A Name in Career Building CISCO Certified Network Associate CCNA-PRACTICAL LABS Lab-1: Basic Switch Configuration Objective Configure a switch with a name and an IP address. Configure passwords to ensure that access to the CLI is secured. Configure switch port speed and duplex properties for an interface. Save the active configuration. View the switch browser interface. Background/Preparation Cable a network similar to the one in the diagram. Start a HyperTerminal session. Step 1 Enter privileged mode Privileged mode gives access to all the switch commands. Many of the privileged commands configure operating parameters. Therefore, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which access to the remaining command modes is gained. Switch>enable Switch# 1900: >enable # Notice the prompt changed in the configuration to reflect privileged EXEC mode. Step 2 Examine the current switch configuration Join NETS Be The Best National Engineers Training Services (NETS) Tel: 5867776-5837968 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
ObjectiveConfigure a switch with a name and an IP address.Configure passwords to ensure that access to the CLI is secured.Configure switch port speed and duplex properties for an interface.Save the active configuration.View the switch browser interface.
Background/PreparationCable a network similar to the one in the diagram.Start a HyperTerminal session.
Step 1 Enter privileged modePrivileged mode gives access to all the switch commands. Many of the privileged commands configure operating parameters. Therefore, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which access to the remaining command modes is gained.
Switch>enableSwitch#
1900:>enable#
Notice the prompt changed in the configuration to reflect privileged EXEC mode.
Step 2 Examine the current switch configurationExamine the following current running configuration file:
Switch#show running-configHow many Ethernet or Fast Ethernet interfaces does the switch have? ___________________What is the range of values shown for the VTY lines? _______________________________Examine the current contents of NVRAM as follows:
Switch#show startup-config%% Non-volatile configuration memory is not present
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 1
_______________________________________________________________Step 3 Assign a name to the switch
Enter enable and then the configuration mode. The configuration mode allows the management of the switch. Enter AL Switch, the name this switch will be referred to in the following:
Switch#configure terminalEnter the configuration commands, one for each line. End by pressing Ctrl-Z.Switch(config)#hostname ALSwitchALSwitch(config)#exit
Notice the prompt changed in the configuration to reflect its new name.Type exit or press Ctrl-Z to go back into privileged mode.
Step 4 Examine the current running configurationExam the current configuration that follows to verify that there is no configuration except for the hostname:
ALSwitch#show running-configAre there any passwords set on the lines? _______________________________________What does the configuration show as the hostname of this switch? ______________________
Step 5 Set the access passwords (1900: Skip to Step 6)Enter config-line mode for the console. Set the password on this line as cisco for login. Configure the vty lines 5 to 15 with the pass word cisco as follows:
ALSwitch#configure terminalEnter the configuration commands, one for each line. End by pressing Ctrl-Z.
ALSwitch(config)#line con 0ALSwitch(config-line)#password ciscoALSwitch(config-line)#loginALSwitch(config-line)#line vty 0 15ALSwitch(config-line)#password ciscoALSwitch(config-line)#loginALSwitch(config-line)#exit
Step 6 Set the command mode passwordsSet the enable password to cisco and the enable secret password to class as follows:
ALSwitch(config)#enable password cisco1900:ALSwitch(config)#enable password level 15 ciscoALSwitch(config)#enable secret class
Which password takes precedence, the enable password or enable secret password? _______
Step 7 Configure the layer 3 access to the switchSet the IP address of the switch to 192.168.1.2 with a subnet mask of 255.255.255.0 as follows:
Note: This is done on the internal virtual interface VLAN 1.ALSwitch(config)#interface VLAN 1ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0ALSwitch(config-if)#exit1900:ALSwitch(config)#ip address 192.168.1.2 255.255.255.0
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 2
Step 8 Verify the management LANs settings (1900: Skip to Step 10)Verify the interface settings on VLAN 1 as follows:
ALSwitch#show interface VLAN 1What is the bandwidth on this interface? ______________________________What are the VLAN states: VLAN1 is __________, Line protoc ol is __________Enable the virtual interface using the no shutdown command
What is the queuing strategy? ______________________________________
Step 9 Save the configurationThe basic configuration of the switch has just been completed. Back up the running configuration file to NVRAM as follows :
1900:The configuration is automatically saved to NVRAM within approximately one minute of entering a command. To save the configuration to a TFTP server, enter the following:
ALSwitch#copy nvram tftp://tftp server ip add/destination_filenameConfiguration upload is successfully completed.
Step 10 Examine the startup configuration file (1900: Skip to Step 11)To see the configuration that is stored in NVRAM, type show startup-config from the
What is displayed? __________________________________________________________Are all the changes that were entered recorded in the file? ____________________________
Step 11 Exit the switchLeave the switch welcome screen by typing exit as follows :
ALSwitch#exitOnce these steps are completed, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 3
ObjectiveDemonstrate the commands to enter a message-of-the-day (MOTD) on the router. This procedure allows all users to view the message upon entering the router.Set up a network similar to the one in the previous diagram.
Background/PreparationIn this lab the Cisco Discovery Protocol (CDP) commands will be used. CDP discovers and shows information about directly connected Cisco devices (routers and switches).Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination.Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.
Step 1 Configure basic router informationOn the Gadsden router, enter the global configuration mode. Configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.Enter the show running-config command to verify the configuration that was just entered.Save the configuration information from the privileged EXEC command mode.
GAD#copy running-config startup-configStep 2 Enter Global Configuration mode
Enter configure terminal at the router prompt. Notice the change in the router prompt.
Step 3 Display help for the banner motd commandEnter banner motd ? at the router prompt.What is the character called that is used to indicate the beginning and end of the banner?__________________________________________________________________
Step 4 Choose a description for the interfaceThe login banner should be a warning not to attempt login unless authorized. In the following space, enter an appropriate warning banner. The message can contain any printable character as well as spaces and carriage returns .________________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 4
Step 5 Enter the desired banner messageFrom the global configuration mode enter banner motd # message #. The _#_ signs are used as delimiters and the message_ is the banner message c hosen in the previous step.
Step 6 Test the MOTD displayExit the console session. Reenter the router to display the mess age-of-the-day. This is done by pressing the Enter key. This will display the message entered into the configuration.
Step 7 Verify the MOTD by looking at the router configurationEnter the show running-config command.How does the banner MOTD show in the configuration listing?_______________________________________________________________________Save the configuration information from the privileged EXEC command mode. Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the routerEnter into the privileged EXEC mode by typing enable.If prompted for a password, enter class. If class_ does not work, ask the instructor for assistance.
Router>enableAt the privileged EXEC mode, enter the command erase startup-config.
Router#erase startup-configThe responding line prompt will be:
Erasing the nvram filesystem will remove all files! Continue?[confirm]Press Enter to confirm.
The response should be:Erase of nvram: complete
Now at the privileged EXEC mode, enter the command reload.Router(config)#reload
The responding line prompt will be:System configuration has been modified. Save? [yes/no]:Type n and then press Enter.
The responding line prompt will be:Proceed with reload? [confirm]Press Enter to confirm.
In the first line of the response will be:Reload requested by console.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 5
ObjectiveCreate a basic switch configuration and verify it.Determine the switch firmware version.Create two VLANs, name them and assign member ports to them.
Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains .Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise.Instructions are also provided for the 1900 Series switch, which initially displays a Us er Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway as on the switch.
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the host.Was the ping suc cessful? ____________________________________________If the answer is no, troubleshoot the host and switch configurations.
Step 4 Show the IOS versionIt is very important to know the version of the operating system. Differences between versions may change how commands are entered. Type the show version command at the user EXEC or privileged EXEC mode prompt as follows:
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 6
Switch_A#show vlanWhat version of the switch IOS is displayed? ______________________________________Does this switch have standard edition or Enterprise edition software? ___________________What is the Firmware version of the switch? ______________________________________
Step 5 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Which ports belong to the default VLAN? ________________________________________1900:Switch_A#show vlan
How many VLANs are set up by default on the switch? ______________________________What does the VLAN 1003 represent? __________________________________________How many ports are in the 1003 VLAN? _________________________________________
Step 6 Create and name two VLANsCheck prompts on 2950Enter the following commands to create and name two VLANs:
Switch_A#vlan databaseSwitch_A(vlan)#vlan 2 name VLAN2Switch_A(vlan)#vlan 3 name VLAN3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 2 name VLAN2Switch_A(config)#vlan 3 name VLAN3
Step 7 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanAre there new VLANs in the listing? _____________________________________
1900:Switch_A#show vlan-membership
Do they have any ports assigned to them yet? ______________________________
Step 8 Assign ports to VLAN 2Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 2 to VLAN 2:
Is port 2 assigned to VLAN 2? ___________________________________________Is the port still listed in the default VLAN? _________________________________
Step 10 Assign a port to VLAN 3Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 3 to VLAN3
Is port 3 assigned to VLAN 3? ________________________________________________Is the port still listed in the default VLAN? ________________________________________
Step 12 Look at only VLAN2 informationInstead of displaying all of the VLANs type the show vlan id 2 command at the privileged EXEC mode prompt as follows:
Switch_A#show vlan id 21900:Switch_A#show vlan 2
Does this command supply any more information than the show VLAN command? __________
Step 13 Look at only VLAN2 information with a different command (1900: Omit this step)
Instead of displaying all of the VLANs type the show vlan name VLAN2 command at the privileged EXEC mode prompt.
Switch_A#show vlan name VLAN2Does this command supply any more information than the show VLAN command? __________Once the steps are completed, log off by typing exit, and turn all the devices off. Then remove and
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 8
ObjectiveCreate a basic switch configuration and verify it.Create two VLANs.Name the VLANs and assign multiple member ports to them.Test functionality by moving a workstation from one VLAN to another.
Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Cable a network similar to the one in the diagram.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings.
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway as on the switch.
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the host.Was the ping successful? __________________________________________________If the answer is no, troubleshoot the host and switch configurations.
Step 4 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A(vlan)#vlan 2 name VLAN2Switch_A(vlan)#vlan 3 name VLAN3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 2 name VLAN2Switch_A(config)#vlan 3 name VLAN3Switch_A(config)#exit
Step 6 Assign ports to VLAN 2Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 4,5 and 6 to VLAN 2.
Are ports 7 through 9 assigned to VLAN 3?_________________________________________________________________________
Step 10 Test the VLANsPing from the host in port 0/4 to the host in port 0/1.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/1 to the host in port 0/4.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/1 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________
Step 11 Move a hostMove the host in port 0/4 to port 0/3. Wait until the port LED goes green and then go to the next step.
Step 12 Test the VLANsPing from the host in port 0/3 to the host in port 0/1.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in port 0/1 to the host in port 0/3.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 12
Was the ping successful? ____________________________________________________Ping from the host in port 0/3 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________
Step 13 Move hostsMove the hosts in port 0/3 to port 0/4 and the host in port 0/1 to port 0/5. Wait until the port LED goes green and then go to the next step.
Step 14 Test the VLANsPing from the host in port 0/4 to the host in port 0/5.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/5 to the host in port 0/4.Was the ping successful? ____________________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Ping from the host in port 0/5 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________
Step 15 Move hostsMove the hosts in port 0/4 to port 0/8. Wait until the port LED goes green and then go to the next step.
Step 16 Test the VLANsPing from the host in port 0/4 to the host in port 0/8.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in port 0/8 to the host in port 0/4.Was the ping successful? ___________________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Ping from the host in port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________2900 and 2950 Series Switches
Enter into the privileged EXEC mode by typing enable.If prompted for a password, enter class (if that does not work, ask the instructor).Switch>enable
Remove the VLAN database information file.Switch#delete flash:vlan.datDelete filename [vlan.dat]?[Enter]Delete flash:vlan.dat? [confirm] [Enter]If there was no VLAN file, this message is displayed.%Error deleting flash:vlan.dat (No such file or directory)
Remove the switch startup configuration file from NVRAM.Switch#erase startup-configThe responding line prompt will be:Erasing the nvram filesystem will remove all files! Continue? [confirm]
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 13
Press Enter to confirm.The response should be:Erase of nvram: complete
Check that VLAN information was deleted.Verify that the VLAN configuration was deleted in Step 2 using the show vlan command. If previous VLAN configuration information (other than the default management VLAN 1) is still present it will be necessary to power cycle the switch (hardware restart) instead of is suing the reload command. To power cycle the switch, remove the power cord from the back of the switch or unplug it. Then plug it back in.If the VLAN information was successfully deleted in Step 2, go to Step 5 and restart the switch using the reload command.Software restart (using the reload command)
At the privileged EXEC mode enter the command reload.Switch(config)#reloadThe responding line prompt will be:System configuration has been modified. Save? [yes/no]:Type n and then press Enter.The responding line prompt will be:Proceed with reload? [confirm] [Enter]The first line of the response will be:Reload requested by console.After the switch has reloaded, the line prompt will be:Would you like to enter the initial configuration dialog? [yes/no]:Type n and then press Enter.The responding line prompt will be:Press RETURN to get started! [Enter]
1900 Series SwitchesRemove VLAN Trunking Protocol (VTP) information.
#delete vtpThis command resets the switch with VTP parameters set to factory defaults.All other parameters will be unchanged.Reset system with VTP parameters set to factory defaults, [Y]es or [N]o?Enter y and press Enter.
Remove the switch startup configuration from NVRAM.#delete nvramThis command resets the switch with factory defaults. All system parameters will revert to their default factory settings. All static and dynamic addresses will be removed.Reset system with factory defaults, [Y]es or [N]o?Enter y and press Enter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 14
ObjectiveCreate a basic switch configuration and verify it.Create two VLANs.Name the VLANs and assign multiple member ports to them.Delete VLANsUnderstand why it is not possible to delete VLAN 1.
Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.
Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway as on the switch.
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the host.Was the ping suc cessful? __________________________________________________If the answer is no, troubleshoot the host and switch configurations.
Step 4 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#vlan databaseSwitch_A(vlan)#vlan 2 name VLAN2Switch_A(vlan)#vlan 3 name VLAN3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 2 name VLAN2Switch_A(config)#vlan 3 name VLAN3
Step 6 Assign ports to VLAN 2Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 4, 5 and 6 to VLAN 2.
Step 9 Display the VLAN Interface InformationOn Switch_A, type the command show vlan at the privileged EXEC prompt.
Switch_A#show vlanAre ports 7-9 as signed to VLAN 3? _____________________________________________
Step 10 Test the VLANsPing from the host in port 0/4 to the host in port 0/1.Was the ping suc cessful? _____________________________________________Why? _____________________________________________Ping from the host in port 0/1 to the host in port 0/4.Was the ping suc cessful? _____________________________________________Why? _____________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? _____________________________________________Why? _____________________________________________Ping from the host in port 0/1 to the switch IP 192.168.1.2.Was the ping suc cessful? _____________________________________________Why? _____________________________________________
Step 11 Delete a Host from a VLANTo remove a host from a VLAN, use the no form of the switchport commands in the port interface configuration mode.
Step 14 Display the VLAN Interface InformationOn Switch_A, type the command show vlan at the privileged EXEC prompt.
Switch_A#show vlanIs VLAN 3 removed? _______________________________________________________What happened to the ports that were released from the VLANs? ______________________
Step 15 Delete VLAN 1Try to delete VLAN 1, which is the default VLAN, the same way that you deleted VLAN 3.
Switch_A#vlan databaseSwitch_A(vlan)#no vlan 1A default VLAN may not be deleted.Switch_A(vlan)#exit1900:Switch_A#config tSwitch_A(config)#no vlan 1Switch_A(config)#no vlan 1 ^% Invalid input detected at '^' marker.Switch_A(config)#exit
The default VLAN cannot be deleted.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 18
ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.Test the VLANs functionality by moving a work station from one VLAN to another.
Background/PreparationTrunking changes the formatting of the packets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. Similar situation will occur if one of your ports is configured in trunking mode (unconditionally) and the other one as in access mode (unconditionally).When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the Hostname, access/command mode passwords, and the management LAN settings.
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway on switch.
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the host and switches configurations.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 19
Step 4 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanStep 5 Create and name three VLANs
Enter the following commands to create and name three VLANs:Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit
Step 6 Assign ports to a VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:
Step 9 Create VLANs on Switch_BRepeat Steps 5 through 9 on Switch_B to create its VLANs
Step 10 Display the VLAN interface informationOn both switches, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? _____________________________________
Step 11 Test the VLANsPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping suc cessful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 12 Create the trunkOn both switches, Switch_A and Switc h_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q.
Step 13 Verify the trunkTo verify that port Fast Ethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt.
Step 14 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 21
Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 15 Move host.Move the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.
Step 16 Test the VLANS and the trunkPing from the host in Switch_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 17 Move hostMove the host in Switch_B from port 0/12 to port 0/7. Wait until the port LED goes green and then go to the next step.
Step 18 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/7.Was the ping suc cessful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 19 Move hostsMove the host in Switch_A from port 0/8 to port 0/2. Wait until the port LED goes green and then go to the next step.
Step 20 Test the VLANS and the trunkPing from the host in Switch_A port 0/2 to the host in Switch_B port 0/7.Was the ping successful? ___________________________________________________Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 21 Move hostMove the host in Switch_B from port 0/7 to port 0/3. Wait until the port LED goes green and then go to the next step.
Step 22 Test the VLANS and the trunkPing from the host in Switc h_A port 0/2 to the host in Switch_B port 0/3.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3.Was the ping successful? ___________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 22
Why? __________________________________________________________________What conclusions can be drawn from the testing that was just performed in regards to VLAN membership and VLANs across a trunk?__________________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 23
ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Create an ISL trunk line between the two switches to allow communication between paired VLANs.Test the VLANs functionality by moving a work station from one VLAN to another.
Background/PreparationNote: The use of Catalyst 2950 switches is not appropriate for this lab as they only support 802.1q trunking.
Trunking changes the formatting of the pack ets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. A similar situation will occur if one of the ports is configured in trunking mode, unconditionally, and the other one as in access mode, unconditionally.When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway as on the switch.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 24
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switches from the host.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the host and switches configurations.
Step 4 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanStep 5 Create and name three VLANs
Enter the following commands to create and name three VLANs:Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit
Step 6 Assign ports to a VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:
Step 9 Create VLANs on Switch_BRepeat Steps 5 through 8 on Switch_B to create its VLANs.
Step 10 Display he VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? ____________________________
Step 11 Test the VLANsPing from the host in Switch_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 12 Create the ISL trunkOn both switches, Switch_A and Switc h_B, type the following command at the fastethernet 0/1 interface command prompt
Step 13 Verify the ISL trunkTo verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt.What type of trunking encapsulation is shown on the output results? __________________According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference from the Administrative Trunking Encapsulation from the Operational Trunking Encapsulation? ______________________________________________________________
Step 14 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping suc cessful? ___________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 26
Why? ___________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________
Step 15 Move hostMove the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.
Step 16 Test the VLANS and the trunkPing from the host in Switch_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________
Step 17 Move hostMove the host in Switch_B from port 0/12 to port 0/7. Wait until the port LED goes green and then go to the next step.
Step 18 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/7.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________
Step 19 Move hostMove the host in Switch_A from port 0/8 to port 0/2. Wait until the port LED goes green and then go to the next step.
Step 20 Test the VLANS and the trunkPing from the host in Switc h_A port 0/2 to the host in Switch_B port 0/7.Was the ping successful? ___________________________________________________Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________
Step 21 Move hostMove the host in Switch_B from port 0/7 to port 0/3. Wait until the port LED goes green and then go to the next step.
Step 22 Test the VLANS and the trunkPing from the host in Switc h_A port 0/2 to the host in Switch_B port 0/3.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 27
Was the ping successful? ___________________________________________________Why? ___________________________________________________________________What conclusions can be drawn from the testing that was just performed in regards to VLAN membership and VLANs across a trunk?________________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 28
ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Configure the VTP protocol to establish Server and client switches.Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.Then test the VLANs functionality by moving a work station from one VLAN to another.
Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator’s workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default.Cable a network similar to the one of in diagram. Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access, and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask, and default gateway on switch.
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the host and switches configurations.
Step 4 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanStep 5 Configure VTP
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 29
VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is the protocol that will communicate information about which VLANs exist from one switch to another. If VTP did not provide this information, VLANs would have to be created on all switches individually.By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on.
Step 6 Create and name three VLANsEnter the following commands to create and name three VLANs:
Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit
Step 7 Assign ports to VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:
Step 12 Create the trunkOn both switches, Switch_A and Switch_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q.
Step 13 Verify the trunkTo verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 31
What type of trunking encapsulation is shown on the output results? ____________________
Step 14 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanDo VLANs 10, 20, and 30 show without having to type them in? ____________________Why did this happen? ______________________________________________________
Step 15 Assign ports to a VLAN 10Although the VLAN definitions have migrated to Switch_B using VTP, it is still necessary to assign ports to these VLANs on Switch_B. Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10.
Step 18 Display the VLAN interface informationOn Switch_B, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? _________________________________
Step 19 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 20 Move hostsMove the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.
Step 21 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 33
ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Configure the VTP protocol to establish Server and client switches.Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.Then test the VLANs functionality by moving a work station from one VLAN to another.
Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator’s workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default.Cable a network similar to the one of in diagram. Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access, and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway on switch.
Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the host and switches configurations.
Step 4 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanStep 5 Configure VTP
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 34
VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is the protocol that will communicate information about which VLANs exist from one switch to another. If VTP did not provide this information, VLANs would have to be created on all switches individually.By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on.
Step 6 Create and name three VLANsEnter the following commands to create and name three VLANs:
Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit
Step 7 Assign ports to VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:
Step 12 Create the trunkOn both switches, Switch_A and Switch_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q.
Step 13 Verify the trunkTo verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 36
What type of trunking encapsulation is shown on the output results? ____________________
Step 14 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanDo VLANs 10, 20, and 30 show without having to type them in? ____________________Why did this happen? ______________________________________________________
Step 15 Assign ports to a VLAN 10Although the VLAN definitions have migrated to Switch_B using VTP, it is still necessary to assign ports to these VLANs on Switch_B. Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10.
Step 18 Display the VLAN interface informationOn Switch_B, type the command show vlan at the privileged EXEC prompt as follows:
Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? _________________________________
Step 19 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________
Step 20 Move hostsMove the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.
Step 21 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove andstore the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 38
ObjectiveCreate a static address entry in the switch MAC table.Remove the created static MAC addres s entry.
Background/PreparationCable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise.Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line option from the menu to perform the steps for this lab.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access, and command mode passwords, as well as the management LAN
settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the hosts to use the same IP subnet for the address, mas k, and the default gateway on the switch.
Step 3 Verify connectivityTo verify that the hosts and switch are correctly configured, ping the switch IP address from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switch configurations.
Step 4. Record the host MAC addressesDetermine and record the layer 2 addresses of the PC network interface cards.If running Windows 98, check by using Start > Run > winipcfg. Click on More info.If running Windows 2000, check by using Start > Run > cmd > ipconfig /all.PC1: ___________________________________________________________________PC4: ___________________________________________________________________
Step 5 Determine what MAC addresses that the switch has learnedTo determine what MAC addresses the switch has learned use the show mac-address-table
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 39
command as follows at the privileged exec mode prompt:ALSwitch#show mac-address-table
How many dynamic addresses are there? ________________________________________How many total MAC addresses are there? _______________________________________Do the MAC addresses match the host MAC addresses? _____________________________
Step 6 Determine the show MAC table optionsTo determine the options the mac-address-table command has use the ? option as follows:
ALSwitch(config)#mac-address-table ?How many options are available for the mac-address-table command? _______________There is an option to set a static MAC address in the table. Under what circumstances would this option be utilized? ____________________________________________________________
Step 7 Setup a static MAC addressSetup a static MAC address on Fast Ethernet interface 0/4 as follows:Note: Use the address that was recorded for PC4 in step 4. The MAC address 00e0.2917.1884 is used in the ex ample statement only.
Step 8 Verify the resultsEnter the following to verify the mac–address table entries.
ALSwitch#show mac-address-table
How many total MAC addresses are there now? ___________________________________How many static addresses are there? __________________________________________Under what circumstances can other static or dynamic learning of addresses occur on port 4? ________________________________________________________________________
Step 9 Remove the static MAC entryThe static mac-address-table entry may need to be reversed. To do this, enter the configuration mode and reverse the command by putting a no in front of the entire old command string as follows:Note: The MAC address 00e0.2917.1884 is used in the example statement only, use the MAC address that was rec orded for the host on port 0/4.
ObjectiveCreate a basic switch configuration.Manage the switch MAC table.
Background/PreparationCable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line_ option from the menu to perform the steps for this lab.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the hosts to use the same IP subnet for the address, mask, and default gateway as on the switch.
Step 3 Verify connectivityTo verify that hosts and switch are correctly configured, ping the switch IP address from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switch configurations.
Step 4 Record the MAC addresses of the hosta. Determine and record the layer 2 addresses of the PC network interface cards.If running Windows 98, check by using Start > Run > winipcfg, then click on More info.If running Windows 2000, check by using Start > Run > cmd > ipconfig /all.PC1: ___________________________________________________________________PC4: ___________________________________________________________________
Step 5 Determine the MAC addresses that the switch has learnedTo determine the what MAC addresses the switch has learned use the show mac-address- table
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 42
command as follows at the privileged EXEC mode prompt:ALSwitch#show mac-address-table
How many dynamic addresses are there? ________________________________________How many total MAC addresses are there? _______________________________________Why are there more MAC addresses than ports on the switch?__________________________________________________________________________How many addresses have been user defined? ___________________________________Do the MAC addresses match the host MAC addresses? _____________________________
Step 6 Determine the show MAC table optionsTo determine the options the show mac-address-table command has use the ? option as follows:
ALSwitch#show mac-address-table ?How many options are available for the show mac-address-table command? __________Show only the mac-address-tables that were learned dynamically.How many are there? _______________________________________________________
Step 7 Clear the MAC address tableTo remove the existing MAC addresses use the clear mac-address-table command from the privileged EXEC mode prompt as follows:
ALSwitch#clear mac-address-table dynamicStep 8 Verify the results
Verify that the mac-address-table was cleared as follows:ALSwitch#show mac-address-table
How many total MAC addresses are there now? ___________________________________Why are there so many? ____________________________________________________How many dynamic addresses are there? ________________________________________
Step 9 Determine the clear MAC table optionsTo determine the options available use the command clear mac-address-table ? at the privileged EXEC mode prompt as follows:
ALSwitch#clear mac-address-table ?How many options are there? _________________________________________________In what circumstances would these options be used? _______________________________
Step 10 Examine the MAC table againLook at the MAC address table again using the show mac-address-table command at the privileged EXEC mode prompt as follows:
ALSwitch#show mac-address-tableHow many dynamic addresses are there? ________________________________________Why did this change from the last display? _______________________________________The table has not changed yet, ping the switch IP address from the hosts two times each and repeat Step 10.
Step 11 Exit the switchType exit, as follows to leave the switch welcome screen
witch#exitOnce the steps are completed, logoff, by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Switch>enable
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 43
ObjectiveCreate a basic switch configuration and verify it.Determine which switch is selected as the root switch with the factory default settings.Force the other switch to be selected as the root switch.
Background/PreparationCable a network similar to the one in the diagram. The c onfiguration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise.Start a HyperTerminal session.
Step 1 Configure the switchesConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchesConfigure the host to use the same subnet for the address, mask, and default gateway on switch.
Step 3 Verify connectivityTo verify that the hosts and switches are correctly configured, ping the switches from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switches configurations.
Step 4 Display the show interface VLAN optionsType show interface vlan1.List some of the options available: ________________ _______________ _____________
Step 5 Display VLAN interface informationOn Switch_A, type the command show interface VLAN1 at the privileged EXEC mode prompt as follows:
Switch_A#show interface vlan 1What is the MAC address of the s witch? _________________________________________On Switch_B type the command show interface VLAN1 at the privileged EXEC mode prompt as follows:
Switch_B#show interface vlan 1
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 46
What is the MAC address of the s witch? _________________________________________Which switch should be the root of the spanning tree for VLAN 1? ______________________
Step 6 Display the spanning tree table on each switchAt the privileged EXEC mode prompt, type the following on Switch_A:
Type show spanning-tree brief if running version 12.0 of the IOS. If running version 12.1 of the IOS, type show spanning-tree.Switch_A#show spanning-tree brief
On Switch_B type show spanning-tree brief at the privileged EXEC mode prompt as follows:Switch_B#show spanning-tree brief
Examine the output and ans wer the following questions.Which switch is the root switch? _______________________________________________What is the priority of the root switch? ___________________________________________What is the bridge id of the root switch? _________________________________________Which ports are forwarding on the root switch? ____________________________________Which ports are blocking on the root switch? ______________________________________What is the priority of the non-root switch? _______________________________________What is the bridge id of the non-root switch? ______________________________________Which ports are forwarding on the non-root switch? _________________________________Which ports are blocking on the non-root switch? __________________________________What is the status of the link light on the blocking port? ______________________________
Step 7 Reassign the root bridgeIt has been determined that the switch selected as the root bridge, by using default values, is not the best choice. It is necessary to force the 登 ther_ switch to become the root s witch.In the example output given the root switch by default, is Switch_A. Switch_B is preferred as the root switch. Go to the console and enter configuration mode if necessary.Determine the parameters that can be configured for the Spanning-Tree Protocol by issuing the following:
Switch_B(config)#spanning-tree ?List the options. _____________ _____________ _____________ _____________
_____________ _____________ _____________ _____________Set the priority of the switch that is not root to 4096.
If version 12.0 is used, enter the following:Switch_B(config)#spanning-tree priority 1Switch_B(config)#exit
If version 12.1 is used, enter the following:Switch_B(config)#spanning-tree vlan 1 priority 4096Switch_B(config)#exit
Step 8 Display the switch spanning tree tableAt the privileged EXEC mode prompt, type the following on Switch_A:Note: Type show spanning-tree brief if running version 12.0 of the IOS. If running version 12.1 of the IOS, type show spanning-tree.
Switch_A#show spanning-tree briefOn Switch_B type show spanning-tree brief at the privileged EXEC mode prompt as follows:
Switch_B#show spanning-tree brief
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 47
Examine the output and ans wer the following questions.Which switch is the root switch? _______________________________________________What is the priority of the root switch? ___________________________________________Which ports are forwarding on the root switch? ____________________________________Which ports are blocking on the root switch? ______________________________________What is the priority of the non-root switch? _______________________________________Which ports are forwarding on the non-root switch? _________________________________Which ports are blocking on the non-root switch? __________________________________What is the status of the link light on the blocking port? ______________________________
Step 9 Verify the running configuration file on the root switchOn the switch that was changed to be the root bridge, type show running-config at the privileged EXEC mode prompt.Is there an entry in the running configuration file that s pecifies the spanning tree priority of this router? ______________________________________________________________What does that entry say? ___________________________________________________Note: The output is different depending on if the IOS used is vers ion 12.0 or version 12.1.Once the steps are complete, log off by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Erasing and Reloading the SwitchAs done in previous labs.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 48
ObjectiveCreate and verify a basic switch configuration.Configure port security on individual FastEthernet ports.
Background/PreparationCable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are intended to be executed on each switch unless specifically instructed otherwise.Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the hosts to use the same IP subnet for the address, mas k, and default gateway as on the switch.There is a third host needed for this lab. It needs to be configured with the address 192.168.1.7. The subnet mask is 255.255.255.0 and the default gateway is 192.168.1.1.Note: Do not connect this PC to the switch yet.
Step 3 Verify connectivityTo verify that hosts and switch are correctly configured, ping the switch IP address from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switch configurations.
Step 4 Record the host MAC addressesDetermine and record the layer 2 addresses of the PC network interface cards.If running Windows 98, check by using Start > Run > winipcfg. Click on More info.If running Windows 2000, check by using Start > Run > cmd > ipconfig /all.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 49
Step 5 Determine what MAC addresses that the switch has learnedDetermine what MAC addresses the switch has learned by using the show mac-address-table command, as follows, at the privileged exec mode prompt:
ALSwitch#show mac-address-tableHow many dynamic addresses are there? ________________________________________How many total MAC addresses are there? _______________________________________Do the MAC addresses match the host MAC addresses? _____________________________
Step 6 Determine the show MAC table optionsEnter the following to determine the options the mac-address-table command has use the ?
option:ALSwitch(config)#mac-address-table ?
Step 7 Setup a static MAC addressSetup a static MAC address on FastEthernet interface 0/4 as follows:Note: Use the address that was recorded for PC4 in Step 4. The MAC address 00e0.2917.1884 is used in the ex ample statement only.
Step 8 Verify the resultsEnter the following to verify the mac–address table entries.
ALSwitch#show mac-address-tableHow many total MAC addresses are there now? ___________________________________
Step 9 List port security optionsDetermine the options for setting port security on interface FastEthernet 0/4. Type port security ? from the interface configuration prompt for FastEthernet port 0/4 as follows:
ALSwitch(config)#interface fastethernet 0/4ALSwitch(config-if)#switchport port-security ?aging Port-security aging commandsmac-address Secure mac addressmaximum Max secure addrsviolation Security Violation Mode<cr>1900:ALSwitch(config)#interface ethernet 0/4ALSwitch(config-if)#port secure ?max-mac-count Maximum number of addresses allowed on the port<cr>2950:ALSwitch(config-if)#switchport port-security ?
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 50
aging Port-security aging commandsmac-address Secure mac addressmaximum Max secure addrsviolation Security Violation Mode<cr>To allow the switchport FastEthernet 0/4 to accept only one device enter port security as follows:ALSwitch(config-if)#switchport mode accessALSwitch(config-if)#switchport port-securityALSwitch(config-if)#switchport port-security mac-address sticky1900:ALSwitch(config-if)#port secure
Step 10 Verify the resultsEnter the following to verify the mac –address table entries:
ALSwitch#show mac-address-tableHow are the address types listed for the two MAC addresses? ______________________Show port security settings
Step 11 Show the running configuration fileAre there statements that directly reflect the security implementation in the listing of the running configuration? ____________________________________________________________What do those statements mean?__________________________________________________________________________
Step 12 Limit the number of hosts per portOn interface FastEthernet 0/4 set the port security maximum MAC count to 1 as follows:
Disconnect the PC attached to FastEthernet 0/4. Connect to the port on the PC that has been given the IP address 192.168.1.7. This PC has not yet been attached to the switch. It may be necessary to ping the switch address 192.168.1.2 to generate some traffic.Record any observations. _____________________________________________________________________________________________________________________________
Step 13 Configure the port to shut down if there is a security violationIt has been decided that in the event of a security violation the interface should be shut down. Enter the following to make the port security action to shutdown:
ALSwitch(config-if)#port security action shutdown1900:The default action upon address violation is uspend
What other action options are available with port security? ____________________________If necessary, ping the switch address 192.168.1.2 from the PC 192.168.1.7. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.Record any observations.____________________________________________________________________________________________________________________________________________________
Step 14 Show port 0/4 configuration informationTo see the configuration information for just FastEthernet port 0/4, type show interface fastethernet 0/4, as follows, at the privileged exec mode prompt:
ALSwitch#show interface fastethernet 0/41900:
ALSwitch#show interface ethernet 0/4What is the state of this interface?
FastEthernet0/4 is _________________________, line protocol is ____________________1900:
ALSwitch#show interface ethernet 0/4What is the state of this interface?
Ethernet 0/4 is _________________________, line protocol is _______________________
Step 15 Reactivate the portIf a security violation occurs and the port is shut down, use the no shutdown command to reactivate it.Try reactivating this port a few times by switching between the original port 0/4 host and the new one. Plug in the original host, type the no shutdown command on the interface and ping using the DOS window. The ping will have to be repeated multiple times or use the ping 192.168.1.2 –n 200 command. This will set the number of ping packets to 200 instead of 4. Then switch hosts and try again.
Step 16 Exit the switchType exit, as follows, to leave the switch welcome screen:
Switch#exitOnce the steps are completed, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 52
ObjectiveConfigure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols.
Background/PreparationSetup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Step 1 Configure both routersEnter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.
Step 2 Configure the workstationsConfigure the workstations with the proper IP address, subnet mask, and default gateway.Check connectivity between the workstations using ping.
C:\>ping 192.168.16.2Pinging 192.168.16.2 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 192.168.16.2:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0ms
Was the ping successful? __________________________________________________Why did the ping fail? ______________________________________________________
Step 3 Check interface statusCheck the interfaces on both routers with the command show ip interface brief.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 53
Are all the necessary interfaces up? ____________________________________________
Step 4 Check the routing table entriesUsing the command show ip route, view the IP routing table for GAD.
GAD>show ip routeoutput eliminatedGateway of last resort is not setC 192.168.14.0/24 is directly connected, FastEthernet0C 192.168.15.0/24 is directly connected, Serial0
Use the command show ip route, view the IP routing table for BHM.BHM>show ip route
Output eliminated.Gateway of last resort is not setC 192.168.15.0/24 is directly connected, Serial0C 192.168.16.0/24 is directly connected, FastEthernet0
Are all of the routes needed in the routing tables? __________________________________Can a host on subnet 192.168.16.0 see a host on network 192.168.14.0? _________________If a route is not in the routers to which the host is connected, the host cannot reach the destination host.
Step 5 Adding static routesHow can this situation be changed so that the hosts can ping each other?
Add static routes to each router or run a routing protocol.In global configuration mode, add a static route on Router1 to network 192.168.16.0 and on
Why is a static route needed on both routers? ___________________________________
Step 6 Verify the new routesUse the command show ip route, view the IP routing table for GAD.
GAD>show ip routeoutput eliminatedGateway of last resort is not setC 192.168.14.0/24 is directly connected, FastEthernet0C 192.168.15.0/24 is directly connected, Serial0S 192.168.16.0/24 [1/0] via 192.168.15.2
Using the command show ip route, view the IP routing table for BHM.BHM>show ip routeOutput eliminated.Gateway of last resort is not setS 192.168.14.0/24 [1/0] via 192.168.15.1C 192.168.15.0/24 is directly connected, Serial0C 192.168.16.0/24 is directly connected, FastEthernet0
Are all of the routes needed in the routing tables? __________________________________Can a host on subnet 192.168.16.0 see a host on network 192.168.14.0? _________________
Step 7 ping host to host againJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 54
Check connectivity between the workstations using ping.C:\>ping 192.168.16.2Pinging 192.168.16.2 with 32 bytes of data:Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Ping statistics for 192.168.16.2:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 20ms, Maximum = 20ms, Average = 20ms
If the ping was not success ful, check routing table to make sure static routes are entered correctly.Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 55
ObjectiveConfigure RIP routing and add default routes (gateways) to the routers.Remove RIP and the default routes.Configure IGRP routing and add default routes (gateways) to the routers.
Background/PreparationThis lab shows the purpose of the gateway of last resort, also known as the default gateway.Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination may be used. Start a HyperTerminal session.
Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in chart.Then configure the console, virtual terminal and enable passwords.
Step 2 Configure hosts with the proper IP address, subnet mask and default gatewayStep 3 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the hos t attached to GAD, is it possible to ping the BHM router FastEthernet interface?__________________________________________________________________________From the hos t attached to BHM, is it possible to ping the GAD router FastEthernet interface?__________________________________________________________________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 4 Make sure that routing updates are being sentType the command debug ip rip and the privileged exec mode prompt. Wait for at least 45 seconds.Was there any output from the debug command? __________________________________What did the output display? _________________________________________________Type undebug all to turn off debugging.
Step 5 Show the routing tables for each routerJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 56
Examine the routing table entries, by using show ip route command on each router.What are the entries in the GAD routing table?__________________________________________________________________________What are the entries in the BHM routing table?__________________________________________________________________________
Step 6 Add the default route to the BHM routerEnter the command ip route 0.0.0.0 0.0.0.0 172.17.0.1 at the configuration mode prompt.Type show ip route at the privileged exec mode.What is the Gateway of last resort listed? ________________________________________What does the gateway of last resort mean? ______________________________________
Step 7 Add the default route to the GAD routerEnter the command ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration prompt.Type show ip route at the privileged exec mode.What is the Gateway of last resort listed? ________________________________________Are there any other new entries in the routing table? ________________________________
Step 8 Remove RIP routing from both routersTo remove RIP routing type the no router rip command at the configuration mode prompt. Then ping the FastEthernet 0 interface on the GAD router from the BHM router.What were the results of the ping? _____________________________________________Why was the ping successful? ________________________________________________
Step 9 Remove the default route from just the GAD routerRemove the gateway of last resort on the GAD router by typing the no ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration mode prompt on the GAD router.Type show ip route at the privileged exec mode.What is the Gateway of last resort listed? ________________________________________Why is the gateway gone? ___________________________________________________Ping the FastEthernet 0 interface on the GAD router from the BHM router.What were the results of the ping? _____________________________________________Why was the ping successful? ________________________________________________Ping the FastEthernet 0 interface on the BHM router from the GAD router.What were the results of the pings? ____________________________________________Why was the ping unsuccessful? ______________________________________________Remove the gateway of last resort from the BHM router.
Step 10 Remove RIP routing from the routers and use IGRP insteadRemove the RIP routing by using the no form of the RIP routing command. Then set up IGRP routing using 30 as the AS number. Remember to wait for the routes to propagate to the other router.Check the new routing protocol by typing show ip route at the privileged exec mode prompt. There should be two connected and IGRP route in the listing.
Step 11 Enter a default network entry on the BHM routerEnter the command ip default-network 172.17.0.0 at the configuration mode promptType the show ip route command at the privileged exec mode.Is there a default route listed? ________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 57
ObjectiveSetup an IP addressing scheme using class B networks.Configure the RIP dynamic routing protocol on routers.
Background/PreparationSetup a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used.Start a HyperTerminal session.
Step 1 Configure the routersFrom the global configuration mode, configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.
Step 2 Check the routing table entriesUsing the command show ip route, view the IP routing table for GAD.
GAD>show ip routeoutput eliminatedGateway of last resort is not setC 172.16.0.0/24 is directly connected, FastEthernet0C 172.17.0.0/24 is directly connected, Serial0
Using the command show ip route, view the IP routing table for BHM.BHM>show ip routeoutput eliminatedGateway of last resort is not setC 172.17.0.0/24 is directly connected, Serial0C 172.18.0.0/24 is directly connected, FastEthernet0
Step 3 Configure the routing protocol on the Gadsden routerFrom the global configuration mode, enter the following:
GAD(config)#router rip
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 58
Step 6 Save the Birmingham router configurationBHM#copy running-config startup-config
Step 7 Configure hosts with the proper IP address, subnet mask and default gatewayStep 8 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface?_________________________________________________________________From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface?_________________________________________________________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 9 Show the routing tables for each routerFrom the enable or privileged EXEC mode, examine the routing table entries using the show ip route command on each router.What are the entries in the GAD routing table?______________________________________________________________________What are the entries in the BHM routing table?______________________________________________________________________Upon completion of the previous steps, log off by typing exit and turn the router off.
Erasing and reloading the routerAs done previously.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 59
ObjectiveConfigure RIP v1 on routers.Convert to RIP v2 on routers.
Background/PreparationCable a network similar to the shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500 and 2600 or any such combination can be used.Start a HyperTerminal session.
Step 1 Configure the routersOn the routers, configure the hostnames as well as the console, virtual terminal, and enable passwords. Next configure the serial IP address and clock rate and the Fast Ethernet IP address interfaces. Finally configure IP host names.
Step 2 Configure the routing protocol on the Gadsden routerGo to proper command mode and configure RIP routing on the Gadsden router according to chart.
Step 3 Save the Gadsden router configurationAny time that changes are correctly made to the running configuration, they should be saved to the startup configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not saved in the startup configuration will be lost.
Step 4 Configure the routing protocol on the Birmingham routerGo to proper command mode and configure RIP routing on the Birmingham router according to chart.
Step 5 Save the Birmingham router configurationStep 6 Configure hosts with the proper IP address, subnet mask, and default gatewayStep 7 Verify that the internetwork is functioning by pinging the FastEthernet interface ofthe other router
From the host attached to GAD, ping the other host attached to the BHM router. Was the ping successful? ___________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 60
From the host attached to BHM, ping the other host attached to the GAD router. Was the ping successful? ___________________________________________________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 8 Enable RIP version 2 routingEnable version 2 of the RIP routing protocol on both of the routers Gadsden and Birmingham.
Step 9 Ping all of the interfaces on the network from each hostWere all of the interfaces still able to be pinged? ___________________________________If not, troubleshoot the network and ping again.Once the previous steps are completed, logoff by typing exit, and turn the router off. Then remove and store the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 61
ObjectiveSetup IP an addressing scheme using class C network s.Configure IGRP on routers.
Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.
Step 2 Configure the routing protocol on the Gadsden routerConfigure IGRP using AS 101 on GAD. Go to the proper command mode and enter the following:
Step 3 Save the Gadsden router configurationGAD#copy running-config startup-config
Step 4 Configure the routing protocol on the Birmingham routerConfigure IGRP using AS 101 on BHM. Go to the proper command mode and enter the following:
gatewayStep 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the hos t attached to GAD, is it possible to ping the BHM host? ____________________From the hos t attached to BHM, is it possible to ping the GAD host? ____________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 8 Show the routing tables for each routerFrom the enable or privileged exec mode do the following:Examine the routing table entries by using the show ip route command on each router.What are the entries in the GAD routing table?_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________What are the entries in the BHM routing table?____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Step 9 Verify the routing protocolType show ip protocol on both routers to verify IGRP is running and that it is the only protocol running.Is IGRP the only protocol running on GAD? ______________________________________Is IGRP the only Protocol running on BHM? ______________________________________
Step 10 Verify IGRP statements in the running configuration of both routersUse the show run | begin igrp command on both routers.List the IGRP part of the configuration for GAD:______________________________________________________________________________________________________________________________________________________________________________________________________________________________
Step 11 Verify IGRP routing updatesType debug ip igrp events on the GAD router at the privileged exec mode.Are routing updates being displayed? ___________________________________________Where are the updates being sent to? ___________________________________________Where are the updates being received from? _____________________________________Turn off debugging.
Step 12 Verify IGRP routing updatesType debug ip igrp transactions on the GAD router at the privileged exec mode.How are the outputs of these two debug commands debug ip igrp events and debug ip igrp transactions different?______________________________________________________________________________________________________________________________________________________________________________________________________________________________Turn off debugging.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 63
Step 13 Analyze specific routesType show ip route 192.168.25.0 on the GAD router at the privileged exec modeWhat is the total delay for this route? ___________________________________________What is the minimum bandwidth? ______________________________________________What is the Reliability of this route? ____________________________________________What is the minimum MTU size for this route? _____________________________________Type show ip route for another network address on the router.What is the total delay for this route? ______________________________________________What is the minimum bandwidth? ________________________________________________What is the Reliability of this route? ______________________________________________What is the minimum MTU size for this route? ______________________________________Upon completion of the previous steps, log off by typing exit and turn the router off.
Erasing and reloading the routerAs done previously.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 64
ObjectiveConfigure a default route and use RIP to propagate this default information to other routers.Migrate the network from RIP to IGRP.Configure default routing to work with IGRP
Background/PreparationIn this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used.Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.
Step 2 Configure hosts with the proper IP address, subnet mask and default gateway
Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.
Step 3 Check Basic Routing ConfigurationEnter show ip protocol command on each router.In the configuration, is Router RIP displayed? ________________________________________
Step 4 Verify connectivityTo verify connectivity of the network just setup, ping all interfaces from each of the attached
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 65
hosts. If all interfaces can not be pinged, correct the configuration until all interfaces can be pinged.
Step 5 Configure Centre as the connection to the Internet Service Provider (ISP)Configure Centre to simulate the exis tence of an outside network. The link between the company and its ISP is simulated by configuring a loopback interface with an IP address. Enter the following commands on the Centre router:
Note: If 172.16.1.1 is pinged from the Centre console, the loopback interface replies.From the Boaz console, attempt to ping 172.16.1.1. This ping should fail because the 172.16.0.0/16 network is not in the Boaz routing table.If no default route exists, what does a router do with a pack et destined for a network that is not in its table? _____________________________________________________________________
Step 6 Setup up a default route on the Centre routerA default route must be c reated on the Centre router pointed at the simulated ISP. Issue the following command on the Centre router in the configuration mode.
Centre(config)#ip route 0.0.0.0 0.0.0.0 loopback0This command static ally configures the default route. The default route directs traffic destined for network s that are not in the routing table to the ISP WAN link or loopback 0.Unless IOS version 12.1 is used, RIP automatically propagates statically defined default routes. Therefore, depending on the IOS version, RIP may need to be explicitly configured to propagate this 0.0.0.0/0 route. Enter these commands on the Centre router in the proper command mode:
Step 7 Verify the routing tablesNow check the routing tables of Mobile and Boaz using the show ip route command. Verify that they both have received and installed a route to 0.0.0.0/0 in their tables .On Boaz, what is the metric of this route? ________________________________________On Mobile, what is the metric of this route? _______________________________________Mobile and Boaz still do not have routes to 172.16.0.0/16 in their tables. From Boaz, ping 172.16.1.1. This ping should be successful.Why does the ping to 172.16.1.1 work, even though there is no route to 172.16.0.0/16 in the Boaz routing table? _____________________________________________________________Check to be sure that Mobile can also ping 172.16.1.1. Troubleshoot, if nec essary.
Step 8 Migrate the network from RIP to IGRPWith default routing now work ing, it is necessary to migrate the network from RIP to IGRP for testing purposes. Issue the following command on all three routers :
Mobile(config)#no router ripWith RIP removed from each router’s configuration, configure IGRP on all three routers using AS 24, as shown:
Use ping and show ip route to verify that IGRP is working properly. Do not worry about the 172.16.1.1 loopback address on Centre yet.
Step 9 Check Centre’s routing table for the static default routeCheck the Centre routing table. The static default route to 0.0.0.0/0 should still be there. To propagate this route with RIP, the default-information originate command was issued. Depending on the IOS version, this might not be necessary. The default-information originate command is not available in an IGRP configuration. Therefore, it may be necessary to use a different method to propagate default information in IGRP.On Centre, issue the following commands:
These commands configure IGRP to update its neighbor routers about the network 172.16.0.0/16, which includes the simulated ISP link or loopback 0. Not only will IGRP advertise this network, but the ip default-network command also will flag this network as a candidate default route. This will be shown by an asterisk in the routing table. When a network is flagged as a default, that flag stays with the route as it passed from neighbor to neighbor by IGRP.Check the routing tables of Mobile and Boaz. If they do not yet have the 172.16.0.0/16 route with an asterisk, it may be necessary to wait for another IGRP update. This may take up to 90 seconds.Issue the clear ip route * command on all three routers in order to force them to immediately s end new updates.When the 172.16.0.0/16 route appears as a candidate default in all three routing tables, proceed to the next step.
Step 10 Create a second loopback interface on Centre to test the default routeBecause the 172.16.0.0/16 network is known explicitly by Mobile and Boaz, it will be necessaryto create a second loopback interface on Centre to test the default route. Issue the followingcommands on Centre:
Centre(config)#interface loopback1Centre(config-if)#ip address 10.0.0.1 255.0.0.0 This loopback interface simulates another external network.
Return to Mobile and c heck its routing table using the show ip route command.Is there a route to the 10.0.0.0/8 network? _______________________________________
From Mobile, ping 10.0.0.1. This ping should be successful.If there is no route to 10.0.0.0/8 and no route to 0.0.0.0/0, why does this ping succeed?______________________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 67
ObjectiveConfigure RIP v1 and v2 on routers.Use show commands to verify RIP v2 operation.
Background/PreparationCable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.
Step 1 Configure the routersOn the routers, configure the hostnames as well as the console, virtual terminal, and enable passwords. Next configure the serial interface IP address and clock rate and the Fast Ethernet interface IP address. Finally configure IP host names. . Optional interface descriptions and message of the day banners may also be configured. Be sure to save the configurations just created.
Step 2 Configure the routing protocol on the Gadsden routerGo to the correct command mode and configure RIP routing on the Gadsden router according to the chart.
Step 3 Save the Gadsden router configurationAny time that changes are correctly made to the running configuration, they should be saved to the startup configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not saved in the startup configuration will be lost.
Step 4 Configure the routing protocol on the Birmingham routerGo to the correct command mode and configure RIP routing on the Birmingham router according to the chart.
Step 5 Save the Birmingham router configurationStep 6 Configure hosts with the proper IP address, subnet mask, and default gatewayStep 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to the GAD, ping the other host attached to the BHM router. Was the ping
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 68
successful? ________From the host attached to the BHM, ping the other host attached to the GAD router. Was the ping successful? ________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Step 8 Show the routing tables for each routerFrom the enable privileged EXEC mode, examine the routing table entries using command show ip route command on each router.What are the entries in the GAD routing table?______________________________________________________________________________________________________________________________________________________________________________________________________________________________What are the entries in the BHM routing table?______________________________________________________________________________________________________________________________________________________________________________________________________________________________
Step 9 Enable RIP v2 routingEnable version 2 of the RIP routing protocol on both of the routers, Gadsden and Birmingham.
Step 10 Show the routing tablesShow the routing tables on both routers again.Have they changed now that RIP v2 is now being used instead of RIP v1? ________________What is the difference between RIP v2 and RIP v1? ________________________________What must be done in order to see a difference between RIP v2 and RIP v1?__________________________________________________________________________
Step 11 Change the Fast Ethernet IP subnet mask on the Gadsden routerChange the subnet mask on router GAD from a class B (255.255.0.0) to a Class C (255.255.255.0). Use the same IP address.
How does this change affect the address for the FastEthernet interface?__________________________________________________________________________
Step 12 Show the GAD routing tableShow the GAD routing table.Has the output changed with the addition of a subnetted IP address? ________________How has it changed? _______________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 69
Step 13 Show the BHM routing tableShow the BHM routing table.Has the output changed with the addition of a subnetted IP address? _____________
Step 14 Change the network addressing schemeChange the addressing scheme of the network to a single c lass B network with a class C subnet (8-bits of subnetting).On the BHM router:
On the GAD router:GAD(config)#interface serial 0GAD(config-if)#ip address 172.16.1.1 255.255.255.0GAD(config-if)#exit
Step 15 Show the routing tableShow the GAD routing table.Has the output changed with the addition of subnetted IP addresses? ________________How has it changed? _______________________________________________________
Step 16 Show the routing tableShow the BHM routing table.Has the output changed with the addition of a subnetted IP address? ________________
Step 17 Change the host configurationsChange the host configuration to reflect the new IP addressing scheme of the network
Step 18 Ping all of the interfaces on the network from each hostWere all of the interfaces still able to be pinged? __________________________________If not, troubleshoot the network and ping again.
Step 19 Use show ip route to see different routes by typeEnter show ip route connected on the GAD router.What networks are displayed? ________________________________________________What interface is directly connected? ___________________________________________Enter show ip route ripList the routes listed in the routing table? _________________________________________What is the administrative distance? ____________________________________________Enter show ip route connected on the BHM router.What networks are displayed? ________________________________________________What interface is directly connected? ___________________________________________Enter show ip route ripList the routes listed in the routing table? _________________________________________
Step 20 Use the show IP protocol commandEnter show ip protocol on the GAD router.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 70
When will the routes be flushed? ______________________________________________What is the default distance listed for RIP? _______________________________________
Step 21 Remove the version 2 optionRemove the version 2 option on the RIP configuration for both routers.
Step 22 Show the routing tableShow the GAD routing table.Has the output changed now that version 2 of RIP was removed? ______________________
Step 23 Show the routing tableShow the BHM routing table.Has the output changed now that version 2 of RIP was removed? ______________________Once the previous steps are completed, log off by typing exit, and turn the router off. Then remove and store the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 71
ObjectiveSet up an IP addressing scheme using class B networks.Configure RIP on routers.Observe routing activity using the debug ip rip command.Examine routes using the show ip route command.
Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used.Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.
Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords according to the chart.
Step 2 Configure the hosts with the proper IP address, subnet mask and default gatewayStep 3 Make sure that routing updates are being sent
Type command debug ip rip and the privileged EXEC mode prompt. Wait for at least 45 seconds.Was there any output from the debug command? __________________________________What did the output show ? __________________________________________________To turn off specific debug commands type the no option, for example no debug ip rip events. To turn off all debug commands type undebug all.
Step 4 Show the routing tables for each routerFrom the enable or privileged EXEC mode, examine the routing table entries, using show ip route command on each router.What are the entries in the GAD routing table?__________________________________________________________________________What are the entries in the BHM routing table?
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 72
Step 5 Show the RIP routing table entries for each routerEnter show ip route ripList the routes listed in the routing table? _________________________________________What is the administrative distance? ____________________________________________
Step 6 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface?__________________________________________________________________________From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface?__________________________________________________________________________If the answer is no for either question, troubleshoot the router configurations using show ip route to find the error. Also check the workstation IP settings. Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, log off by typing exit and turn the router off.
Erasing and reloading the routerAs done Previously
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 73
ObjectiveObserve unequal-cost load balancing.Tune IGRP networks by using advanced debug commands.
Background/PreparationIn this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well.Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the routersOn the routers, enter the global configuration mode and configure the hostname Finally configure IGRP routing on the routers using the Autonomous System (AS) of 34.
Step 2 Configure bandwidth on the Madison router interfacesIn order to make unequal cost load balancing to work, it is necessary need to establish different metrics for the IGRP routes. This is done with the bandwidth command. The serial 0 interface will be set to a bandwidth of 56K and the serial 1 interface will be set to a value of 384K. The route-cache must also be turned off for load balancing. Both serial interfaces must use process switching. Process switching forces the router to look in the routing table for the destination network of each routed packet. In contras t fast-switching, which is the default, stores the initial table lookup in a high-speed cache and uses the info to route packets to the same destination.Enter the following statements on the Madison router:
MAD(config)#interface serial 0/0MAD(config-if)#bandwidth 56MAD(config-if)#no ip route-cache
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 74
MAD(config-if)#interface serial 0/1MAD(config-if)#bandwidth 384MAD(config-if)#no ip route-cache
Because the IGRP metric includes bandwidth in its calculation, bandwidth must be manually configured on the serial interfaces in order too ensure accuracy. For the purposes of this lab, the alternative paths to network 192.168.41.0 from the Madison router are not of unequal cost until the appropriate bandwidths are set.Use the show interface command output to verify the correct bandwidth settings and the show ip interface command to ensure that fast switching is disabled.Can the bandwidth of Ethernet interfaces be set manually? _______________________________
Step 3 Configure hosts with the proper IP address, subnet mask and default gateway
Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.
Step 4 Use the variance command to configure unequal-cost load balancingThe variance value determines whether IGRP will accept unequal-cost routes. An IGRP router will only accept routes equal to the loc al best metric for the destination multiplied by the variance value. So if the local best metric of an IGRP router for a network is 10476, and the variance is 3, the router will accept unequal-cost routes with any metric up to 31428 or 10,476 x 3. This is as long as the advertising router is closer to the destination. An IGRP router accepts only up to four paths to the same network Note: An alternate route is added to the route table only if the next-hop router in that path is closer to the destination (has a lower metric value) than the current route.By default, IGRP variance is set to 1, which means that only routes that are exactly 1 times the local best metric are installed. Therefore, a variance of 1 disables unequal-cost load balancing. Configure the Madison router to enable unequal-cost load balancing using the following commands:
According to the help feature, what is the maximum variance value? _______________________Check the Madison routing table. It should have two routes to network 192.168.33.0 with unequal metrics.What is the IGRP metric for the route to 192.168.33.0 through serial 0? ______________________What is the IGRP metric for the route to 192.168.33.0 through serial 1? ______________________
Step 5 Check Basic Routing ConfigurationEnter show ip protocol command on each router.Enter the command show ip route on both routers. List how the route is connected (directly, IGRP), the IP address and via through what network . There should be four routes in each table.Circle the evidence of load balancing in the above output.
Step 6 Verify per-packet load balancingBecause there are two routes to the destination network , half the packets will be sent along one path, and half will travel over the other. The path selection alternates with each packet received.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 75
Observe this process by using the debug ip packet command on the Madison router.Send a 30 ping packets across the network from the host attached to Milwaukee router to the host attached to the Madison routerExamine and record part of the debug output.What is the evidence of load balancing in the output? ____________________________________
Step 7 Verify per-destination load balancingAfter verifying per-packet load balancing, configure the router to use per-destination load balancing. Both serial interfaces must use fast switching s o that the route-cache can be used after the initial table lookup.Use the command ip route-cache on both serial interfaces of the Madison router.Use the show ip interface to verify that fast switching is enabled.Is fast switching enabled? ________________________________________________________The routing table is consulted only once per destination. Therefore, packets that are part of a packet train to a specific host will all follow the same path. Only when a second destination forces another table lookup or when the cached entry expires will the alternate path be used.Use the debug ip packet command and ping across the network. Note which serial interface the packet was sent out on.Use the debug ip packet command and ping across the network. Note which serial interface the packet was sent out on.Examine and record part of the debug output.Which serial interface was the packet sent out on? ________________________________________Upon completion of the previous steps, log off by typing exit and turn the router off.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 76
ObjectiveSetup an IP addressing scheme for the network .Configure and verify Enhanced Interior Gateway Routing Protocol (EIGRP) routing.
Background/PreparationCable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.Start a HyperTerminal session.
Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according to the chart. Finally, configure the IP hostnames. Do not configure the routing protocol until specifically told to
Step 2 Save the configuration information from the privileged EXEC command mode
Step 3 Configure hosts with the proper IP address, subnet mask and default gateway
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window.At this point the workstations will not be able to communicate with each other. The following steps will demonstrate the process required to get communication working using EIGRP as the routing protocol.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 77
Step 4 View the routers configuration and interface informationAt the privileged EXEC mode prompt type:
Paris#show running-configUsing the show ip interface brief command, check the status of each interface.What is the state of the interfaces on each router?
Ping from one of the connected serial interfaces to the other.Was the ping suc cessful? ___________________________________________________If the ping was not successful, troubleshoot the routers configuration, until the ping is successful.
Step 5 Configure EIGRP routing on router ParisEnable the EIGRP routing process on Paris, and configure the networks it will advertise. Use EIGRP autonomous system number 101.
Show the routing table for the Paris router.Paris#show ip route
Are there any entries in the routing table? _____________________________________Why? __________________________________________________________________
Step 6 Configure EIGRP routing on router WarsawEnable the EIGRP routing process on Warsaw, and configure the networks it will advertis e. Use EIGRP autonomous system number 101.
ObjectiveSetup an IP addressing scheme for OSPF area 0.Configure and verify Open Shortest Path First (OSPF) routing.
Background/PreparationCable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.Start a HyperTerminal session.
Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according to the chart. Finally, configure the IP hostnames. Do not configure the routing protocol until specifically told to.
Step 2 Save the configuration information from the privileged EXEC command mode
Why save the running configuration to the startup configuration?____________________________________________________________________________________________________________________________________________________
Step 3 Configure the hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start >Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window.At this point the workstations will not be able to communicate with each other. The following
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 79
steps will demonstrate the process required to get communication working using OSPF as the routing protocol.
Step 4 View the routers configuration and interface informationAt the privileged EXEC mode prompt type:
Berlin#show running-configUsing the show ip interface brief command, check the status of each interface.What is the state of the interfaces on each router?
Ping from one of the connected serial interfaces to the other.Was the ping successful? __________________________________________If the ping was not successful, troubleshoot the router configuration, until the ping is successful.
Step 5 Configure OSPF routing on router BerlinConfigure an OSPF routing process on router Berlin. Use OSPF process number 1 and ensure all networks are in area 0.
Berlin(config)#router ospf 1Berlin(config-router)#network 192.168.1.128 0.0.0.63 area 0Berlin(config-router)#network 192.168.15.0 0.0.0.3 area 0Berlin(config-router)#end
Examine the routers running configurations files.Did the IOS version automatically add any lines under router OSPF 1? _______________If so, what did it add?_________________________________________________If there were no changes to the running configuration, type the following commands:
Show the routing table for the Berlin router.Berlin#show ip route
Are there any entries in the routing table? __________________________Why? _______________________________________________________
Step 6 Configure OSPF routing on router RomeConfigure an OSPF routing process on each router Rome. Use OSPF process number 1 and ensure all networks are in area 0.
Rome(config)#router ospf 1Rome(config-router)#network 192.168.0.0 0.0.0.255 area 0Rome(config-router)#network 192.168.15.0 0.0.0.3 area 0Rome(config-router)#end
Examine the Rome running configuration files.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 80
Did the IOS version automatically add any lines under router OSPF 1? _______________If so, what did it add?_________________________________________________If there were no changes to the running configuration, type the following commands:
Show the routing table for the Rome router:Rome#show ip route
Are there any OSPF entries in the routing table now? __________________________What is the metric value of the OSPF route? _________________________________What is the VIA address in the OSPF route? _________________________________Are routes to all networks shown in the routing table? __________________________What does the O mean in the first column of the routing table? ___________________
Step 7 Test network connectivityPing the Berlin host from the Rome host. Was it succ essful? ___________________If not troubleshoot as necessary.Once the previous steps are completed, log off by typing exit, and turn the router off. Then remove and store the cables and adapter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 81
ObjectiveConfigure routers with a Class C IP addressing scheme.Observe the election process for designated routers (DR) and back up designated routers (BDR) on the multiaccess network.Configure loopback addresses for Open Shortest Path First (OSPF) stability.Assign each OSPF interface a priority to force the election of a specific router as DR.
Background/PreparationCable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.Start a HyperTerminal session.
Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according and the IP hostnamesDo not configure loopback interfaces and routing protocol yet.
Step 2 Save the configuration information for all the routersWhy save the running configuration to the startup configuration?__________________________________________________________________________
Step 3 Configure hosts with the proper IP address, subnet mask and default gateway
Each workstation should be able to ping all of the attached routers. That is because they are all part of the same subnetwork. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 82
Step 4 View the routers configuration and interface informationAt the privileged EXEC mode prompt type: show running-configUsing the show ip interface brief command, check the status of each interface.What is the state of the interfaces on each router?
Step 5 Verify connectivity of the routersPing all of the connected FastEthernet interfaces from each other.Were the pings successful? __________________________________________________If the pings were not succ essful, troubleshoot the router configuration, until the ping is successful.
Step 6 Configure OSPF routing on router LondonConfigure an OSPF routing process on the router London. Use OSPF process number 1 and ensure all networks are in area 0.
London(config)#router ospf 1London(config-router)#network 192.168.1.0 0.0.0.255 area 0London(config-router)#end
Examine the London router running configuration file.Did the IOS version automatically add any lines under router OSPF 1? ___________________If there were no changes to the running configuration, type the following commands.
Show the routing table for router:London#show ip route
Are there any entries in the routing table? ___________________Why? __________________________________________________________________
Step 7 Configure OSPF routing on router OttawaConfigure an OSPF routing process on the router Ottawa. Use OSPF process number 1 and ensure all networks are in area 0.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 83
Ottawa(config)#router ospf 1Ottawa(config-router)#network 192.168.1.0 0.0.0.255 area 0Ottawa(config-router)#end
Examine the Ottawa running configuration file.Did the IOS version automatically add any lines under router OSPF 1? ___________________If there were no changes to the running configuration, type the following commands.
Step 8 Configure OSPF routing on router BrasiliaConfigure an OSPF routing process on the router Brasilia. Use OSPF process number 1 and ensure all networks are in area 0.
Brasilia(config)#router ospf 1Brasilia(config-router)#network 192.168.1.0 0.0.0.255 area 0Brasilia(config-router)#end
Examine the Brasilia router running configuration file.Did the IOS version automatically add any lines under router OSPF 1? ___________________What did it add? __________________________________________________________If there were no changes to the running configuration, type the following commands:
Step 9 Test network connectivityPing the Brasilia router from the London router. Was it successful? ___________________If not troubleshoot as necessary.
Step 10 Show OSPF adjacenciesType the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies.Is there a designated router identified? __________________________________________Is there a backup designated router? ___________________________________________Type the command show ip ospf neighbor detail for more information.What is the neighbor priority of 192.168.1.1 from router Brasilia? _______________________What interface is Identified as being part of Area 0? _________________________________
Step 11 Configure the loopback interfacesConfigure the loopback interface on each router to allow for an interface that will not go down due to network change or failure. This task is performed by typing interface loopback # at the global configuration mode prompt, where the # represents the number of the loopback interface from 0 -2,147,483,647.
Step 12 Save the configuration information for all the routersAfter s aving the configurations on all of the routers, power them down and back up again.
Step 13 Show OSPF adjacenciesType the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies.Is there a designated router identified? __________________________________________Write down the router ID and link address of the DR. _______________ ________________Is there a backup designated router? ___________________________________________Write down the router ID and link address of the BDR. _______________ _______________What is the third router referred to as? __________________________________________Write down that Routers ID and link address __________________ __________________Type the command show ip ospf neighbor detail for more information.What is the neighbor priority of 192.168.1.1 from router Brasilia? _______________________What interface is Identified as being part of Area 0? _________________________________
Step 14. Verify OSPF interface configurationType show ip ospf interface fastethernet 0 on the London router.What is the OSPF state of the interface? _________________________________________What is the default priority of the interface? _______________________________________What is the network type of the interface? ________________________________________
Step 15 Configure London to always be the DRTo ensure that London router always becomes the DR for this multi-access segment, the OSPF priority must be set. London is the most powerful router in the network and so best suited to become DR. To as sign the London loopback a higher IP address is not advised, as the numbering system has advantages for troubles hooting. Also London is not to act as DR for all segments to which it may belong. Set the priority of the interface to 50 on the London router only.
Step 16 Watch election processTo watch the OSPF election process restart all of the routers and as soon as the router prompt is available type:
Ottawa>enableOttawa#debug ip ospf events
Which router was elected DR? ________________________________________________Which router was elected BDR? _______________________________________________Why? __________________________________________________________________To turn off all debugging type undebug all.
Step 17 Show OSPF AdjacenciesType the command show ip ospf neighbor on the Ottawa router to verify that the OSPF routing has formed adjac encies.What is the priority of the DR? ________________________________________________Once the previous steps are completed log off by typing exit, and turn the router off. Then remove and store the cables and adapter.
Erasing and reloading the routerJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 85
Lab-26: Troubleshooting Routing Issues with show ip route/show ip protocols
ObjectiveUse the show ip route and show ip protocol commands to diagnose a routing configuration problem.
Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname, passwords and interfaces on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.Configure interfaces as shown in the table.
Step 2 Configure the routing protocol on the Gadsden routerGo to the proper command mode and enter the following:
Step 3 Save the Gadsden router configurationGAD#copy running-config startup-configDestination filename [startup-config]? [Enter]
Step 4 Configure the hostname and passwords on the Birmingham routerOn the Birmingham router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Finally, configure the interfaces on each router.
Step 5 Configure the routing protocol on the Birmingham routerGo to the proper command mode and enter the following:
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 87
Step 6 Save the Birmingham router configurationBHM#copy running-config startup-configDestination filename [startup-config]? [Enter]
Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router
From GAD, is it possible to ping the BHM router FastEthernet interface? _________________From BHM, is it possible to ping the GAD router FastEthernet interface? _________________
Step 8 Examine the routing tableAfter an unsuccessful ping, check the routing table with the show ip route command. From the Gadsden router, type the following:
GAD#show ip routeIs there a route to the Birmingham Ethernet LAN? _____________________
Step 9 Examine the routing protocol statusAfter examining the routing tables, it is discovered that there is no route to the Birmingham Ethernet LAN. So use the show ip protocol command to view the routing protocol status.From the Birmingham router, type the following:
BHM#show ip protocolWhat networks is RIP routing? _____________________ _____________________Are these the correct networks? _____________________
Step 10 Change the configuration to route correct networksAfter examining the show ip protocol command results, it is noticed that the network on the Ethernet LAN is not being routed. After examining it further, it is found that there is a network that does not belong has been configured to be advertised. It is decided this is a typo, and it is necessary to correct it. Enter the router RIP configuration mode and make the appropriatechanges. From the Birmingham router, type the following:
Step 11 Confirm RIP is routing the correct networksNow confirm the new statement corrected the RIP configuration problem. So again type the show ip protocol command to observe what networks are being routed.From the Birmingham router, type the following:
BHM#show ip protocolWhat networks is RIP routing? _____________________ _____________________Are these the correct networks? _____________________
Step 12 Verify the routing tableNow having confirmed that the configuration problem is corrected, verify that the proper routes
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 88
are now in the routing table. So again issue the show ip route command to verify that the router now has the proper route.From the Gadsden router, type the following:
GAD#show ip routeIs there a route to the Birmingham LAN? _____________________
Step 13 Verify connectivity between Gadsden router and host in BirminghamUse the ping command to verify connectivity from Gadsden router to a host in Birmingham.From the Gadsden router, type the following:
GAD#ping host-ipFor example for host with IP Address, type the following:
GAD#ping 192.168.3.2Was the ping successful? _____________________Upon completion of the previous steps, log off by typing exit and turn the router off.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 89
ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Create a basic configuration on a router.Create an 802.1q trunk line between the switch and router to allow communication between VLANs.Test the routing func tionality.
Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Cable a network similar to the one in the diagram.Start a HyperTerminal session.
Step 1 Configure the switchConfigure the hostname, access, and command mode passwords, as well as the management LAN settings. These values are shown in the chart.
Step 2 Configure the hosts attached to the switchConfigure the hosts using the following information.
For the host in port 0/5:IP address 192.168.5.2Subnet mask 255.255.255.0Default gateway 192.168.5.1
For the host in port 0/9:IP address 192.168.7.2Subnet mask 255.255.255.0
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 90
To verify that the host and switch are correctly configured, ping the switch from the hosts.Ping the switch IP address from the hosts.Were the pings successful? __________________________________________________Why or why not? __________________________________________________
Step 4 Create and name two VLANsEnter the following commands to create and name two VLANs:
Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name SalesSwitch_A(vlan)#vlan 20 name SupportSwitch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 10 name SalesSwitch_A(config)#vlan 20 name SupportSwitch_A(config)#exit
Step 5 Configure VTP protocolAssigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/5 to 0/8 to VLAN 10:
Step 8 Create the trunkOn Switch_A, type the following commands at the Fast Ethernet 0/1 interface command prompt. Note that Ethernet 0/1 and the other access ports on a 1900 switch only support 10 Mbps Ethernet and cannot be used as trunk ports. The trunk ports (if pres ent) on a 24-port 1900 are typically Fast Ethernet 0/26 and 0/27.
Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface fastethernet0/26Switch_A(config-if)#trunk on
Step 9 Configure the routerConfigure the router with the following data. Note that, in order to support trunk ing and inter-VLAN routing, the router must have a Fast Ethernet interface.Hostname is Router_AConsole, VTY, and enable passwords are cisco.Enable secret password is class.Then configure the Fast Ethernet interface using the following commands:Note: If working with a 1900 switch, replace the dot1.q_ encapsulation with isl_ in the following router configuration commands.
Step 10 Save the router configurationStep 11 Display the router routing table
Type show ip route at the privileged EXEC mode prompt.Are there entries in the routing table? ___________________________________________What interface are they all pointing to? __________________________________________Why is there not a need to run a routing protocol? __________________________________
Step 12 Test the VLANS and the trunkPing from the host in Switch_A port 0/9 to the host in port 0/5.Was the ping suc cessful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/5 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________
Step 13 Move the hostsMove the hosts to other VLANs and try pinging the management VLAN 1.Note the results of the pinging.______________________________________________________________________________________________________________________________________________________________________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 93
ObjectiveConfigure a router for Dynamic Host Configuration Protocol (DHCP) to dynamically assign addresses to attached hosts.
Background/PreparationRouting between the ISP and the campus router uses a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet is identified by a loopback address on the ISP router.Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.Conduct the following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname/ The consoleThe virtual terminalThe enable passwordsThe interfaces
Step 2 Save the configurationAt the privileged EXEC mode prompt, on both routers, type the command copy running-config startup-config.
Step 3 Create a static routeJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 95
Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route:
ISP(config)#ip route 172.16.12.0 255.255.255.0 172.16.1.6Is the static route in the routing table? ___________________________________________
Step 4 Create a default routeUse the ip route command to add a default route from the campus router to the ISP router. This will provide the mechanism to forward any unknown destination address traffic to the ISP:
campus(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5Is the static route in the routing table? ___________________________________________
Step 5 Create the DHCP address poolTo configure the campus LAN pool, use the following c ommands:
campus(config)#ip dhcp pool campuscampus(dhcp-config)#network 172.16.12.0 255.255.255.0campus(dhcp-config)#default-router 172.16.12.1campus(dhcp-config)#dns-server 172.16.1.2campus(dhcp-config)#domain-name foo.comcampus(dhcp-config)#netbios-name-server 172.16.1.1
Step 6 Excluding addresses from poolTo exclude addresses from the pool, use the following commands:
At each workstation on the directly connected subnet configure the TCP/IP properties so the workstation will obtain an IP address and Domain Name Sys tem (DNS) server address from the DHCP server. After changing and saving the configuration, reboot the workstation.To confirm the TCP/IP configuration information on each host use Start > Run > winipcfg. If running Windows 2000, check using ipconfig in a DOS window.What IP address was assigned to the workstation? _________________________________What other information was automatically assigned?________________________ ________________________ ________________________When was the lease obtained? ________________________________________________When will the lease expire? __________________________________________________
Step 8 View DHCP bindingsFrom the campus router, the bindings for the hosts can be seen. To see the bindings, use the command show ip dhcp binding at the privileged EXEC mode prompt.What were the IP addresses assigned? _________________________________________What are the three other fields listed in the output?________________________ ________________________ ________________________Upon completion of the previous steps finish the lab by doing the following:Logoff by typing exitTurn the router offRemove and store the cables and adapter
Erasing and reloading the router
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 96
ObjectiveConfigure the serial interfaces on two routers with the PPP protocol.Test the link for connectivity.
Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Configure the Dublin interface as shownConfigure the Dublin router serial interface as follows:
Dublin(config)#interface serial 0Dublin(config-if)#ip address 192.168.15.2 255.255.255.0Dublin(config-if)#no shutdownDublin(config-if)#exitDublin(config)#exit
Step 3 Configure the Washington interface as shownConfigure the Washington router serial interface as follows:
Washington(config)#interface serial 0Washington(config-if)#ip address 192.168.15.1 255.255.255.0Washington(config-if)#clockrate 64000Washington(config-if)#no shutdownWashington(config-if)#exitWashington(config)#exit
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 97
Step 4 Save the configurationWashington#copy running-config startup-configDublin#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on WashingtonWashington#show interface serial 0
This will show the details of interface serial 0.Serial 0 is _____________, line protocol is_____________.Internet addres s is _____________________.Encapsulation _________________________
Step 6 Enter the command show interface serial 0 on DublinDublin#show interface serial 0
This will show the details of interface serial 0.Serial 0 is _____________, line protocol is_____________.Internet addres s is _______________.Encapsulation ___________________
Step 7 Change the encapsulation typeChange the encapsulation type to PPP by typing encapsulation ppp at the interface serial 0 configuration mode prompt on both routers.
Can the serial interface on the Dublin router be pinged from Washington? ________________Can the serial interface on the Washington router be pinged from Dublin? ________________If the answer is no for either question, troubleshoot the router configurations to find the error.Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 98
ObjectiveConfigure PPP authentication using CHAP on two routers .
Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Configure the Tokyo interface as shownConfigure the Tokyo router serial interface as follows:
Tokyo(config)#interface serial 0Tokyo(config-if)#ip address 192.168.15.2 255.255.255.0Tokyo(config-if)#encapsulation pppTokyo(config-if)#no shutdownTokyo(config-if)#exitTokyo(config)#exit
Step 3 Configure the Madrid interface as shownConfigure the Madrid router serial interface as follows:
Madrid(config)#interface serial 0Madrid(config-if)#ip address 192.168.15.1 255.255.255.0Madrid(config-if)#clockrate 64000Madrid(config-if)#encapsulation pppMadrid(config-if)#no shutdownMadrid(config-if)#exit
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 99
Step 5 Enter the command show interface serial 0 on MadridMadrid#show interface serial 0
Encapsulation _______________________
Step 6 Enter the command show interface serial 0 on TokyoTokyo#show interface serial 0
Encapsulation _______________________
Step 7 Verify that the serial connection is functioning by pinging the serial interface of the other router
Madrid#ping 192.168.15.2Tokyo#ping 192.168.15.1
If the pings are unsucces sful, troubleshoot the router c onfigurations to find the error. Then do the pings again until both pings are successful.
Step 8 Configure PPP authenticationConfigure usernames and password on the Madrid router. The passwords must be the same on both routers. The username must reflect the other routers hostname exactly. The password and user names are case sensitive:
Madrid(config)#username Tokyo password ciscoMadrid(config)#interface serial 0Madrid(config-if)#ppp authentication chap
Step 9 Verify that the serial connection is functioningVerify that the serial connection is functioning by pinging the serial interface of the other router:
Madrid#ping 192.168.15.2Is the ping successful? _____________________________________________________Why? __________________________________________________________________
Step 10 Configure PPP authenticationConfigure usernames and password on the Tokyo router. The pas swords must be the same on both routers. The username must reflect the other routers hostname exactly. The password and user names are case sensitive:
Tokyo(config)#username Madrid password ciscoTokyo(config)#interface serial 0Tokyo(config-if)#ppp authentication chap
Step 11 Verify that the serial connection is functioningVerify that the serial connection is functioning by pinging the serial interface of the other router:
Tokyo#ping 192.168.15.1Is the ping successful? _____________________________________________________Why? __________________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 100
ObjectiveConfigure a serial interface on two routers with the PPP protocol.Verify and test the link for connectivity.
Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Configure the Warsaw interface as shownConfigure the Warsaw router serial interface as follows:
Warsaw(config)#interface serial 0Warsaw(config-if)#ip address 192.168.15.2 255.255.255.0Warsaw(config-if)#no shutdownWarsaw(config-if)#exitWarsaw(config)#exit
Step 3 Configure the Brasilia interface as shownConfigure the Brasilia router serial interface as follows :
Brasilia(config)#interface serial 0Brasilia(config-if)#ip address 192.168.15.1 255.255.255.0Brasilia(config-if)#clockrate 64000Brasilia(config-if)#no shutdownBrasilia(config-if)#exitBrasilia(config)#exit
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 101
Step 4 Save the configurationBrasilia#copy running-config startup-configWarsaw#copy running-config startup-config
Step 5 Enter the command show interface serial 0 on BrasiliaBrasilia#show interface serial 0
This will show the details of interface serial 0.Encapsulation _______________________
Step 6 Enter the command show interface serial 0 on WarsawWarsaw#show interface serial 0
This will show the details of interface serial 0.Encapsulation _______________________
Step 7 Turn on PPP debuggingTurn on the PPP debug function on both routers by typing debug ppp tasks at the privileged EXEC mode prompt.Note: For the 2600 router, use the command debug ppp tasks.
Step 8 Change the encapsulation typeChange the encapsulation type to PPP by typing encapsulation ppp at the interface serial 0 configuration mode prompt on both routers.
What did the debug function report when the PPP encapsulation was applied to each router?__________________________________________________________________________Turn off the debug function by typing undebug all at the privileged EXEC mode prompt.
Step 9 Enter the command show interface serial 0 on BrasiliaBrasilia#show interface serial 0
Step 10 Enter the command show interface serial 0 on WarsawWarsaw#show interface serial 0
Step 11 Verify that the serial connection is functioningPing the other router to verify that there is connectivity between the two routers.
Can the serial interface on the Warsaw router be pinged from Brasilia? __________________Can the serial interface on the Brasilia router be pinged from Warsaw? __________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Erasing and reloading the router
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 102
ObjectiveConfigure PPP on the serial interfaces of two routers.Use show and debug commands to troubleshoot connectivity issues.
Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Configure the Paris interface as shownConfigure the Paris router serial interface as follows:
Paris(config)#interface serial 0Paris(config-if)#ip address 192.168.15.2 255.255.255.0Paris(config-if)# clockrate 56000Paris(config-if)#exitParis(config)#exit
Step 3 Configure the London interface as shownConfigure the London router serial interface as follows:
London(config)#interface serial 0London(config-if)#ip address 192.168.15.1 255.255.255.0London(config-if)# encapsulation pppLondon(config-if)#no shutdownLondon(config-if)#exitLondon(config)#exit
Step 4 Save the configurationJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 103
Step 5 Enter the command show interface serial 0 on LondonLondon#show interface serial 0
This will show the details of interface serial 0.List the following information discovered from issuing this command.Serial 0 is ___________________, line protocol is___________________What type of problem is indicated in the last statement? _____________________________________________________________________________________________Internet address is ____________________Encapsulation _______________________
Step 6 Enter the command show interface serial 0 on ParisParis#show interface serial 0
This will show the details of interface serial 0.List the following information discovered from issuing this command.Serial 0 is ___________________, line protocol is___________________.Internet address is ___________________.Encapsulation _______________________To what OSI layer is the encapsulation_ referring? _______________________If the Serial interface was configured, why did the show interface serial 0 output show that the interface is down?
Step 7 Correct the clock locationThe clock rate statement has been placed on the wrong interface. It is currently placed on the Paris router, but the London router is the Data Communications Equipment (DCE). Remove the clock rate statement from the Paris router using the no version of the command and then add it to the London routers configuration.
Step 8 Enter the command show cdp neighbors on LondonIs there any output from the command? _________________________________________Should there be output? _____________________________________________________
Step 9 Enter the command debug ppp negotiation on LondonIt may take 60 seconds or more before output occurs.Is there output? _____________________________________________________What is the output saying? ___________________________________________________Is there a problem with PPP encapsulation on the London router or the Paris router?__________________________________________________________________________Why? __________________________________________________________________What were the encapsulations listed for the interfaces?London? ______________________ Paris? ____________________________________Is there an issue with the above statement? ______________________________________What is the issue? _________________________________________________________
Step 10 Enter the command debug ppp negotiation on the Paris routerEnter the command debug ppp negotiation on the Paris router at the privileged EXEC mode prompt.Is there any output from the debug command? ____________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 104
Step 11 Correct the encapsulation typeConvert the encapsulation to PPP on the Paris router.Is there any output from the debug command? ____________________________________Does it confirm link establishment? ____________________________________
Step 12 Enter the command show interface serial 0 on ParisParis#show interface serial 0
Serial 0 is ________________________, line protocol is ________________________.Encapsulation ________________________What is the difference in the Line and Protocol status recorded on Paris earlier? Why?__________________________________________________________________________
Step 13 Verify that the serial connection is functioning by pinging the serial interface of the other router
London#ping 192.168.15.1Paris#ping 192.168.15.2
From London, c an the serial interface ping the Paris router? ____________________From Paris, can the serial interface ping the London router? ____________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 105
ObjectiveConfigure a serial interface on two routers.Use show commands to troubleshoot connectivity issues.
Background/PreparationConfigure the appropriate serial interfaces to allow connectivity between the two routers. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Configure the Paris interface as shownConfigure the Paris router serial interface as follows:
Paris(config)#interface serial 0Paris(config-if)#ip address 192.168.15.2 255.255.255.0Paris(config-if)#clockrate 56000Paris(config-if)#no shutdownParis(config-if)#exitParis(config)#exit
Step 3 Configure the London interface as shownConfigure the London router serial interface as follows:
London(config)#interface serial 0London(config-if)#ip address 192.168.15.1 255.255.255.0London(config-if)#no shutdownLondon(config-if)#exit
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 106
Step 5 Enter the command show interface serial 0 on LondonLondon#show interface serial 0
This will show the details of interface serial 0.Answer the following questions:Serial 0 is _____________, line protocol is _____________What type of problem is indicated in the last statement?__________________________________________________________________________Internet addres s is ________________________________Encapsulation ____________________________________
Step 6 Enter the command show interface serial 0 on ParisParis#show interface serial 0
This will show the details of interface serial 0.Answer the following questions:Serial 0 is ___________________, line protocol is___________________Internet addres s is ___________________.Encapsulation ___________________To what OSI layer is the encapsulation_ referring? ___________________Why is the interface down? ______________________________________________________
Step 7 Correct the clock locationThe clock rate s tatement has been placed on the wrong interface. It is currently placed on the Paris router, but the London router is the Data Communications Equipment (DCE). Remove the clock rate statement from the Paris router using the no version of the command and then add it to the London router configuration.
Step 8 Enter the command show interface serial 0 on ParisParis#show interface serial 0
Serial 0 is ______________________, line protocol is______________________.What is the difference in the Line and Protocol status recorded on Paris earlier? Why?__________________________________________________________________________
Step 9 Verify that the serial connection is functioning by pinging the serial interface of the other router
London#ping 192.168.15.2Paris#ping 192.168.15.1
Can the serial interface on the Paris router be pinged from London? __________________Can the serial interface on the London router be pinged from Paris? __________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 107
ObjectiveConfigure an ISDN router to make a successful connection to a local ISDN switch.
Background/PreparationThis lab assumes that a router with an ISDN BRI U interface is available. An Adtran Atlas550 ISDN emulator is used to simulate the ISDN switch and cloud.Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Conduct the following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Verifying the ISDN BRI switch typeNot all ISDN switch types are the same worldwide and the first step is to configure the following:
The ISDN TE1 deviceThe routerWhat ISDN switch type is in use
This information will be provided by the ISDN telco provider. In this case, the ISDN Switch type, supported by the Adtran simulator, is National ISDN-1, North America. It is configured, on the router, using the keyword basic-ni. To check the ISDN BRI status, issue the following command before issuing any configuration commands:
Ottawa#show isdn statusWhat is the Layer 1 status? ___________________________________________________What is the ISDN switch type? ________________________________________________
Step 3 Specifying the switch typeTo specify ISDN switch type use isdn switch-type command at the global configuration mode prompt. The different switch types available may be reviewed using the isdn switch-type ?
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 109
How many different switch types are available? ____________________________________To configure the router to communicate with a National ISDN-1 switch type:
Ottawa(config)#isdn switch-type basic-niStep 4 Verifying switch status
Check the state of the ISDN Interface again.Ottawa#show isdn status
What is the Layer 1 status? ________________________________________________________What is the ISDN switch type? ________________________________________________
Step 5 Activate the BRI connectionActivate the ISDN BRI using the no shutdown command at the interface configuration prompt.
Step 6 Review switch statusAt this stage the ISDN BRI should be physically active and one TEI should have been negotiated.
Ottawa#show isdn statusWhat is the Layer 1 status? ________________________________________________________What is the ISDN switch type? _____________________________________________________Has the Layer 2 status changed? ____________________________________________________
Step 7 Configuring ISDN SPIDsDepending on region, ISDN service profile identifiers (SPIDs) may have to be specified for ISDN Switch to res pond to the ISDN TE1 correctly. The SPIDs, supported by the Adtran simulator, are specified as isdn spid1 and isdn spid2. To configure the SPIDs issue the following commands:
Step 8 Review switch statusCheck the state of the ISDN Interface again:
Ottawa#show isdn statusWhat does the output specify about spid1? ______________________________________What does the output specify about spid2? ______________________________________Careful examination of this output shows that the assigned SPID values have not been sent to the ISDN switch and verified. The reason for this is that they were specified after the ISDN interface was enabled. To send the SPID values the interface must be reset.
Step 9 Resetting the interfaceTo manually reset the ISDN BRI interface issue the command clear interface bri 0. This will cause all ISDN parameters to be renegotiated. Issue the clear command on the router and then check the ISDN interface status. SPID1 and SPID2 will now be sent and validated:
Ottawa#clear interface bri 0Ottawa#show isdn status
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 110
Have SPID1 and SPID2 been sent and verified?__________________________________________________________________________
Step 10 Save the configuration and rebootSave the configuration and reboot the router. This time, verify that the ISDN Interface has correctly negotiated with the ISDN switch. Review activity on the ISDN Interface using the show isdn active command:
Ottawa#copy running-config startup-configOttawa#reloadOttawa#show isdn active
The history table has a maximum of how many entries?__________________________________________________________________________History table data is retained for how long?__________________________________________________________________________Upon completion of the previous steps, finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Erasing and reloading the router
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 111
ObjectiveConfigure ISDN Dialer Profiles on the routers enabling a dial-on-demand routing (DDR) call to be made from two remote routers simultaneously into a central ISDN BRI router.
Background/PreparationIn this lab, 3 ISDN routers are required.. An Adtran Atlas550 ISDN emulator is used to simulate the switch/ISDN cloud. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Conduct the following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.
Step 1 Configure the routerConfigure the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords
Step 2 Define switch type and spid numbersTo configure the s witch type and spid numbers use the following commands.
Step 3 Defining static routes for DDRUse static and default routes instead of dynamic routing, in order to reduce the cost of the dialup connection. To configure a static route, the network address of the network that is going to be reached must be known. The IP address of the next router on the path to this destination must be known as well.
Step 4 Specifying interesting traffic for DDRTraffic mus t be defined as ‘interesting’ to cause the DDR interface to dialup the remote router. For the moment, declare that all IP traffic is interesting using the dialer-list command.
Moscow(config)#dialer-list 1 protocol ip permitMoscow(config)#interface dialer 0
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 113
Moscow(config-if)#dialer-group 1Sydney(config)#dialer-list 1 protocol ip permitSydney(config)#interface dialer 0Sydney(config-if)#dialer-group 1Tokyo#configure terminalTokyo(config)#dialer-list 1 protocol ip permitTokyo(config)#interface dialer 1Tokyo(config-if)#description The Profile for the Moscow routerTokyo(config-if)#dialer-group 1Tokyo(config-if)#interface dialer 2Tokyo(config-if)#description The Profile for the Sydney routerTokyo(config-if)#dialer-group 1
Step 5 Configuring DDR dialer informationConfigure the correct dialer information so that the dialer profile and dialer interface function correctly. This includes all of the following:IP address informationPPP configurationNamePasswordsDial number
Moscow(config-if)#no shutdownMoscow(config-if)#exitMoscow(config)#username Tokyo password classSydney(config)#interface dialer 0Sydney(config-if)#ip address 192.168.254.2 255.255.255.0Sydney(config-if)#interface bri 0Sydney(config-if)#encapsulation pppSydney(config-if)#ppp authentication chapSydney(config-if)#interface dialer 0Sydney(config-if)#encapsulation pppSydney(config-if)#ppp authentication chapSydney(config-if)#no shutdownSydney(config-if)#exitSydney(config)#username Tokyo password class
Step 6 Configure dialer informationNext, the dial information must be configured to specify the remote name of the remote router in the Dialer Profile. The dial string, or phone number to use to contact this remote device must also be spec ified. Use the following commands to do this:
To configure the dial information on Moscow, use the following:Moscow(config-if)#interface dialer 0Moscow(config-if)#dialer remote-name TokyoMoscow(config-if)#dialer string 5551000Moscow(config-if)#dialer string 5551001
To configure the dial information on Sydney, use the following:Sydney(config-if)#interface dialer 0Sydney(config-if)#dialer remote-name TokyoSydney(config-if)#dialer string 5551000Sydney(config-if)#dialer string 5551001
Step 7 Associate dialer profilesFinally, associate the Dialer Profiles with the Dialer Interfaces that will be used, when needed. Create a Dialer Pool, and put the interfaces and the associated Dialer Profiles in a common pool. The commands for doing this are as follows:
Tokyo(config-if)#interface bri 0Tokyo(config-if)#dialer pool-member 1Tokyo(config-if)#interface dialer 1Tokyo(config-if)#dialer pool 1
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 115
Tokyo(config-if)#interface dialer 2Tokyo(config-if)#dialer pool 1
On Moscow, the commands issued would be as follows:Moscow(config-if)#interface bri 0Moscow(config-if)#dialer pool-member 1Moscow(config-if)#interface dialer 0Moscow(config-if)#dialer pool 1
Use the same commands to configure the Sydney router.
Step 8 Configure dialer timeoutsConfigure a dialer idle-timeout of 60 seconds for each of the dialer interfaces :
Step 9 View the Tokyo router configurationTo view the configuration, use the show running-config command:
Tokyo#show running-configHow many username statements are there? _______________________________________What authentication type is being used for PPP? ___________________________________Which sections of the configuration list the authentication type?__________________________________________________________________________What are the dialer strings on the Tokyo router? ___________________________________
Step 10 Verifying the DDR ConfigurationNow, generate some interesting traffic across the DDR link from Moscow and Sydney to verify that connections are made correctly and the dialer profiles are functioning:
Moscow#ping 192.168.1.1Were the pings successful? ____________________________________________________If not troubleshoot the router configurations. What other information was displayed when the ping was issued? _________________________________________________________________
Sydney#ping 192.168.1.1Were the pings successful? ____________________________________________________If the pings were not successful troubleshoot the router configurations. Use the show dialer command to see the reason for the call. This information is shown for each channel:
Tokyo#show dialerWhich dialer strings are associated with Dialer1?___________________________________What is the last status for dial string 5553000 in the Dialer2 readout? ____________________Use the show interface command and note that the output shows that the interface is spoofing. This provides a mechanism for the interface to simulate an active state for internal processes, such as routing, on the router. The show interface command can also be used to display information about the B channel:
Tokyo#show interface bri 0Upon completion of the previous steps, finish the lab by doing the following:
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 116
ObjectiveConfigure two routers back-to-back as a Frame Relay permanent virtual circuit (PVC). This will be done manually, in the absence e of a Frame Relay switch, and therefore there will be no Local Management Interface (LMI).
Background/PreparationCable a network similar to the one in diagram above. Any router that meets interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.
Step 1 Configure the routersConfigure the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwordsThe Fast Ethernet interfaces
Step 2 Configuring the Washington serial interfaceFirst, define the Frame Relay frame type to be used on this link. To configure the encapsulation type, use the command encapsulation frame-relay ietf. Disable keepalive messages since there is no Frame Relay switch in this configuration and consequently no Frame Relay DCE:
Step 3 Configure the Frame Relay map on WashingtonWhen sending an Ethernet frame to a remote IP address, remote MAC address must be discovered, so that correct frame type can be constructed. Frame Relay needs a similar mapping.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 118
The remote IP address needs to be mapped to the local DLCI (Layer 2 address), so the correctly addressed frame can be created locally for this PVC. Since there is no way of mapping DLCI automatically with LMI disabled, this map must be created manually, using the frame-relay map command. The broadcast parameter also allows for IP broadcasts to use the same mapping for crossing this PVC:
Washington(config-if)#frame-relay map ip 192.168.1.2 102 ietf broadcastStep 4 Configure the DCE on Washington
In this configuration, when DCE cables are used, a clock signal is necessary. The bandwidth command is optional, but wise to use to verify bandwidth transmission. Another option is to title the connection using the description command. It is very useful to record information in the description about the PVC, such as remote contact person and the leased line circuit identifier:
Washington(config-if)#clock_rate 64000Washington(config-if)#bandwidth 64Washington(config-if)#description PVC to Dublin, DLCI 102, CircuitWashington(config-if)#DASS465875, Contact John Tobin (061-8886745)
Step 5 Configure Dublin routerConfigure the Dublin router using the following commands.
Dublin#configure terminalDublin(config-if)#interface serial 0Dublin(config-if)#encapsulation frame-relay ietfDublin(config-if)#no keepaliveDublin(config-if)#no shutdownDublin(config-if)#ip address 192.168.1.2 255.255.255.0Dublin(config-if)#frame-relay map ip 192.168.1.1 102 ietf broadcastDublin(config-if)#bandwidth 64Dublin(config-if)#description PVC to Washington, DLCI 102, CircuitDublin(config-if)#DASS465866 Contact Pat White (091-6543211)
Step 6 Verifying Frame Relay PVCOn the Washington router, type the command show frame-relay pvc:
Washington#show frame-relay pvcWhat is the DLCI number reported? _______________________________________________What is the PVC status? ________________________________________________________What is the value of the DLCI USAGE? ____________________________________________
Step 7 Showing Frame Relay mapTo view the Layer 2 to Layer 3 mapping, use this command at the privileged EXEC mode prompt:
Washington#show frame-relay mapWhat is the IP address shown? ___________________________________________________What state is interface serial 0 in? ________________________________________________
Step 8 Verify Frame Relay connectivityFrom the Washington router, ping the Dublin router serial interface.Was the ping suc cessful? ________________________________________________________If the ping was not successful, troubleshoot the router configurations. Upon completion of the previous steps, finish the lab by doing the following:
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 119
ObjectiveConfigure three routers in a full mesh Frame Relay Network. An organization with three offices in different cities has to connect its offices through Frame Relay cloud. Offices are situated in Amsterdam, Paris and Berlin. A router at each branch site is connected with the Frame Relay Service Provider as depicted in the diagram.
Step 1 Configure the routersConfigure the following according to the chart:The hostname / The console passwordThe virtual terminal passwordThe enable secret passwordThe Fast Ethernet interface according to the chart
Step 2 Configure the Serial 0 InterfacesThe Frame Relay encapsulation type to be used on this link must be defined by commands:
The same commands are used to configure the Berlin and Paris routers:Paris(config)#interface serial 0Paris(config-if)#encapsulation frame-relay ietfParis(config-if)#frame-relay lmi-type ansiParis(config-if)#description Circuit #FRT372826
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 121
Step 3 Create subinterfaces on the Amsterdam routerFor each of the permanent virtual circuits (PVCs), create a subinterface on the serial port. This subinterface will be a point-to-point configuration. For consistency and future troubleshooting, use the data-link connection identifier (DLCI) number as the subinterface number. The commands to create a subinterface are as follows:
Amsterdam(config-if)#interface serial 0.102 point-to-pointAmsterdam(config-if)#description PVC to Paris, DLCI 102Amsterdam(config-if)#ip address 192.168.4.1 255.255.255.0Amsterdam(config-if)#frame-relay interface-dlci 102Amsterdam(config-if)#interface serial 0.103 point-to-pointAmsterdam(config-if)#description PVC to Berlin, DLCI 103Amsterdam(config-if)#ip address 192.168.5.1 255.255.255.0Amsterdam(config-if)#frame-relay interface-dlci 103
Step 4 Create subinterfaces on the Paris routerTo configure the subinterfaces on the Paris router, use the following commands:
Paris(config-if)#interface Serial 0.201 point-to-pointParis(config-if)#description PVC to Amsterdam, DLCI 201Paris(config-if)#ip address 192.168.4.2 255.255.255.0Paris(config-if)#frame-relay interface-dlci 201Paris(config-if)#interface Serial 0.203 point-to-pointParis(config-if)#description PVC to Berlin, DLCI 203Paris(config-if)#ip address 192.168.6.1 255.255.255.0Paris(config-if)#frame-relay interface-dlci 203
Step 5 Create subinterfaces on the Berlin routerTo configure the subinterfaces on the Berlin router, use the following commands:
Berlin(config-if)#interface Serial 0.301 point-to-pointBerlin(config-if)#description PVC to Amsterdam, DLCI 301Berlin(config-if)#ip address 192.168.5.2 255.255.255.0Berlin(config-if)#frame-relay interface-dlci 301Berlin(config-if)#interface Serial 0.302 point-to-pointBerlin(config-if)#description PVC to Paris, DLCI 302Berlin(config-if)#ip address 192.168.6.2 255.255.255.0Berlin(config-if)#frame-relay interface-dlci 302
Step 6 Configure IGRP routingTo configure the routing protocol Interior Gateway Routing Protocol (IGRP) 100, syntax is:
Step 7 Verifying Frame Relay PVCOn the Amsterdam router, issue the command show frame-relay pvc:
Amsterdam#show frame-relay pvcStep 8 Show the Frame Relay maps
Look at the frame relay maps by typing following command at the privileged EXEC mode prompt:
Amsterdam#show frame-relay mapStep 9 Show LMIs
Look at the Local Management Interface (LMI) statistics using following command:Amsterdam#show frame-relay lmi
Step 10 Check routing protocolUse the show ip route command to verify that the PVCs are up and active:
Amsterdam#show ip routeFrame Relay Switch Configuration
To simulate Frame Relay Cloud, use a router with three serial interfaces to emulate frame relay switch. We name this router as FRS, Its Serial 1/1 is connected with Amsterdam, Serial 1/2 is connected with Paris, Serial 2/1 is connected with Berlin.The required command for Frame Relay switch is as follows.FRS(config)# frame-relay switchingInterface serial 1/1
Encapsulation frame-relay ietfFrame-relay lmi-type ansiFrame-relay route 102 interface serial 1/2 201Frame-relay route 103 interface serial 2/1 301No shut
Interface serial 1/2Encapsulation frame-relay ietfFrame-relay lmi-type ansiFrame-relay route 201 interface serial 1/2 102Frame-relay route 203 interface serial 2/1 302No shut
Interface serial 2/1Encapsulation frame-relay ietfFrame-relay lmi-type ansiFrame-relay route 301 interface serial 1/2 103
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 123
ObjectivePlan, configure, and apply a standard ACL to permit or deny specific traffic and test the ACL to determine if the desired results were achieved. The company home office in Gadsden (GAD) provides services to branch offices such as the Birmingham (BHM) office. These offices have some minor security and performance concerns. Standard ACL need to be implemented as a simple and effective tool to control traffic.Host #3 represents the kiosk station that needs to have its access limited to the local network. Host #4 represents another host in the Birmingham office Loopback 0 on the GAD router represents the Internet.
Step 1 Basic Router InterconnectionInterconnect the routers as shown in the diagram.
Step 2 Basic ConfigurationThe router may contain configurations from a previous use. For this reason, erase the startup configuration and reload the router to remove any residual configurations. Using the information previously in the tables, setup the router and host configurations and verify reachablilty by pinging all systems and routers from each system. To simulate the Internet, add the following configuration to the GAD router.
Step 3 Establish Access List RequirementsThe kiosk station (host 3) needs to have its access limited to the local network. It is determined that a standard access list needs to be created to prevent traffic from this host from reaching any other networks. The access control list should block traffic from this host and not affect other traffic from this network. Using a standard IP ACL is adequate for as it filters based on the source address to any destination.What source address of the kiosk? ____________________________
Step 4 Plan the Access List RequirementsAs with any project, the most important part of the process is the planning. First, the information needed to create the ACL need to be defined. An access list is made up a series of ACL statements . Each of these statements adds sequentially to the ACL. Since the list will consist of more than one statement, the order of the statement needs to be planned carefully.It has been determined that for this ACL will require 2 logical steps . Each of these steps can be accomplished with one statement each. As a planning tool, a text editor like Notepad can be used to organize the logic and then write the list. In the text editor enter the logic by typing:
stop traffic from host 3permit all other traffic
From this logic the actual ACL will be written. Using the tables below, doc unmet the information for each statement.
stop traffic from host 3List # permit or deny Source address Wildcard maskpermit all other trafficList # permit or deny Source address Wildcard mask
What would be the result of not including a statement at to permit all other source addresses?___________________________________________________________________________What would be the result of reversing the order of the 2 statements in the list?___________________________________________________________________________Why are both statements using the same ACL number?___________________________________________________________________________The final step in the planning process is to determine the best location for the access list and the direction the list should be applied. Examine the internetwork diagram and choose the appropriate interface and direction. Document this in the table below:
Router Interface DirectionStep 5 Write and Apply the ACL
Using the previously constructed logic and information of the access list, complete the commands in the text editor. The list syntax should look similar to:
stop traffic from host 3access-list #deny address wildcardpermit all other trafficaccess-list #permit address wildcard
Add to this text file the configuration statements to apply the list.The configuration s statements take e the form of:
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 126
Now the text file configuration needs to be applied to the router. Enter the configuration mode on the appropriate router and copy and paste the configuration. Observe the CLI display to ensure no errors were encountered.
Step 6 Verify the ACLNow that the ACL is completed, the ACL needs to be confirmed and tested.First step is to check the list to see if it was configured properly in the router. To check the ACL logic use the show access-list command. Record the output_________________________________________________________________________________________________________________________________________________________________________________________________________________________________Next, verify that the access list was applied to the proper interface and in the correct direction. To do this examine the interface with the show ip interface command. Look at the output from each interface and record the lists applied to the interface.
Interface _______________________________________________________________Outgoing access list is ____________________________________________________Inbound access lis t is ____________________________________________________
Finally, test the functionality of the ACL by trying to send packets from the source hos t and verify that is to be permitted or denied as appropriate. In this case, ping will be used to test this.
[ ] verify that host 3 CAN ping host 4[ ] verify that host 3 CANNOT ping host 1[ ] verify that host 3 CANNOT ping host 2[ ] verify that host 3 CANNOT ping GAD Fa0/0[ ] verify that host 3 CANNOT ping GAD LO0[ ] verify that host 4 CAN ping host 1[ ] verify that host 4 CAN ping host 2[ ] verify that host 4 CAN ping GAD Fa0/0[ ] verify that host 4 CAN ping GAD LO0
Step 7 Document the ACLAs a part of all network management, documentation needs to be created. Using the text file reated for the configuration, add additional comments. This file should also contain output from the show access-list and the show ip interface commands.The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation.That should complete the ACL project.Once finished, eras e the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 127
ObjectiveConfigure, and apply a standard ACL to permit or deny specific traffic.Test the ACL to determine if the desired results were achieved.
Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure the FastEthernet interface on the router according to the chart.
Step 2 Configure the hosts on the Ethernet segmentHost 1
IP address 192.168.14.2Subnet mask 255.255.255.0Default gateway 192.168.14.1
Create an access list that will prevent access to FastEthernet 0 from the 192.168.14.0 network. At the router configuration prompt type the following command:
GAD(config)#access-list 1 deny 192.168.14.0 0.0.0.255GAD(config)#access-list 1 permit any
Why is the second statement needed? __________________________________________
Step 6 Ping the router from the hostsWere these pings successful? ________________________________________________If they were, why? _________________________________________________________
Step 7 Apply the Access list to the interfaceAt the FastEthernet 0 interface mode prompt type the following:
GAD(config-if)#ip access-group 1 inStep 8 Ping the router from the hosts
Were these pings successful? ________________________________________________If they were, why? _________________________________________________________
Step 9 Create a new access listNow create an access list that will prevent the even numbered hosts from pinging but permit the odd numbered one.What will that access list look like? Finish this command with an appropriate comparison IP address (aaa.aaa.aaa.aaa) and wildcard mask (www.www.www.www):
ip access-list 2 permit aaa.aaa.aaa.aaa www.www.www.wwwWhy was it not necessary to have the permit any statement at the end this time?__________________________________________________________________________
Step 10 Apply access list to the proper router interfaceFirst remove the old access list application by typing no ip access-group 1 in at the interface configuration mode.Apply the new access list by typing ip access-group 2 in
Step 11 Ping the router from each hostsWas the ping from host 1 successful? ___________________________________________Why or why not? __________________________________________________________Was the ping from host 2 successful? ___________________________________________Why or why not? __________________________________________________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 129
ObjectiveConfigure, and apply an extended ACL to permit or deny specific traffic.Test the ACL to determine if the desired results were achieved.
Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure the FastEthernet interface on the router according to the chart.Allow HTTP access by issuing the ip http server command in global configuration mode.
Step 2 Configure the hosts on the Ethernet segmentHost 1
IP address 192.168.14.2Subnet mask 255.255.255.0Default gateway 192.168.14.1
Step 5 Connect to the router using the Web browserConnect to the router using a Web browser to ensure that the Web server function is active.
Step 6 Prevent access to HTTP (port 80) from the Ethernet interface hostsCreate an access list that will prevent Web browsing access to FastEthernet 0 from the 192.168.14.0 network.At the router configuration prompt type the following command:
GAD(config)#access-list 101 deny tcp 192.168.14.0 0.0.0.255 any eq 80GAD(config)#access-list 101 permit ip any any
Why is the second statement needed? __________________________________________
Step 7 Apply the access list to the interfaceAt the FastEthernet 0 interface mode prompt type:
GAD(config-if)#ip access-group 101 inStep 8 Ping the router from the hosts
Were these pings successful? ________________________________________________If they were, why? _________________________________________________________
Step 9 Connect to the router using the web browserWas the browser able to connect? _____________________________________________
Step 10 Telnet to the router from the hostsWere you able to Telnet successfully? __________________________________________Why or why not? __________________________________________________________Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the router
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 131
ObjectiveConfiguring extended access lists to filter network to network, host to network, and network to host traffic.
ScenarioA marketing company has two locations. The main site is in Birmingham (BHM) and the branch site is in Gadsden (GAD). The telecommunication administrator for both sites needs to plan and implement access control lists for security and performance. At the Birmingham site, there are two groups of network users. These groups are an Administrative group and a Production group and each are on separate networks. Both networks are interconnected with a router. The Gadsden site is a stub network and only has a LAN connected to it.
Step 1 Basic Router and Host ConfigurationsJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 132
Interconnect the routers and hosts as shown in the diagram. Configure all router basics such as hostname, enable password, telnet access, router interfaces.The configurations on each router should be as follows:
Configure the hosts with the appropriate information using the information previously defined. Before applying any type of access list, it is important to verify reachability between systems.Verify reachability by pinging all systems and routers from each system.All hosts should be able to ping each other and the router interfaces. If pings to some interfaces are not successful, the problem will need to be located and corrected. Always verify the Physical layer connections, as they seem to be the more common source of connectivity problems. Next,
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 133
verify the router interfaces. Make sure they are not shutdown, improperly configured, and that RIP is correctly configured. Finally, remember that along with valid IP addresses, hosts must also have default gateways specified.Now that the infrastructure is in place, it is time to begin securing the internetwork.
Step 2 Prevent the Production Users from Accessing the Gadsden NetworkCompany policy specifies that only the Administrative group should have access to the Gadsden site. The Production group should be restricted from accessing that network.Configure an extended access list to allow the Administrative group access to the Gadsden site. The production group should not have access to the Gadsden site.After careful analysis, it is decided that it would be best to use an extended access list and apply it to the outgoing 0 interface on the BHM router.Note: Remember that when the access list is configured, each statement in the list is processed by the router in the order it was created. It is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access list. For this reason, it may be beneficial to create the access-list in a text editor such as Notepad and then paste the commands to the router, instead of being typed in directly on a router.Enter the following:
BHM#conf terminalEnter configuration commands, one per line. End with CNTL/Z.BHM(config)#access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.00.0.0.255
This statement defines an extended access list called _100_. It will deny ip access for any users on the 192.168.1.32 – 192.168.1.47 network if they are trying to access network 172.16.2.0. Although a less specific access list could be defined, this access list could allow the production users to access other sites (if available) through the S0 interface.Remember that there is an implicit deny all at the of every access list. We must now make sure to let the administrative group access the Gadsden network. Although we could be more restrictive, we will simply let any other traffic through. Enter the following statement:
BHM(config)#access-list 100 permit ip any anyNow we need to apply the access list to an interface. We could apply the list to any incoming traffic going to the production network Fa0/1 interface. However, if there were a great deal of traffic between the administrative network and the production network , the router would have to check every packet. There is concern that this would add unwanted overhead to the router.Therefore the access list is applied to the any outgoing traffic going through the BHM router S0 interface. Enter the following:
BHM(config)#interface s0BHM(config-if)#ip access-group 100 out
Verify the syntax of the access-list with the show running-config command. The following lists the valid statements that should be in the configuration.
interface Serial0ip access-group 100 out<Output Omitted>access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255access-list 100 permit ip any any
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 134
Another valuable command is the show access-lists command. The following is a sample output.BHM#show access-listsExtended IP access list 100deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255permit ip any any
The show access-lists command also displays counters, indicating how many times the list has been used. No counters are listed here since we haven’t attempted to verify it yet.Note: Use the clear access-list counters command to restart the access list countersNow test the access list by verifying reachability to the Gadsden network by the administrative and production hosts.Can the production host (B) ping the Gadsden host (D)? __________________________________Can the production host (C) ping the Gadsden host (D)? __________________________________Can the administrative host (A) ping the Gadsden host (D)? _______________________________Can the production host (B) ping the administration host (A)? _____________________________Can the production host (B) ping the Gadsden router Serial interface? _______________________The production hosts (B) and (C) should be able to ping the administrative host (A) and Gadsden router Serial interface. However, they should not be able to ping the Gadsden host (D). The router should return a reply message to the host stating destination net unreachable.Issue the show access-lists command. How many matches are there? ________________Note: The show access-lists command displays the number of matches per line. Therefore the number of deny matches may seem odd until it is realized that the pings matched the deny statement and the permit statement.To help understand how the access list is operating, keep periodically issuing the showaccess-lists command.
Step 3 Allow a Production User Access to the Gadsden NetworkA call is received from a user in the production group (B). They are responsible for exchanging certain files between the production network and the Gadsden network. The ex tended access list needs to be altered to allow them access to the Gadsden network, while denying everyone else on the production network.Configure an extended access-list to allow that user access to Gadsden.Unfortunately, it is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access lis t. With numbered access lists, any attempt to delete a single statement results in the entire list’s deletion.Therefore the initial extended access list needs too be deleted and a new one created. To delete access-list 100, enter the following:
BHM#conf tEnter configuration commands, one per line. End with CNTL/Z.BHM(config)#no access-list 100
Verify that it has been deleted with the show access-lists command.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 135
Now create a new extended access list. Always filter from the most specific to the most generic. Therefore the first line of the access list should allow the production host (B) access to the Gadsden network. The remainder of the access-list should be the same as the previous we had entered.To filter the production host (B) the first line of the access list should be as follows:
BHM(config)#access-list 100 permit ip host 192.168.1.34 172.16.2.0 0.0.0.255Therefore, the access list permits the production host (B) access to the Gads den network.Now deny all of the remaining production hosts access to the Gadsden network and permit any on else. Refer to the previous step for the next two lines of the configuration. The show access-list command would display output similar to the following:
BHM#show access-listsExtended IP access list 100permit ip host 192.168.1.34 172.16.2.0 0.0.0.255deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255permit ip any anyBHM#
Now test the access list by verifying reachability to the Gadsden network by the administrative and production hosts.Can the production host (B) ping the Gadsden host (D)? ___________________________________Can the production host (C) ping the Gadsden host (D)? ___________________________________The production host (B) should now be able to ping the Gadsden host (D). However, all other production hosts (C) should not be able to ping the Gadsden host (D). Again, the router should return a reply message to the host stating destination net unreachable for host (C).
Step 4 Allow Gadsden Users Access to the Administration Payroll ServerThe administration group houses the payroll server. Users from the Gadsden site need FTP and HTTP access the payroll server from time to time to upload and download payroll reports.Configure an extended access-list to allow users from the Gads den site FTP, HHTP access to the payroll server only. It is decided to also allow ICMP access for them to ping the server. Gadsden users should not be able to ping any other host on the Administration network.We do not want unnecessary traffic between the sites therefore it is decided to configure an extended access list on the Gadsden router.I was anticipated that privileged EXEC access to the Gadsden would be required from time to time. That is why Telnet access to it is configured. Otherwise travel would be required to the Gadsden site to configure it.Telnet to the Gadsden router from the Birmingham router and enter enable mode. Troubleshoot as necessary.Note: A common pitfall when configuring access lists on remote routers is to inadvertently lock yourself_ out. This is not a big problem when the router is physically located loc al. However, this could be a huge problem if the router is physically located in another geographical location.For this reason, it is strongly suggest that the reload in 30 command be issued on the remote router. This would automatically reload the remote router within 30 minutes of issuing the
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 136
command. Therefore, if the administrator was locked out, it would eventually reload to the previous configuration, allowing access to the router again. Use the reload cancel command to deactivate the pending reload.Configure an extended access list to allow FTP access to the payroll server. The access list statement should be similar to the following:
GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq ftpThis line will permit any host from the Gadsden network FTP access to the payroll server at address 192.168.1.18.What could we have defined instead of using the keyword any?_____________________________________________________________________________What could we have defined instead of using the keyword host_?_____________________________________________________________________________What could we have defined instead of using the keyword ftp_?_____________________________________________________________________________Now configure the next line of the access list to permit HTTP access to the payroll server. The access list statement should be similar to the following:
GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq httpThis line will permit any host from the Gadsden network FTP access to the payroll server at address 192.168.1.18.What else could we have defined instead of using the keyword http?_____________________________________________________________________________Now configure the next line of the access list to permit ICMP access to the payroll server. The access list statement should be similar to the following:
GAD(config)#access-list 110 permit icmp any host 192.168.1.18This line will permit any host from the Gadsden network to ping the payroll server at address 192.168.1.18.Finally, no Gadsden user should be able access any other host on the Administration network. Although it is not required, it is always a good idea to include a deny statement. Adding the statement is a good reminder and makes it easier to read_ the access list. The access list statement should be similar to the following:
GAD(config)#access-list 110 deny ip any 192.168.1.16 0.0.0.15Now we need to apply the access list to an interface. To reduce unwanted WAN traffic, it is decided to apply the access list to the any outgoing traffic going through the Gadsden routers S0 interface. Enter the following:
GAD(config)#interface s0GAD(config-if)#ip access-group 110 out
Now test the access list by verifying reachability to the payroll server by a Gadsden host (D).Can the Gadsden host (D) ping the payroll server? ______________________________________Can the Gadsden host (D) ping the host (A)? __________________________________________The Gads den host should be able to ping the payroll server only. The router should return the destination net unreachable when it tries to ping the administrative host (D).
Step 5 Document the ACLAs a part of all network management, documentation needs to be created. Using the text file
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 137
created for the configuration, add additional comments. This file should also contain output from the show access-list and the show ip interface commands.The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation.That should complete this extended ACL lab.Once finished, eras e the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 138
ObjectiveCreate a named ACL to permit or deny specific traffic.Test the ACL to determine if the desired results were achieved.
Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.
Step 1 Configure the hostname and passwords on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords. Configure the FastEthernet interface on the router according to the chart.
Step 2 Configure the hosts on the Ethernet segmentHost 1
IP address 192.168.14.2Subnet mask 255.255.255.0Default gateway 192.168.14.1
Step 5 Prevent access to the Ethernet interface from the hostsCreate a named access list that will prevent access to FastEthernet 0 from the 192.168.14.0 network.At the configuration prompt type the following command:
GAD(config)#ip access-list standard no_accessGAD(config-std-nacl)#deny 192.168.14.0 0.0.0.255GAD(config-std-nacl)#permit any
Why is the third statement needed? ____________________________________________
Step 6 Ping the router from the hostsWere these pings successful? ________________________________________________If they were, why? _________________________________________________________
Step 7 Apply the Access list to the interfaceAt the FastEthernet interface mode prompt type the following:
GAD(config-if)#ip access-group no_access inStep 8 Ping the router from the hosts
Were these pings successful? ________________________________________________Why or why not? __________________________________________________________Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the router
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 140
ObjectiveUse the access-class and line commands to control telnet access to the router.
ScenarioCompany home office in Gadsden (GAD) provides services to branch offices such as Birmingham (BHM) office. Only system with in the local network should be able to telnet to router. To do this standard access-list will be created that will permit users on network the local network to telnet to local router. The access-list will then be applied to the Virtual Terminal (vty) lines.
Step 1 Basic Router InterconnectionInterconnect the routers as shown in the diagram.
Step 2 Basic ConfigurationThe router may contain configurations from a previous use. For this reason, erase the startup configuration and reload the router to remove any residual configurations. Using the information previously in the tables, setup the router and host configurations and verify reachablilty by pinging all systems and routers from each system.Then telnet from the hosts to both the local router and the remote router.
Step 3 Create the Access List that Represents the Gadsden LANThe Local Area Network in Gadsden has a network address of 192.168.1.0 /24. To create the access list to permit this use the following commands:
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 141
GAD(config)#access-list 1 permit 192.168.1.0 0.0.0.255Step 4 Apply the Access List to Permit Only the Gadsden LAN
Now that the list is created to represent traffic, it needs to be applied to the vty lines. This will restrict any telnet access to the router. While these could be applied separately to each interface, it is easier to apply the list to all vty lines in one statement. This is done by enter the interface mode for all 5 line with the global config command line vty 0 4. For the Gadsden router type:
Step 5 Test the RestrictionTest the functionality of the ACL by trying to telnet host and verify that is to be permitted or denied as appropriate.
[ ] verify that host 1 CAN telnet GAD[ ] verify that host 2 CAN telnet GAD[ ] verify that host 3 CANNOT telnet GAD[ ] verify that host 4 CANNOT telnet GAD
Step 6 Create the Restrictions for Birmingham RouterRepeat the above process to restrict the telnet access to BHM. Thus restriction should allow only hosts in the Birmingham LAN to telnet to BHMTest the functionality of the ACL by trying to telnet host and verify that is to be permitted or denied as appropriate.
[ ] verify that host 1 CANNOT telnet BHM[ ] verify that host 2 CANNOT telnet BHM[ ] verify that host 3 CAN telnet BHM[ ] verify that host 4 CAN telnet BHM
Step 7 Document the ACLAs a part of all network management, documentation needs to be created. Capture a copy of the configuration and add additional comments to explain the purpose to ACL code.The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation.Once finished, erase the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 142
ObjectiveBackup a copy of a router IOS from flash to a TFTP server.Reload the back up IOS software image from a TFTP server into flash on a router.
Background/PreparationFor recovery purposes it is important to keep backup copies of router IOS images. These can be stored in a central location such as a TFTP server and retrieved if necessary. Cable a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination.Start a HyperTerminal session.
Step 1 Configure the Gadsden routerVerify the routers configurations by performing a show running-config on each router. If not correct, fix any configuration errors and verify.
Step 2 Configure the workstationThe configuration for the host connected to the Gadsden Router is:
IP Address 192.168.14.2IP subnet mask 255.255.255.0Default gateway 192.168.14.1
Step 3 Login to the router in user modeConnect to the Gadsden router and login.
Step 4 Collect information to document the new routerIssue the show version command.What is the current value of the config-register?____0x ______________________________How much flash memory does this router have? ___________________________________Is there at least 4mb (4096K) of flash? ____________________What is the version number of boot ROM? ____________________
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 143
Is the boot ROM version 5.2 or later? ____________________
Step 5 Collect more information to document the new routerIssue the show flash command.Is there a file already stored in flash? ___________________________________________If so, what is the exact name of that file? _________________________________________How much of flash is available or unused? _______________________________________Note: If there is a file in flash, it will probably need to be erased before a new one is loaded. That choice will be offered in the copy tftp flash command in a later step. However, it is possible to save a copy of that file with the command copy flash tftp. If there is a possibility of ever having to revert to that software version, follow the instructions in the Copy IOS to TFTP server section.
Step 6 Start and configure the Cisco TFTP ServerCheck with the instructor as to the IP address of the Cisco TFTP server.
Step 7 Verify connectivityPing the TFTP server from the Gadsden router.If the ping fails, review host and router configurations to resolve the problem.
Step 8 Copy IOS to TFTP serverBefore copying the files, verify that the TFTP server is running.What is the IP address of the TFTP server? ______________________________________From the console session, enter show flash.What is the name and length of the Cisco IOS image stored in flash?__________________________________________________________________________What attributes can be identified from codes in the Cisco IOS filename?
Step 9 Write the configurationWrite the configuration mode commands to specify what the IOS image should be loaded from:Flash: __________________________________________________________________TFTP server: _____________________________________________________________ROM: __________________________ Will this be a full IOS image? __________
Step 10 Copy the IOS image to the TFTP serverJoin NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 144
From the cons ole session in the privileged EXEC mode, enter the copy flash tftp command. At the prompt enter the IP address of the TFTP server:
GAD#copy flash tftpSource filename []? flash:c1700-y-mz.122-11.T.binAddress or name of remote host []? 192.168.14.2Destination filename [c1700-y-mz.122-11.T.bin]? y
After entering this command and answering the process requests, the student should see the following output on the console. Do not interrupt this process.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4284648 bytes copied in 34.012 secs (125975 bytes/sec)
Step 11 Verify the transfer to the TFTP serverCheck the TFTP server log file by clicking View > Log File. The output should resemble the following output:
Verify the flash image size in the TFTP server directory. To locate it, click on View > Options. This will show the TFTP server root directory. It should be similar to the following, unless the default directories were changed:
C:\Program Files\Cisco Systems\Cisco TFTP ServerLocate this directory using the File Manager. Look at the detail listing of the file. The file length in the show flash command should be the same file size as the file stored on the TFTP server. If the file sizes are not identical, check with the instructor.
Step 12 Copy the IOS image from the TFTP serverNow that the IOS is backed up, the image must be tested and the IOS restored to the router. Verify again that the TFTP server is running, sharing a network with the router, and can be reached. Ping the TFTP server IP address.Record the IP address of the TFTP server. _______________________________________Copy from the privileged EXEC prompt.
GAD#copy tftp flashAddress or name of remote host 192.168.14.2Source filename c1700-y-mz.122-11.T.binDestination filename [c1700-y-mz.122-11.T.bin]? [Enter]Accessing tftp://192.168.14.2/c1700-y-mz.122-11.T.bin...Erase flash: before copying? [confirm][Enter]Erasing the flash filesystem will remove all files! Continue?[confirm][Enter]Erasing device...eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeerasedErase of flash: completeLoading c1700-y-mz.122-11.T.bin from 192.168.14.2 (via FastEthernet0):
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 145
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![OK - 4284648 bytes]Verifying checksum... OK (0x9C8A)4284648 bytes copied in 26.584 secs (555739 bytes/sec)
The router may prompt to erase flash. Will the image fit in available flash? _____________If the flash is erased, what happened on the router console screen as it was doing so?__________________________________________________________________________What is the size of the file being loaded? __________________Do not interrupt the process.What happened on the router console screen as the file was being downloaded?__________________________________________________________________________Was the verification successful? __________________Was the whole operation successful? __________________
Step 13 Test the restored IOS imageVerify that the router Image is correct. Cycle the router power and observe the startup process to confirm that there were no flash errors. If there are none, then the router IOS should have started correctly.Further verify IOS image in flash by issuing the show version command which will show output similar to:
System image file is "flash:c1700-y-mz.122-11.T.bin"Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the router
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 146
ObjectiveGain access to a router with an unknown privileged mode (enable) pass word.
Background/PreparationThis lab demonstrates gaining access s to a router with an unknown privileged mode (enable) password. One point to be made here is that anyone with this procedure and access to a console port on a router can change the password and take control of the router. That is why it is of critical importance that routers also have physical security to prevent unauthorized access. Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination.Start a HyperTerminal session.
Step 1 Attempt login to the routerMake the necessary console connections and establish a HyperTerminal session with the router. Attempt to logon to the router using the enable password cisco. The output should look like the following:
Router>enablePassword:Password:Password:% Bad secretsRouter>
Step 2 Document the current config-register settingAt the user EXEC prompt type show version.Record the value displayed for configuration register ___________ . For example 0x2102.
Step 3 Enter the ROM Monitor modeTurn the router off, wait a few seconds and turn it back on. When the router starts displaying system Bootstrap, Version on the HyperTerminal screen, press the Ctrl key and the Break key together. The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as: "rommon 1 >" or simply _>_ may show.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 147
Step 4 Examine the ROM Monitor mode helpType ? at the prompt. The output should be similar to this:rommon 1 >?alias set and display aliases commandboot boot up an external processbreak set/show/clear the breakpointconfreg configuration register utilitycontext display the context of a loaded imagedev list the device tabledir list files in file systemdis display instruction streamhelp monitor builtin command helphistory monitor command historymeminfo main memory informationrepeat repeat a monitor commandreset system resetset display the monitor variablessysret print out info from last system returntftpdnld tftp image downloadxmodem x/ymodem image download
Step 5 Change the configuration register setting to boot without loading configuration file
From the ROM Monitor mode, type confreg 0x2142 to change the config-register. rommon 2 >confreg 0x2142
Step 6 Restart RouterFrom the ROM Monitor mode, type reset or power cycle the router.
rommon 2 >resetDue to the new configuration register setting, the router will not load the configuration file. The system prompts:
"Would you lik e to enter the initial configuration dialog? [yes]:"Enter no and press Enter.
Step 7 Enter Privileged EXEC mode and change passwordNow at the user mode promptRouter>Type enablePress Enter to go to the privileged mode without a password.Use the command copy startup-config running-config to restore the existing configuration. Since the user is already in privileged EXEC no password is needed.Type configure terminal to enter the global configuration mode.In the global configuration mode type enable secret class to change the secret password.While still in the global configuration mode, type config-register xxxxxxx. xxxxxxx is the original configuration register value recorded in Step 2.Press Enter.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 148
Use the Ctrl z combination to return to the privileged EXEC mode.Use the copy running-config startup-config command to save the new configuration.Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter.Verify that the last line of the output reads:Configuration register is 0x2142 (will be 0x2102 at next reload).Use the reload command to restart the router.
Step 8 Verify new password and configurationWhen the router reloads the password should be class.Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the routerEnter into the privileged EXEC mode by typing enable.If prompted for a password, enter class. If class does not work, ask the instructor for assistance.
Router>enableAt the privileged EXEC mode, enter the command erase startup-config.
Router#erase startup-configThe responding line prompt will be:
Erasing the nvram filesystem will remove all files! Continue?[confirm]Press Enter to confirm.
The response should be:Erase of nvram: complete
Now at the privileged EXEC mode, enter the command reload.Router(config)#reload
The responding line prompt will be:System configuration has been modified. Save? [yes/no]:Type n and then press Enter.
The responding line prompt will be:Proceed with reload? [confirm]Press Enter to confirm.
In the first line of the response will be:Reload requested by console.
After the router has reloaded the line prompt will be:Would you like to enter the initial configuration dialog? [yes/no]:Type n and then press Enter.
The responding line prompt will be:Press RETURN to get started!Press Enter.
The router is ready for the assigned lab to be performed.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 149
ObjectiveCheck and document the configuration register settings related to boot method.Configure the router to boot using the configuration file in NVRAM and reload the router.
Background/PreparationSetup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.
Step 1 Login to the routerConnect to the router and login.
Step 2 Configure the router name and configuration register settingEnter the following commands:
--- System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]:nType n and press Enter.
Step 5 View the running configuration fileEnter show running-config at the privileged EXEC mode prompt. The router will display information on the running configuration file stored in RAM.Is the configuration that was just entered shown? __________________________________
Step 6 Reload the saved configurationAt the privileged EXEC command prompt enter:
Step 7 Display IOS version and other important informationEnter show version command at the router prompt.The router will return information about the IOS that is running in RAM.Once the command is entered, notice that at the end of the output shows a configuration register setting of 0x2142. This is the problem. This configuration register setting is set to boot up in the password recovery mode. This is why the configuration saved to NVRAM is not showing.
Step 8 Change the config-register to boot from NVRAM, save, and reload the router
Enter global configuration mode and enter the following commands:Router>enableGAD#configure terminalGAD(config)#config-register 0x2102GAD(config)#exitGAD#copy running-config startup-configDestination filename [startup-config]?[Enter]GAD#reloadProceed with reload? [confirm][Enter]
Step 9 Verify the configuration register settingOnce the router has rebooted, it should boot from NVRAM. Verify this by issuing the command, show version.
GAD#show versionThe results will be shown. You should be able to see the config-register 0x2102.Upon completion of the previous steps, logoff by typing exit. Turn the router off.
Erasing and reloading the routerEnter into the privileged EXEC mode by typing enable.If prompted for a password, enter class. If 田 lass_ does not work, ask the instructor for assistance.
Router>enableAt the privileged EXEC mode, enter the command erase startup-config.
Router#erase startup-configThe responding line prompt will be:
Erasing the nvram filesystem will remove all files! Continue?[confirm]
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 151
ObjectiveConfigure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses.
Background/PreparationAn ISP has allocated a company the public classless interdomain routing (CIDR) IP address 199.99.9.32/27. This is equivalent to 30 public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to implement NAT. The addresses 199.99.9.33 – 199.99.9.39 for static allocation and 199.99.9.40 – 199.99.9.62 for dynamic allocation. Routing will be done between the ISP and the gateway router used by the company. A static route will be used between the ISP and gateway router and a default route will be used between the gateway router and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:
The hostname / The consoleThe virtual terminalThe enable passwordsThe interfaces
Step 2 Save the configurationAt the privileged EXEC mode prompt, on both routers, type the command copy running-config startup-config.
Step 3 Configure the hosts with the proper IP address, subnet mask, and default Join NETS Be The Best
National Engineers Training Services (NETS) Tel: 5867776-5837968 153
gatewayEach workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.
Step 4 Verify that the network is functioningFrom the attached hosts, pings the FastEthernet interface of the default gateway router.Was the ping from the first host successful? ________________________________Was the ping from the second host successful? ______________________________If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.
Step 5 Create a static routeCreate a static route from the ISP to the Gateway router. Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route.
ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18Is the static route in the routing table?What command checks the routing table contents?If the route was not in the routing table, give one reason why this might be so ?
Step 6 Create a default routeAdd a default route, using the ip route command, from the Gateway router to the ISP router. This will forward any unknown destination address traffic to the ISP.
Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17Step 7 Define the pool of usable public IP addresses
To define the pool of public addresses, use the ip nat pool command:Gateway(config)#ip nat pool public-access 199.99.9.40 199.99.9.62netmask 255.255.255.224
Step 8 Define an access list that will match the inside private IP addressesTo define the access list to match the inside private addresses, use the access list command:
Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255Step 9 Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command:Gateway(config)#ip nat inside source list 1 pool public-access
Step 10 Specify the interfacesThe active interfaces on the router, need to be specified as either inside or outside interfaces with respect to NAT. To do this, use the ip nat inside or ip nat outside command:
Gateway(config)#interface fastethernet 0Gateway(config-if)#ip nat insideGateway(config-if)#interface serial 0Gateway(config-if)#ip nat outside
Step 11 Testing the configurationConfigure a workstation on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1. From the PC, ping 172.16.1.1. If successful, look at the NAT translation on the Gateway router, using the command show ip nat translations.
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 154
What is the translation of the inside local host addresses?The inside global address is assigned by?The inside local address is assigned by?Upon completion of the previous steps finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Configuration reference sheetThis sheet contains the basic configuration commands for the ISP and Gateway routers:
ObjectiveConfigure a router to use Port Address Trans lation (PAT) to convert internal IP addresses, typically private addresses, into an outside public address.
Background/PreparationAidan McDonald has just received a DSL line Internet connection to a local ISP in his home. The ISP has allocated only one IP address to be used on the serial port of his remote access device. Thus all PCs on Aidan’s LAN, each with its own private IP address, will share one public IP address on the router using PAT. Routing from the home or gateway router to the ISP will be done by using a default route to Serial 0 of the Gateway router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwordsThe interfaces
Step 2 Save the configurationAt the privileged EXEC mode prompt, on both routers, type the command copy running-config startup-config.
Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. If for some reason this is not the
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 157
case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.
Step 4 Verify that the network is functioningFrom the attached hosts, ping the FastEthernet interface of the default gateway router.Was the ping from the first host successful? _____________Was the ping from the second host successful? _____________If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.
Step 5 Create a default routeAdd a default route to the serial 0 interface of the gateway router. This will forward any unknown destination address traffic to the ISP. Use the ip route command to create the default route:
Gateway(config)#ip route 0.0.0.0 0.0.0.0 serial 0Is the route in the routing table? _______________________________________________Try to ping from one of the workstations to the ISP serial interface IP address.Was the ping suc cessful? ____________________________________________________Why? __________________________________________________________________What command checks the routing table contents? _________________________________
Step 6 Define an access list that will match the inside private IP addressesTo define the access list to match the inside private addresses, use the access list command:
Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255Step 7 Define the PAT translation from inside list to outside address
To define the PAT translation, use the ip nat inside source command. This command with the overload option will create port address translation using the serial 0 IP address as the base:
Gateway(config)#ip nat inside source list 1 interface serial 0 overloadStep 8 Specify the interfaces
The active interfaces on the router need to be specified as either inside or outs ide interfaces with respect to PAT. To do this, use the ip nat inside or ip nat outside command:
Gateway(config)#interface fastethernet 0Gateway(config-if)#ip nat insideGateway(config-if)#interface serial 0Gateway(config-if)#ip nat outside
Step 9 Testing the configurationConfigure a PC on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1. From the PCs, ping the Internet address 172.16.1.1. If succ essful, Telnet to the same IP address. Then look at the PAT translation on the gateway router, using the command
show ip nat translations.What is the translation of the inside local host addresses ?What does the number after the colon represent?Why do all of the commands for PAT say NAT?Upon completion of the previous steps finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 158
ObjectiveConfigure a router for Network Address Translation (NAT) and Port Address Translation (PAT)Troubleshoot NAT and PAT using debug
Background/PreparationThe ISP has allocated a company the public CIDR IP address 199.99.9.32/30. This is equivalent to four public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to use NAT with PAT. Routing between the ISP and the gateway router is done using a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router.Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.
Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwordsThe interfaces
Step 2 Save the configurationAt the privileged EXEC mode prompt, on both routers, type the command copy running-configstartup-config.
Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway
Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 161
specific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher check using ipconfig in a DOS window.
Step 4 Verify that the network is functioningFrom the attached hosts, ping the FastEthernet interface of the default gateway router.Was the ping from the first host successful? _____________Was the ping from the second host successful? _____________If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.
Step 5 Create a static routeCreate a static route from the ISP to the Gateway router. Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route:
ISP(config)#ip route 199.99.9.32 255.255.224.0 200.2.2.18Is the static route in the routing table? ___________________________________________What command checks the routing table contents? _________________________________If the route was not in the routing table, give one reason why this might be so?
Step 6 Create a default routeAdd a default route, using the ip route command, from the Gateway router to the ISP router. This will forward any unknown destination address traffic to the ISP:
Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17Is the static route in the routing table? ___________________________________________Try to ping from one of the workstations to the ISP serial interface IP address.Was the ping successful? ____________________________________________________Why? __________________________________________________________________
Step 7 Define the pool of usable public IP addressesTo define the pool of public addresses, use the ip nat pool command:
Gateway(config)#ip nat pool public-access 199.99.9.32 199.99.9.35netmask 255.255.255.252
Step 8 Define an access list that will match the inside private IP addressesTo define the access list to match the inside private addresses, use the access list command:
Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255Step 9 Define the NAT translation from inside list to outside pool
To define the NAT translation, use the ip nat inside source command:Gateway(config)#ip nat inside source list 1 pool public-access overload
Step 10 Specify the interfacesOn the active interfaces on the router, it needs to be specified as either inside or outside interfaceswith respect to NAT. To do this, use the ip nat inside command:
Step 11 Testing the configurationTurn on debugging for NAT process by typing debug ip nat at the privileged EXEC mode prompt.Does the debug command show any output? _____________________________________If translation were taking place there would be output from the debug command. While reviewing
Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 162
the running configuration of the gateway router, it is seen that the ip nat outside statement has not been entered on the serial 0 interface. To configure this enter the following:
Gateway(config)#interface serial 0Gateway(config-if)#ip nat outsideFrom the work stations, ping 172.16.1.1
If the ip nat outside statement was entered correctly there should be output from the debug ip nat command.What does the NAT*: S=10.10.10.? -> 199.99.9.33 mean?To stop the debug output, type undebug all at the privileged EXEC mode prompt.Upon completion of the previous steps finish the lab by doing the following:
Logoff by typing exitTurn the router offRemove and store the cables and adapter
Configuration reference sheetThis sheet contains the basic configuration commands for the ISP and Gateway routers: