mode.


Coming to the modes of Cisco IOS, the Cisco IOS has five command line modes.

  • Setup mode
  • User EXEC mode
  • Privileged EXEC mode
  • Global configuration mode
  • Specific Configuraton mode

Setup mode

Setup mode is the initial configuration mode of Cisco switches and routers. They start in setup mode when no startup configuration exists in NVRAM. After completion of the setup mode,  the Cisco IOS transitions to user EXEC mode.

User EXEC mode

The user EXEC mode is the normal operation mode on Cisco switches and routers. The Cisco IOS user EXEC prompt is the switch or router name followed by the ‘greater than’ character >. See all the commands available in user EXEC prompt by typing ‘?’



Privileged EXEC mode

Privileged EXEC mode is the advanced operation mode of Cisco IOS. It has been designed to restrict access to IOS commands that can have adverse effects on the Cisco device and its configuration. To enter privileged EXEC mode type “enable” or “en” .Privileged EXEC prompt is comprised of the switch or router name followed by the # character. To exit the privileged EXEC prompt type “disable”.



To see the commands available in privileged EXEC prompt, type ?.



Global Configuration mode

The global configuration mode is comprised of commands pertaining to the entire Cisco device. In other words, if we need to execute commands to modify the behavior of either the whole switch or the whole router we need to set the IOS in global configuration
mode. Global configuration mode can only be enabled from  privileged
EXEC mode by typing config t” or “conf t”. The prompt in this mode is comprised of the device name followed by “(config)#”.



See the commands available in this mode by typing ‘?’. If we need to execute a command not available in the global configuration mode we should prefix the command by “do”.



Specific configuration mode

The specific configuration mode is used for commands that affect the configuration of either just one part or range of components of the Cisco device. Suppose we want to work on a few interfaces (or ports) on our switch or router we need to enable specific configuration mode. We can enable specific configuration mode only from the global configuration mode by selecting the components we want to work with. The prompt in this mode is comprised of the router or switch host name followed by “(config-<component>)#”.

Let’s select interface fastethernet 0/1 by typing “interface fastethernet 0/1″. 


If we want to run a command not available in specific configuration mode prefix the command by do”. For example, run the command “do show running-config” in specific configuration mode.



We can exit from global configuration mode and specific configuration mode by typing “exit”.

There are a few tuts available for Packet tracer on internet but I have made this guide keeping absolute beginners in mind and when I say absolute beginners, I mean really absolute beginners. In this guide we are going to create a star topology  and see the difference between hub and a switch.

To those people who don’t know what Packet Tracer is, it is a software developed by Cisco that can simulate networks and can be really helpful for people preparing for CCNA. See How to install Packet Tracer in Windows and Linux.

So Let’s start our tutorial. Open Packet Tracer. On the lower left corner, there are components required for creating a network. There are routers, switches, End devices, Hubs, Wireless Devices, Connections etc.



Click on “Hubs”. To the right, you should see types of hubs displayed. Click on the first type ‘Generic‘, move your mouse to the workspace above and click on the point you want to place your hub.


Click on the hub we just placed in our workspace. You are shown the physical view of the hub and it is a physical view literally. You can even see the Power button of the hub.



Click on the Config” tab just beside the “Physical” tab. You are shown the global settings of the hub. You can change the display name of the hub hers. Change it from “Hub0″ to “Hub”. Then close it.



Now we are going to place five computers around the hub to form Hub and Spoke topology. From the components on the lower left corner click on “End devices”. From the options displayed, click on the first choice called “Generic” hold “CTRL” key and click on the workspace at five points around the hub where you want to place your computers. This is a shortcut to place many devices.



Click on any PC”. You should see something similar to “CPU”. This is the physical view of the PC. We can even see the Power button.



Click on the “Config” tab beside “Physical” tab. On the global settings, change the name of the PC to “PC 1″. On gateway/DNS select “DHCP”. We will set up a DHCP server to assign IP addresses to the PC’s. You can have a look at other tabs beside “Config” tab.



Perform this action for other PC’s also and name them differently. Then from “End Devices” select “Server” and place it on the workspace as below.



Click on “Server”. Go to “Config” tab. We can see the services which can be configured on our servers HTTP, DHCP etc etc.



Click on “DHCP”. Keep the Pool name, default gateway and DNS server same. Give “starting IP address” as “″ and “subnet mask” as “″. Turn on DHCP service if it is OFF. Click on “Save”.



Click on the interface “FastEthernet” to the left. Set IP configuration as static and give “IP address” as and “subnet mask” as “″. Close the window.



Now we are going to connect our devices. In the components to the lower left corner, Click on “Connections”.



Different types of cabling are displayed. Here’s where Packet tracer assists in our learning abilities. If you are not sure what type of wiring to use, click on the first choice automatic. Then on the workspace, click on Server” and then click on the “Hub”. A connection is established. If the connection end points are red, then there is some problem with your wiring. If end points show green, then your wiring is alright.( We learn that we have to use copper straigtht through cabling in Star Topology.)



Do the same for all connections.



After some time, IP addresses are assigned to all systems by the DHCP server. Hover the mouse over the systems to check if IP addresses are assigned or not.



Now let’s see the functioning of the hub. Click on “Simulation” beside “Realtime” as shown below.



The Event List window will open. Click on “Edit Filters”. We will see various protocols.



Deselect “Show All/None” option. All options are deselected. Then Select ICMP option. What we are doing is trying to ping the machine.



Close the Event List window.



Click on “Add Simple PDU” as shown below. When we move the mouse on the workspace we can see a white envelope moving along with the mouse.



First click on the sending device( Click on “PC0″ ). Then select the receiving device( Click on the “Server” ). It should be clear to you that we are pinging the server from PC0. Our screen would like this.



We will now see how packets travel from PC0 to the Server. Click on “Capture/Forward” as shown below.



Click on “Capture/Forward” again. The ping travels from PC0 to the hub.



Click on “Capture/Forward” again. The hub forwards  the frame on all the ports, except the port through which the frame came in. All hosts except Server discard the frame since it is not addressed to them.



Click on “Capture/Forward”. The server forwards a frame to the hub.



Click on “Capture/Forward”. The hub once again forwards the frame on all ports except the input port. All hosts except PC0 discard it since it is not addressed to them. The simulation success message is shown as below.



To see the list of complete events undergone in this communication, Click on “Event List” as shown below.



As already seen Hubs forward a frame they receive on all the outbound ports except the port through which it received the frame. When connected using hubs, the host devices share same bandwidth of the medium. Since they share the same bandwidth, hosts can send frames at the same time on the medium which can result in collisions. In order to prevent frame collisions, Ethernet uses “Carrier Sense Multiple Access/Collision detect(CSMA?CD)”. Of course this prevents collisions but it still consumes a lot of bandwidth. The only solution is to this problem is to make the collision domain as small as possible.

Let’s see how.

Click on “Delete” as shown below.



Click on the hub. This will delete the hub and also the connections.



Replace it with a “2960″ switch and make the connections in the same way as done previously.



Add a simple ICMP PDU as done previously.



Click on “Capture/Forward”. The first frame travels to the switch.



Click on “Capture/Forward” again. The switch forwards the frame only to the Server, it’s intended destination.



Subsequently the frame is forwarded to switch which forwards it to PC0 thus completing the communication.



Now How does this happen?

This happens because a switch creates only one collision domain per port forwarding frames only on the outbound port that reaches the destionation of the frame. Since the hosts work in their own isolated collision domain, frames will never collide thus solving the problem of collisons.

Cisco Certified Network Associate certification has become must for anybody who wishes to start  a career in networking. This certification validates that you have the ability to install,configure and troubleshoot a network. You need  lot of practice for achieving success in this exam. Apart from the labs where you are getting trained for CCNA what if you had a chance to practice at home. Or what if you want to self learn for CCNA? Well for both of the questions above, Cisco Packet Tracer is the perfect answer. To quote from Cisco’s official website,Packet tracer is

“a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions.”

It further says,

“The simulation-based learning environment helps students develop 21st century skills such as decision making, creative and critical thinking, and problem solving. Packet Tracer complements the Networking Academy curricula, allowing instructors to easily teach and demonstrate complex technical concepts and networking systems design.”

Nothing could have defined that better. This software is available for free from Cisco’s website provided you are a registered Networking Academy student, alumni, instructor, or administrator. Even if you are not one among the above you could still get hold of this software,just google it.

Now I’m gonna show you how to install packet tracer in Windows and Linux.


Any installation in Windows is just clicks and mouse and the same applies to Packet tracer. Click on the exe file downloaded. The below screen appears.Select “I accept the agreement” and click on “Next”.


Setup will show the folder in which the program’s shortcuts will be created. If you want to change the folder, you can change it. Click on “Next”.



Then the program will ask whether to create a Desktop icon and create a Quick Launch icon. Make your own choice and click on “Next”.



Then the summary of the settings we selected is displayed. Click on “Install”.


The installation starts as shown below.



In seconds,installation gets completed and the below screen is shown.Click on “Finish”.



Then the below popup appears asking you to close or restart your computer. Click on “OK”.


As we selected Launch option, Packet tracer is automatically launched.


2. Linux

To install Packet Tracer in Linux, we need a .deb package of Packet tracer which can be downloaded from here. Now I am going to install it in Ubuntu Precise Pangolin (12.04). Download the above file to the desktop.



Start the terminal and see your current working directory by typing “pwd”. If the current directory is not desktop move to the Desktop directory using “cd”. After reaching the Desktop directory, type “ls” to see if the packet tracer binary is there.



Left click on the packet tracer .bin file displayed after typing “ls” above,the entire word will be selected. Then right click and select copy. Now type “chmod +x” and then hit “CTRL+SHIFT+V “to paste the text we copied above. Our command should look like this.

                       chmod +x  PacketTracer533_i386_installer-deb.bin

What chmod +x command does is that it gives all users permission to execute.



Then type “./PacketTracer533_i386_installer-deb.bin” in the terminal.This will start extracting the binary package.



Then terminal prompts us to hit Enter to read the End User License Agreement.Hit Enter.



After displaying a rather long EULA, terminal asks us if we accept the terms of EULA. Type “Y”.



Then system asks us for the sudo password.Type the password and hit Enter.



When the installation is finished, close the terminal,go to Dashboard, if packet tracer is not seen,type ‘pac’ in the search box. When Packet Tracer is shown, click on it.



A messagebox shows up saying that we are starting packet tracer for the first time and our files will be stored in a specific folder. Click on “OK”.



Another message box pops up.Click on OK”.



Packet tracer is started.