CCNA-Practicals NETS Final

A Name in Career Building

CISCO Certified Network AssociateCCNA-PRACTICAL LABS

Lab-1: Basic Switch Configuration

ObjectiveConfigure a switch with a name and an IP address.Configure passwords to ensure that access to the CLI is secured.Configure switch port speed and duplex properties for an interface.Save the active configuration.View the switch browser interface.

Background/PreparationCable a network similar to the one in the diagram.Start a HyperTerminal session.

Step 1 Enter privileged modePrivileged mode gives access to all the switch commands. Many of the privileged commands configure operating parameters. Therefore, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which access to the remaining command modes is gained.

Switch>enableSwitch#

1900:>enable#

Notice the prompt changed in the configuration to reflect privileged EXEC mode.

Step 2 Examine the current switch configurationExamine the following current running configuration file:

Switch#show running-configHow many Ethernet or Fast Ethernet interfaces does the switch have? ___________________What is the range of values shown for the VTY lines? _______________________________Examine the current contents of NVRAM as follows:

Switch#show startup-config%% Non-volatile configuration memory is not present

Join NETS Be The BestNational Engineers Training Services (NETS) Tel: 5867776-5837968 1



Why does the switch give this response?

_______________________________________________________________Step 3 Assign a name to the switch

Enter enable and then the configuration mode. The configuration mode allows the management of the switch. Enter AL Switch, the name this switch will be referred to in the following:

Switch#configure terminalEnter the configuration commands, one for each line. End by pressing Ctrl-Z.Switch(config)#hostname ALSwitchALSwitch(config)#exit

Notice the prompt changed in the configuration to reflect its new name.Type exit or press Ctrl-Z to go back into privileged mode.

Step 4 Examine the current running configurationExam the current configuration that follows to verify that there is no configuration except for the hostname:

ALSwitch#show running-configAre there any passwords set on the lines? _______________________________________What does the configuration show as the hostname of this switch? ______________________

Step 5 Set the access passwords (1900: Skip to Step 6)Enter config-line mode for the console. Set the password on this line as cisco for login. Configure the vty lines 5 to 15 with the pass word cisco as follows:

ALSwitch#configure terminalEnter the configuration commands, one for each line. End by pressing Ctrl-Z.

ALSwitch(config)#line con 0ALSwitch(config-line)#password ciscoALSwitch(config-line)#loginALSwitch(config-line)#line vty 0 15ALSwitch(config-line)#password ciscoALSwitch(config-line)#loginALSwitch(config-line)#exit

Step 6 Set the command mode passwordsSet the enable password to cisco and the enable secret password to class as follows:

ALSwitch(config)#enable password cisco1900:ALSwitch(config)#enable password level 15 ciscoALSwitch(config)#enable secret class

Which password takes precedence, the enable password or enable secret password? _______

Step 7 Configure the layer 3 access to the switchSet the IP address of the switch to 192.168.1.2 with a subnet mask of 255.255.255.0 as follows:

Note: This is done on the internal virtual interface VLAN 1.ALSwitch(config)#interface VLAN 1ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0ALSwitch(config-if)#exit1900:ALSwitch(config)#ip address 192.168.1.2 255.255.255.0




ALSwitch(config)#exitSet the default gateway for the switch and the default management VLAN to 192.168.1.1 as follows:

ALSwitch(config)#ip default-gateway 192.168.1.1ALSwitch(config)#exit1900:ALSwitch(config)#ip default-gateway 192.168.1.1ALSwitch(config)#exit

Step 8 Verify the management LANs settings (1900: Skip to Step 10)Verify the interface settings on VLAN 1 as follows:

ALSwitch#show interface VLAN 1What is the bandwidth on this interface? ______________________________What are the VLAN states: VLAN1 is __________, Line protoc ol is __________Enable the virtual interface using the no shutdown command

ALSwitch(config)#interface VLAN 1ALSwitch(config-if)#no shutdownALSwitch(config-if)#exit

What is the queuing strategy? ______________________________________

Step 9 Save the configurationThe basic configuration of the switch has just been completed. Back up the running configuration file to NVRAM as follows :

ALSwitch#copy running-config startup-configDestination filename [startup-config]?[Enter]Building configuration...[OK]ALSwitch#

1900:The configuration is automatically saved to NVRAM within approximately one minute of entering a command. To save the configuration to a TFTP server, enter the following:

ALSwitch#copy nvram tftp://tftp server ip add/destination_filenameConfiguration upload is successfully completed.

Step 10 Examine the startup configuration file (1900: Skip to Step 11)To see the configuration that is stored in NVRAM, type show startup-config from the

privileged EXEC (enable mode)ALSwitch#show startup-config

What is displayed? __________________________________________________________Are all the changes that were entered recorded in the file? ____________________________

Step 11 Exit the switchLeave the switch welcome screen by typing exit as follows :

ALSwitch#exitOnce these steps are completed, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.




Lab-2: Configuring Message-Of-The-Day (MOTD)

ObjectiveDemonstrate the commands to enter a message-of-the-day (MOTD) on the router. This procedure allows all users to view the message upon entering the router.Set up a network similar to the one in the previous diagram.

Background/PreparationIn this lab the Cisco Discovery Protocol (CDP) commands will be used. CDP discovers and shows information about directly connected Cisco devices (routers and switches).Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination.Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.

Step 1 Configure basic router informationOn the Gadsden router, enter the global configuration mode. Configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.Enter the show running-config command to verify the configuration that was just entered.Save the configuration information from the privileged EXEC command mode.

GAD#copy running-config startup-configStep 2 Enter Global Configuration mode

Enter configure terminal at the router prompt. Notice the change in the router prompt.

Step 3 Display help for the banner motd commandEnter banner motd ? at the router prompt.What is the character called that is used to indicate the beginning and end of the banner?__________________________________________________________________

Step 4 Choose a description for the interfaceThe login banner should be a warning not to attempt login unless authorized. In the following space, enter an appropriate warning banner. The message can contain any printable character as well as spaces and carriage returns .________________________________________________________________________




Step 5 Enter the desired banner messageFrom the global configuration mode enter banner motd # message #. The _#_ signs are used as delimiters and the message_ is the banner message c hosen in the previous step.

Step 6 Test the MOTD displayExit the console session. Reenter the router to display the mess age-of-the-day. This is done by pressing the Enter key. This will display the message entered into the configuration.

Step 7 Verify the MOTD by looking at the router configurationEnter the show running-config command.How does the banner MOTD show in the configuration listing?_______________________________________________________________________Save the configuration information from the privileged EXEC command mode. Upon completion of the previous steps, logoff by typing exit. Turn the router off.

Erasing and reloading the routerEnter into the privileged EXEC mode by typing enable.If prompted for a password, enter class. If class_ does not work, ask the instructor for assistance.

Router>enableAt the privileged EXEC mode, enter the command erase startup-config.

Router#erase startup-configThe responding line prompt will be:

Erasing the nvram filesystem will remove all files! Continue?[confirm]Press Enter to confirm.

The response should be:Erase of nvram: complete

Now at the privileged EXEC mode, enter the command reload.Router(config)#reload

The responding line prompt will be:System configuration has been modified. Save? [yes/no]:Type n and then press Enter.

The responding line prompt will be:Proceed with reload? [confirm]Press Enter to confirm.

In the first line of the response will be:Reload requested by console.




Lab-3: Configuring Static VLANs

ObjectiveCreate a basic switch configuration and verify it.Determine the switch firmware version.Create two VLANs, name them and assign member ports to them.

Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains .Cable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise.Instructions are also provided for the 1900 Series switch, which initially displays a Us er Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab.Start a HyperTerminal session.

Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.

Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway as on the switch.

Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the host.Was the ping suc cessful? ____________________________________________If the answer is no, troubleshoot the host and switch configurations.

Step 4 Show the IOS versionIt is very important to know the version of the operating system. Differences between versions may change how commands are entered. Type the show version command at the user EXEC or privileged EXEC mode prompt as follows:




Switch_A#show vlanWhat version of the switch IOS is displayed? ______________________________________Does this switch have standard edition or Enterprise edition software? ___________________What is the Firmware version of the switch? ______________________________________

Step 5 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlan1900:Switch_A#show vlan-membership

Which ports belong to the default VLAN? ________________________________________1900:Switch_A#show vlan

How many VLANs are set up by default on the switch? ______________________________What does the VLAN 1003 represent? __________________________________________How many ports are in the 1003 VLAN? _________________________________________

Step 6 Create and name two VLANsCheck prompts on 2950Enter the following commands to create and name two VLANs:

Switch_A#vlan databaseSwitch_A(vlan)#vlan 2 name VLAN2Switch_A(vlan)#vlan 3 name VLAN3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 2 name VLAN2Switch_A(config)#vlan 3 name VLAN3


Switch_A#show vlanAre there new VLANs in the listing? _____________________________________

1900:Switch_A#show vlan-membership

Do they have any ports assigned to them yet? ______________________________

Step 8 Assign ports to VLAN 2Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 2 to VLAN 2:

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/2Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface Ethernet 0/2




Switch_A(config-if)#vlan static 2Switch_A(config)#end



Is port 2 assigned to VLAN 2? ___________________________________________Is the port still listed in the default VLAN? _________________________________

Step 10 Assign a port to VLAN 3Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add port 3 to VLAN3

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/3Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface Ethernet 0/3Switch_A(config)#vlan static 3Switch_A(config)#end

Step 11 Look at the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:


Is port 3 assigned to VLAN 3? ________________________________________________Is the port still listed in the default VLAN? ________________________________________

Step 12 Look at only VLAN2 informationInstead of displaying all of the VLANs type the show vlan id 2 command at the privileged EXEC mode prompt as follows:

Switch_A#show vlan id 21900:Switch_A#show vlan 2

Does this command supply any more information than the show VLAN command? __________

Step 13 Look at only VLAN2 information with a different command (1900: Omit this step)

Instead of displaying all of the VLANs type the show vlan name VLAN2 command at the privileged EXEC mode prompt.

Switch_A#show vlan name VLAN2Does this command supply any more information than the show VLAN command? __________Once the steps are completed, log off by typing exit, and turn all the devices off. Then remove and




store the cables and adapter.




Lab-4: Verifying VLAN Configurations

ObjectiveCreate a basic switch configuration and verify it.Create two VLANs.Name the VLANs and assign multiple member ports to them.Test functionality by moving a workstation from one VLAN to another.

Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Cable a network similar to the one in the diagram.Start a HyperTerminal session.

Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings.


Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the host.Was the ping successful? __________________________________________________If the answer is no, troubleshoot the host and switch configurations.



Which ports belong to the default VLAN? ________________________________________

Step 5 Create and name two VLANsEnter the following commands to create and name two VLANs:

Switch_A#vlan database




Switch_A(vlan)#vlan 2 name VLAN2Switch_A(vlan)#vlan 3 name VLAN3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 2 name VLAN2Switch_A(config)#vlan 3 name VLAN3Switch_A(config)#exit

Step 6 Assign ports to VLAN 2Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 4,5 and 6 to VLAN 2.

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/4Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)#interface fastethernet 0/5Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)#interface fastethernet 0/6Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface ethernet 0/4Switch_A(config-if)#vlan static 2Switch_A(config-if)#interface ethernet 0/5Switch_A(config-if)#vlan static 2Switch_A(config-if)#interface ethernet 0/6Switch_A(config-if)#vlan static 2Switch_A(config-if)#end

Step7 Display the VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:


Are ports 4 through 6 assigned to VLAN 2?__________________________________________________________________________

Step 8 Asign ports 7, 8, and 9 to VLAN 3Enter the following commands to add prot 3 to VLAN 3:

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/7Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3




Switch_A(config-if)#interface fastethernet 0/8Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3Switch_A(config-if)#interface fastethernet 0/9Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface ethernet 0/7Switch_A(config-if)#vlan static 3Switch_A(config-if)#interface ethernet 0/8Switch_A(config-if)#vlan static 3Switch_A(config-if)#interface ethernet 0/9Switch_A(config-if)#vlan static 3Switch_A(config-if)#end



Are ports 7 through 9 assigned to VLAN 3?_________________________________________________________________________

Step 10 Test the VLANsPing from the host in port 0/4 to the host in port 0/1.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/1 to the host in port 0/4.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/1 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________

Step 11 Move a hostMove the host in port 0/4 to port 0/3. Wait until the port LED goes green and then go to the next step.

Step 12 Test the VLANsPing from the host in port 0/3 to the host in port 0/1.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in port 0/1 to the host in port 0/3.




Was the ping successful? ____________________________________________________Ping from the host in port 0/3 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________

Step 13 Move hostsMove the hosts in port 0/3 to port 0/4 and the host in port 0/1 to port 0/5. Wait until the port LED goes green and then go to the next step.

Step 14 Test the VLANsPing from the host in port 0/4 to the host in port 0/5.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________Ping from the host in port 0/5 to the host in port 0/4.Was the ping successful? ____________________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Ping from the host in port 0/5 to the switch IP 192.168.1.2.Was the ping successful? ____________________________________________________Why? ___________________________________________________________________

Step 15 Move hostsMove the hosts in port 0/4 to port 0/8. Wait until the port LED goes green and then go to the next step.

Step 16 Test the VLANsPing from the host in port 0/4 to the host in port 0/8.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in port 0/8 to the host in port 0/4.Was the ping successful? ___________________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Ping from the host in port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________2900 and 2950 Series Switches

Enter into the privileged EXEC mode by typing enable.If prompted for a password, enter class (if that does not work, ask the instructor).Switch>enable

Remove the VLAN database information file.Switch#delete flash:vlan.datDelete filename [vlan.dat]?[Enter]Delete flash:vlan.dat? [confirm] [Enter]If there was no VLAN file, this message is displayed.%Error deleting flash:vlan.dat (No such file or directory)

Remove the switch startup configuration file from NVRAM.Switch#erase startup-configThe responding line prompt will be:Erasing the nvram filesystem will remove all files! Continue? [confirm]




Press Enter to confirm.The response should be:Erase of nvram: complete

Check that VLAN information was deleted.Verify that the VLAN configuration was deleted in Step 2 using the show vlan command. If previous VLAN configuration information (other than the default management VLAN 1) is still present it will be necessary to power cycle the switch (hardware restart) instead of is suing the reload command. To power cycle the switch, remove the power cord from the back of the switch or unplug it. Then plug it back in.If the VLAN information was successfully deleted in Step 2, go to Step 5 and restart the switch using the reload command.Software restart (using the reload command)

At the privileged EXEC mode enter the command reload.Switch(config)#reloadThe responding line prompt will be:System configuration has been modified. Save? [yes/no]:Type n and then press Enter.The responding line prompt will be:Proceed with reload? [confirm] [Enter]The first line of the response will be:Reload requested by console.After the switch has reloaded, the line prompt will be:Would you like to enter the initial configuration dialog? [yes/no]:Type n and then press Enter.The responding line prompt will be:Press RETURN to get started! [Enter]

1900 Series SwitchesRemove VLAN Trunking Protocol (VTP) information.

#delete vtpThis command resets the switch with VTP parameters set to factory defaults.All other parameters will be unchanged.Reset system with VTP parameters set to factory defaults, [Y]es or [N]o?Enter y and press Enter.

Remove the switch startup configuration from NVRAM.#delete nvramThis command resets the switch with factory defaults. All system parameters will revert to their default factory settings. All static and dynamic addresses will be removed.Reset system with factory defaults, [Y]es or [N]o?Enter y and press Enter.




Lab-5: Deleting VLAN Configurations

ObjectiveCreate a basic switch configuration and verify it.Create two VLANs.Name the VLANs and assign multiple member ports to them.Delete VLANsUnderstand why it is not possible to delete VLAN 1.

Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.

Step 1 Configure the switchConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart


Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the host.Was the ping suc cessful? __________________________________________________If the answer is no, troubleshoot the host and switch configurations.



Which ports belong to the default VLAN? ________________________________________





Switch_A#vlan databaseSwitch_A(vlan)#vlan 2 name VLAN2Switch_A(vlan)#vlan 3 name VLAN3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 2 name VLAN2Switch_A(config)#vlan 3 name VLAN3

Step 6 Assign ports to VLAN 2Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 4, 5 and 6 to VLAN 2.

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/4Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)# interface fastethernet 0/5Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)# interface fastethernet 0/6Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 2Switch_A(config-if)#end

1900:Switch_A#config terminalSwitch_A(config)#interface Ethernet 0/4Switch_A(config-if)#vlan static 2Switch_A(config-if)#interface Ethernet 0/5Switch_A(config-if)#vlan static 2Switch_A(config-if)#interface Ethernet 0/6Switch_A(config-if)#vlan static 2Switch_A(config)#end



Are ports 4 through 6 assigned to VLAN 2? _______________________________________1900:Switch_A#config terminalSwitch_A(config)#interface Ethernet 0/4Switch_A(config-if)#vlan static 2Switch_A(config-if)#interface Ethernet 0/5Switch_A(config-if)#vlan static 2Switch_A(config-if)#interface Ethernet 0/6




Switch_A(config-if)#vlan static 2Switch_A(config)#end

Step 8 Assign Ports to VLAN 3Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/7Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3Switch_A(config)#interface fastethernet 0/8Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3Switch_A(config)#interface fastethernet 0/9Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 3Switch_A(config-if)#end

Step 9 Display the VLAN Interface InformationOn Switch_A, type the command show vlan at the privileged EXEC prompt.

Switch_A#show vlanAre ports 7-9 as signed to VLAN 3? _____________________________________________

Step 10 Test the VLANsPing from the host in port 0/4 to the host in port 0/1.Was the ping suc cessful? _____________________________________________Why? _____________________________________________Ping from the host in port 0/1 to the host in port 0/4.Was the ping suc cessful? _____________________________________________Why? _____________________________________________Ping from the host in port 0/4 to the switch IP 192.168.1.2.Was the ping successful? _____________________________________________Why? _____________________________________________Ping from the host in port 0/1 to the switch IP 192.168.1.2.Was the ping suc cessful? _____________________________________________Why? _____________________________________________

Step 11 Delete a Host from a VLANTo remove a host from a VLAN, use the no form of the switchport commands in the port interface configuration mode.

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/4Switch_A(config-if)#no switchport mode accessSwitch_A(config-if)#no switchport access vlan 21900:Switch_A#config terminalSwitch_A(config)#interface Ethernet 0/4Switch_A(config-if)#no vlan static 2Switch_A(config-if)#end

Step 12 Display the VLAN Interface InformationJoin NETS Be The Best

National Engineers Training Services (NETS) Tel: 5867776-5837968 17



On Switch_A, type the command show vlan at the privileged EXEC prompt.Switch_A#show vlan

Is port 0/4 removed from VLAN 2? _____________________________________________

Step 13 Delete a VLANTo remove an entire VLAN, enter the VLAN database mode and use the negative form of the command.

Switch_A#vlan databaseSwitch_A(vlan)#no vlan 3Deleting VLAN 3Switch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#no vlan 3Switch_A(config)#exit

Step 14 Display the VLAN Interface InformationOn Switch_A, type the command show vlan at the privileged EXEC prompt.

Switch_A#show vlanIs VLAN 3 removed? _______________________________________________________What happened to the ports that were released from the VLANs? ______________________

Step 15 Delete VLAN 1Try to delete VLAN 1, which is the default VLAN, the same way that you deleted VLAN 3.

Switch_A#vlan databaseSwitch_A(vlan)#no vlan 1A default VLAN may not be deleted.Switch_A(vlan)#exit1900:Switch_A#config tSwitch_A(config)#no vlan 1Switch_A(config)#no vlan 1 ^% Invalid input detected at '^' marker.Switch_A(config)#exit

The default VLAN cannot be deleted.




Lab-6: Trunking with 802.1q

ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.Test the VLANs functionality by moving a work station from one VLAN to another.

Background/PreparationTrunking changes the formatting of the packets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. Similar situation will occur if one of your ports is configured in trunking mode (unconditionally) and the other one as in access mode (unconditionally).When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Start a HyperTerminal session.

Step 1 Configure the switchConfigure the Hostname, access/command mode passwords, and the management LAN settings.

Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway on switch.

Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switch from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the host and switches configurations.





Switch_A#show vlanStep 5 Create and name three VLANs

Enter the following commands to create and name three VLANs:Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit

Step 6 Assign ports to a VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/4Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#interface fastethernet 0/5Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#interface fastethernet 0/6Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#end

Step 7 Assign ports to VLAN 20Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/7Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet 0/8Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet 0/9Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#end

Step 8 Assign ports to VLAN 30Enter the following commands to add ports 0/7 to 0/9 to VLAN 20:

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/10Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 30Switch_A(config-if)#interface fastethernet 0/11Switch_A(config-if)#switchport mode access




Switch_A(config-if)#switchport access vlan 30Switch_A(config-if)#interface fastethernet 0/12Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 30Switch_A(config-if)#end

Step 9 Create VLANs on Switch_BRepeat Steps 5 through 9 on Switch_B to create its VLANs

Step 10 Display the VLAN interface informationOn both switches, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? _____________________________________

Step 11 Test the VLANsPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping suc cessful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________

Step 12 Create the trunkOn both switches, Switch_A and Switc h_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q.

Switch_A(config)#interface fastethernet 0/1Switch_A(config-if)#switchport mode trunkSwitch_A(config-if)#endSwitch_B(config)#interface fastethernet 0/1Switch_B(config-if)#switchport mode trunkSwitch_B(config-if)#end

2900:Switch_A(config)#interface fastethernet0/1Switch_A(config-if)#switchport mode trunkSwitch_A(config-if)#switchport trunk encapsulation dot1qSwitch_A(config-if)#endSwitch_B(config)#interface fastethernet0/1Switch_B(config-if)#switchport mode trunkSwitch_B(config-if)#switchport trunk encapsulation dot1qSwitch_B(config-if)#end

Step 13 Verify the trunkTo verify that port Fast Ethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt.

Step 14 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________




Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________

Step 15 Move host.Move the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.

Step 16 Test the VLANS and the trunkPing from the host in Switch_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________

Step 17 Move hostMove the host in Switch_B from port 0/12 to port 0/7. Wait until the port LED goes green and then go to the next step.

Step 18 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/7.Was the ping suc cessful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________

Step 19 Move hostsMove the host in Switch_A from port 0/8 to port 0/2. Wait until the port LED goes green and then go to the next step.

Step 20 Test the VLANS and the trunkPing from the host in Switch_A port 0/2 to the host in Switch_B port 0/7.Was the ping successful? ___________________________________________________Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________


Step 22 Test the VLANS and the trunkPing from the host in Switc h_A port 0/2 to the host in Switch_B port 0/3.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3.Was the ping successful? ___________________________________________________




Why? __________________________________________________________________What conclusions can be drawn from the testing that was just performed in regards to VLAN membership and VLANs across a trunk?__________________________________________________________________________




Lab-7: Trunking with ISL

ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Create an ISL trunk line between the two switches to allow communication between paired VLANs.Test the VLANs functionality by moving a work station from one VLAN to another.

Background/PreparationNote: The use of Catalyst 2950 switches is not appropriate for this lab as they only support 802.1q trunking.

Trunking changes the formatting of the pack ets. The ports need to be in agreement as to which format is being used to transmit data on the trunk or no data will be passed. If there is different trunking encapsulation on the two ends of the link they will not able to communicate. A similar situation will occur if one of the ports is configured in trunking mode, unconditionally, and the other one as in access mode, unconditionally.When managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Start a HyperTerminal session.






Step 3 Verify connectivityTo verify that the host and switch are correctly configured, ping the switches from the host.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the host and switches configurations.


Switch_A#show vlanStep 5 Create and name three VLANs

Enter the following commands to create and name three VLANs:Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit

Step 6 Assign ports to a VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:


Step 7 Assign ports to VLAN 20Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/7Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet 0/8Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet 0/9Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#end


Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/10




Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 30Switch_A(config-if)#interface fastethernet 0/11Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 30Switch_A(config-if)#interface fastethernet 0/12Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 30Switch_A(config-if)#end

Step 9 Create VLANs on Switch_BRepeat Steps 5 through 8 on Switch_B to create its VLANs.

Step 10 Display he VLAN interface informationOn Switch_A, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? ____________________________

Step 11 Test the VLANsPing from the host in Switch_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________

Step 12 Create the ISL trunkOn both switches, Switch_A and Switc h_B, type the following command at the fastethernet 0/1 interface command prompt

Switch_A(config)#interface fastethernet 0/1Switch_A(config-if)#switchport mode trunkSwitch_A(config-if)#switchport trunk encapsulation islSwitch_A(config-if)#endSwitch_B(config)#interface fastethernet 0/1Switch_B(config-if)#switchport mode trunkSwitch_B(config-if)#switchport trunk encapsulation islSwitch_B(config-if)#end

Step 13 Verify the ISL trunkTo verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt.What type of trunking encapsulation is shown on the output results? __________________According to the output with show interface fastethernet 0/1 switchport on Switch_B, is there a difference from the Administrative Trunking Encapsulation from the Operational Trunking Encapsulation? ______________________________________________________________

Step 14 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping suc cessful? ___________________________________________________




Why? ___________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________

Step 15 Move hostMove the host in Switch_A from port 0/12 to port 0/8. Wait until the port LED goes green and then go to the next step.

Step 16 Test the VLANS and the trunkPing from the host in Switch_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________


Step 18 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/7.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________

Step 19 Move hostMove the host in Switch_A from port 0/8 to port 0/2. Wait until the port LED goes green and then go to the next step.

Step 20 Test the VLANS and the trunkPing from the host in Switc h_A port 0/2 to the host in Switch_B port 0/7.Was the ping successful? ___________________________________________________Ping from the host in Switch_A port 0/2 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________


Step 22 Test the VLANS and the trunkPing from the host in Switc h_A port 0/2 to the host in Switch_B port 0/3.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? ___________________________________________________________________Ping from the host in Switch_B port 0/3 to the switch IP 192.168.1.3.




Was the ping successful? ___________________________________________________Why? ___________________________________________________________________What conclusions can be drawn from the testing that was just performed in regards to VLAN membership and VLANs across a trunk?________________________________________________________________________




Lab-8: VTP Client and Server Configurations

ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Configure the VTP protocol to establish Server and client switches.Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.Then test the VLANs functionality by moving a work station from one VLAN to another.

Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator’s workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default.Cable a network similar to the one of in diagram. Start a HyperTerminal session.

Step 1 Configure the switchConfigure the hostname, access, and command mode passwords, as well as the management LAN settings. These values are shown in the chart.

Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask, and default gateway on switch.



Switch_A#show vlanStep 5 Configure VTP




VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is the protocol that will communicate information about which VLANs exist from one switch to another. If VTP did not provide this information, VLANs would have to be created on all switches individually.By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on.

Switch_A#vlan databaseSwitch_A(vlan)#vtp serverSwitch_A(vlan)#exit

Step 6 Create and name three VLANsEnter the following commands to create and name three VLANs:

Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit

Step 7 Assign ports to VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:










Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30?__________________________________________________________________________

Step 11 Configure VTP clientEnter the following commands to configure Switch_B to be a VTP client:

Switch_B#vlan databaseSwitch_B(vlan)#vtp clientSwitch_B(vlan)#vtp domain group1Switch_B(vlan)#exit

Step 12 Create the trunkOn both switches, Switch_A and Switch_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q.



Step 13 Verify the trunkTo verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt




What type of trunking encapsulation is shown on the output results? ____________________


Switch_A#show vlanDo VLANs 10, 20, and 30 show without having to type them in? ____________________Why did this happen? ______________________________________________________

Step 15 Assign ports to a VLAN 10Although the VLAN definitions have migrated to Switch_B using VTP, it is still necessary to assign ports to these VLANs on Switch_B. Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10.

Switch_B#configure terminalSwitch_B(config)#interface fastethernet 0/4Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 10Switch_B(config-if)#interface fastethernet 0/5Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 10Switch_B(config-if)#interface fastethernet 0/6Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 10Switch_B(config-if)#end




Switch_B#configure terminalSwitch_B(config)#interface fastethernet 0/10Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 30Switch_B(config-if)#interface fastethernet 0/11Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 30Switch_B(config-if)#interface fastethernet 0/12




Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 30Switch_B(config-if)#end

Step 18 Display the VLAN interface informationOn Switch_B, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? _________________________________

Step 19 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________


Step 21 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.




Lab-9: VTP Client and Server Configurations

ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Configure the VTP protocol to establish Server and client switches.Create an 802.1q trunk line between the two switches to allow communication between paired VLANs.Then test the VLANs functionality by moving a work station from one VLAN to another.

Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator’s workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default.Cable a network similar to the one of in diagram. Start a HyperTerminal session.


Step 2 Configure the hosts attached to the switchConfigure the host to use the same subnet for the address, mask , and default gateway on switch.



Switch_A#show vlanStep 5 Configure VTP




VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP is the protocol that will communicate information about which VLANs exist from one switch to another. If VTP did not provide this information, VLANs would have to be created on all switches individually.By default, the Catalyst switch series are configured as VTP servers. In the event that the sever services are turned off, use the following command to turn it back on.

Switch_A#vlan databaseSwitch_A(vlan)#vtp serverSwitch_A(vlan)#exit

Step 6 Create and name three VLANsEnter the following commands to create and name three VLANs:

Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name AccountingSwitch_A(vlan)#vlan 20 name MarketingSwitch_A(vlan)#vlan 30 name EngineeringSwitch_A(vlan)#exit

Step 7 Assign ports to VLAN 10Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10:










Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30?__________________________________________________________________________

Step 11 Configure VTP clientEnter the following commands to configure Switch_B to be a VTP client:

Switch_B#vlan databaseSwitch_B(vlan)#vtp clientSwitch_B(vlan)#vtp domain group1Switch_B(vlan)#exit

Step 12 Create the trunkOn both switches, Switch_A and Switch_B, type the following command at the fastethernet 0/1 interface command prompt. Note that it is not necessary to specify the encapsulation on a 2950, since it only supports 802.1Q.



Step 13 Verify the trunkTo verify that port fastethernet 0/1 has been established as a trunk port, type show interface fastethernet 0/1 switchport at the privileged EXEC mode prompt




What type of trunking encapsulation is shown on the output results? ____________________


Switch_A#show vlanDo VLANs 10, 20, and 30 show without having to type them in? ____________________Why did this happen? ______________________________________________________

Step 15 Assign ports to a VLAN 10Although the VLAN definitions have migrated to Switch_B using VTP, it is still necessary to assign ports to these VLANs on Switch_B. Assigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/4 to 0/6 to VLAN 10.





Switch_B#configure terminalSwitch_B(config)#interface fastethernet 0/10Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 30Switch_B(config-if)#interface fastethernet 0/11Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 30Switch_B(config-if)#interface fastethernet 0/12




Switch_B(config-if)#switchport mode accessSwitch_B(config-if)#switchport access vlan 30Switch_B(config-if)#end

Step 18 Display the VLAN interface informationOn Switch_B, type the command show vlan at the privileged EXEC prompt as follows:

Switch_A#show vlanAre ports 0/10 through 0/12 assigned to VLAN 30? _________________________________

Step 19 Test the VLANS and the trunkPing from the host in Switc h_A port 0/12 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/12 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________


Step 21 Test the VLANS and the trunkPing from the host in Switc h_A port 0/8 to the host in Switch_B port 0/12.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/8 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________Why? __________________________________________________________________Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove andstore the cables and adapter.




Lab-10: Configuring Static MAC Addresses

ObjectiveCreate a static address entry in the switch MAC table.Remove the created static MAC addres s entry.

Background/PreparationCable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise.Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line option from the menu to perform the steps for this lab.Start a HyperTerminal session.

Step 1 Configure the switchConfigure the hostname, access, and command mode passwords, as well as the management LAN

settings. These values are shown in the chart.

Step 2 Configure the hosts attached to the switchConfigure the hosts to use the same IP subnet for the address, mas k, and the default gateway on the switch.

Step 3 Verify connectivityTo verify that the hosts and switch are correctly configured, ping the switch IP address from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switch configurations.

Step 4. Record the host MAC addressesDetermine and record the layer 2 addresses of the PC network interface cards.If running Windows 98, check by using Start > Run > winipcfg. Click on More info.If running Windows 2000, check by using Start > Run > cmd > ipconfig /all.PC1: ___________________________________________________________________PC4: ___________________________________________________________________

Step 5 Determine what MAC addresses that the switch has learnedTo determine what MAC addresses the switch has learned use the show mac-address-table




command as follows at the privileged exec mode prompt:ALSwitch#show mac-address-table

How many dynamic addresses are there? ________________________________________How many total MAC addresses are there? _______________________________________Do the MAC addresses match the host MAC addresses? _____________________________

Step 6 Determine the show MAC table optionsTo determine the options the mac-address-table command has use the ? option as follows:

ALSwitch(config)#mac-address-table ?How many options are available for the mac-address-table command? _______________There is an option to set a static MAC address in the table. Under what circumstances would this option be utilized? ____________________________________________________________

Step 7 Setup a static MAC addressSetup a static MAC address on Fast Ethernet interface 0/4 as follows:Note: Use the address that was recorded for PC4 in step 4. The MAC address 00e0.2917.1884 is used in the ex ample statement only.

ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 12900:ALSwitch(config)#mac-address-table static 00e0.2917.1884 fastethernet 0/4 vlan 11900:ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 0/4

Step 8 Verify the resultsEnter the following to verify the mac–address table entries.

ALSwitch#show mac-address-table

How many total MAC addresses are there now? ___________________________________How many static addresses are there? __________________________________________Under what circumstances can other static or dynamic learning of addresses occur on port 4? ________________________________________________________________________

Step 9 Remove the static MAC entryThe static mac-address-table entry may need to be reversed. To do this, enter the configuration mode and reverse the command by putting a no in front of the entire old command string as follows:Note: The MAC address 00e0.2917.1884 is used in the example statement only, use the MAC address that was rec orded for the host on port 0/4.

ALSwitch(config)#no mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 12900:ALSwitch(config)#no mac-address-table static 00e0.2917.1884 fastEthernet 0/4 vlan 11900:ALSwitch(config)#no mac-address-table permanent 00e0.2917.1884 ethernet 0/4

Step 10 Verify the resultsEnter the following to verify that the static MAC address was cleared:

ALSwitch#show mac-address-table staticHow many total static MAC addresses are there now? _______________________________




Step 11 Exit the switchType exit, as follows, to leave the switch welcome screen

Switch#exitOnce the steps are completed, logoff, by typing exit, and turn all the devices off. Then remove and store the cables and adapter.

Erasing and Reloading the SwitchAs done in previous labs.




Lab-11: Managing the MAC Address Table

ObjectiveCreate a basic switch configuration.Manage the switch MAC table.

Background/PreparationCable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch used may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise. Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the command Line_ option from the menu to perform the steps for this lab.Start a HyperTerminal session.


Step 2 Configure the hosts attached to the switchConfigure the hosts to use the same IP subnet for the address, mask, and default gateway as on the switch.

Step 3 Verify connectivityTo verify that hosts and switch are correctly configured, ping the switch IP address from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switch configurations.

Step 4 Record the MAC addresses of the hosta. Determine and record the layer 2 addresses of the PC network interface cards.If running Windows 98, check by using Start > Run > winipcfg, then click on More info.If running Windows 2000, check by using Start > Run > cmd > ipconfig /all.PC1: ___________________________________________________________________PC4: ___________________________________________________________________

Step 5 Determine the MAC addresses that the switch has learnedTo determine the what MAC addresses the switch has learned use the show mac-address- table




command as follows at the privileged EXEC mode prompt:ALSwitch#show mac-address-table

How many dynamic addresses are there? ________________________________________How many total MAC addresses are there? _______________________________________Why are there more MAC addresses than ports on the switch?__________________________________________________________________________How many addresses have been user defined? ___________________________________Do the MAC addresses match the host MAC addresses? _____________________________

Step 6 Determine the show MAC table optionsTo determine the options the show mac-address-table command has use the ? option as follows:

ALSwitch#show mac-address-table ?How many options are available for the show mac-address-table command? __________Show only the mac-address-tables that were learned dynamically.How many are there? _______________________________________________________

Step 7 Clear the MAC address tableTo remove the existing MAC addresses use the clear mac-address-table command from the privileged EXEC mode prompt as follows:

ALSwitch#clear mac-address-table dynamicStep 8 Verify the results

Verify that the mac-address-table was cleared as follows:ALSwitch#show mac-address-table

How many total MAC addresses are there now? ___________________________________Why are there so many? ____________________________________________________How many dynamic addresses are there? ________________________________________

Step 9 Determine the clear MAC table optionsTo determine the options available use the command clear mac-address-table ? at the privileged EXEC mode prompt as follows:

ALSwitch#clear mac-address-table ?How many options are there? _________________________________________________In what circumstances would these options be used? _______________________________

Step 10 Examine the MAC table againLook at the MAC address table again using the show mac-address-table command at the privileged EXEC mode prompt as follows:

ALSwitch#show mac-address-tableHow many dynamic addresses are there? ________________________________________Why did this change from the last display? _______________________________________The table has not changed yet, ping the switch IP address from the hosts two times each and repeat Step 10.

Step 11 Exit the switchType exit, as follows to leave the switch welcome screen

witch#exitOnce the steps are completed, logoff, by typing exit, and turn all the devices off. Then remove and store the cables and adapter.

Switch>enable




Switch#Switch#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname ALSwitchALSwitch(config)#enable secret classALSwitch(config)#enable password ciscoALSwitch(config)#line con 0ALSwitch(config-line)#password ciscoALSwitch(config-line)#loginALSwitch(config-line)#line vty 0 15ALSwitch(config-line)#password ciscoALSwitch(config-line)#loginALSwitch(config-line)#interface Vlan1ALSwitch(config-if)#ip address 192.168.1.2 255.255.255.0ALSwitch(config-if)#no shutdownALSwitch(config-if)#ip default-gateway 192.168.1.1ALSwitch(config)#exitALSwitch#show mac-address-tableMac Address TableVlan Mac Address Type Ports---- ----------- -------- -----All 0009.b7f6.61c0 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPU1 0001.0276.8eec DYNAMIC Fa0/11 0001.0276.90dd DYNAMIC Fa0/4Total Mac Addresses for this criterion: 6ALSwitch#show mac-address-table ?address address keywordaging-time aging-time keywordcount count keyworddynamic dynamic entry typeinterface interface keywordmulticast multicast info for selected wildcardnotification MAC notification parameters and history tablestatic static entry typevlan VLAN keyword | Output modifiers<cr>ALSwitch#show mac-address-table dynamicMac Address Table-------------------------------------------Vlan Mac Address Type Ports




---- ----------- -------- -----1 0001.0276.8eec DYNAMIC Fa0/11 0001.0276.90dd DYNAMIC Fa0/4Total Mac Addresses for this criterion: 2ALSwitch#clear mac-address-table% Incomplete command.ALSwitch#clear mac-address-table ?dynamic dynamic entry typenotification Clear MAC notification Global CountersALSwitch#clear mac-address-table dynamicALSwitch#show mac-address-tableMac Address Table-------------------------------------------Vlan Mac Address Type Ports---- ----------- -------- -----All 0009.b7f6.61c0 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPUTotal Mac Addresses for this criterion: 4ALSwitch#clear mac-address-table ?dynamic dynamic entry type notification Clear MAC notification Global CountersALSwitch#show mac-address-tableMac Address Table-------------------------------------------Vlan Mac Address Type Ports---- ----------- -------- -----All 0009.b7f6.61c0 STATIC CPUAll 0100.0ccc.cccc STATIC CPUAll 0100.0ccc.cccd STATIC CPUAll 0100.0cdd.dddd STATIC CPU1 0001.0276.8eec DYNAMIC Fa0/11 0001.0276.90dd DYNAMIC Fa0/4





Lab-12: Selecting the Root Bridge

ObjectiveCreate a basic switch configuration and verify it.Determine which switch is selected as the root switch with the factory default settings.Force the other switch to be selected as the root switch.

Background/PreparationCable a network similar to the one in the diagram. The c onfiguration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are to be executed on each switch unless specifically instructed otherwise.Start a HyperTerminal session.

Step 1 Configure the switchesConfigure the hostname, access and command mode passwords, as well as the management LAN settings. These values are shown in the chart.

Step 2 Configure the hosts attached to the switchesConfigure the host to use the same subnet for the address, mask, and default gateway on switch.

Step 3 Verify connectivityTo verify that the hosts and switches are correctly configured, ping the switches from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switches configurations.

Step 4 Display the show interface VLAN optionsType show interface vlan1.List some of the options available: ________________ _______________ _____________

Step 5 Display VLAN interface informationOn Switch_A, type the command show interface VLAN1 at the privileged EXEC mode prompt as follows:

Switch_A#show interface vlan 1What is the MAC address of the s witch? _________________________________________On Switch_B type the command show interface VLAN1 at the privileged EXEC mode prompt as follows:

Switch_B#show interface vlan 1




What is the MAC address of the s witch? _________________________________________Which switch should be the root of the spanning tree for VLAN 1? ______________________

Step 6 Display the spanning tree table on each switchAt the privileged EXEC mode prompt, type the following on Switch_A:

Type show spanning-tree brief if running version 12.0 of the IOS. If running version 12.1 of the IOS, type show spanning-tree.Switch_A#show spanning-tree brief

On Switch_B type show spanning-tree brief at the privileged EXEC mode prompt as follows:Switch_B#show spanning-tree brief

Examine the output and ans wer the following questions.Which switch is the root switch? _______________________________________________What is the priority of the root switch? ___________________________________________What is the bridge id of the root switch? _________________________________________Which ports are forwarding on the root switch? ____________________________________Which ports are blocking on the root switch? ______________________________________What is the priority of the non-root switch? _______________________________________What is the bridge id of the non-root switch? ______________________________________Which ports are forwarding on the non-root switch? _________________________________Which ports are blocking on the non-root switch? __________________________________What is the status of the link light on the blocking port? ______________________________

Step 7 Reassign the root bridgeIt has been determined that the switch selected as the root bridge, by using default values, is not the best choice. It is necessary to force the 登 ther_ switch to become the root s witch.In the example output given the root switch by default, is Switch_A. Switch_B is preferred as the root switch. Go to the console and enter configuration mode if necessary.Determine the parameters that can be configured for the Spanning-Tree Protocol by issuing the following:

Switch_B(config)#spanning-tree ?List the options. _____________ _____________ _____________ _____________

_____________ _____________ _____________ _____________Set the priority of the switch that is not root to 4096.

If version 12.0 is used, enter the following:Switch_B(config)#spanning-tree priority 1Switch_B(config)#exit

If version 12.1 is used, enter the following:Switch_B(config)#spanning-tree vlan 1 priority 4096Switch_B(config)#exit

Step 8 Display the switch spanning tree tableAt the privileged EXEC mode prompt, type the following on Switch_A:Note: Type show spanning-tree brief if running version 12.0 of the IOS. If running version 12.1 of the IOS, type show spanning-tree.

Switch_A#show spanning-tree briefOn Switch_B type show spanning-tree brief at the privileged EXEC mode prompt as follows:

Switch_B#show spanning-tree brief




Examine the output and ans wer the following questions.Which switch is the root switch? _______________________________________________What is the priority of the root switch? ___________________________________________Which ports are forwarding on the root switch? ____________________________________Which ports are blocking on the root switch? ______________________________________What is the priority of the non-root switch? _______________________________________Which ports are forwarding on the non-root switch? _________________________________Which ports are blocking on the non-root switch? __________________________________What is the status of the link light on the blocking port? ______________________________

Step 9 Verify the running configuration file on the root switchOn the switch that was changed to be the root bridge, type show running-config at the privileged EXEC mode prompt.Is there an entry in the running configuration file that s pecifies the spanning tree priority of this router? ______________________________________________________________What does that entry say? ___________________________________________________Note: The output is different depending on if the IOS used is vers ion 12.0 or version 12.1.Once the steps are complete, log off by typing exit, and turn all the devices off. Then remove and store the cables and adapter.





Lab-13: Configuring Port Security

ObjectiveCreate and verify a basic switch configuration.Configure port security on individual FastEthernet ports.

Background/PreparationCable a network similar to the one in the diagram. The configuration output used in this lab is produced from a 2950 series switch. Any other switch us ed may produce different output. The following steps are intended to be executed on each switch unless specifically instructed otherwise.Instructions are also provided for the 1900 Series switch, which initially displays a User Interface Menu. Select the Command Line_ option from the menu to perform the steps for this lab.Start a HyperTerminal session.


Step 2 Configure the hosts attached to the switchConfigure the hosts to use the same IP subnet for the address, mas k, and default gateway as on the switch.There is a third host needed for this lab. It needs to be configured with the address 192.168.1.7. The subnet mask is 255.255.255.0 and the default gateway is 192.168.1.1.Note: Do not connect this PC to the switch yet.

Step 3 Verify connectivityTo verify that hosts and switch are correctly configured, ping the switch IP address from the hosts.Were the pings successful? __________________________________________________If the answer is no, troubleshoot the hosts and switch configurations.

Step 4 Record the host MAC addressesDetermine and record the layer 2 addresses of the PC network interface cards.If running Windows 98, check by using Start > Run > winipcfg. Click on More info.If running Windows 2000, check by using Start > Run > cmd > ipconfig /all.




PC1____________________________________________________________________PC2____________________________________________________________________

Step 5 Determine what MAC addresses that the switch has learnedDetermine what MAC addresses the switch has learned by using the show mac-address-table command, as follows, at the privileged exec mode prompt:

ALSwitch#show mac-address-tableHow many dynamic addresses are there? ________________________________________How many total MAC addresses are there? _______________________________________Do the MAC addresses match the host MAC addresses? _____________________________

Step 6 Determine the show MAC table optionsEnter the following to determine the options the mac-address-table command has use the ?

option:ALSwitch(config)#mac-address-table ?

Step 7 Setup a static MAC addressSetup a static MAC address on FastEthernet interface 0/4 as follows:Note: Use the address that was recorded for PC4 in Step 4. The MAC address 00e0.2917.1884 is used in the ex ample statement only.

ALSwitch(config)#mac-address-table static 00e0.2917.1884 interface fastethernet 0/4 vlan 12900:ALSwitch(config)#mac-address-table static 00e0.2917.1884 fastethernet 0/4 vlan 11900:ALSwitch(config)#mac-address-table permanent 00e0.2917.1884 ethernet 0/4

Step 8 Verify the resultsEnter the following to verify the mac–address table entries.

ALSwitch#show mac-address-tableHow many total MAC addresses are there now? ___________________________________

Step 9 List port security optionsDetermine the options for setting port security on interface FastEthernet 0/4. Type port security ? from the interface configuration prompt for FastEthernet port 0/4 as follows:

ALSwitch(config)#interface fastethernet 0/4ALSwitch(config-if)#switchport port-security ?aging Port-security aging commandsmac-address Secure mac addressmaximum Max secure addrsviolation Security Violation Mode<cr>1900:ALSwitch(config)#interface ethernet 0/4ALSwitch(config-if)#port secure ?max-mac-count Maximum number of addresses allowed on the port<cr>2950:ALSwitch(config-if)#switchport port-security ?




aging Port-security aging commandsmac-address Secure mac addressmaximum Max secure addrsviolation Security Violation Mode<cr>To allow the switchport FastEthernet 0/4 to accept only one device enter port security as follows:ALSwitch(config-if)#switchport mode accessALSwitch(config-if)#switchport port-securityALSwitch(config-if)#switchport port-security mac-address sticky1900:ALSwitch(config-if)#port secure

Step 10 Verify the resultsEnter the following to verify the mac –address table entries:

ALSwitch#show mac-address-tableHow are the address types listed for the two MAC addresses? ______________________Show port security settings

ALSwitch#show port-security1900:ALSwitch#show mac-address-table security

Step 11 Show the running configuration fileAre there statements that directly reflect the security implementation in the listing of the running configuration? ____________________________________________________________What do those statements mean?__________________________________________________________________________

Step 12 Limit the number of hosts per portOn interface FastEthernet 0/4 set the port security maximum MAC count to 1 as follows:

ALSwitch(config)#interface fastethernet 0/4ALSwitch(config-if)#port security max-mac-count 11900:ALSwitch(config)#interface Ethernet 0/4ALSwitch(config-if)#port secure max-mac-count 12950:ALSwitch(config-if)#switchport port-security maximum 1

Disconnect the PC attached to FastEthernet 0/4. Connect to the port on the PC that has been given the IP address 192.168.1.7. This PC has not yet been attached to the switch. It may be necessary to ping the switch address 192.168.1.2 to generate some traffic.Record any observations. _____________________________________________________________________________________________________________________________

Step 13 Configure the port to shut down if there is a security violationIt has been decided that in the event of a security violation the interface should be shut down. Enter the following to make the port security action to shutdown:

ALSwitch(config-if)#switchport port-security violation shutdown2900XL:




ALSwitch(config-if)#port security action shutdown1900:The default action upon address violation is uspend

What other action options are available with port security? ____________________________If necessary, ping the switch address 192.168.1.2 from the PC 192.168.1.7. This PC is now connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.Record any observations.____________________________________________________________________________________________________________________________________________________

Step 14 Show port 0/4 configuration informationTo see the configuration information for just FastEthernet port 0/4, type show interface fastethernet 0/4, as follows, at the privileged exec mode prompt:

ALSwitch#show interface fastethernet 0/41900:

ALSwitch#show interface ethernet 0/4What is the state of this interface?

FastEthernet0/4 is _________________________, line protocol is ____________________1900:

ALSwitch#show interface ethernet 0/4What is the state of this interface?

Ethernet 0/4 is _________________________, line protocol is _______________________

Step 15 Reactivate the portIf a security violation occurs and the port is shut down, use the no shutdown command to reactivate it.Try reactivating this port a few times by switching between the original port 0/4 host and the new one. Plug in the original host, type the no shutdown command on the interface and ping using the DOS window. The ping will have to be repeated multiple times or use the ping 192.168.1.2 –n 200 command. This will set the number of ping packets to 200 instead of 4. Then switch hosts and try again.

Step 16 Exit the switchType exit, as follows, to leave the switch welcome screen:

Switch#exitOnce the steps are completed, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.




Lab-14: Configuring Static Routes

ObjectiveConfigure static routes between routers to allow data transfer between routers without the use of dynamic routing protocols.

Background/PreparationSetup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.

Step 1 Configure both routersEnter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.

Step 2 Configure the workstationsConfigure the workstations with the proper IP address, subnet mask, and default gateway.Check connectivity between the workstations using ping.

C:\>ping 192.168.16.2Pinging 192.168.16.2 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.Ping statistics for 192.168.16.2:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Approximate round trip times in milli-seconds:Minimum = 0ms, Maximum = 0ms, Average = 0ms

Was the ping successful? __________________________________________________Why did the ping fail? ______________________________________________________

Step 3 Check interface statusCheck the interfaces on both routers with the command show ip interface brief.




Are all the necessary interfaces up? ____________________________________________

Step 4 Check the routing table entriesUsing the command show ip route, view the IP routing table for GAD.

GAD>show ip routeoutput eliminatedGateway of last resort is not setC 192.168.14.0/24 is directly connected, FastEthernet0C 192.168.15.0/24 is directly connected, Serial0

Use the command show ip route, view the IP routing table for BHM.BHM>show ip route

Output eliminated.Gateway of last resort is not setC 192.168.15.0/24 is directly connected, Serial0C 192.168.16.0/24 is directly connected, FastEthernet0

Are all of the routes needed in the routing tables? __________________________________Can a host on subnet 192.168.16.0 see a host on network 192.168.14.0? _________________If a route is not in the routers to which the host is connected, the host cannot reach the destination host.

Step 5 Adding static routesHow can this situation be changed so that the hosts can ping each other?

Add static routes to each router or run a routing protocol.In global configuration mode, add a static route on Router1 to network 192.168.16.0 and on

Router2 to network 192.168.14.0.GAD(config)#ip route 192.168.16.0 255.255.255.0 192.168.15.2BHM(config)#ip route 192.168.14.0 255.255.255.0 192.168.15.1

Why is a static route needed on both routers? ___________________________________

Step 6 Verify the new routesUse the command show ip route, view the IP routing table for GAD.

GAD>show ip routeoutput eliminatedGateway of last resort is not setC 192.168.14.0/24 is directly connected, FastEthernet0C 192.168.15.0/24 is directly connected, Serial0S 192.168.16.0/24 [1/0] via 192.168.15.2

Using the command show ip route, view the IP routing table for BHM.BHM>show ip routeOutput eliminated.Gateway of last resort is not setS 192.168.14.0/24 [1/0] via 192.168.15.1C 192.168.15.0/24 is directly connected, Serial0C 192.168.16.0/24 is directly connected, FastEthernet0

Are all of the routes needed in the routing tables? __________________________________Can a host on subnet 192.168.16.0 see a host on network 192.168.14.0? _________________

Step 7 ping host to host againJoin NETS Be The Best




Check connectivity between the workstations using ping.C:\>ping 192.168.16.2Pinging 192.168.16.2 with 32 bytes of data:Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Reply from 192.168.16.2: bytes=32 time=20ms TTL=254Ping statistics for 192.168.16.2:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 20ms, Maximum = 20ms, Average = 20ms

If the ping was not success ful, check routing table to make sure static routes are entered correctly.Upon completion of the previous steps, logoff by typing exit. Turn the router off.




Lab-15: Gateway of Last Resort

ObjectiveConfigure RIP routing and add default routes (gateways) to the routers.Remove RIP and the default routes.Configure IGRP routing and add default routes (gateways) to the routers.

Background/PreparationThis lab shows the purpose of the gateway of last resort, also known as the default gateway.Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination may be used. Start a HyperTerminal session.

Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in chart.Then configure the console, virtual terminal and enable passwords.

Step 2 Configure hosts with the proper IP address, subnet mask and default gatewayStep 3 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router

From the hos t attached to GAD, is it possible to ping the BHM router FastEthernet interface?__________________________________________________________________________From the hos t attached to BHM, is it possible to ping the GAD router FastEthernet interface?__________________________________________________________________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

Step 4 Make sure that routing updates are being sentType the command debug ip rip and the privileged exec mode prompt. Wait for at least 45 seconds.Was there any output from the debug command? __________________________________What did the output display? _________________________________________________Type undebug all to turn off debugging.

Step 5 Show the routing tables for each routerJoin NETS Be The Best




Examine the routing table entries, by using show ip route command on each router.What are the entries in the GAD routing table?__________________________________________________________________________What are the entries in the BHM routing table?__________________________________________________________________________

Step 6 Add the default route to the BHM routerEnter the command ip route 0.0.0.0 0.0.0.0 172.17.0.1 at the configuration mode prompt.Type show ip route at the privileged exec mode.What is the Gateway of last resort listed? ________________________________________What does the gateway of last resort mean? ______________________________________

Step 7 Add the default route to the GAD routerEnter the command ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration prompt.Type show ip route at the privileged exec mode.What is the Gateway of last resort listed? ________________________________________Are there any other new entries in the routing table? ________________________________

Step 8 Remove RIP routing from both routersTo remove RIP routing type the no router rip command at the configuration mode prompt. Then ping the FastEthernet 0 interface on the GAD router from the BHM router.What were the results of the ping? _____________________________________________Why was the ping successful? ________________________________________________

Step 9 Remove the default route from just the GAD routerRemove the gateway of last resort on the GAD router by typing the no ip route 0.0.0.0 0.0.0.0 172.17.0.2 at the configuration mode prompt on the GAD router.Type show ip route at the privileged exec mode.What is the Gateway of last resort listed? ________________________________________Why is the gateway gone? ___________________________________________________Ping the FastEthernet 0 interface on the GAD router from the BHM router.What were the results of the ping? _____________________________________________Why was the ping successful? ________________________________________________Ping the FastEthernet 0 interface on the BHM router from the GAD router.What were the results of the pings? ____________________________________________Why was the ping unsuccessful? ______________________________________________Remove the gateway of last resort from the BHM router.

Step 10 Remove RIP routing from the routers and use IGRP insteadRemove the RIP routing by using the no form of the RIP routing command. Then set up IGRP routing using 30 as the AS number. Remember to wait for the routes to propagate to the other router.Check the new routing protocol by typing show ip route at the privileged exec mode prompt. There should be two connected and IGRP route in the listing.

Step 11 Enter a default network entry on the BHM routerEnter the command ip default-network 172.17.0.0 at the configuration mode promptType the show ip route command at the privileged exec mode.Is there a default route listed? ________________________________________________




Lab-16: Configuring RIP

ObjectiveSetup an IP addressing scheme using class B networks.Configure the RIP dynamic routing protocol on routers.

Background/PreparationSetup a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used.Start a HyperTerminal session.

Step 1 Configure the routersFrom the global configuration mode, configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.

Step 2 Check the routing table entriesUsing the command show ip route, view the IP routing table for GAD.

GAD>show ip routeoutput eliminatedGateway of last resort is not setC 172.16.0.0/24 is directly connected, FastEthernet0C 172.17.0.0/24 is directly connected, Serial0

Using the command show ip route, view the IP routing table for BHM.BHM>show ip routeoutput eliminatedGateway of last resort is not setC 172.17.0.0/24 is directly connected, Serial0C 172.18.0.0/24 is directly connected, FastEthernet0

Step 3 Configure the routing protocol on the Gadsden routerFrom the global configuration mode, enter the following:

GAD(config)#router rip




GAD(config-router)#network 172.16.0.0GAD(config-router)#network 172.17.0.0GAD(config-router)#exit

Step 4 Save the Gadsden router configurationGAD#copy running-config startup-config

Step 5 Configure the routing protocol on the Birmingham routerFrom the global configuration mode, enter the following:

BHM(config)#router ripBHM(config-router)#network 172.17.0.0BHM(config-router)#network 172.18.0.0BHM(config-router)#exitBHM(config)#exit

Step 6 Save the Birmingham router configurationBHM#copy running-config startup-config

Step 7 Configure hosts with the proper IP address, subnet mask and default gatewayStep 8 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router

From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface?_________________________________________________________________From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface?_________________________________________________________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

Step 9 Show the routing tables for each routerFrom the enable or privileged EXEC mode, examine the routing table entries using the show ip route command on each router.What are the entries in the GAD routing table?______________________________________________________________________What are the entries in the BHM routing table?______________________________________________________________________Upon completion of the previous steps, log off by typing exit and turn the router off.

Erasing and reloading the routerAs done previously.




Lab-17: Converting RIP v1 to RIP v2

ObjectiveConfigure RIP v1 on routers.Convert to RIP v2 on routers.

Background/PreparationCable a network similar to the shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500 and 2600 or any such combination can be used.Start a HyperTerminal session.

Step 1 Configure the routersOn the routers, configure the hostnames as well as the console, virtual terminal, and enable passwords. Next configure the serial IP address and clock rate and the Fast Ethernet IP address interfaces. Finally configure IP host names.

Step 2 Configure the routing protocol on the Gadsden routerGo to proper command mode and configure RIP routing on the Gadsden router according to chart.

Step 3 Save the Gadsden router configurationAny time that changes are correctly made to the running configuration, they should be saved to the startup configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not saved in the startup configuration will be lost.

Step 4 Configure the routing protocol on the Birmingham routerGo to proper command mode and configure RIP routing on the Birmingham router according to chart.

Step 5 Save the Birmingham router configurationStep 6 Configure hosts with the proper IP address, subnet mask, and default gatewayStep 7 Verify that the internetwork is functioning by pinging the FastEthernet interface ofthe other router

From the host attached to GAD, ping the other host attached to the BHM router. Was the ping successful? ___________________________________________________________




From the host attached to BHM, ping the other host attached to the GAD router. Was the ping successful? ___________________________________________________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

Step 8 Enable RIP version 2 routingEnable version 2 of the RIP routing protocol on both of the routers Gadsden and Birmingham.

GAD(config)#router ripGAD(config-router)#version 2GAD(config-router)#exitGAD(config)#exitBHM(config)#router ripBHM(config-router)#version 2BHM(config-router)#exitBHM(config)#exit

Step 9 Ping all of the interfaces on the network from each hostWere all of the interfaces still able to be pinged? ___________________________________If not, troubleshoot the network and ping again.Once the previous steps are completed, logoff by typing exit, and turn the router off. Then remove and store the cables and adapter.




Lab-18: Configuring IGRP

ObjectiveSetup IP an addressing scheme using class C network s.Configure IGRP on routers.

Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, and 2600 routers, or a combination, may be used. Start a HyperTerminal session.

Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords.

Step 2 Configure the routing protocol on the Gadsden routerConfigure IGRP using AS 101 on GAD. Go to the proper command mode and enter the following:

GAD(config)#router igrp 101GAD(config-router)#network 192.168.22.0GAD(config-router)#network 192.168.20.0

Step 3 Save the Gadsden router configurationGAD#copy running-config startup-config

Step 4 Configure the routing protocol on the Birmingham routerConfigure IGRP using AS 101 on BHM. Go to the proper command mode and enter the following:

BHM(config)#router igrp 101BHM(config-router)#network 192.168.25.0BHM(config-router)#network 192.168.22.0

Step 5 Save the Birmingham router configurationBHM#copy running-config startup-config

Step 6 Configure hosts with the proper IP address, subnet mask and default Join NETS Be The Best




gatewayStep 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router

From the hos t attached to GAD, is it possible to ping the BHM host? ____________________From the hos t attached to BHM, is it possible to ping the GAD host? ____________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

Step 8 Show the routing tables for each routerFrom the enable or privileged exec mode do the following:Examine the routing table entries by using the show ip route command on each router.What are the entries in the GAD routing table?_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________What are the entries in the BHM routing table?____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Step 9 Verify the routing protocolType show ip protocol on both routers to verify IGRP is running and that it is the only protocol running.Is IGRP the only protocol running on GAD? ______________________________________Is IGRP the only Protocol running on BHM? ______________________________________

Step 10 Verify IGRP statements in the running configuration of both routersUse the show run | begin igrp command on both routers.List the IGRP part of the configuration for GAD:______________________________________________________________________________________________________________________________________________________________________________________________________________________________

Step 11 Verify IGRP routing updatesType debug ip igrp events on the GAD router at the privileged exec mode.Are routing updates being displayed? ___________________________________________Where are the updates being sent to? ___________________________________________Where are the updates being received from? _____________________________________Turn off debugging.

Step 12 Verify IGRP routing updatesType debug ip igrp transactions on the GAD router at the privileged exec mode.How are the outputs of these two debug commands debug ip igrp events and debug ip igrp transactions different?______________________________________________________________________________________________________________________________________________________________________________________________________________________________Turn off debugging.




Step 13 Analyze specific routesType show ip route 192.168.25.0 on the GAD router at the privileged exec modeWhat is the total delay for this route? ___________________________________________What is the minimum bandwidth? ______________________________________________What is the Reliability of this route? ____________________________________________What is the minimum MTU size for this route? _____________________________________Type show ip route for another network address on the router.What is the total delay for this route? ______________________________________________What is the minimum bandwidth? ________________________________________________What is the Reliability of this route? ______________________________________________What is the minimum MTU size for this route? ______________________________________Upon completion of the previous steps, log off by typing exit and turn the router off.

Erasing and reloading the routerAs done previously.




Lab-19: Default Routing with RIP and IGRP

ObjectiveConfigure a default route and use RIP to propagate this default information to other routers.Migrate the network from RIP to IGRP.Configure default routing to work with IGRP

Background/PreparationIn this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used.Start a HyperTerminal session.

Step 1 Configure the hostname and passwords on the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.

Step 2 Configure hosts with the proper IP address, subnet mask and default gateway

Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.

Step 3 Check Basic Routing ConfigurationEnter show ip protocol command on each router.In the configuration, is Router RIP displayed? ________________________________________

Step 4 Verify connectivityTo verify connectivity of the network just setup, ping all interfaces from each of the attached




hosts. If all interfaces can not be pinged, correct the configuration until all interfaces can be pinged.

Step 5 Configure Centre as the connection to the Internet Service Provider (ISP)Configure Centre to simulate the exis tence of an outside network. The link between the company and its ISP is simulated by configuring a loopback interface with an IP address. Enter the following commands on the Centre router:

Centre(config)#interface loopback0Centre(config-if)#ip address 172.16.1.1 255.255.255.255

Note: If 172.16.1.1 is pinged from the Centre console, the loopback interface replies.From the Boaz console, attempt to ping 172.16.1.1. This ping should fail because the 172.16.0.0/16 network is not in the Boaz routing table.If no default route exists, what does a router do with a pack et destined for a network that is not in its table? _____________________________________________________________________

Step 6 Setup up a default route on the Centre routerA default route must be c reated on the Centre router pointed at the simulated ISP. Issue the following command on the Centre router in the configuration mode.

Centre(config)#ip route 0.0.0.0 0.0.0.0 loopback0This command static ally configures the default route. The default route directs traffic destined for network s that are not in the routing table to the ISP WAN link or loopback 0.Unless IOS version 12.1 is used, RIP automatically propagates statically defined default routes. Therefore, depending on the IOS version, RIP may need to be explicitly configured to propagate this 0.0.0.0/0 route. Enter these commands on the Centre router in the proper command mode:

Centre(config)#router ripCentre(config-router)#default-information originate

Step 7 Verify the routing tablesNow check the routing tables of Mobile and Boaz using the show ip route command. Verify that they both have received and installed a route to 0.0.0.0/0 in their tables .On Boaz, what is the metric of this route? ________________________________________On Mobile, what is the metric of this route? _______________________________________Mobile and Boaz still do not have routes to 172.16.0.0/16 in their tables. From Boaz, ping 172.16.1.1. This ping should be successful.Why does the ping to 172.16.1.1 work, even though there is no route to 172.16.0.0/16 in the Boaz routing table? _____________________________________________________________Check to be sure that Mobile can also ping 172.16.1.1. Troubleshoot, if nec essary.

Step 8 Migrate the network from RIP to IGRPWith default routing now work ing, it is necessary to migrate the network from RIP to IGRP for testing purposes. Issue the following command on all three routers :

Mobile(config)#no router ripWith RIP removed from each router’s configuration, configure IGRP on all three routers using AS 24, as shown:

Mobile(config)#router igrp 24Mobile(config-router)#network 192.168.1.0Mobile(config-router)#network 192.168.5.0Boaz(config)#router igrp 24




Boaz(config-router)#network 192.168.1.0Boaz(config-router)#network 192.168.2.0Boaz(config-router)#network 192.168.4.0Centre(config)#router igrp 24Centre(config-router)#network 192.168.2.0Centre(config-router)#network 192.168.3.0

Use ping and show ip route to verify that IGRP is working properly. Do not worry about the 172.16.1.1 loopback address on Centre yet.

Step 9 Check Centre’s routing table for the static default routeCheck the Centre routing table. The static default route to 0.0.0.0/0 should still be there. To propagate this route with RIP, the default-information originate command was issued. Depending on the IOS version, this might not be necessary. The default-information originate command is not available in an IGRP configuration. Therefore, it may be necessary to use a different method to propagate default information in IGRP.On Centre, issue the following commands:

Centre(config)#router igrp 24Centre(config-router)#network 172.16.0.0Centre(config-router)#exitCentre(config)#ip default-network 172.16.0.0

These commands configure IGRP to update its neighbor routers about the network 172.16.0.0/16, which includes the simulated ISP link or loopback 0. Not only will IGRP advertise this network, but the ip default-network command also will flag this network as a candidate default route. This will be shown by an asterisk in the routing table. When a network is flagged as a default, that flag stays with the route as it passed from neighbor to neighbor by IGRP.Check the routing tables of Mobile and Boaz. If they do not yet have the 172.16.0.0/16 route with an asterisk, it may be necessary to wait for another IGRP update. This may take up to 90 seconds.Issue the clear ip route * command on all three routers in order to force them to immediately s end new updates.When the 172.16.0.0/16 route appears as a candidate default in all three routing tables, proceed to the next step.

Step 10 Create a second loopback interface on Centre to test the default routeBecause the 172.16.0.0/16 network is known explicitly by Mobile and Boaz, it will be necessaryto create a second loopback interface on Centre to test the default route. Issue the followingcommands on Centre:

Centre(config)#interface loopback1Centre(config-if)#ip address 10.0.0.1 255.0.0.0 This loopback interface simulates another external network.

Return to Mobile and c heck its routing table using the show ip route command.Is there a route to the 10.0.0.0/8 network? _______________________________________

From Mobile, ping 10.0.0.1. This ping should be successful.If there is no route to 10.0.0.0/8 and no route to 0.0.0.0/0, why does this ping succeed?______________________________________________________________________________




Lab-20: Verifying RIP v2 Configuration

ObjectiveConfigure RIP v1 and v2 on routers.Use show commands to verify RIP v2 operation.

Background/PreparationCable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.

Step 1 Configure the routersOn the routers, configure the hostnames as well as the console, virtual terminal, and enable passwords. Next configure the serial interface IP address and clock rate and the Fast Ethernet interface IP address. Finally configure IP host names. . Optional interface descriptions and message of the day banners may also be configured. Be sure to save the configurations just created.

Step 2 Configure the routing protocol on the Gadsden routerGo to the correct command mode and configure RIP routing on the Gadsden router according to the chart.

Step 3 Save the Gadsden router configurationAny time that changes are correctly made to the running configuration, they should be saved to the startup configuration. Otherwise, if the router is reloaded or power cycled, the changes that are not saved in the startup configuration will be lost.

Step 4 Configure the routing protocol on the Birmingham routerGo to the correct command mode and configure RIP routing on the Birmingham router according to the chart.

Step 5 Save the Birmingham router configurationStep 6 Configure hosts with the proper IP address, subnet mask, and default gatewayStep 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router

From the host attached to the GAD, ping the other host attached to the BHM router. Was the ping




successful? ________From the host attached to the BHM, ping the other host attached to the GAD router. Was the ping successful? ________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.

Step 8 Show the routing tables for each routerFrom the enable privileged EXEC mode, examine the routing table entries using command show ip route command on each router.What are the entries in the GAD routing table?______________________________________________________________________________________________________________________________________________________________________________________________________________________________What are the entries in the BHM routing table?______________________________________________________________________________________________________________________________________________________________________________________________________________________________

Step 9 Enable RIP v2 routingEnable version 2 of the RIP routing protocol on both of the routers, Gadsden and Birmingham.

GAD(config)#router ripGAD(config-router)#version 2GAD(config-router)#exitGAD(config)#exitBHM(config)#router ripBHM(config-router)#version 2BHM(config-router)#exitBHM(config)#exit

Step 10 Show the routing tablesShow the routing tables on both routers again.Have they changed now that RIP v2 is now being used instead of RIP v1? ________________What is the difference between RIP v2 and RIP v1? ________________________________What must be done in order to see a difference between RIP v2 and RIP v1?__________________________________________________________________________

Step 11 Change the Fast Ethernet IP subnet mask on the Gadsden routerChange the subnet mask on router GAD from a class B (255.255.0.0) to a Class C (255.255.255.0). Use the same IP address.

GAD(config)#interface fastethernet 0GAD(config-if)#ip address 172.16.0.1 255.255.255.0GAD(config-if)#exit

How does this change affect the address for the FastEthernet interface?__________________________________________________________________________

Step 12 Show the GAD routing tableShow the GAD routing table.Has the output changed with the addition of a subnetted IP address? ________________How has it changed? _______________________________________________________




Step 13 Show the BHM routing tableShow the BHM routing table.Has the output changed with the addition of a subnetted IP address? _____________

Step 14 Change the network addressing schemeChange the addressing scheme of the network to a single c lass B network with a class C subnet (8-bits of subnetting).On the BHM router:

BHM(config)#interface serial 0BHM(config-if)#ip address 172.16.1.2 255.255.255.0BHM(config-if)#exitBHM(config)#interface fastethernet 0BHM(config-if)#ip address 172.16.3.1 255.255.255.0BHM(config-if)#exitBHM(config)#exit

On the GAD router:GAD(config)#interface serial 0GAD(config-if)#ip address 172.16.1.1 255.255.255.0GAD(config-if)#exit

Step 15 Show the routing tableShow the GAD routing table.Has the output changed with the addition of subnetted IP addresses? ________________How has it changed? _______________________________________________________

Step 16 Show the routing tableShow the BHM routing table.Has the output changed with the addition of a subnetted IP address? ________________

Step 17 Change the host configurationsChange the host configuration to reflect the new IP addressing scheme of the network

Step 18 Ping all of the interfaces on the network from each hostWere all of the interfaces still able to be pinged? __________________________________If not, troubleshoot the network and ping again.

Step 19 Use show ip route to see different routes by typeEnter show ip route connected on the GAD router.What networks are displayed? ________________________________________________What interface is directly connected? ___________________________________________Enter show ip route ripList the routes listed in the routing table? _________________________________________What is the administrative distance? ____________________________________________Enter show ip route connected on the BHM router.What networks are displayed? ________________________________________________What interface is directly connected? ___________________________________________Enter show ip route ripList the routes listed in the routing table? _________________________________________

Step 20 Use the show IP protocol commandEnter show ip protocol on the GAD router.




When will the routes be flushed? ______________________________________________What is the default distance listed for RIP? _______________________________________

Step 21 Remove the version 2 optionRemove the version 2 option on the RIP configuration for both routers.

Step 22 Show the routing tableShow the GAD routing table.Has the output changed now that version 2 of RIP was removed? ______________________

Step 23 Show the routing tableShow the BHM routing table.Has the output changed now that version 2 of RIP was removed? ______________________Once the previous steps are completed, log off by typing exit, and turn the router off. Then remove and store the cables and adapter.




Lab-21: Troubleshooting RIP

ObjectiveSet up an IP addressing scheme using class B networks.Configure RIP on routers.Observe routing activity using the debug ip rip command.Examine routes using the show ip route command.

Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed in the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used.Start a HyperTerminal session as performed in the Establishing a HyperTerminal session lab.

Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords according to the chart.

Step 2 Configure the hosts with the proper IP address, subnet mask and default gatewayStep 3 Make sure that routing updates are being sent

Type command debug ip rip and the privileged EXEC mode prompt. Wait for at least 45 seconds.Was there any output from the debug command? __________________________________What did the output show ? __________________________________________________To turn off specific debug commands type the no option, for example no debug ip rip events. To turn off all debug commands type undebug all.

Step 4 Show the routing tables for each routerFrom the enable or privileged EXEC mode, examine the routing table entries, using show ip route command on each router.What are the entries in the GAD routing table?__________________________________________________________________________What are the entries in the BHM routing table?




__________________________________________________________________________

Step 5 Show the RIP routing table entries for each routerEnter show ip route ripList the routes listed in the routing table? _________________________________________What is the administrative distance? ____________________________________________

Step 6 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router

From the host attached to GAD, is it possible to ping the BHM router FastEthernet interface?__________________________________________________________________________From the host attached to BHM, is it possible to ping the GAD router FastEthernet interface?__________________________________________________________________________If the answer is no for either question, troubleshoot the router configurations using show ip route to find the error. Also check the workstation IP settings. Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, log off by typing exit and turn the router off.

Erasing and reloading the routerAs done Previously




Lab-22: Unequal Cost Load Balancing with IGRP

ObjectiveObserve unequal-cost load balancing.Tune IGRP networks by using advanced debug commands.

Background/PreparationIn this lab, a default route will be configured and RIP used to propagate this default information to other routers. When this configuration is working properly, the network will be migrated from RIP to IGRP and default routing will be configured to work with that protocol as well.Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.

Step 1 Configure the hostname and passwords on the routersOn the routers, enter the global configuration mode and configure the hostname Finally configure IGRP routing on the routers using the Autonomous System (AS) of 34.

Step 2 Configure bandwidth on the Madison router interfacesIn order to make unequal cost load balancing to work, it is necessary need to establish different metrics for the IGRP routes. This is done with the bandwidth command. The serial 0 interface will be set to a bandwidth of 56K and the serial 1 interface will be set to a value of 384K. The route-cache must also be turned off for load balancing. Both serial interfaces must use process switching. Process switching forces the router to look in the routing table for the destination network of each routed packet. In contras t fast-switching, which is the default, stores the initial table lookup in a high-speed cache and uses the info to route packets to the same destination.Enter the following statements on the Madison router:

MAD(config)#interface serial 0/0MAD(config-if)#bandwidth 56MAD(config-if)#no ip route-cache




MAD(config-if)#interface serial 0/1MAD(config-if)#bandwidth 384MAD(config-if)#no ip route-cache

Because the IGRP metric includes bandwidth in its calculation, bandwidth must be manually configured on the serial interfaces in order too ensure accuracy. For the purposes of this lab, the alternative paths to network 192.168.41.0 from the Madison router are not of unequal cost until the appropriate bandwidths are set.Use the show interface command output to verify the correct bandwidth settings and the show ip interface command to ensure that fast switching is disabled.Can the bandwidth of Ethernet interfaces be set manually? _______________________________


Test the configuration by pinging all interfaces from each host. If the pinging is not successful, troubleshoot the configuration.

Step 4 Use the variance command to configure unequal-cost load balancingThe variance value determines whether IGRP will accept unequal-cost routes. An IGRP router will only accept routes equal to the loc al best metric for the destination multiplied by the variance value. So if the local best metric of an IGRP router for a network is 10476, and the variance is 3, the router will accept unequal-cost routes with any metric up to 31428 or 10,476 x 3. This is as long as the advertising router is closer to the destination. An IGRP router accepts only up to four paths to the same network Note: An alternate route is added to the route table only if the next-hop router in that path is closer to the destination (has a lower metric value) than the current route.By default, IGRP variance is set to 1, which means that only routes that are exactly 1 times the local best metric are installed. Therefore, a variance of 1 disables unequal-cost load balancing. Configure the Madison router to enable unequal-cost load balancing using the following commands:

MAD(config)#router igrp 34MAD(config-router)#variance 10

According to the help feature, what is the maximum variance value? _______________________Check the Madison routing table. It should have two routes to network 192.168.33.0 with unequal metrics.What is the IGRP metric for the route to 192.168.33.0 through serial 0? ______________________What is the IGRP metric for the route to 192.168.33.0 through serial 1? ______________________

Step 5 Check Basic Routing ConfigurationEnter show ip protocol command on each router.Enter the command show ip route on both routers. List how the route is connected (directly, IGRP), the IP address and via through what network . There should be four routes in each table.Circle the evidence of load balancing in the above output.

Step 6 Verify per-packet load balancingBecause there are two routes to the destination network , half the packets will be sent along one path, and half will travel over the other. The path selection alternates with each packet received.




Observe this process by using the debug ip packet command on the Madison router.Send a 30 ping packets across the network from the host attached to Milwaukee router to the host attached to the Madison routerExamine and record part of the debug output.What is the evidence of load balancing in the output? ____________________________________

Step 7 Verify per-destination load balancingAfter verifying per-packet load balancing, configure the router to use per-destination load balancing. Both serial interfaces must use fast switching s o that the route-cache can be used after the initial table lookup.Use the command ip route-cache on both serial interfaces of the Madison router.Use the show ip interface to verify that fast switching is enabled.Is fast switching enabled? ________________________________________________________The routing table is consulted only once per destination. Therefore, packets that are part of a packet train to a specific host will all follow the same path. Only when a second destination forces another table lookup or when the cached entry expires will the alternate path be used.Use the debug ip packet command and ping across the network. Note which serial interface the packet was sent out on.Use the debug ip packet command and ping across the network. Note which serial interface the packet was sent out on.Examine and record part of the debug output.Which serial interface was the packet sent out on? ________________________________________Upon completion of the previous steps, log off by typing exit and turn the router off.




Lab-23:Configuring EIGRP Routing

ObjectiveSetup an IP addressing scheme for the network .Configure and verify Enhanced Interior Gateway Routing Protocol (EIGRP) routing.

Background/PreparationCable a network similar to the one shown in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. For example, router series 800, 1600, 1700, 2500, and 2600 or any such combination can be used.Start a HyperTerminal session.

Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according to the chart. Finally, configure the IP hostnames. Do not configure the routing protocol until specifically told to

Step 2 Save the configuration information from the privileged EXEC command mode

Paris#copy running-config startup-configDestination filename [startup-config]? [Enter]


Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window.At this point the workstations will not be able to communicate with each other. The following steps will demonstrate the process required to get communication working using EIGRP as the routing protocol.




Step 4 View the routers configuration and interface informationAt the privileged EXEC mode prompt type:

Paris#show running-configUsing the show ip interface brief command, check the status of each interface.What is the state of the interfaces on each router?

Paris:FastEthernet 0: ______________________________________________________Serial 0: ____________________________________________________________

Warsaw:FastEthernet 0: ______________________________________________________Serial 0: ____________________________________________________________

Ping from one of the connected serial interfaces to the other.Was the ping suc cessful? ___________________________________________________If the ping was not successful, troubleshoot the routers configuration, until the ping is successful.

Step 5 Configure EIGRP routing on router ParisEnable the EIGRP routing process on Paris, and configure the networks it will advertise. Use EIGRP autonomous system number 101.

Paris(config)#router eigrp 101Paris(config-router)#network 192.168.3.0Paris(config-router)#network 192.168.2.0Paris(config-router)#network 192.168.0.0Paris(config-router)#end

Show the routing table for the Paris router.Paris#show ip route

Are there any entries in the routing table? _____________________________________Why? __________________________________________________________________

Step 6 Configure EIGRP routing on router WarsawEnable the EIGRP routing process on Warsaw, and configure the networks it will advertis e. Use EIGRP autonomous system number 101.

Warsaw(config)#router eigrp 101Warsaw(config-router)#network 192.168.2.0Warsaw(config-router)#network 192.168.1.0Warsaw(config-router)#end

Show the routing table for the Warsaw router.Warsaw#show ip route

Step 7 Test network connectivityPing the Paris host from the Warsaw host. Was it successful? ____________________________




Lab-24: Configuring the OSPF Routing Process

ObjectiveSetup an IP addressing scheme for OSPF area 0.Configure and verify Open Shortest Path First (OSPF) routing.


Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according to the chart. Finally, configure the IP hostnames. Do not configure the routing protocol until specifically told to.


BERLIN#copy running-config startup-configDestination filename [startup-config]? [Enter]

Why save the running configuration to the startup configuration?____________________________________________________________________________________________________________________________________________________

Step 3 Configure the hosts with the proper IP address, subnet mask, and default gateway

Each workstation should be able to ping the attached router. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start >Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS window.At this point the workstations will not be able to communicate with each other. The following




steps will demonstrate the process required to get communication working using OSPF as the routing protocol.

Step 4 View the routers configuration and interface informationAt the privileged EXEC mode prompt type:

Berlin#show running-configUsing the show ip interface brief command, check the status of each interface.What is the state of the interfaces on each router?

Berlin:FastEthernet 0: _____________________________________________Serial 0: ___________________________________________________Serial 1: ___________________________________________________

Rome:FastEthernet 0: _____________________________________________Serial 0: ___________________________________________________

Ping from one of the connected serial interfaces to the other.Was the ping successful? __________________________________________If the ping was not successful, troubleshoot the router configuration, until the ping is successful.

Step 5 Configure OSPF routing on router BerlinConfigure an OSPF routing process on router Berlin. Use OSPF process number 1 and ensure all networks are in area 0.

Berlin(config)#router ospf 1Berlin(config-router)#network 192.168.1.128 0.0.0.63 area 0Berlin(config-router)#network 192.168.15.0 0.0.0.3 area 0Berlin(config-router)#end

Examine the routers running configurations files.Did the IOS version automatically add any lines under router OSPF 1? _______________If so, what did it add?_________________________________________________If there were no changes to the running configuration, type the following commands:

Berlin(config)#router ospf 1Berlin(config-router)#log-adjacency-changesBerlin(config-router)#end

Show the routing table for the Berlin router.Berlin#show ip route

Are there any entries in the routing table? __________________________Why? _______________________________________________________

Step 6 Configure OSPF routing on router RomeConfigure an OSPF routing process on each router Rome. Use OSPF process number 1 and ensure all networks are in area 0.

Rome(config)#router ospf 1Rome(config-router)#network 192.168.0.0 0.0.0.255 area 0Rome(config-router)#network 192.168.15.0 0.0.0.3 area 0Rome(config-router)#end

Examine the Rome running configuration files.




Did the IOS version automatically add any lines under router OSPF 1? _______________If so, what did it add?_________________________________________________If there were no changes to the running configuration, type the following commands:

Rome(config)#router ospf 2Rome(config-router)#log-adjacency-changesRome(config-router)#end

Show the routing table for the Rome router:Rome#show ip route

Are there any OSPF entries in the routing table now? __________________________What is the metric value of the OSPF route? _________________________________What is the VIA address in the OSPF route? _________________________________Are routes to all networks shown in the routing table? __________________________What does the O mean in the first column of the routing table? ___________________

Step 7 Test network connectivityPing the Berlin host from the Rome host. Was it succ essful? ___________________If not troubleshoot as necessary.Once the previous steps are completed, log off by typing exit, and turn the router off. Then remove and store the cables and adapter.




Lab-25: Configuring OSPF with Loopback Addresses

ObjectiveConfigure routers with a Class C IP addressing scheme.Observe the election process for designated routers (DR) and back up designated routers (BDR) on the multiaccess network.Configure loopback addresses for Open Shortest Path First (OSPF) stability.Assign each OSPF interface a priority to force the election of a specific router as DR.


Step 1 Configure the routersOn the routers, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Next configure the interfaces according and the IP hostnamesDo not configure loopback interfaces and routing protocol yet.

Step 2 Save the configuration information for all the routersWhy save the running configuration to the startup configuration?__________________________________________________________________________


Each workstation should be able to ping all of the attached routers. That is because they are all part of the same subnetwork. Troubleshoot as necessary. Remember to assign a specific IP address and default gateway to the workstation. If running Windows 98, check by using Start > Run > winipcfg. If running Windows 2000, check by using the ipconfig command in a DOS




window.

Step 4 View the routers configuration and interface informationAt the privileged EXEC mode prompt type: show running-configUsing the show ip interface brief command, check the status of each interface.What is the state of the interfaces on each router?

London:FastEthernet 0: _______________________________________________________Serial 0: _____________________________________________________________Serial 1: _____________________________________________________________Loopback0: __________________________________________________________

Ottawa:FastEthernet 0: _______________________________________________________Serial 0: _____________________________________________________________Serial 1: _____________________________________________________________Loopback0: __________________________________________________________

Brasilia:FastEthernet 0: _______________________________________________________Serial 0: _____________________________________________________________Serial 1: _____________________________________________________________Loopback0: __________________________________________________________

Step 5 Verify connectivity of the routersPing all of the connected FastEthernet interfaces from each other.Were the pings successful? __________________________________________________If the pings were not succ essful, troubleshoot the router configuration, until the ping is successful.

Step 6 Configure OSPF routing on router LondonConfigure an OSPF routing process on the router London. Use OSPF process number 1 and ensure all networks are in area 0.

London(config)#router ospf 1London(config-router)#network 192.168.1.0 0.0.0.255 area 0London(config-router)#end

Examine the London router running configuration file.Did the IOS version automatically add any lines under router OSPF 1? ___________________If there were no changes to the running configuration, type the following commands.

London(config)#router ospf 1London(config-router)#log-adjacency-changesLondon(config-router)#end

Show the routing table for router:London#show ip route

Are there any entries in the routing table? ___________________Why? __________________________________________________________________

Step 7 Configure OSPF routing on router OttawaConfigure an OSPF routing process on the router Ottawa. Use OSPF process number 1 and ensure all networks are in area 0.




Ottawa(config)#router ospf 1Ottawa(config-router)#network 192.168.1.0 0.0.0.255 area 0Ottawa(config-router)#end

Examine the Ottawa running configuration file.Did the IOS version automatically add any lines under router OSPF 1? ___________________If there were no changes to the running configuration, type the following commands.

Ottawa(config)#router ospf 1Ottawa(config-router)#log-adjacency-changesOttawa(config-router)#end

Step 8 Configure OSPF routing on router BrasiliaConfigure an OSPF routing process on the router Brasilia. Use OSPF process number 1 and ensure all networks are in area 0.

Brasilia(config)#router ospf 1Brasilia(config-router)#network 192.168.1.0 0.0.0.255 area 0Brasilia(config-router)#end

Examine the Brasilia router running configuration file.Did the IOS version automatically add any lines under router OSPF 1? ___________________What did it add? __________________________________________________________If there were no changes to the running configuration, type the following commands:

Brasilia(config)#router ospf 1Brasilia(config-router)#log-adjacency-changesBrasilia(config-router)#end

Step 9 Test network connectivityPing the Brasilia router from the London router. Was it successful? ___________________If not troubleshoot as necessary.

Step 10 Show OSPF adjacenciesType the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies.Is there a designated router identified? __________________________________________Is there a backup designated router? ___________________________________________Type the command show ip ospf neighbor detail for more information.What is the neighbor priority of 192.168.1.1 from router Brasilia? _______________________What interface is Identified as being part of Area 0? _________________________________

Step 11 Configure the loopback interfacesConfigure the loopback interface on each router to allow for an interface that will not go down due to network change or failure. This task is performed by typing interface loopback # at the global configuration mode prompt, where the # represents the number of the loopback interface from 0 -2,147,483,647.

London(config)#interface loopback 0London(config-if)#ip address 192.168.31.11 255.255.255.255London(config-router)#endOttawa(config)#interface loopback 0Ottawa(config-if)#ip address 192.168.31.22 255.255.255.255Ottawa(config-router)#end




Brasilia(config)#interface loopback 0Brasilia(config-if)#ip address 192.168.31.33 255.255.255.255Brasilia(config-router)#end

Step 12 Save the configuration information for all the routersAfter s aving the configurations on all of the routers, power them down and back up again.

Step 13 Show OSPF adjacenciesType the command show ip ospf neighbor on all routers to verify that the OSPF routing has formed adjacencies.Is there a designated router identified? __________________________________________Write down the router ID and link address of the DR. _______________ ________________Is there a backup designated router? ___________________________________________Write down the router ID and link address of the BDR. _______________ _______________What is the third router referred to as? __________________________________________Write down that Routers ID and link address __________________ __________________Type the command show ip ospf neighbor detail for more information.What is the neighbor priority of 192.168.1.1 from router Brasilia? _______________________What interface is Identified as being part of Area 0? _________________________________

Step 14. Verify OSPF interface configurationType show ip ospf interface fastethernet 0 on the London router.What is the OSPF state of the interface? _________________________________________What is the default priority of the interface? _______________________________________What is the network type of the interface? ________________________________________

Step 15 Configure London to always be the DRTo ensure that London router always becomes the DR for this multi-access segment, the OSPF priority must be set. London is the most powerful router in the network and so best suited to become DR. To as sign the London loopback a higher IP address is not advised, as the numbering system has advantages for troubles hooting. Also London is not to act as DR for all segments to which it may belong. Set the priority of the interface to 50 on the London router only.

Step 16 Watch election processTo watch the OSPF election process restart all of the routers and as soon as the router prompt is available type:

Ottawa>enableOttawa#debug ip ospf events

Which router was elected DR? ________________________________________________Which router was elected BDR? _______________________________________________Why? __________________________________________________________________To turn off all debugging type undebug all.

Step 17 Show OSPF AdjacenciesType the command show ip ospf neighbor on the Ottawa router to verify that the OSPF routing has formed adjac encies.What is the priority of the DR? ________________________________________________Once the previous steps are completed log off by typing exit, and turn the router off. Then remove and store the cables and adapter.

Erasing and reloading the routerJoin NETS Be The Best




As done previously.




Lab-26: Troubleshooting Routing Issues with show ip route/show ip protocols

ObjectiveUse the show ip route and show ip protocol commands to diagnose a routing configuration problem.

Background/PreparationCable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram, such as 800, 1600, 1700, 2500, 2600 routers, or a combination, may be used. Start a HyperTerminal session.

Step 1 Configure the hostname, passwords and interfaces on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords.Configure interfaces as shown in the table.

Step 2 Configure the routing protocol on the Gadsden routerGo to the proper command mode and enter the following:

GAD(config)#router ripGAD(config-router)#network 192.168.1.0GAD(config-router)#network 192.168.2.0GAD(config-router)#exitGAD(config)#exit

Step 3 Save the Gadsden router configurationGAD#copy running-config startup-configDestination filename [startup-config]? [Enter]

Step 4 Configure the hostname and passwords on the Birmingham routerOn the Birmingham router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Finally, configure the interfaces on each router.

Step 5 Configure the routing protocol on the Birmingham routerGo to the proper command mode and enter the following:




BHM(config)#router ripBHM(config-router)#network 192.168.2.0BHM(config-router)#network 192.168.1.0BHM(config-router)#exitBHM(config)#exit

Step 6 Save the Birmingham router configurationBHM#copy running-config startup-configDestination filename [startup-config]? [Enter]

Step 7 Verify that the internetwork is functioning by pinging the FastEthernet interface of the other router

From GAD, is it possible to ping the BHM router FastEthernet interface? _________________From BHM, is it possible to ping the GAD router FastEthernet interface? _________________

Step 8 Examine the routing tableAfter an unsuccessful ping, check the routing table with the show ip route command. From the Gadsden router, type the following:

GAD#show ip routeIs there a route to the Birmingham Ethernet LAN? _____________________

Step 9 Examine the routing protocol statusAfter examining the routing tables, it is discovered that there is no route to the Birmingham Ethernet LAN. So use the show ip protocol command to view the routing protocol status.From the Birmingham router, type the following:

BHM#show ip protocolWhat networks is RIP routing? _____________________ _____________________Are these the correct networks? _____________________

Step 10 Change the configuration to route correct networksAfter examining the show ip protocol command results, it is noticed that the network on the Ethernet LAN is not being routed. After examining it further, it is found that there is a network that does not belong has been configured to be advertised. It is decided this is a typo, and it is necessary to correct it. Enter the router RIP configuration mode and make the appropriatechanges. From the Birmingham router, type the following:

BHM#configure terminalBHM(config)#router ripBHM(config-router)#no network 192.168.1.0BHM(config-router)#network 192.168.3.0BHM(config-router)#^Z

Step 11 Confirm RIP is routing the correct networksNow confirm the new statement corrected the RIP configuration problem. So again type the show ip protocol command to observe what networks are being routed.From the Birmingham router, type the following:

BHM#show ip protocolWhat networks is RIP routing? _____________________ _____________________Are these the correct networks? _____________________

Step 12 Verify the routing tableNow having confirmed that the configuration problem is corrected, verify that the proper routes




are now in the routing table. So again issue the show ip route command to verify that the router now has the proper route.From the Gadsden router, type the following:

GAD#show ip routeIs there a route to the Birmingham LAN? _____________________

Step 13 Verify connectivity between Gadsden router and host in BirminghamUse the ping command to verify connectivity from Gadsden router to a host in Birmingham.From the Gadsden router, type the following:

GAD#ping host-ipFor example for host with IP Address, type the following:

GAD#ping 192.168.3.2Was the ping successful? _____________________Upon completion of the previous steps, log off by typing exit and turn the router off.




Lab-27: Configuring Inter-VLAN Routing

ObjectiveCreate a basic switch configuration and verify it.Create multiple VLANs, name them and assign multiple member ports to them.Create a basic configuration on a router.Create an 802.1q trunk line between the switch and router to allow communication between VLANs.Test the routing func tionality.

Background/PreparationWhen managing a switch, the Management Domain is always VLAN 1. The Network Administrator's workstation must have access to a port in the VLAN 1 Management Domain. All ports are assigned to VLAN 1 by default. This lab will also help demonstrate how VLANs can be used to separate traffic and reduce broadcast domains.Cable a network similar to the one in the diagram.Start a HyperTerminal session.


Step 2 Configure the hosts attached to the switchConfigure the hosts using the following information.

For the host in port 0/5:IP address 192.168.5.2Subnet mask 255.255.255.0Default gateway 192.168.5.1

For the host in port 0/9:IP address 192.168.7.2Subnet mask 255.255.255.0




Default gateway 192.168.7.1Step 3 Verify connectivity

To verify that the host and switch are correctly configured, ping the switch from the hosts.Ping the switch IP address from the hosts.Were the pings successful? __________________________________________________Why or why not? __________________________________________________


Switch_A#vlan databaseSwitch_A(vlan)#vlan 10 name SalesSwitch_A(vlan)#vlan 20 name SupportSwitch_A(vlan)#exit1900:Switch_A#config terminalSwitch_A(config)#vlan 10 name SalesSwitch_A(config)#vlan 20 name SupportSwitch_A(config)#exit

Step 5 Configure VTP protocolAssigning ports to VLANs must be done from the interface mode. Enter the following commands to add ports 0/5 to 0/8 to VLAN 10:

Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/5Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#interface fastethernet 0/6Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#interface fastethernet 0/7Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#interface fastethernet 0/8Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 10Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface ethernet 0/5Switch_A(config-if)vlan static 10Switch_A(config-if)#interface ethernet 0/6Switch_A(config-if)vlan static 10Switch_A(config-if)#interface ethernet 0/7Switch_A(config-if)vlan static 10Switch_A(config-if)#interface ethernet 0/8Switch_A(config-if)vlan static 10




Switch_A(config-if)#endStep 6 Assign ports to VLAN 20

Enter the following commands to add ports 0/9 to 0/12 to VLAN 20:Switch_A#configure terminalSwitch_A(config)#interface fastethernet 0/9Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet 0/10Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet 0/11Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#interface fastethernet0/12Switch_A(config-if)#switchport mode accessSwitch_A(config-if)#switchport access vlan 20Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface ethernet 0/9Switch_A(config-if)vlan static 20Switch_A(config-if)#interface ethernet 0/10Switch_A(config-if)vlan static 20Switch_A(config-if)#interface ethernet 0/11Switch_A(config-if)vlan static 20Switch_A(config-if)#interface ethernet 0/12Switch_A(config-if)vlan static 20Switch_A(config-if)#end


Switch_A#show vlanAre ports assigned correctly? _________________________________________________

Step 8 Create the trunkOn Switch_A, type the following commands at the Fast Ethernet 0/1 interface command prompt. Note that Ethernet 0/1 and the other access ports on a 1900 switch only support 10 Mbps Ethernet and cannot be used as trunk ports. The trunk ports (if pres ent) on a 24-port 1900 are typically Fast Ethernet 0/26 and 0/27.

Switch_A(config)#interface fastethernet0/1Switch_A(config-if)#switchport mode trunkSwitch_A(config-if)#end2900:Switch_A(config)#interface fastethernet0/1Switch_A(config-if)#switchport mode trunkSwitch_A(config-if)#switchport trunk encapsulation dot1q




Switch_A(config-if)#end1900:Switch_A#config terminalSwitch_A(config)#interface fastethernet0/26Switch_A(config-if)#trunk on

Step 9 Configure the routerConfigure the router with the following data. Note that, in order to support trunk ing and inter-VLAN routing, the router must have a Fast Ethernet interface.Hostname is Router_AConsole, VTY, and enable passwords are cisco.Enable secret password is class.Then configure the Fast Ethernet interface using the following commands:Note: If working with a 1900 switch, replace the dot1.q_ encapsulation with isl_ in the following router configuration commands.

Router_A(config)#interface fastethernet 0/0Router_A(config-if)#no shutdownRouter_A(config-if)#interface fastethernet 0/0.1Router_A(config-subif)#encapsulation dot1q 1Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0Router_A(config-if)#interface fastethernet 0/1.2Router_A(config-subif)#encapsulation dot1q 10Router_A(config-subif)#ip address 192.168.5.1 255.255.255.0Router_A(config-if)#interface fastethernet 0/0.3Router_A(config-subif)#encapsulation dot1q 20Router_A(config-subif)#ip address 192.168.7.1 255.255.255.0Router_A(config-subif)#end

Step 10 Save the router configurationStep 11 Display the router routing table

Type show ip route at the privileged EXEC mode prompt.Are there entries in the routing table? ___________________________________________What interface are they all pointing to? __________________________________________Why is there not a need to run a routing protocol? __________________________________

Step 12 Test the VLANS and the trunkPing from the host in Switch_A port 0/9 to the host in port 0/5.Was the ping suc cessful? ___________________________________________________Why? __________________________________________________________________Ping from the host in Switch_A port 0/5 to the switch IP 192.168.1.2.Was the ping successful? ___________________________________________________

Step 13 Move the hostsMove the hosts to other VLANs and try pinging the management VLAN 1.Note the results of the pinging.______________________________________________________________________________________________________________________________________________________________________________________________________________________________




Once the steps are complete, logoff by typing exit, and turn all the devices off. Then remove and store the cables and adapter.




Lab-28: Configuring DHCP

ObjectiveConfigure a router for Dynamic Host Configuration Protocol (DHCP) to dynamically assign addresses to attached hosts.

Background/PreparationRouting between the ISP and the campus router uses a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet is identified by a loopback address on the ISP router.Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.Conduct the following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.

Step 1 Configure the routersConfigure all of the following according to the chart:The hostname/ The consoleThe virtual terminalThe enable passwordsThe interfaces

Step 2 Save the configurationAt the privileged EXEC mode prompt, on both routers, type the command copy running-config startup-config.

Step 3 Create a static routeJoin NETS Be The Best




Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route:

ISP(config)#ip route 172.16.12.0 255.255.255.0 172.16.1.6Is the static route in the routing table? ___________________________________________

Step 4 Create a default routeUse the ip route command to add a default route from the campus router to the ISP router. This will provide the mechanism to forward any unknown destination address traffic to the ISP:

campus(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.5Is the static route in the routing table? ___________________________________________

Step 5 Create the DHCP address poolTo configure the campus LAN pool, use the following c ommands:

campus(config)#ip dhcp pool campuscampus(dhcp-config)#network 172.16.12.0 255.255.255.0campus(dhcp-config)#default-router 172.16.12.1campus(dhcp-config)#dns-server 172.16.1.2campus(dhcp-config)#domain-name foo.comcampus(dhcp-config)#netbios-name-server 172.16.1.1

Step 6 Excluding addresses from poolTo exclude addresses from the pool, use the following commands:

campus(dhcp-config)#ip dhcp excluded-address 172.16.12.1 172.16.12.10Step 7 Verifying DHCP Operation

At each workstation on the directly connected subnet configure the TCP/IP properties so the workstation will obtain an IP address and Domain Name Sys tem (DNS) server address from the DHCP server. After changing and saving the configuration, reboot the workstation.To confirm the TCP/IP configuration information on each host use Start > Run > winipcfg. If running Windows 2000, check using ipconfig in a DOS window.What IP address was assigned to the workstation? _________________________________What other information was automatically assigned?________________________ ________________________ ________________________When was the lease obtained? ________________________________________________When will the lease expire? __________________________________________________

Step 8 View DHCP bindingsFrom the campus router, the bindings for the hosts can be seen. To see the bindings, use the command show ip dhcp binding at the privileged EXEC mode prompt.What were the IP addresses assigned? _________________________________________What are the three other fields listed in the output?________________________ ________________________ ________________________Upon completion of the previous steps finish the lab by doing the following:Logoff by typing exitTurn the router offRemove and store the cables and adapter

Erasing and reloading the router




Lab-29: Configuring PPP Encapsulation

ObjectiveConfigure the serial interfaces on two routers with the PPP protocol.Test the link for connectivity.

Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.

Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords

Step 2 Configure the Dublin interface as shownConfigure the Dublin router serial interface as follows:

Dublin(config)#interface serial 0Dublin(config-if)#ip address 192.168.15.2 255.255.255.0Dublin(config-if)#no shutdownDublin(config-if)#exitDublin(config)#exit

Step 3 Configure the Washington interface as shownConfigure the Washington router serial interface as follows:

Washington(config)#interface serial 0Washington(config-if)#ip address 192.168.15.1 255.255.255.0Washington(config-if)#clockrate 64000Washington(config-if)#no shutdownWashington(config-if)#exitWashington(config)#exit




Step 4 Save the configurationWashington#copy running-config startup-configDublin#copy running-config startup-config

Step 5 Enter the command show interface serial 0 on WashingtonWashington#show interface serial 0

This will show the details of interface serial 0.Serial 0 is _____________, line protocol is_____________.Internet addres s is _____________________.Encapsulation _________________________

Step 6 Enter the command show interface serial 0 on DublinDublin#show interface serial 0

This will show the details of interface serial 0.Serial 0 is _____________, line protocol is_____________.Internet addres s is _______________.Encapsulation ___________________

Step 7 Change the encapsulation typeChange the encapsulation type to PPP by typing encapsulation ppp at the interface serial 0 configuration mode prompt on both routers.

Washington(config-if)#encapsulation pppDublin(config-if)#encapsulation ppp

Step 8 Enter the command show interface serial 0 on WashingtonWashington#show interface serial 0

Encapsulation ___________________

Step 9 Enter the command show interface serial 0 on DublinDublin#show interface serial 0

Encapsulation ___________________

Step 10 Verify that the serial connection is functioning by pinging the serial interface of the other router

Washington#ping 192.168.15.2Dublin#ping 192.168.15.1

Can the serial interface on the Dublin router be pinged from Washington? ________________Can the serial interface on the Washington router be pinged from Dublin? ________________If the answer is no for either question, troubleshoot the router configurations to find the error.Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, finish the lab by doing the following:

Logoff by typing exitTurn the router offRemove and store the cables and adapter




Lab-30: Configuring PPP Authentication

ObjectiveConfigure PPP authentication using CHAP on two routers .

Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.


Step 2 Configure the Tokyo interface as shownConfigure the Tokyo router serial interface as follows:

Tokyo(config)#interface serial 0Tokyo(config-if)#ip address 192.168.15.2 255.255.255.0Tokyo(config-if)#encapsulation pppTokyo(config-if)#no shutdownTokyo(config-if)#exitTokyo(config)#exit

Step 3 Configure the Madrid interface as shownConfigure the Madrid router serial interface as follows:

Madrid(config)#interface serial 0Madrid(config-if)#ip address 192.168.15.1 255.255.255.0Madrid(config-if)#clockrate 64000Madrid(config-if)#encapsulation pppMadrid(config-if)#no shutdownMadrid(config-if)#exit




Madrid(config)#exitStep 4 Save the configuration

Madrid#copy running-config startup-configTokyo#copy running-config startup-config

Step 5 Enter the command show interface serial 0 on MadridMadrid#show interface serial 0

Encapsulation _______________________

Step 6 Enter the command show interface serial 0 on TokyoTokyo#show interface serial 0

Encapsulation _______________________


Madrid#ping 192.168.15.2Tokyo#ping 192.168.15.1

If the pings are unsucces sful, troubleshoot the router c onfigurations to find the error. Then do the pings again until both pings are successful.

Step 8 Configure PPP authenticationConfigure usernames and password on the Madrid router. The passwords must be the same on both routers. The username must reflect the other routers hostname exactly. The password and user names are case sensitive:

Madrid(config)#username Tokyo password ciscoMadrid(config)#interface serial 0Madrid(config-if)#ppp authentication chap

Step 9 Verify that the serial connection is functioningVerify that the serial connection is functioning by pinging the serial interface of the other router:

Madrid#ping 192.168.15.2Is the ping successful? _____________________________________________________Why? __________________________________________________________________

Step 10 Configure PPP authenticationConfigure usernames and password on the Tokyo router. The pas swords must be the same on both routers. The username must reflect the other routers hostname exactly. The password and user names are case sensitive:

Tokyo(config)#username Madrid password ciscoTokyo(config)#interface serial 0Tokyo(config-if)#ppp authentication chap

Step 11 Verify that the serial connection is functioningVerify that the serial connection is functioning by pinging the serial interface of the other router:

Tokyo#ping 192.168.15.1Is the ping successful? _____________________________________________________Why? __________________________________________________________________




Lab-31: Verifying PPP Configuration

ObjectiveConfigure a serial interface on two routers with the PPP protocol.Verify and test the link for connectivity.

Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.


Step 2 Configure the Warsaw interface as shownConfigure the Warsaw router serial interface as follows:

Warsaw(config)#interface serial 0Warsaw(config-if)#ip address 192.168.15.2 255.255.255.0Warsaw(config-if)#no shutdownWarsaw(config-if)#exitWarsaw(config)#exit

Step 3 Configure the Brasilia interface as shownConfigure the Brasilia router serial interface as follows :

Brasilia(config)#interface serial 0Brasilia(config-if)#ip address 192.168.15.1 255.255.255.0Brasilia(config-if)#clockrate 64000Brasilia(config-if)#no shutdownBrasilia(config-if)#exitBrasilia(config)#exit




Step 4 Save the configurationBrasilia#copy running-config startup-configWarsaw#copy running-config startup-config

Step 5 Enter the command show interface serial 0 on BrasiliaBrasilia#show interface serial 0

This will show the details of interface serial 0.Encapsulation _______________________

Step 6 Enter the command show interface serial 0 on WarsawWarsaw#show interface serial 0

This will show the details of interface serial 0.Encapsulation _______________________

Step 7 Turn on PPP debuggingTurn on the PPP debug function on both routers by typing debug ppp tasks at the privileged EXEC mode prompt.Note: For the 2600 router, use the command debug ppp tasks.

Step 8 Change the encapsulation typeChange the encapsulation type to PPP by typing encapsulation ppp at the interface serial 0 configuration mode prompt on both routers.

Brasilia(config-if)#encapsulation pppWarsaw(config-if)#encapsulation ppp

What did the debug function report when the PPP encapsulation was applied to each router?__________________________________________________________________________Turn off the debug function by typing undebug all at the privileged EXEC mode prompt.

Step 9 Enter the command show interface serial 0 on BrasiliaBrasilia#show interface serial 0

Step 10 Enter the command show interface serial 0 on WarsawWarsaw#show interface serial 0

Step 11 Verify that the serial connection is functioningPing the other router to verify that there is connectivity between the two routers.

Brasilia#ping 192.168.15.2Warsaw#ping 192.168.15.1

Can the serial interface on the Warsaw router be pinged from Brasilia? __________________Can the serial interface on the Brasilia router be pinged from Warsaw? __________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, finish the lab by doing the following:






Lab-32: Troubleshooting PPP Configuration

ObjectiveConfigure PPP on the serial interfaces of two routers.Use show and debug commands to troubleshoot connectivity issues.

Background/PreparationCable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes 800, 1600, 1700, 2500, 2600 series routers.


Step 2 Configure the Paris interface as shownConfigure the Paris router serial interface as follows:

Paris(config)#interface serial 0Paris(config-if)#ip address 192.168.15.2 255.255.255.0Paris(config-if)# clockrate 56000Paris(config-if)#exitParis(config)#exit

Step 3 Configure the London interface as shownConfigure the London router serial interface as follows:

London(config)#interface serial 0London(config-if)#ip address 192.168.15.1 255.255.255.0London(config-if)# encapsulation pppLondon(config-if)#no shutdownLondon(config-if)#exitLondon(config)#exit

Step 4 Save the configurationJoin NETS Be The Best




London#copy running-config startup-configParis#copy running-config startup-config

Step 5 Enter the command show interface serial 0 on LondonLondon#show interface serial 0

This will show the details of interface serial 0.List the following information discovered from issuing this command.Serial 0 is ___________________, line protocol is___________________What type of problem is indicated in the last statement? _____________________________________________________________________________________________Internet address is ____________________Encapsulation _______________________

Step 6 Enter the command show interface serial 0 on ParisParis#show interface serial 0

This will show the details of interface serial 0.List the following information discovered from issuing this command.Serial 0 is ___________________, line protocol is___________________.Internet address is ___________________.Encapsulation _______________________To what OSI layer is the encapsulation_ referring? _______________________If the Serial interface was configured, why did the show interface serial 0 output show that the interface is down?

Step 7 Correct the clock locationThe clock rate statement has been placed on the wrong interface. It is currently placed on the Paris router, but the London router is the Data Communications Equipment (DCE). Remove the clock rate statement from the Paris router using the no version of the command and then add it to the London routers configuration.

Step 8 Enter the command show cdp neighbors on LondonIs there any output from the command? _________________________________________Should there be output? _____________________________________________________

Step 9 Enter the command debug ppp negotiation on LondonIt may take 60 seconds or more before output occurs.Is there output? _____________________________________________________What is the output saying? ___________________________________________________Is there a problem with PPP encapsulation on the London router or the Paris router?__________________________________________________________________________Why? __________________________________________________________________What were the encapsulations listed for the interfaces?London? ______________________ Paris? ____________________________________Is there an issue with the above statement? ______________________________________What is the issue? _________________________________________________________

Step 10 Enter the command debug ppp negotiation on the Paris routerEnter the command debug ppp negotiation on the Paris router at the privileged EXEC mode prompt.Is there any output from the debug command? ____________________________________




Step 11 Correct the encapsulation typeConvert the encapsulation to PPP on the Paris router.Is there any output from the debug command? ____________________________________Does it confirm link establishment? ____________________________________


Serial 0 is ________________________, line protocol is ________________________.Encapsulation ________________________What is the difference in the Line and Protocol status recorded on Paris earlier? Why?__________________________________________________________________________


London#ping 192.168.15.1Paris#ping 192.168.15.2

From London, c an the serial interface ping the Paris router? ____________________From Paris, can the serial interface ping the London router? ____________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.




Lab-33: Troubleshooting a Serial Interface

ObjectiveConfigure a serial interface on two routers.Use show commands to troubleshoot connectivity issues.

Background/PreparationConfigure the appropriate serial interfaces to allow connectivity between the two routers. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.


Step 2 Configure the Paris interface as shownConfigure the Paris router serial interface as follows:

Paris(config)#interface serial 0Paris(config-if)#ip address 192.168.15.2 255.255.255.0Paris(config-if)#clockrate 56000Paris(config-if)#no shutdownParis(config-if)#exitParis(config)#exit

Step 3 Configure the London interface as shownConfigure the London router serial interface as follows:

London(config)#interface serial 0London(config-if)#ip address 192.168.15.1 255.255.255.0London(config-if)#no shutdownLondon(config-if)#exit




London(config)#exitStep 4 Save the configuration

London#copy running-config startup-configParis#copy running-config startup-config

Step 5 Enter the command show interface serial 0 on LondonLondon#show interface serial 0

This will show the details of interface serial 0.Answer the following questions:Serial 0 is _____________, line protocol is _____________What type of problem is indicated in the last statement?__________________________________________________________________________Internet addres s is ________________________________Encapsulation ____________________________________


This will show the details of interface serial 0.Answer the following questions:Serial 0 is ___________________, line protocol is___________________Internet addres s is ___________________.Encapsulation ___________________To what OSI layer is the encapsulation_ referring? ___________________Why is the interface down? ______________________________________________________

Step 7 Correct the clock locationThe clock rate s tatement has been placed on the wrong interface. It is currently placed on the Paris router, but the London router is the Data Communications Equipment (DCE). Remove the clock rate statement from the Paris router using the no version of the command and then add it to the London router configuration.


Serial 0 is ______________________, line protocol is______________________.What is the difference in the Line and Protocol status recorded on Paris earlier? Why?__________________________________________________________________________


London#ping 192.168.15.2Paris#ping 192.168.15.1

Can the serial interface on the Paris router be pinged from London? __________________Can the serial interface on the London router be pinged from Paris? __________________If the answer is no for either question, troubleshoot the router configurations to find the error. Then do the pings again until the answer to both questions is yes.Upon completion of the previous steps, finish the lab by doing the following:









Lab-34: Configuring ISDN BRI (U-Interface)

ObjectiveConfigure an ISDN router to make a successful connection to a local ISDN switch.

Background/PreparationThis lab assumes that a router with an ISDN BRI U interface is available. An Adtran Atlas550 ISDN emulator is used to simulate the ISDN switch and cloud.Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Conduct the following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.


Step 2 Verifying the ISDN BRI switch typeNot all ISDN switch types are the same worldwide and the first step is to configure the following:

The ISDN TE1 deviceThe routerWhat ISDN switch type is in use

This information will be provided by the ISDN telco provider. In this case, the ISDN Switch type, supported by the Adtran simulator, is National ISDN-1, North America. It is configured, on the router, using the keyword basic-ni. To check the ISDN BRI status, issue the following command before issuing any configuration commands:

Ottawa#show isdn statusWhat is the Layer 1 status? ___________________________________________________What is the ISDN switch type? ________________________________________________

Step 3 Specifying the switch typeTo specify ISDN switch type use isdn switch-type command at the global configuration mode prompt. The different switch types available may be reviewed using the isdn switch-type ?




command:Ottawa#configure terminalOttawa(config)#isdn switch-type ?

How many different switch types are available? ____________________________________To configure the router to communicate with a National ISDN-1 switch type:

Ottawa(config)#isdn switch-type basic-niStep 4 Verifying switch status

Check the state of the ISDN Interface again.Ottawa#show isdn status

What is the Layer 1 status? ________________________________________________________What is the ISDN switch type? ________________________________________________

Step 5 Activate the BRI connectionActivate the ISDN BRI using the no shutdown command at the interface configuration prompt.

Ottawa#configure terminalOttawa(config)#interface bri 0Ottawa(config-if)#no shutdown

Step 6 Review switch statusAt this stage the ISDN BRI should be physically active and one TEI should have been negotiated.

Ottawa#show isdn statusWhat is the Layer 1 status? ________________________________________________________What is the ISDN switch type? _____________________________________________________Has the Layer 2 status changed? ____________________________________________________

Step 7 Configuring ISDN SPIDsDepending on region, ISDN service profile identifiers (SPIDs) may have to be specified for ISDN Switch to res pond to the ISDN TE1 correctly. The SPIDs, supported by the Adtran simulator, are specified as isdn spid1 and isdn spid2. To configure the SPIDs issue the following commands:

Ottawa(config)#interface bri 0Ottawa(config-if)#isdn spid1 51055510000001 5551000Ottawa(config-if)#isdn spid2 51055510010001 5551001

Step 8 Review switch statusCheck the state of the ISDN Interface again:

Ottawa#show isdn statusWhat does the output specify about spid1? ______________________________________What does the output specify about spid2? ______________________________________Careful examination of this output shows that the assigned SPID values have not been sent to the ISDN switch and verified. The reason for this is that they were specified after the ISDN interface was enabled. To send the SPID values the interface must be reset.

Step 9 Resetting the interfaceTo manually reset the ISDN BRI interface issue the command clear interface bri 0. This will cause all ISDN parameters to be renegotiated. Issue the clear command on the router and then check the ISDN interface status. SPID1 and SPID2 will now be sent and validated:

Ottawa#clear interface bri 0Ottawa#show isdn status




Have SPID1 and SPID2 been sent and verified?__________________________________________________________________________

Step 10 Save the configuration and rebootSave the configuration and reboot the router. This time, verify that the ISDN Interface has correctly negotiated with the ISDN switch. Review activity on the ISDN Interface using the show isdn active command:

Ottawa#copy running-config startup-configOttawa#reloadOttawa#show isdn active

The history table has a maximum of how many entries?__________________________________________________________________________History table data is retained for how long?__________________________________________________________________________Upon completion of the previous steps, finish the lab by doing the following:






Lab-35: Configuring Dialer Profiles

ObjectiveConfigure ISDN Dialer Profiles on the routers enabling a dial-on-demand routing (DDR) call to be made from two remote routers simultaneously into a central ISDN BRI router.

Background/PreparationIn this lab, 3 ISDN routers are required.. An Adtran Atlas550 ISDN emulator is used to simulate the switch/ISDN cloud. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Conduct the following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.

Step 1 Configure the routerConfigure the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwords

Step 2 Define switch type and spid numbersTo configure the s witch type and spid numbers use the following commands.

Router(config)#hostname TokyoTokyo(config)#enable secret classTokyo(config)#isdn switch-type basic-niTokyo(config)#interface fastethernet 0Tokyo(config-if)#ip address 192.168.1.1 255.255.255.0Tokyo(config-if)#no shutdown




Tokyo(config-if)#exitTokyo(config)#interface bri 0Tokyo(config-if)#isdn spid1 51055510000001 5551000Tokyo(config-if)#isdn spid2 51055510010001 5551001Tokyo(config-if)#no shutdownRouter(config)#hostname MoscowMoscow(config)#enable secret classMoscow(config)#isdn switch-type basic-niMoscow(config)#interface fastethernet 0Moscow(config-if)#ip address 192.168.2.1 255.255.255.0Moscow(config-if)#no shutdownMoscow(config-if)#exitMoscow(config)#interface bri 0Moscow(config-if)#isdn spid1 51055520000001 5552000Moscow(config-if)#isdn spid2 51055520010001 5552001Moscow(config-if)#no shutdown Router(config)#hostname SydneySydney(config)#enable secret classSydney(config)#isdn switch-type basic-niSydney(config)#interface fastethernet 0Sydney(config-if)#ip address 192.168.3.1 255.255.255.0Sydney(config-if)#no shutdownSydney(config-if)#exitSydney(config)#interface bri 0Sydney(config-if)#isdn spid1 51055530000001 5553000Sydney(config-if)#isdn spid2 51055530010001 5553001Sydney(config-if)#no shutdown

Step 3 Defining static routes for DDRUse static and default routes instead of dynamic routing, in order to reduce the cost of the dialup connection. To configure a static route, the network address of the network that is going to be reached must be known. The IP address of the next router on the path to this destination must be known as well.

Moscow#configure terminalMoscow(config)#ip route 0.0.0.0 0.0.0.0 192.168.253.1Sydney#configure terminalSydney(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.1Tokyo#configure terminalTokyo(config)#ip route 192.168.2.0 255.255.255.0 192.168.253.2Tokyo(config)#ip route 192.168.3.0 255.255.255.0 192.168.254.2

Step 4 Specifying interesting traffic for DDRTraffic mus t be defined as ‘interesting’ to cause the DDR interface to dialup the remote router. For the moment, declare that all IP traffic is interesting using the dialer-list command.

Moscow(config)#dialer-list 1 protocol ip permitMoscow(config)#interface dialer 0




Moscow(config-if)#dialer-group 1Sydney(config)#dialer-list 1 protocol ip permitSydney(config)#interface dialer 0Sydney(config-if)#dialer-group 1Tokyo#configure terminalTokyo(config)#dialer-list 1 protocol ip permitTokyo(config)#interface dialer 1Tokyo(config-if)#description The Profile for the Moscow routerTokyo(config-if)#dialer-group 1Tokyo(config-if)#interface dialer 2Tokyo(config-if)#description The Profile for the Sydney routerTokyo(config-if)#dialer-group 1

Step 5 Configuring DDR dialer informationConfigure the correct dialer information so that the dialer profile and dialer interface function correctly. This includes all of the following:IP address informationPPP configurationNamePasswordsDial number

Tokyo(config)#interface dialer 1Tokyo(config-if)#ip address 192.168.253.1 255.255.255.0Tokyo(config-if)#interface dialer 2Tokyo(config-if)#ip address 192.168.254.1 255.255.255.0Tokyo(config-if)#interface bri 0Tokyo(config-if)#encapsulation pppTokyo(config-if)#ppp authentication chapTokyo(config-if)#interface dialer 1Tokyo(config-if)#encapsulation pppTokyo(config-if)#ppp authentication chapTokyo(config-if)#interface dialer 2Tokyo(config-if)#encapsulation pppTokyo(config-if)#ppp authentication chapTokyo(config-if)#exitTokyo(config)#username Moscow password classTokyo(config)#username Sydney password classMoscow(config)#interface dialer 0Moscow(config-if)#ip address 192.168.253.2 255.255.255.0Moscow(config-if)#interface bri 0Moscow(config-if)#encapsulation pppMoscow(config-if)#ppp authentication chapMoscow(config-if)#interface dialer 0Moscow(config-if)#encapsulation pppMoscow(config-if)#ppp authentication chap




Moscow(config-if)#no shutdownMoscow(config-if)#exitMoscow(config)#username Tokyo password classSydney(config)#interface dialer 0Sydney(config-if)#ip address 192.168.254.2 255.255.255.0Sydney(config-if)#interface bri 0Sydney(config-if)#encapsulation pppSydney(config-if)#ppp authentication chapSydney(config-if)#interface dialer 0Sydney(config-if)#encapsulation pppSydney(config-if)#ppp authentication chapSydney(config-if)#no shutdownSydney(config-if)#exitSydney(config)#username Tokyo password class

Step 6 Configure dialer informationNext, the dial information must be configured to specify the remote name of the remote router in the Dialer Profile. The dial string, or phone number to use to contact this remote device must also be spec ified. Use the following commands to do this:

Tokyo(config)#interface dialer 1Tokyo(config-if)#dialer remote-name MoscowTokyo(config-if)#dialer string 5552000Tokyo(config-if)#dialer string 5552001Tokyo(config-if)#interface dialer 2Tokyo(config-if)#dialer remote-name SydneyTokyo(config-if)#dialer string 5553000Tokyo(config-if)#dialer string 5553001

To configure the dial information on Moscow, use the following:Moscow(config-if)#interface dialer 0Moscow(config-if)#dialer remote-name TokyoMoscow(config-if)#dialer string 5551000Moscow(config-if)#dialer string 5551001

To configure the dial information on Sydney, use the following:Sydney(config-if)#interface dialer 0Sydney(config-if)#dialer remote-name TokyoSydney(config-if)#dialer string 5551000Sydney(config-if)#dialer string 5551001

Step 7 Associate dialer profilesFinally, associate the Dialer Profiles with the Dialer Interfaces that will be used, when needed. Create a Dialer Pool, and put the interfaces and the associated Dialer Profiles in a common pool. The commands for doing this are as follows:

Tokyo(config-if)#interface bri 0Tokyo(config-if)#dialer pool-member 1Tokyo(config-if)#interface dialer 1Tokyo(config-if)#dialer pool 1




Tokyo(config-if)#interface dialer 2Tokyo(config-if)#dialer pool 1

On Moscow, the commands issued would be as follows:Moscow(config-if)#interface bri 0Moscow(config-if)#dialer pool-member 1Moscow(config-if)#interface dialer 0Moscow(config-if)#dialer pool 1

Use the same commands to configure the Sydney router.

Step 8 Configure dialer timeoutsConfigure a dialer idle-timeout of 60 seconds for each of the dialer interfaces :

Tokyo(config)#interface dialer 1Tokyo(config-if)#dialer idle-timeout 60Tokyo(config-if)#interface dialer 2Tokyo(config-if)#dialer idle-timeout 60

Repeat these c ommands on Moscow and Sydney.

Step 9 View the Tokyo router configurationTo view the configuration, use the show running-config command:

Tokyo#show running-configHow many username statements are there? _______________________________________What authentication type is being used for PPP? ___________________________________Which sections of the configuration list the authentication type?__________________________________________________________________________What are the dialer strings on the Tokyo router? ___________________________________

Step 10 Verifying the DDR ConfigurationNow, generate some interesting traffic across the DDR link from Moscow and Sydney to verify that connections are made correctly and the dialer profiles are functioning:

Moscow#ping 192.168.1.1Were the pings successful? ____________________________________________________If not troubleshoot the router configurations. What other information was displayed when the ping was issued? _________________________________________________________________

Sydney#ping 192.168.1.1Were the pings successful? ____________________________________________________If the pings were not successful troubleshoot the router configurations. Use the show dialer command to see the reason for the call. This information is shown for each channel:

Tokyo#show dialerWhich dialer strings are associated with Dialer1?___________________________________What is the last status for dial string 5553000 in the Dialer2 readout? ____________________Use the show interface command and note that the output shows that the interface is spoofing. This provides a mechanism for the interface to simulate an active state for internal processes, such as routing, on the router. The show interface command can also be used to display information about the B channel:

Tokyo#show interface bri 0Upon completion of the previous steps, finish the lab by doing the following:









Lab-36: Configuring Frame Relay PVC

ObjectiveConfigure two routers back-to-back as a Frame Relay permanent virtual circuit (PVC). This will be done manually, in the absence e of a Frame Relay switch, and therefore there will be no Local Management Interface (LMI).

Background/PreparationCable a network similar to the one in diagram above. Any router that meets interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers. Conduct following steps on each router unless specifically instructed otherwise.Start a HyperTerminal session.

Step 1 Configure the routersConfigure the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwordsThe Fast Ethernet interfaces

Step 2 Configuring the Washington serial interfaceFirst, define the Frame Relay frame type to be used on this link. To configure the encapsulation type, use the command encapsulation frame-relay ietf. Disable keepalive messages since there is no Frame Relay switch in this configuration and consequently no Frame Relay DCE:

Washington#configure terminalWashington(config-if)#interface serial 0Washington(config-if)#encapsulation frame-relay ietfWashington(config-if)#no keepaliveWashington(config-if)#ip address 192.168.1.1 255.255.255.0Washington(config-if)#no shutdown

Step 3 Configure the Frame Relay map on WashingtonWhen sending an Ethernet frame to a remote IP address, remote MAC address must be discovered, so that correct frame type can be constructed. Frame Relay needs a similar mapping.




The remote IP address needs to be mapped to the local DLCI (Layer 2 address), so the correctly addressed frame can be created locally for this PVC. Since there is no way of mapping DLCI automatically with LMI disabled, this map must be created manually, using the frame-relay map command. The broadcast parameter also allows for IP broadcasts to use the same mapping for crossing this PVC:

Washington(config-if)#frame-relay map ip 192.168.1.2 102 ietf broadcastStep 4 Configure the DCE on Washington

In this configuration, when DCE cables are used, a clock signal is necessary. The bandwidth command is optional, but wise to use to verify bandwidth transmission. Another option is to title the connection using the description command. It is very useful to record information in the description about the PVC, such as remote contact person and the leased line circuit identifier:

Washington(config-if)#clock_rate 64000Washington(config-if)#bandwidth 64Washington(config-if)#description PVC to Dublin, DLCI 102, CircuitWashington(config-if)#DASS465875, Contact John Tobin (061-8886745)

Step 5 Configure Dublin routerConfigure the Dublin router using the following commands.

Dublin#configure terminalDublin(config-if)#interface serial 0Dublin(config-if)#encapsulation frame-relay ietfDublin(config-if)#no keepaliveDublin(config-if)#no shutdownDublin(config-if)#ip address 192.168.1.2 255.255.255.0Dublin(config-if)#frame-relay map ip 192.168.1.1 102 ietf broadcastDublin(config-if)#bandwidth 64Dublin(config-if)#description PVC to Washington, DLCI 102, CircuitDublin(config-if)#DASS465866 Contact Pat White (091-6543211)

Step 6 Verifying Frame Relay PVCOn the Washington router, type the command show frame-relay pvc:

Washington#show frame-relay pvcWhat is the DLCI number reported? _______________________________________________What is the PVC status? ________________________________________________________What is the value of the DLCI USAGE? ____________________________________________

Step 7 Showing Frame Relay mapTo view the Layer 2 to Layer 3 mapping, use this command at the privileged EXEC mode prompt:

Washington#show frame-relay mapWhat is the IP address shown? ___________________________________________________What state is interface serial 0 in? ________________________________________________

Step 8 Verify Frame Relay connectivityFrom the Washington router, ping the Dublin router serial interface.Was the ping suc cessful? ________________________________________________________If the ping was not successful, troubleshoot the router configurations. Upon completion of the previous steps, finish the lab by doing the following:




Logoff by typing exitTurn the router off then Remove and store the cables and adapter

Erasing and reloading the routerAs Done in previous labs.




Lab-37: Configuring Frame-Relay Sub-interfaces

ObjectiveConfigure three routers in a full mesh Frame Relay Network. An organization with three offices in different cities has to connect its offices through Frame Relay cloud. Offices are situated in Amsterdam, Paris and Berlin. A router at each branch site is connected with the Frame Relay Service Provider as depicted in the diagram.

Step 1 Configure the routersConfigure the following according to the chart:The hostname / The console passwordThe virtual terminal passwordThe enable secret passwordThe Fast Ethernet interface according to the chart

Step 2 Configure the Serial 0 InterfacesThe Frame Relay encapsulation type to be used on this link must be defined by commands:

Amsterdam# configure terminalAmsterdam(config)# interface serial 0Amsterdam(config-if)# encapsulation frame-relay ietfAmsterdam(config-if)# frame-relay lmi-type ansi

Use a description field to store relevant information, such as the circuit number in case a line fault has to be reported:

Amsterdam(config-if)#description Circuit #KPN465555Amsterdam(config-if)#no shutdown

The same commands are used to configure the Berlin and Paris routers:Paris(config)#interface serial 0Paris(config-if)#encapsulation frame-relay ietfParis(config-if)#frame-relay lmi-type ansiParis(config-if)#description Circuit #FRT372826




Paris(config-if)#no shutdownBerlin(config)#interface serial 0Berlin(config-if)#encapsulation frame-relay ietfBerlin(config-if)#frame-relay lmi-type ansiBerlin(config-if)#description Circuit #DTK465866Berlin(config-if)#no shutdown

Step 3 Create subinterfaces on the Amsterdam routerFor each of the permanent virtual circuits (PVCs), create a subinterface on the serial port. This subinterface will be a point-to-point configuration. For consistency and future troubleshooting, use the data-link connection identifier (DLCI) number as the subinterface number. The commands to create a subinterface are as follows:

Amsterdam(config-if)#interface serial 0.102 point-to-pointAmsterdam(config-if)#description PVC to Paris, DLCI 102Amsterdam(config-if)#ip address 192.168.4.1 255.255.255.0Amsterdam(config-if)#frame-relay interface-dlci 102Amsterdam(config-if)#interface serial 0.103 point-to-pointAmsterdam(config-if)#description PVC to Berlin, DLCI 103Amsterdam(config-if)#ip address 192.168.5.1 255.255.255.0Amsterdam(config-if)#frame-relay interface-dlci 103

Step 4 Create subinterfaces on the Paris routerTo configure the subinterfaces on the Paris router, use the following commands:

Paris(config-if)#interface Serial 0.201 point-to-pointParis(config-if)#description PVC to Amsterdam, DLCI 201Paris(config-if)#ip address 192.168.4.2 255.255.255.0Paris(config-if)#frame-relay interface-dlci 201Paris(config-if)#interface Serial 0.203 point-to-pointParis(config-if)#description PVC to Berlin, DLCI 203Paris(config-if)#ip address 192.168.6.1 255.255.255.0Paris(config-if)#frame-relay interface-dlci 203

Step 5 Create subinterfaces on the Berlin routerTo configure the subinterfaces on the Berlin router, use the following commands:

Berlin(config-if)#interface Serial 0.301 point-to-pointBerlin(config-if)#description PVC to Amsterdam, DLCI 301Berlin(config-if)#ip address 192.168.5.2 255.255.255.0Berlin(config-if)#frame-relay interface-dlci 301Berlin(config-if)#interface Serial 0.302 point-to-pointBerlin(config-if)#description PVC to Paris, DLCI 302Berlin(config-if)#ip address 192.168.6.2 255.255.255.0Berlin(config-if)#frame-relay interface-dlci 302

Step 6 Configure IGRP routingTo configure the routing protocol Interior Gateway Routing Protocol (IGRP) 100, syntax is:

Amsterdam(config-if)#router igrp 100Amsterdam(config-router)#network 192.168.1.0Amsterdam(config-router)#network 192.168.4.0




Amsterdam(config-router)#network 192.168.5.0Paris(config-if)#router igrp 100Paris(config-router)#network 192.168.2.0Paris(config-router)#network 192.168.4.0Paris(config-router)#network 192.168.6.0Berlin(config-if)#router igrp 100Berlin(config-router)#network 192.168.3.0Berlin(config-router)#network 192.168.5.0Berlin(config-router)#network 192.168.6.0

Step 7 Verifying Frame Relay PVCOn the Amsterdam router, issue the command show frame-relay pvc:

Amsterdam#show frame-relay pvcStep 8 Show the Frame Relay maps

Look at the frame relay maps by typing following command at the privileged EXEC mode prompt:

Amsterdam#show frame-relay mapStep 9 Show LMIs

Look at the Local Management Interface (LMI) statistics using following command:Amsterdam#show frame-relay lmi

Step 10 Check routing protocolUse the show ip route command to verify that the PVCs are up and active:

Amsterdam#show ip routeFrame Relay Switch Configuration

To simulate Frame Relay Cloud, use a router with three serial interfaces to emulate frame relay switch. We name this router as FRS, Its Serial 1/1 is connected with Amsterdam, Serial 1/2 is connected with Paris, Serial 2/1 is connected with Berlin.The required command for Frame Relay switch is as follows.FRS(config)# frame-relay switchingInterface serial 1/1

Encapsulation frame-relay ietfFrame-relay lmi-type ansiFrame-relay route 102 interface serial 1/2 201Frame-relay route 103 interface serial 2/1 301No shut

Interface serial 1/2Encapsulation frame-relay ietfFrame-relay lmi-type ansiFrame-relay route 201 interface serial 1/2 102Frame-relay route 203 interface serial 2/1 302No shut

Interface serial 2/1Encapsulation frame-relay ietfFrame-relay lmi-type ansiFrame-relay route 301 interface serial 1/2 103




Frame-relay route 302 interface serial 2/1 203No shut




Lab-38: Standard ACLs

ObjectivePlan, configure, and apply a standard ACL to permit or deny specific traffic and test the ACL to determine if the desired results were achieved. The company home office in Gadsden (GAD) provides services to branch offices such as the Birmingham (BHM) office. These offices have some minor security and performance concerns. Standard ACL need to be implemented as a simple and effective tool to control traffic.Host #3 represents the kiosk station that needs to have its access limited to the local network. Host #4 represents another host in the Birmingham office Loopback 0 on the GAD router represents the Internet.

Step 1 Basic Router InterconnectionInterconnect the routers as shown in the diagram.

Step 2 Basic ConfigurationThe router may contain configurations from a previous use. For this reason, erase the startup configuration and reload the router to remove any residual configurations. Using the information previously in the tables, setup the router and host configurations and verify reachablilty by pinging all systems and routers from each system. To simulate the Internet, add the following configuration to the GAD router.

GAD(config)#interface loopback0GAD(config-if)#address 172.16.1.1 255.255.255.0GAD(config-if)#exitGAD(config)#router rip




GAD(config-router)#network 172.16.0.0GAD(config-if)#^z

Step 3 Establish Access List RequirementsThe kiosk station (host 3) needs to have its access limited to the local network. It is determined that a standard access list needs to be created to prevent traffic from this host from reaching any other networks. The access control list should block traffic from this host and not affect other traffic from this network. Using a standard IP ACL is adequate for as it filters based on the source address to any destination.What source address of the kiosk? ____________________________

Step 4 Plan the Access List RequirementsAs with any project, the most important part of the process is the planning. First, the information needed to create the ACL need to be defined. An access list is made up a series of ACL statements . Each of these statements adds sequentially to the ACL. Since the list will consist of more than one statement, the order of the statement needs to be planned carefully.It has been determined that for this ACL will require 2 logical steps . Each of these steps can be accomplished with one statement each. As a planning tool, a text editor like Notepad can be used to organize the logic and then write the list. In the text editor enter the logic by typing:

stop traffic from host 3permit all other traffic

From this logic the actual ACL will be written. Using the tables below, doc unmet the information for each statement.

stop traffic from host 3List # permit or deny Source address Wildcard maskpermit all other trafficList # permit or deny Source address Wildcard mask

What would be the result of not including a statement at to permit all other source addresses?___________________________________________________________________________What would be the result of reversing the order of the 2 statements in the list?___________________________________________________________________________Why are both statements using the same ACL number?___________________________________________________________________________The final step in the planning process is to determine the best location for the access list and the direction the list should be applied. Examine the internetwork diagram and choose the appropriate interface and direction. Document this in the table below:

Router Interface DirectionStep 5 Write and Apply the ACL

Using the previously constructed logic and information of the access list, complete the commands in the text editor. The list syntax should look similar to:

stop traffic from host 3access-list #deny address wildcardpermit all other trafficaccess-list #permit address wildcard

Add to this text file the configuration statements to apply the list.The configuration s statements take e the form of:




interface type #/#ip access-group #{in, out}

Now the text file configuration needs to be applied to the router. Enter the configuration mode on the appropriate router and copy and paste the configuration. Observe the CLI display to ensure no errors were encountered.

Step 6 Verify the ACLNow that the ACL is completed, the ACL needs to be confirmed and tested.First step is to check the list to see if it was configured properly in the router. To check the ACL logic use the show access-list command. Record the output_________________________________________________________________________________________________________________________________________________________________________________________________________________________________Next, verify that the access list was applied to the proper interface and in the correct direction. To do this examine the interface with the show ip interface command. Look at the output from each interface and record the lists applied to the interface.

Interface _______________________________________________________________Outgoing access list is ____________________________________________________Inbound access lis t is ____________________________________________________

Finally, test the functionality of the ACL by trying to send packets from the source hos t and verify that is to be permitted or denied as appropriate. In this case, ping will be used to test this.

[ ] verify that host 3 CAN ping host 4[ ] verify that host 3 CANNOT ping host 1[ ] verify that host 3 CANNOT ping host 2[ ] verify that host 3 CANNOT ping GAD Fa0/0[ ] verify that host 3 CANNOT ping GAD LO0[ ] verify that host 4 CAN ping host 1[ ] verify that host 4 CAN ping host 2[ ] verify that host 4 CAN ping GAD Fa0/0[ ] verify that host 4 CAN ping GAD LO0

Step 7 Document the ACLAs a part of all network management, documentation needs to be created. Using the text file reated for the configuration, add additional comments. This file should also contain output from the show access-list and the show ip interface commands.The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation.That should complete the ACL project.Once finished, eras e the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.




Lab-39: Configuring Standard Access Lists

ObjectiveConfigure, and apply a standard ACL to permit or deny specific traffic.Test the ACL to determine if the desired results were achieved.


Step 1 Configure the hostname and passwords on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure the FastEthernet interface on the router according to the chart.

Step 2 Configure the hosts on the Ethernet segmentHost 1

IP address 192.168.14.2Subnet mask 255.255.255.0Default gateway 192.168.14.1

Host 2IP address 192.168.14.3Subnet mask 255.255.255.0Default gateway 192.168.14.1


GAD#copy running-config startup-configStep 4 Confirm connectivity by pinging the default gateway from both hosts

If the pings are not successful, correct the configuration and repeat until they are successful.

Step 5 Prevent access to the Ethernet interface from the hostsJoin NETS Be The Best




Create an access list that will prevent access to FastEthernet 0 from the 192.168.14.0 network. At the router configuration prompt type the following command:

GAD(config)#access-list 1 deny 192.168.14.0 0.0.0.255GAD(config)#access-list 1 permit any

Why is the second statement needed? __________________________________________

Step 6 Ping the router from the hostsWere these pings successful? ________________________________________________If they were, why? _________________________________________________________

Step 7 Apply the Access list to the interfaceAt the FastEthernet 0 interface mode prompt type the following:

GAD(config-if)#ip access-group 1 inStep 8 Ping the router from the hosts

Were these pings successful? ________________________________________________If they were, why? _________________________________________________________

Step 9 Create a new access listNow create an access list that will prevent the even numbered hosts from pinging but permit the odd numbered one.What will that access list look like? Finish this command with an appropriate comparison IP address (aaa.aaa.aaa.aaa) and wildcard mask (www.www.www.www):

ip access-list 2 permit aaa.aaa.aaa.aaa www.www.www.wwwWhy was it not necessary to have the permit any statement at the end this time?__________________________________________________________________________

Step 10 Apply access list to the proper router interfaceFirst remove the old access list application by typing no ip access-group 1 in at the interface configuration mode.Apply the new access list by typing ip access-group 2 in

Step 11 Ping the router from each hostsWas the ping from host 1 successful? ___________________________________________Why or why not? __________________________________________________________Was the ping from host 2 successful? ___________________________________________Why or why not? __________________________________________________________




Lab-40: Configuring Extended Access Lists (1)

ObjectiveConfigure, and apply an extended ACL to permit or deny specific traffic.Test the ACL to determine if the desired results were achieved.


Step 1 Configure the hostname and passwords on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal and enable passwords. Configure the FastEthernet interface on the router according to the chart.Allow HTTP access by issuing the ip http server command in global configuration mode.










Step 5 Connect to the router using the Web browserConnect to the router using a Web browser to ensure that the Web server function is active.

Step 6 Prevent access to HTTP (port 80) from the Ethernet interface hostsCreate an access list that will prevent Web browsing access to FastEthernet 0 from the 192.168.14.0 network.At the router configuration prompt type the following command:

GAD(config)#access-list 101 deny tcp 192.168.14.0 0.0.0.255 any eq 80GAD(config)#access-list 101 permit ip any any

Why is the second statement needed? __________________________________________

Step 7 Apply the access list to the interfaceAt the FastEthernet 0 interface mode prompt type:

GAD(config-if)#ip access-group 101 inStep 8 Ping the router from the hosts

Were these pings successful? ________________________________________________If they were, why? _________________________________________________________

Step 9 Connect to the router using the web browserWas the browser able to connect? _____________________________________________

Step 10 Telnet to the router from the hostsWere you able to Telnet successfully? __________________________________________Why or why not? __________________________________________________________Upon completion of the previous steps, logoff by typing exit. Turn the router off.





Lab-41: Simple Extended Access Lists (2)

ObjectiveConfiguring extended access lists to filter network to network, host to network, and network to host traffic.

ScenarioA marketing company has two locations. The main site is in Birmingham (BHM) and the branch site is in Gadsden (GAD). The telecommunication administrator for both sites needs to plan and implement access control lists for security and performance. At the Birmingham site, there are two groups of network users. These groups are an Administrative group and a Production group and each are on separate networks. Both networks are interconnected with a router. The Gadsden site is a stub network and only has a LAN connected to it.

Step 1 Basic Router and Host ConfigurationsJoin NETS Be The Best




Interconnect the routers and hosts as shown in the diagram. Configure all router basics such as hostname, enable password, telnet access, router interfaces.The configurations on each router should be as follows:

BHM#show running-config<Output Omitted>hostname BHMenable secret classinterface FastEthernet0ip address 192.168.1.17 255.255.255.240interface Serial0ip address 172.16.1.2 255.255.255.0clock rate 56000interface FastEthernet0/1ip address 192.168.1.33 255.255.255.240router ripnetwork 172.16.0.0network 192.168.1.0line vty 0 4password ciscologinendBHM#GAD#show running-config<Output Omitted>hostname GADenable password classinterface FastEthernet0ip address 172.16.2.1 255.255.255.0interface Serial0ip address 172.16.1.1 255.255.255.0router ripnetwork 172.16.0.0line vty 0 4password ciscologinno scheduler allocateendGAD#

Configure the hosts with the appropriate information using the information previously defined. Before applying any type of access list, it is important to verify reachability between systems.Verify reachability by pinging all systems and routers from each system.All hosts should be able to ping each other and the router interfaces. If pings to some interfaces are not successful, the problem will need to be located and corrected. Always verify the Physical layer connections, as they seem to be the more common source of connectivity problems. Next,




verify the router interfaces. Make sure they are not shutdown, improperly configured, and that RIP is correctly configured. Finally, remember that along with valid IP addresses, hosts must also have default gateways specified.Now that the infrastructure is in place, it is time to begin securing the internetwork.

Step 2 Prevent the Production Users from Accessing the Gadsden NetworkCompany policy specifies that only the Administrative group should have access to the Gadsden site. The Production group should be restricted from accessing that network.Configure an extended access list to allow the Administrative group access to the Gadsden site. The production group should not have access to the Gadsden site.After careful analysis, it is decided that it would be best to use an extended access list and apply it to the outgoing 0 interface on the BHM router.Note: Remember that when the access list is configured, each statement in the list is processed by the router in the order it was created. It is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access list. For this reason, it may be beneficial to create the access-list in a text editor such as Notepad and then paste the commands to the router, instead of being typed in directly on a router.Enter the following:

BHM#conf terminalEnter configuration commands, one per line. End with CNTL/Z.BHM(config)#access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.00.0.0.255

This statement defines an extended access list called _100_. It will deny ip access for any users on the 192.168.1.32 – 192.168.1.47 network if they are trying to access network 172.16.2.0. Although a less specific access list could be defined, this access list could allow the production users to access other sites (if available) through the S0 interface.Remember that there is an implicit deny all at the of every access list. We must now make sure to let the administrative group access the Gadsden network. Although we could be more restrictive, we will simply let any other traffic through. Enter the following statement:

BHM(config)#access-list 100 permit ip any anyNow we need to apply the access list to an interface. We could apply the list to any incoming traffic going to the production network Fa0/1 interface. However, if there were a great deal of traffic between the administrative network and the production network , the router would have to check every packet. There is concern that this would add unwanted overhead to the router.Therefore the access list is applied to the any outgoing traffic going through the BHM router S0 interface. Enter the following:

BHM(config)#interface s0BHM(config-if)#ip access-group 100 out

Verify the syntax of the access-list with the show running-config command. The following lists the valid statements that should be in the configuration.

interface Serial0ip access-group 100 out<Output Omitted>access-list 100 deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255access-list 100 permit ip any any




Another valuable command is the show access-lists command. The following is a sample output.BHM#show access-listsExtended IP access list 100deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255permit ip any any

The show access-lists command also displays counters, indicating how many times the list has been used. No counters are listed here since we haven’t attempted to verify it yet.Note: Use the clear access-list counters command to restart the access list countersNow test the access list by verifying reachability to the Gadsden network by the administrative and production hosts.Can the production host (B) ping the Gadsden host (D)? __________________________________Can the production host (C) ping the Gadsden host (D)? __________________________________Can the administrative host (A) ping the Gadsden host (D)? _______________________________Can the production host (B) ping the administration host (A)? _____________________________Can the production host (B) ping the Gadsden router Serial interface? _______________________The production hosts (B) and (C) should be able to ping the administrative host (A) and Gadsden router Serial interface. However, they should not be able to ping the Gadsden host (D). The router should return a reply message to the host stating destination net unreachable.Issue the show access-lists command. How many matches are there? ________________Note: The show access-lists command displays the number of matches per line. Therefore the number of deny matches may seem odd until it is realized that the pings matched the deny statement and the permit statement.To help understand how the access list is operating, keep periodically issuing the showaccess-lists command.

Step 3 Allow a Production User Access to the Gadsden NetworkA call is received from a user in the production group (B). They are responsible for exchanging certain files between the production network and the Gadsden network. The ex tended access list needs to be altered to allow them access to the Gadsden network, while denying everyone else on the production network.Configure an extended access-list to allow that user access to Gadsden.Unfortunately, it is not possible to reorder an access list, skip statements , edit statements, or delete statements from a numbered access lis t. With numbered access lists, any attempt to delete a single statement results in the entire list’s deletion.Therefore the initial extended access list needs too be deleted and a new one created. To delete access-list 100, enter the following:

BHM#conf tEnter configuration commands, one per line. End with CNTL/Z.BHM(config)#no access-list 100

Verify that it has been deleted with the show access-lists command.




Now create a new extended access list. Always filter from the most specific to the most generic. Therefore the first line of the access list should allow the production host (B) access to the Gadsden network. The remainder of the access-list should be the same as the previous we had entered.To filter the production host (B) the first line of the access list should be as follows:

BHM(config)#access-list 100 permit ip host 192.168.1.34 172.16.2.0 0.0.0.255Therefore, the access list permits the production host (B) access to the Gads den network.Now deny all of the remaining production hosts access to the Gadsden network and permit any on else. Refer to the previous step for the next two lines of the configuration. The show access-list command would display output similar to the following:

BHM#show access-listsExtended IP access list 100permit ip host 192.168.1.34 172.16.2.0 0.0.0.255deny ip 192.168.1.32 0.0.0.15 172.16.2.0 0.0.0.255permit ip any anyBHM#

Now test the access list by verifying reachability to the Gadsden network by the administrative and production hosts.Can the production host (B) ping the Gadsden host (D)? ___________________________________Can the production host (C) ping the Gadsden host (D)? ___________________________________The production host (B) should now be able to ping the Gadsden host (D). However, all other production hosts (C) should not be able to ping the Gadsden host (D). Again, the router should return a reply message to the host stating destination net unreachable for host (C).

Step 4 Allow Gadsden Users Access to the Administration Payroll ServerThe administration group houses the payroll server. Users from the Gadsden site need FTP and HTTP access the payroll server from time to time to upload and download payroll reports.Configure an extended access-list to allow users from the Gads den site FTP, HHTP access to the payroll server only. It is decided to also allow ICMP access for them to ping the server. Gadsden users should not be able to ping any other host on the Administration network.We do not want unnecessary traffic between the sites therefore it is decided to configure an extended access list on the Gadsden router.I was anticipated that privileged EXEC access to the Gadsden would be required from time to time. That is why Telnet access to it is configured. Otherwise travel would be required to the Gadsden site to configure it.Telnet to the Gadsden router from the Birmingham router and enter enable mode. Troubleshoot as necessary.Note: A common pitfall when configuring access lists on remote routers is to inadvertently lock yourself_ out. This is not a big problem when the router is physically located loc al. However, this could be a huge problem if the router is physically located in another geographical location.For this reason, it is strongly suggest that the reload in 30 command be issued on the remote router. This would automatically reload the remote router within 30 minutes of issuing the




command. Therefore, if the administrator was locked out, it would eventually reload to the previous configuration, allowing access to the router again. Use the reload cancel command to deactivate the pending reload.Configure an extended access list to allow FTP access to the payroll server. The access list statement should be similar to the following:

GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq ftpThis line will permit any host from the Gadsden network FTP access to the payroll server at address 192.168.1.18.What could we have defined instead of using the keyword any?_____________________________________________________________________________What could we have defined instead of using the keyword host_?_____________________________________________________________________________What could we have defined instead of using the keyword ftp_?_____________________________________________________________________________Now configure the next line of the access list to permit HTTP access to the payroll server. The access list statement should be similar to the following:

GAD(config)#access-list 110 permit tcp any host 192.168.1.18 eq httpThis line will permit any host from the Gadsden network FTP access to the payroll server at address 192.168.1.18.What else could we have defined instead of using the keyword http?_____________________________________________________________________________Now configure the next line of the access list to permit ICMP access to the payroll server. The access list statement should be similar to the following:

GAD(config)#access-list 110 permit icmp any host 192.168.1.18This line will permit any host from the Gadsden network to ping the payroll server at address 192.168.1.18.Finally, no Gadsden user should be able access any other host on the Administration network. Although it is not required, it is always a good idea to include a deny statement. Adding the statement is a good reminder and makes it easier to read_ the access list. The access list statement should be similar to the following:

GAD(config)#access-list 110 deny ip any 192.168.1.16 0.0.0.15Now we need to apply the access list to an interface. To reduce unwanted WAN traffic, it is decided to apply the access list to the any outgoing traffic going through the Gadsden routers S0 interface. Enter the following:

GAD(config)#interface s0GAD(config-if)#ip access-group 110 out

Now test the access list by verifying reachability to the payroll server by a Gadsden host (D).Can the Gadsden host (D) ping the payroll server? ______________________________________Can the Gadsden host (D) ping the host (A)? __________________________________________The Gads den host should be able to ping the payroll server only. The router should return the destination net unreachable when it tries to ping the administrative host (D).

Step 5 Document the ACLAs a part of all network management, documentation needs to be created. Using the text file




created for the configuration, add additional comments. This file should also contain output from the show access-list and the show ip interface commands.The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation.That should complete this extended ACL lab.Once finished, eras e the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.




Lab-42: Configuring a Named Access List

ObjectiveCreate a named ACL to permit or deny specific traffic.Test the ACL to determine if the desired results were achieved.


Step 1 Configure the hostname and passwords on the Gadsden routerOn the Gadsden router, enter the global configuration mode and configure the hostname as shown in the chart. Then configure the console, virtual terminal, and enable passwords. Configure the FastEthernet interface on the router according to the chart.










Step 5 Prevent access to the Ethernet interface from the hostsCreate a named access list that will prevent access to FastEthernet 0 from the 192.168.14.0 network.At the configuration prompt type the following command:

GAD(config)#ip access-list standard no_accessGAD(config-std-nacl)#deny 192.168.14.0 0.0.0.255GAD(config-std-nacl)#permit any

Why is the third statement needed? ____________________________________________

Step 6 Ping the router from the hostsWere these pings successful? ________________________________________________If they were, why? _________________________________________________________

Step 7 Apply the Access list to the interfaceAt the FastEthernet interface mode prompt type the following:

GAD(config-if)#ip access-group no_access inStep 8 Ping the router from the hosts

Were these pings successful? ________________________________________________Why or why not? __________________________________________________________Upon completion of the previous steps, logoff by typing exit. Turn the router off.





Lab-43: VTY Restriction

ObjectiveUse the access-class and line commands to control telnet access to the router.

ScenarioCompany home office in Gadsden (GAD) provides services to branch offices such as Birmingham (BHM) office. Only system with in the local network should be able to telnet to router. To do this standard access-list will be created that will permit users on network the local network to telnet to local router. The access-list will then be applied to the Virtual Terminal (vty) lines.

Step 1 Basic Router InterconnectionInterconnect the routers as shown in the diagram.

Step 2 Basic ConfigurationThe router may contain configurations from a previous use. For this reason, erase the startup configuration and reload the router to remove any residual configurations. Using the information previously in the tables, setup the router and host configurations and verify reachablilty by pinging all systems and routers from each system.Then telnet from the hosts to both the local router and the remote router.

Step 3 Create the Access List that Represents the Gadsden LANThe Local Area Network in Gadsden has a network address of 192.168.1.0 /24. To create the access list to permit this use the following commands:




GAD(config)#access-list 1 permit 192.168.1.0 0.0.0.255Step 4 Apply the Access List to Permit Only the Gadsden LAN

Now that the list is created to represent traffic, it needs to be applied to the vty lines. This will restrict any telnet access to the router. While these could be applied separately to each interface, it is easier to apply the list to all vty lines in one statement. This is done by enter the interface mode for all 5 line with the global config command line vty 0 4. For the Gadsden router type:

GAD(config)#line vty 0 4GAD(config-line)#access-class 1 inGAD(config-line)#^Z

Step 5 Test the RestrictionTest the functionality of the ACL by trying to telnet host and verify that is to be permitted or denied as appropriate.

[ ] verify that host 1 CAN telnet GAD[ ] verify that host 2 CAN telnet GAD[ ] verify that host 3 CANNOT telnet GAD[ ] verify that host 4 CANNOT telnet GAD

Step 6 Create the Restrictions for Birmingham RouterRepeat the above process to restrict the telnet access to BHM. Thus restriction should allow only hosts in the Birmingham LAN to telnet to BHMTest the functionality of the ACL by trying to telnet host and verify that is to be permitted or denied as appropriate.

[ ] verify that host 1 CANNOT telnet BHM[ ] verify that host 2 CANNOT telnet BHM[ ] verify that host 3 CAN telnet BHM[ ] verify that host 4 CAN telnet BHM

Step 7 Document the ACLAs a part of all network management, documentation needs to be created. Capture a copy of the configuration and add additional comments to explain the purpose to ACL code.The file should be saved with other network documentation. The file naming convention should reflect the function of the file and the date of implementation.Once finished, erase the start-up configuration on routers, remove and store the cables and adapter. Also logoff and turn the router off.




Lab-44: Managing IOS Images with TFTP

ObjectiveBackup a copy of a router IOS from flash to a TFTP server.Reload the back up IOS software image from a TFTP server into flash on a router.

Background/PreparationFor recovery purposes it is important to keep backup copies of router IOS images. These can be stored in a central location such as a TFTP server and retrieved if necessary. Cable a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination.Start a HyperTerminal session.

Step 1 Configure the Gadsden routerVerify the routers configurations by performing a show running-config on each router. If not correct, fix any configuration errors and verify.

Step 2 Configure the workstationThe configuration for the host connected to the Gadsden Router is:

IP Address 192.168.14.2IP subnet mask 255.255.255.0Default gateway 192.168.14.1

Step 3 Login to the router in user modeConnect to the Gadsden router and login.

Step 4 Collect information to document the new routerIssue the show version command.What is the current value of the config-register?____0x ______________________________How much flash memory does this router have? ___________________________________Is there at least 4mb (4096K) of flash? ____________________What is the version number of boot ROM? ____________________




Is the boot ROM version 5.2 or later? ____________________

Step 5 Collect more information to document the new routerIssue the show flash command.Is there a file already stored in flash? ___________________________________________If so, what is the exact name of that file? _________________________________________How much of flash is available or unused? _______________________________________Note: If there is a file in flash, it will probably need to be erased before a new one is loaded. That choice will be offered in the copy tftp flash command in a later step. However, it is possible to save a copy of that file with the command copy flash tftp. If there is a possibility of ever having to revert to that software version, follow the instructions in the Copy IOS to TFTP server section.

Step 6 Start and configure the Cisco TFTP ServerCheck with the instructor as to the IP address of the Cisco TFTP server.

Step 7 Verify connectivityPing the TFTP server from the Gadsden router.If the ping fails, review host and router configurations to resolve the problem.

Step 8 Copy IOS to TFTP serverBefore copying the files, verify that the TFTP server is running.What is the IP address of the TFTP server? ______________________________________From the console session, enter show flash.What is the name and length of the Cisco IOS image stored in flash?__________________________________________________________________________What attributes can be identified from codes in the Cisco IOS filename?

Step 9 Write the configurationWrite the configuration mode commands to specify what the IOS image should be loaded from:Flash: __________________________________________________________________TFTP server: _____________________________________________________________ROM: __________________________ Will this be a full IOS image? __________

Step 10 Copy the IOS image to the TFTP serverJoin NETS Be The Best




From the cons ole session in the privileged EXEC mode, enter the copy flash tftp command. At the prompt enter the IP address of the TFTP server:

GAD#copy flash tftpSource filename []? flash:c1700-y-mz.122-11.T.binAddress or name of remote host []? 192.168.14.2Destination filename [c1700-y-mz.122-11.T.bin]? y

After entering this command and answering the process requests, the student should see the following output on the console. Do not interrupt this process.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4284648 bytes copied in 34.012 secs (125975 bytes/sec)

Step 11 Verify the transfer to the TFTP serverCheck the TFTP server log file by clicking View > Log File. The output should resemble the following output:

Mon Sep 16 14:10:08 2002: Receiving ‘c1700-y-mz.122-11.T.bin’ in binary modeMon Sep 16 14:11:14 2002: Successful.

Verify the flash image size in the TFTP server directory. To locate it, click on View > Options. This will show the TFTP server root directory. It should be similar to the following, unless the default directories were changed:

C:\Program Files\Cisco Systems\Cisco TFTP ServerLocate this directory using the File Manager. Look at the detail listing of the file. The file length in the show flash command should be the same file size as the file stored on the TFTP server. If the file sizes are not identical, check with the instructor.

Step 12 Copy the IOS image from the TFTP serverNow that the IOS is backed up, the image must be tested and the IOS restored to the router. Verify again that the TFTP server is running, sharing a network with the router, and can be reached. Ping the TFTP server IP address.Record the IP address of the TFTP server. _______________________________________Copy from the privileged EXEC prompt.

GAD#copy tftp flashAddress or name of remote host 192.168.14.2Source filename c1700-y-mz.122-11.T.binDestination filename [c1700-y-mz.122-11.T.bin]? [Enter]Accessing tftp://192.168.14.2/c1700-y-mz.122-11.T.bin...Erase flash: before copying? [confirm][Enter]Erasing the flash filesystem will remove all files! Continue?[confirm][Enter]Erasing device...eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeerasedErase of flash: completeLoading c1700-y-mz.122-11.T.bin from 192.168.14.2 (via FastEthernet0):




!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![OK - 4284648 bytes]Verifying checksum... OK (0x9C8A)4284648 bytes copied in 26.584 secs (555739 bytes/sec)

The router may prompt to erase flash. Will the image fit in available flash? _____________If the flash is erased, what happened on the router console screen as it was doing so?__________________________________________________________________________What is the size of the file being loaded? __________________Do not interrupt the process.What happened on the router console screen as the file was being downloaded?__________________________________________________________________________Was the verification successful? __________________Was the whole operation successful? __________________

Step 13 Test the restored IOS imageVerify that the router Image is correct. Cycle the router power and observe the startup process to confirm that there were no flash errors. If there are none, then the router IOS should have started correctly.Further verify IOS image in flash by issuing the show version command which will show output similar to:

System image file is "flash:c1700-y-mz.122-11.T.bin"Upon completion of the previous steps, logoff by typing exit. Turn the router off.





Lab-45: Password Recovery Procedures

ObjectiveGain access to a router with an unknown privileged mode (enable) pass word.

Background/PreparationThis lab demonstrates gaining access s to a router with an unknown privileged mode (enable) password. One point to be made here is that anyone with this procedure and access to a console port on a router can change the password and take control of the router. That is why it is of critical importance that routers also have physical security to prevent unauthorized access. Setup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination.Start a HyperTerminal session.

Step 1 Attempt login to the routerMake the necessary console connections and establish a HyperTerminal session with the router. Attempt to logon to the router using the enable password cisco. The output should look like the following:

Router>enablePassword:Password:Password:% Bad secretsRouter>

Step 2 Document the current config-register settingAt the user EXEC prompt type show version.Record the value displayed for configuration register ___________ . For example 0x2102.

Step 3 Enter the ROM Monitor modeTurn the router off, wait a few seconds and turn it back on. When the router starts displaying system Bootstrap, Version on the HyperTerminal screen, press the Ctrl key and the Break key together. The router will boot in ROM monitor mode. Depending on the router hardware, one of several prompts such as: "rommon 1 >" or simply _>_ may show.




Step 4 Examine the ROM Monitor mode helpType ? at the prompt. The output should be similar to this:rommon 1 >?alias set and display aliases commandboot boot up an external processbreak set/show/clear the breakpointconfreg configuration register utilitycontext display the context of a loaded imagedev list the device tabledir list files in file systemdis display instruction streamhelp monitor builtin command helphistory monitor command historymeminfo main memory informationrepeat repeat a monitor commandreset system resetset display the monitor variablessysret print out info from last system returntftpdnld tftp image downloadxmodem x/ymodem image download

Step 5 Change the configuration register setting to boot without loading configuration file

From the ROM Monitor mode, type confreg 0x2142 to change the config-register. rommon 2 >confreg 0x2142

Step 6 Restart RouterFrom the ROM Monitor mode, type reset or power cycle the router.

rommon 2 >resetDue to the new configuration register setting, the router will not load the configuration file. The system prompts:

"Would you lik e to enter the initial configuration dialog? [yes]:"Enter no and press Enter.

Step 7 Enter Privileged EXEC mode and change passwordNow at the user mode promptRouter>Type enablePress Enter to go to the privileged mode without a password.Use the command copy startup-config running-config to restore the existing configuration. Since the user is already in privileged EXEC no password is needed.Type configure terminal to enter the global configuration mode.In the global configuration mode type enable secret class to change the secret password.While still in the global configuration mode, type config-register xxxxxxx. xxxxxxx is the original configuration register value recorded in Step 2.Press Enter.




Use the Ctrl z combination to return to the privileged EXEC mode.Use the copy running-config startup-config command to save the new configuration.Before restarting the router, verify the new configuration setting. From the privileged EXEC prompt, enter the show version command and press Enter.Verify that the last line of the output reads:Configuration register is 0x2142 (will be 0x2102 at next reload).Use the reload command to restart the router.

Step 8 Verify new password and configurationWhen the router reloads the password should be class.Upon completion of the previous steps, logoff by typing exit. Turn the router off.

Erasing and reloading the routerEnter into the privileged EXEC mode by typing enable.If prompted for a password, enter class. If class does not work, ask the instructor for assistance.



Erasing the nvram filesystem will remove all files! Continue?[confirm]Press Enter to confirm.

The response should be:Erase of nvram: complete

Now at the privileged EXEC mode, enter the command reload.Router(config)#reload

The responding line prompt will be:System configuration has been modified. Save? [yes/no]:Type n and then press Enter.



After the router has reloaded the line prompt will be:Would you like to enter the initial configuration dialog? [yes/no]:Type n and then press Enter.

The responding line prompt will be:Press RETURN to get started!Press Enter.

The router is ready for the assigned lab to be performed.




Lab-46: Troubleshooting Configuration Register Boot Problems

ObjectiveCheck and document the configuration register settings related to boot method.Configure the router to boot using the configuration file in NVRAM and reload the router.

Background/PreparationSetup a network similar to the one in the previous diagram. Any router that meets the interface requirements may be used. Possible routers include 800, 1600, 1700, 2500, 2600 routers, or a combination. Start a HyperTerminal session.

Step 1 Login to the routerConnect to the router and login.

Step 2 Configure the router name and configuration register settingEnter the following commands:

Router>enableRouter#configure terminalRouter(config)#hostname GADGAD(config)#config-register 0x2142GAD(config)#exit

Step 3 Save the existing running-config to the startup-configAt the privileged EXEC command prompt enter:

GAD#copy running-config startup-configDestination filename [startup-config]?[Enter]

Step 4 Restart the routerAt the privileged EXEC command prompt enter:

GAD#reloadProceed with reload? [confirm][Enter]

This will save the current blank configuration and reload the router. After the reload the router will respond with:




--- System Configuration Dialog ---Would you like to enter the initial configuration dialog? [yes/no]:nType n and press Enter.

Step 5 View the running configuration fileEnter show running-config at the privileged EXEC mode prompt. The router will display information on the running configuration file stored in RAM.Is the configuration that was just entered shown? __________________________________

Step 6 Reload the saved configurationAt the privileged EXEC command prompt enter:

Router#copy startup-config running-configDestination filename [running-config]?[Enter]

Step 7 Display IOS version and other important informationEnter show version command at the router prompt.The router will return information about the IOS that is running in RAM.Once the command is entered, notice that at the end of the output shows a configuration register setting of 0x2142. This is the problem. This configuration register setting is set to boot up in the password recovery mode. This is why the configuration saved to NVRAM is not showing.

Step 8 Change the config-register to boot from NVRAM, save, and reload the router

Enter global configuration mode and enter the following commands:Router>enableGAD#configure terminalGAD(config)#config-register 0x2102GAD(config)#exitGAD#copy running-config startup-configDestination filename [startup-config]?[Enter]GAD#reloadProceed with reload? [confirm][Enter]

Step 9 Verify the configuration register settingOnce the router has rebooted, it should boot from NVRAM. Verify this by issuing the command, show version.

GAD#show versionThe results will be shown. You should be able to see the config-register 0x2102.Upon completion of the previous steps, logoff by typing exit. Turn the router off.

Erasing and reloading the routerEnter into the privileged EXEC mode by typing enable.If prompted for a password, enter class. If 田 lass_ does not work, ask the instructor for assistance.



Erasing the nvram filesystem will remove all files! Continue?[confirm]




Press Enter to confirm.The response should be:

Erase of nvram: completeNow at the privileged EXEC mode, enter the command reload.

Router(config)#reloadThe responding line prompt will be:

System configuration has been modified. Save? [yes/no]:Type n and then press Enter.



After the router has reloaded the line prompt will be:Would you like to enter the initial configuration dialog? [yes/no]:Type n and then press Enter.

The responding line prompt will be:Press RETURN to get started!Press Enter.




Lab-47: Configuring NAT

ObjectiveConfigure a router to use network address translation (NAT) to convert internal IP addresses, typically private addresses, into outside public addresses.

Background/PreparationAn ISP has allocated a company the public classless interdomain routing (CIDR) IP address 199.99.9.32/27. This is equivalent to 30 public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to implement NAT. The addresses 199.99.9.33 – 199.99.9.39 for static allocation and 199.99.9.40 – 199.99.9.62 for dynamic allocation. Routing will be done between the ISP and the gateway router used by the company. A static route will be used between the ISP and gateway router and a default route will be used between the gateway router and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.

Step 1 Configure the routersConfigure all of the following according to the chart:

The hostname / The consoleThe virtual terminalThe enable passwordsThe interfaces


Step 3 Configure the hosts with the proper IP address, subnet mask, and default Join NETS Be The Best




gatewayEach workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.

Step 4 Verify that the network is functioningFrom the attached hosts, pings the FastEthernet interface of the default gateway router.Was the ping from the first host successful? ________________________________Was the ping from the second host successful? ______________________________If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.

Step 5 Create a static routeCreate a static route from the ISP to the Gateway router. Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route.

ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18Is the static route in the routing table?What command checks the routing table contents?If the route was not in the routing table, give one reason why this might be so ?

Step 6 Create a default routeAdd a default route, using the ip route command, from the Gateway router to the ISP router. This will forward any unknown destination address traffic to the ISP.

Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17Step 7 Define the pool of usable public IP addresses

To define the pool of public addresses, use the ip nat pool command:Gateway(config)#ip nat pool public-access 199.99.9.40 199.99.9.62netmask 255.255.255.224

Step 8 Define an access list that will match the inside private IP addressesTo define the access list to match the inside private addresses, use the access list command:

Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255Step 9 Define the NAT translation from inside list to outside pool

To define the NAT translation, use the ip nat inside source command:Gateway(config)#ip nat inside source list 1 pool public-access

Step 10 Specify the interfacesThe active interfaces on the router, need to be specified as either inside or outside interfaces with respect to NAT. To do this, use the ip nat inside or ip nat outside command:

Gateway(config)#interface fastethernet 0Gateway(config-if)#ip nat insideGateway(config-if)#interface serial 0Gateway(config-if)#ip nat outside

Step 11 Testing the configurationConfigure a workstation on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1. From the PC, ping 172.16.1.1. If successful, look at the NAT translation on the Gateway router, using the command show ip nat translations.




What is the translation of the inside local host addresses?The inside global address is assigned by?The inside local address is assigned by?Upon completion of the previous steps finish the lab by doing the following:


Configuration reference sheetThis sheet contains the basic configuration commands for the ISP and Gateway routers:

ISPRouter#configure terminalRouter(config)#hostname ISPISP(config)#enable password ciscoISP(config)#enable secret classISP(config)#line console 0ISP(config-line)#password ciscoISP(config-line)#loginISP(config-line)#exitISP(config)#line vty 0 4ISP(config-line)#password ciscoISP(config-line)#loginISP(config-line)#exitISP(config)#interface loopback 0ISP(config-if)#ip add 172.16.1.1 255.255.255.255ISP(config-if)#no shutdownISP(config-if)#exitISP(config)#interface serial 0ISP(config-if)#ip add 200.2.2.17 255.255.255.252ISP(config-if)#no shutdownISP(config-if)#clockrate 64000ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18ISP(config)#endISP#copy running-config startup-configDestination filename [startup-config]?[Enter]

GatewayRouter#configure terminalRouter(config)#hostname GatewayGateway(config)#enable password ciscoGateway(config)#enable secret classGateway(config)#line console 0Gateway(config-line)#password ciscoGateway(config-line)#loginGateway(config-line)#exitGateway(config)#line vty 0 4




Gateway(config-line)#password ciscoGateway(config-line)#loginGateway(config-line)#exitGateway(config)#fastethernet 0Gateway(config-if)#ip add 10.10.10.1 255.255.255.0Gateway(config-if)#no shutdownGateway(config-if)#exitGateway(config)#interface serial 0Gateway(config-if)#ip add 200.2.2.18 255.255.255.252Gateway(config-if)#no shutdownGateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17




Lab-48: Configuring PAT

ObjectiveConfigure a router to use Port Address Trans lation (PAT) to convert internal IP addresses, typically private addresses, into an outside public address.

Background/PreparationAidan McDonald has just received a DSL line Internet connection to a local ISP in his home. The ISP has allocated only one IP address to be used on the serial port of his remote access device. Thus all PCs on Aidan’s LAN, each with its own private IP address, will share one public IP address on the router using PAT. Routing from the home or gateway router to the ISP will be done by using a default route to Serial 0 of the Gateway router. The ISP connection to the Internet will be represented by a loopback address on the ISP router. Cable a network similar to the one in the diagram. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.Start a HyperTerminal session.

Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwordsThe interfaces


Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway

Each workstation should be able to ping the attached router. If for some reason this is not the




case, troubleshoot as necessary. Check and verify that the workstation has been assigned a s pecific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher, check using ipconfig in a DOS window.

Step 4 Verify that the network is functioningFrom the attached hosts, ping the FastEthernet interface of the default gateway router.Was the ping from the first host successful? _____________Was the ping from the second host successful? _____________If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.

Step 5 Create a default routeAdd a default route to the serial 0 interface of the gateway router. This will forward any unknown destination address traffic to the ISP. Use the ip route command to create the default route:

Gateway(config)#ip route 0.0.0.0 0.0.0.0 serial 0Is the route in the routing table? _______________________________________________Try to ping from one of the workstations to the ISP serial interface IP address.Was the ping suc cessful? ____________________________________________________Why? __________________________________________________________________What command checks the routing table contents? _________________________________


Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255Step 7 Define the PAT translation from inside list to outside address

To define the PAT translation, use the ip nat inside source command. This command with the overload option will create port address translation using the serial 0 IP address as the base:

Gateway(config)#ip nat inside source list 1 interface serial 0 overloadStep 8 Specify the interfaces

The active interfaces on the router need to be specified as either inside or outs ide interfaces with respect to PAT. To do this, use the ip nat inside or ip nat outside command:

Gateway(config)#interface fastethernet 0Gateway(config-if)#ip nat insideGateway(config-if)#interface serial 0Gateway(config-if)#ip nat outside

Step 9 Testing the configurationConfigure a PC on the internal LAN with the IP address 10.10.10.10/24 and a default gateway 10.10.10.1. From the PCs, ping the Internet address 172.16.1.1. If succ essful, Telnet to the same IP address. Then look at the PAT translation on the gateway router, using the command

show ip nat translations.What is the translation of the inside local host addresses ?What does the number after the colon represent?Why do all of the commands for PAT say NAT?Upon completion of the previous steps finish the lab by doing the following:






ISPRouter#configure terminalRouter(config)#hostname ISPISP(config)#enable password ciscoISP(config)#enable secret classISP(config)#line console 0ISP(config-line)#password ciscoISP(config-line)#loginISP(config-line)#exitISP(config)#line vty 0 4ISP(config-line)#password ciscoISP(config-line)#loginISP(config-line)#exitISP(config)#interface loopback 0ISP(config-if)#ip address 172.16.1.1 255.255.255.255ISP(config-if)#no shutdownISP(config-if)#exitISP(config)#interface serial 0ISP(config-if)#ip address 200.2.2.17 255.255.255.252ISP(config-if)#no shutdownISP(config-if)#clockrate 64000ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18ISP(config)#endISP#copy running-config startup-config

GatewayRouter#configure terminalRouter(config)#hostname GatewayGateway(config)#enable password ciscoGateway(config)#enable secret classGateway(config)#line console 0Gateway(config-line)#password ciscoGateway(config-line)#loginGateway(config-line)#exitGateway(config)#line vty 0 4Gateway(config-line)#password ciscoGateway(config-line)#loginGateway(config-line)#exitGateway(config)#interface fastethernet 0Gateway(config-if)#ip address 10.10.10.1 255.255.255.0Gateway(config-if)#no shutdownGateway(config-if)#exitGateway(config)#interface serial 0




Gateway(config-if)#ip address 200.2.2.18 255.255.255.252Gateway(config-if)#no shutdownGateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17




Lab-49: Troubleshooting NAT and PAT

ObjectiveConfigure a router for Network Address Translation (NAT) and Port Address Translation (PAT)Troubleshoot NAT and PAT using debug

Background/PreparationThe ISP has allocated a company the public CIDR IP address 199.99.9.32/30. This is equivalent to four public IP addresses. Since the company has an internal requirement for more than 30 addresses, the IT manager has decided to use NAT with PAT. Routing between the ISP and the gateway router is done using a static route between the ISP and the gateway, and a default route between the gateway and the ISP. The ISP connection to the Internet will be represented by a loopback address on the ISP router.Cable a network similar to the one in the diagram above. Any router that meets the interface requirements displayed on the above diagram may be used. This includes the 800, 1600, 1700, 2500, 2600 series routers.

Step 1 Configure the routersConfigure all of the following according to the chart:The hostname / The consoleThe virtual terminalThe enable passwordsThe interfaces

Step 2 Save the configurationAt the privileged EXEC mode prompt, on both routers, type the command copy running-configstartup-config.

Step 3 Configure hosts with the proper IP address, subnet mask, and default gateway

Each workstation should be able to ping the attached router. If for some reason this is not the case, troubleshoot as necessary. Check and verify that the workstation has been assigned a




specific IP address and default gateway. If running Windows 98, check using Start > Run > winipcfg. If running Windows 2000 or higher check using ipconfig in a DOS window.

Step 4 Verify that the network is functioningFrom the attached hosts, ping the FastEthernet interface of the default gateway router.Was the ping from the first host successful? _____________Was the ping from the second host successful? _____________If the answer is no for either question, troubleshoot the router and host configurations to find the error. Then ping again until they both are successful.

Step 5 Create a static routeCreate a static route from the ISP to the Gateway router. Addresses 199.99.9.32/27 have been allocated for Internet access outside of the company. Use the ip route command to create the static route:

ISP(config)#ip route 199.99.9.32 255.255.224.0 200.2.2.18Is the static route in the routing table? ___________________________________________What command checks the routing table contents? _________________________________If the route was not in the routing table, give one reason why this might be so?

Step 6 Create a default routeAdd a default route, using the ip route command, from the Gateway router to the ISP router. This will forward any unknown destination address traffic to the ISP:

Gateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17Is the static route in the routing table? ___________________________________________Try to ping from one of the workstations to the ISP serial interface IP address.Was the ping successful? ____________________________________________________Why? __________________________________________________________________

Step 7 Define the pool of usable public IP addressesTo define the pool of public addresses, use the ip nat pool command:

Gateway(config)#ip nat pool public-access 199.99.9.32 199.99.9.35netmask 255.255.255.252


Gateway(config)#access-list 1 permit 10.10.10.0 0.0.0.255Step 9 Define the NAT translation from inside list to outside pool

To define the NAT translation, use the ip nat inside source command:Gateway(config)#ip nat inside source list 1 pool public-access overload

Step 10 Specify the interfacesOn the active interfaces on the router, it needs to be specified as either inside or outside interfaceswith respect to NAT. To do this, use the ip nat inside command:

Gateway(config)#interface fastethernet 0Gateway(config-if)#ip nat inside

Step 11 Testing the configurationTurn on debugging for NAT process by typing debug ip nat at the privileged EXEC mode prompt.Does the debug command show any output? _____________________________________If translation were taking place there would be output from the debug command. While reviewing




the running configuration of the gateway router, it is seen that the ip nat outside statement has not been entered on the serial 0 interface. To configure this enter the following:

Gateway(config)#interface serial 0Gateway(config-if)#ip nat outsideFrom the work stations, ping 172.16.1.1

If the ip nat outside statement was entered correctly there should be output from the debug ip nat command.What does the NAT*: S=10.10.10.? -> 199.99.9.33 mean?To stop the debug output, type undebug all at the privileged EXEC mode prompt.Upon completion of the previous steps finish the lab by doing the following:



ISPRouter#configure terminalRouter(config)#hostname ISPISP(config)#enable password ciscoISP(config)#enable secret classISP(config)#line console 0ISP(config-line)#password ciscoISP(config-line)#loginISP(config-line)#exitISP(config)#line vty 0 4ISP(config-line)#password ciscoISP(config-line)#loginISP(config-line)#exitISP(config)#interface loopback 0ISP(config-if)#ip add 172.16.1.1 255.255.255.255ISP(config-if)#no shutdownISP(config-if)#exitISP(config)#interface serial 0ISP(config-if)#ip add 200.2.2.17 255.255.255.252ISP(config-if)#no shutdownISP(config-if)#clockrate 64000ISP(config)#ip route 199.99.9.32 255.255.255.224 200.2.2.18ISP(config)#endISP#copy running-config startup-configDestination filename [startup-config]?[Enter]

GatewayRouter#configure terminalRouter(config)#hostname GatewayGateway(config)#enable password cisco




Gateway(config)#enable secret classGateway(config)#line console 0Gateway(config-line)#password ciscoGateway(config-line)#loginGateway(config-line)#exitGateway(config)#line vty 0 4Gateway(config-line)#password ciscoGateway(config-line)#loginGateway(config-line)#exitGateway(config)#interface fastethernet 0Gateway(config-if)#ip add 10.10.10.1 255.255.255.0Gateway(config-if)#no shutdownGateway(config-if)#exitGateway(config)#interface serial 0Gateway(config-if)#ip add 200.2.2.18 255.255.255.252Gateway(config-if)#no shutdownGateway(config)#ip route 0.0.0.0 0.0.0.0 200.2.2.17


CCNA-Practicals NETS Final

Documents

switchavlan

switchaconfigure

switchbvlan

switchbconfigure

ottawaconfigure

switchaconfig

ottawashow

bhmshow ip