CCNALabWorkbook
Transcript of CCNALabWorkbook
-
7/29/2019 CCNALabWorkbook
1/106
The UltimateCCNA Lab Workbook
Labs Designed For CCNA Rack Rentals
At www.thebryantadvantage.com
Chris BryantCCIE #12933
www.thebryantadvantage.com
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
2/106
Copyright Information:
Cisco, Cisco Systems, CCIE, Cisco Certified Internetwork Expert,Cisco Certified Network Associate, and Cisco Certified Network
Professional are registered trademarks of Cisco Systems, Inc.,
and/or its affiliates in the U.S. and certain countries.
All other products and company names are the trademarks, registeredtrademarks, and service marks of the respective owners. Throughout
this ebook, The Bryant Advantage has used its best efforts todistinguish proprietary trademarks from descriptive names byfollowing the capitalization styles used by the manufacturer.
Disclaimer:
This publication, T h e Br y a n t A d v a n t a g e CCNA L ab W o r k b o o k , is
designed and intended to assist candidates in preparation for the examfor the Cisco Certified Network Associate and Cisco Certified
Network Professional certifications. All efforts have been made bythe author to make this book as accurate and complete as possible,
but no guarantee, warranty, or fitness are implied, expressly orimplicitly. The enclosed material is presented on an as is basis.
Neither the author, Bryant Instructional Services, or the parent
company assume any liability or responsibility to any person or entitywith respect to loss or damages incurred from the informationcontained in this workbook.
Copyright 2005, The Bryant Advantage.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
3/106
Welcome to The Bryant Advantage CCNA Lab Workbook! Used incombination with my CCNA / CCNP Rack Rentals, this book will help
you master all the skills youll need to pass the CCNA exams, and giveyou a solid foundation for your future Cisco studies.
The best way to learn about Cisco technologies is to use them. Youvegot to read to learn the theory, but its vital to see the theory in
action. With that in mind, lets take a look at the network topology
youll use in this lab workbook.
There are two additional Cisco routers in your pod that are not shownhere. The first is a 2500 router acting as a frame relay switch, whichmakes it possible to have a frame relay cloud in a practice lab. Your
frame relay switch is preconfigured. (If youd like to see theconfiguration of a frame relay switch, visit my website and check the
Tutorials section, or write me at [email protected] andIll be glad to email you a copy.)
Chris Bryant, CCIE #12933www.thebryantadvantage.com
The second router is the access server; thats the router you willactually be using Telnet to communicate with. There is no need tochange the configuration of this device.
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
4/106
Please Read The Following Rules Carefully.Theyre Not The Usual mumbo jumboLegalities.
By connecting to my remote labs, you agree to abide by the
following rules.
1. Do not change the configuration of the access server inany way. Doing so may end your session, and a refund
will not be given. You will also be prohibited from rentingthe pods in the future.
2. Do not change the configuration register of any router orswitch.
3. You are more than welcome to practice your enablesecret, enable password, console password, and telnet
passwords. However, you MUST use the passwordscisco or ccna, without the quotation marks. Uppercase or lower case is fine.
Thank you!
Connecting To Your Remote Pod
Getting started with your pod of Cisco routers and 2950 switches iseasy! First, youll need to Telnet to your access server. The IPaddress, username, and password for your session was sent to you in
a separate email. (The phone numbers for your ISDN connection isalso in that email.)
You can use any Telnet version to connect to your access server. Youcan use HyperTerminal if you like, but Ive seen some versions have
trouble with Telnet. If you use HyperTerminal and have troubleauthenticating, use Telnet by going out to your C: prompt.
From your C: prompt, you can type telnet to go into Microsoft telnet,
or type telnet x.x.x.x, with the IP address in place of the xs.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
5/106
C:\> telnet
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet> open 100.100.100.100 (put the IP address
you were sent in email in place of the 100.100.100.100)
User Access Verification
Username:
Password:
OR:
C:\>telnet 100.100.100.100
User Access Verification
Username:
Password:
A few tips for logging in:
1. You will be prompted for a username, then a password.
2. Do not hit the space bar at the end of entering either; this willsend a null space and you will not be authenticated.
3. The cursor WILL NOT MOVE when you enter yourusername and password. Thats a Cisco default. You will
not see asterisks, as you do when logging in to most Microsoftproducts.
After entering your username and password, youll be put intoprivileged exec mode on the access server:
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
6/106
User Access Verification
Password:
BRYANT_POD_ONE#
Your three routers and two Cisco 2950 switches are all connected to
this access server. Heres how to access each device.
First, clear the lines leading to the other devices.
BRYANT_POD_ONE#clear line 01[confirm]
[OK]BRYANT_POD_ONE#clear line 02
[confirm][OK]
BRYANT_POD_ONE#clear line 03[confirm]
[OK]BRYANT_POD_ONE#clear line 04
[confirm][OK]BRYANT_POD_ONE#clear line 05
[confirm]
[OK]BRYANT_POD_ONE#
When you see the [confirm] choice, just hit your enter key to accept it.
Now that the lines are cleared, youre going to connect to each devicefrom your access server. This reads like a long process, but it will only
take you a minute or two.
Type R1 at the prompt:
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
7/106
BRYANT_POD_ONE#r1
Trying R1 (100.1.1.1, 2001)... Open
R1#
Note: When you see the word Open, hit the Enter key again. Youllthen see the prompt for R1.
Now, you need to learn the big keystroke that youll be using to goback from the access server. Here it is:
< X>
This keystroke is a little awkward at first, but before long youll be
doing it without thinking about it. You hit ctrl-shift-6 the same wayyoud enter ctrl-alt-delete (we all know that one!), then release those
keys and hit x. Then youre right back at the access server. Repeatthe process for R2, R3, SW1, and SW2.
R1# < Use above keystroke to go back to access server >BRYANT_POD_ONE#r2
Trying R2 (100.1.1.1, 2002)... Open
R2# < Use above keystroke to go back to access server >BRYANT_POD_ONE#r3
Trying R3 (100.1.1.1, 2003)... Open
R3# < Use above keystroke to go back to access server >
BRYANT_POD_ONE#sw1Trying SW1 (100.1.1.1, 2004)... Open
sw1# < Use above keystroke to go back to access server >BRYANT_POD_ONE#sw2
Trying SW2 (100.1.1.1, 2005)... Open
sw2# < Use above keystroke to go back to access server >
BRYANT_POD_ONE#
Remember, youre always coming back to the access server to getfrom one router to another. Before long, youll be using that
keystroke without even thinking about it.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
8/106
Now that youve created those connections, you will use only thenumber of the connection to go back to each device. At the access
server, just type these numbers to get to each device:
1: R1
2: R23: R3
4: SW1
5: SW2
Dont type the entire name of the device again; just type the numbersyou see here on the access server, as shown below.
BRYANT_POD_ONE#1[Resuming connection 1 to r1 ... ]
R1#
BRYANT_POD_ONE#2[Resuming connection 2 to r2 ... ]
R2#
BRYANT_POD_ONE#3[Resuming connection 3 to r3 ... ]
R3#
BRYANT_POD_ONE#4
[Resuming connection 4 to sw1 ... ]
sw1#
BRYANT_POD_ONE#5[Resuming connection 5 to sw2 ... ]
sw2#BRYANT_POD_ONE#
Dont forget to hit enter again after you see the resuming
connection message. That will get you to the enable prompt.
Thats all there is to it!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
9/106
Table Of Contents
IP Addressing: Page 1
LAN Switching: Page 6
Frame Relay: Page 17
ISDN / Point-To-Point: Page 25
Passwords And Services: Page 38
Static Routing: Page 43
Distance Vector Protocols: Page 47
OSPF: Page 61
EIGRP: Page 78
Advanced TCP/IP Features: Page 85
Starting From Scratch: Page 94
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
10/106
Your Bryant Advantage Rack Rental Cisco pod is ready! Youll bespending time working with real Cisco 2500 routers, all running IOS
12.2, and real Cisco 2950 switches.
Your CCNA Lab Workbook is attached. To get the most out of your
rack time:
Repeat the tasks as often as you can. Repetition is the mother of skill.
Run debugs and show commands often. I suggest many throughout
the lab workbook that you should be very familiar with before takingthe CCNA exams.
Dont feel limited to running only these labs. Run all the IOS Helpcommands you like and explore command options.
Should you choose to do so, you can erase the config on these devices
with write erase and then reload them with reload. If you do, allyour configs are gone and youre really starting from scratch! Feel
free to do this, but I do recommend you configure these extracommands when they come back up (theyre already configured on
your routers and switches when you log in).
Line con 0Logging synchronous
Exec-timeout 0 0
The IP address to Telnet to is 65.37.154.163 . For tips on connecting,read the opening pages of the lab workbook.
Your password is leader724 . There is no username.
Your ISDN phone numbers:
R1: 5553333R2: 5554444
Your time begins: March 8, 8 AM Eastern Standard Time
Your time ends: March 9, 7 AM Eastern Standard Time
Read the warnings at the beginning of the ebook carefully. Changingthe configuration register of any router or switch will result in you
losing rack rental privileges. Do not change the configuration of theaccess server.
-
7/29/2019 CCNALabWorkbook
11/106
Connection information is found at the beginning of the lab workbook.
Ricardo, thanks for your purchase, and enjoy your rack time! Send
me an email if you have any problems connecting, or any questions
regarding the labs. Thanks again!
Chris Bryant
CCIE #12933
-
7/29/2019 CCNALabWorkbook
12/106
IP Addressing Lab
Youve got to know how to assign IP addresses to pass the CCNA
exams, and youre about to get a lot of practice. Were going to
configure physical interfaces, logical interfaces, and loopbackinterfaces.
You also need to know how to name a router. We do this with thehostname command. Change the names of the routes to whatever
you like, but after practicing this command, change the names back toR1, R2, R3, SW1, and SW2. Those are the names youll see through
the lab workbook.
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.
R1(config)#hostname Router1Router1(config)#hostname R1R1(config)#^Z
R1#
The ^Z youll see on the screen is what ctrl-z sends to the console,and of course, you know from your CCNA reading that ctrl-z brings you
back out to the enable prompt.
Notice that the hostname command took effect immediately, as all
global commands do.
Lets take a look at the networks well be configuring.
Network Type Network / SubnetMask
Ethernet (R2, R3) 172.23.23.0 /27
ISDN (R1, R2) 172.12.21.0 /30
Serial to Frame Relay Cloud (All) 172.12.123.0 /24
Directly Connected Serial Interfaces(R1, R3)
172.12.13.0 /24
Router 1 Loopback Address 1.1.1.1 / 32
Router 2 Loopback Address 2.2.2.2 /32
Router 3 Loopback Address 3.3.3.3 / 32
Chris Bryant, CCIE #12933www.thebryantadvantage.com
1
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
13/106
Lets start with R1. DO NOT OPEN THE SERIAL 0 INTERFACES.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial0
R1(config-if)#ip address 172.12.123.1 255.255.255.0R1(config-if)#interface serial1R1(config-if)#ip address 172.12.13.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#
00:18:34: %LINK-3-UPDOWN: Interface Serial1, changed state to downR1(config-if)#interface loopback0R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#interface bri0R1(config-if)#ip address 172.12.21.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#00:19:11: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down
00:19:11: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:19:11: %LINK-3-UPDOWN: Interface BRI0, changed state to up00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed
state
to down
00:19:12: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate
to down
R1(config-if)#wr
Building configuration.
Dont worry about the line protocols being down; other labs will take
care of that. All were doing right now is setting the IP addresses andopening the interfaces. Get used to saving your work as often as
possible with wr, short for write. Use IOS Help to see the optionsand the defaults. (Remember, IOS Help is the question mark symbol.)
Dont forget to open the interfaces! If youre having a connectivity
problem and run a command such as show interface ethernet 0,
and you see the following, it means the interface is manually closedand needs to be opened with the no shut command.
R2#show interface ethernet0
Ethernet0 is administratively down, line protocol is down
Now configure R2s interfaces. Do not open interface serial0.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
2
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
14/106
R2(config)#interface serial0
R2(config-if)#encap frameR2(config-if)#no frame inverse-arpR2(config-if)#interface serial 0.123 multipoint
R2(config-subif)#ip address 172.12.123.2 255.255.255.0R2(config-subif)#interface bri0R2(config-if)#ip address 172.12.21.2 255.255.255.252R2(config-if)#no shut
R2(config-if)#
00:27:23: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down00:27:23: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:27:23: %LINK-3-UPDOWN: Interface BRI0, changed state to up
R2(config-if)#i
00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changedstate to down
00:27:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:2, changedstate to downR2(config-if)#interface ethernet0
R2(config-if)#ip address 172.23.23.2 255.255.255.224
R2(config-if)#no shut00:28:45: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:28:46: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed
state to up
R2(config-if)#interface loopback0R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#^Z
R2#
Note that you configured frame relay on R2. That allows us to create
the multipoint subinterface. Frame Relay will be covered completely ina later lab, but you cannot create that multipoint interface until youve
enable frame relay.
Also notice that you dont have to run no shut on a loopbackinterface. (Its not wrong if you do, but you dont have to.
Lets configure R3s interfaces. Do not open interface serial0.
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface serial 0R3(config-if)#encap frame
R3(config-if)#no frame inverse-arp
R3(config-if)#interface serial0.31 point-to-point
Chris Bryant, CCIE #12933www.thebryantadvantage.com
3
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
15/106
R3(config-subif)#ip address 172.12.123.3 255.255.255.0
R3(config-subif)#interface serial 1R3(config-if)#ip address 172.12.13.3 255.255.255.0
R3(config-if)#no shut
00:33:32: %LINK-3-UPDOWN: Interface Serial1, changed state to up
00:33:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changedstate to up
R3(config-if)#interface ethernet0
R3(config-if)#ip address 172.23.23.3 255.255.255.224R3(config-if)#no shut
00:33:46: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:33:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changedsta te to up
R3(config-if)#interface loopback0
00:33:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed
state to down
R3(config-if)#ip address 3.3.3.3 255.255.255.0
Again, note that you configured frame relay on the serial0 physical
interface, then created a point-to-point subinterface. The Serial0physical interface then had to be opened.
I urge you to not just walk through these labs, but to use the show
and debug commands youll read about in this book, in my UltimateCCNA Study Guide PDF, and to use IOS Help often to see the otheroptions. Take advantage of the fact that youre working with real
Cisco routers and switches, not toys like simulator programs.
You do not need to configure IP addresses on the switches.
Theres another command Id like to introduce you to, since we all
mistype from time to time. Notice what happens when you mistype acommand on a Cisco router:
R3#hudjgmg
Translating "hudjgmg"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address
By default, a Cisco router or switch is going to attempt to resolve a
mistyped command via DNS. Thats what the domain server is thatits looking for, and of course you know that 255.255.255.255 is a
layer 3 broadcast.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
4
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
16/106
This only takes about 15 seconds to come back with the unknowncommand line in a practice lab, but it can take much longer in a
production network. To disable this default behavior, use the globalcommand no ip domain-lookup on each device in your pod. Notice
that immediately after using this command, the router tries to resolve
the command locally but does not send the broadcast out.
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#no ip domain-lookupR3(config)#^Z
R3#jfujjke
00:50:24: %SYS-5-CONFIG_I: Configured from console by consoleR3#jfujjke
Translating "jfujjke"
% Unknown command or computer name, or unable to find computer address
As with all commands you read about and practice with in my books,do not run a command on a production network unless you aresure of the result. VERY sure. This is particularly true ofthe debugs youll be using in my labs.
Congratulations! Youve now configured plenty of IP addresses. If
youre confronted with that task on one of your CCNA exams, youremore than ready. Just dont forget to open the interfaces on exam
day!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
5
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
17/106
LAN Switching Lab
With the command vtp domain, place both switches in the vtpdomain CCNA. Enable pruning with the vtp pruning command. You
can also set a password of CISCO for VTP.
SW1#conf tSW1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
SW1(config)#vtp password CISCOSetting device VLAN database password to CISCO
SW1(config)#vtp pruning
Pruning switched on
SW2#conf t
SW2(config)#vtp domain CCNAChanging VTP domain name from NULL to CCNASW2(config)#vtp password CISCO
Setting device VLAN database password to CISCO
SW2(config)#vtp pruningPruning switched on
The VTP domain name changes from null, indicating that there wasno VTP domain previously set.
Run show vtp status on both routers to ensure they belong to the
correct VTP domain.
SW1#show vtp statusVTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 1005Number of existing VLANs : 5
VTP Operating Mode : ServerVTP Domain Name : CCNA
VTP Pruning Mode : Enabled
SW2#show vtp statusVTP Version : 2Configuration Revision : 1
Maximum VLANs supported locally : 1005
Number of existing VLANs : 5
VTP Operating Mode : Server
VTP Domain Name : CCNA
Chris Bryant, CCIE #12933www.thebryantadvantage.com
6
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
18/106
VTP Pruning Mode : Enabled
By default, both switches are in VTP Server mode. With the vtp mode
client command, put SW2 in vtp client mode. All VLANs created inthis lab will now have to be created on SW1, the VTP Server. Verify
the change with show vtp status.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.SW2(config)#vtp
01:10:41: %SYS-5-CONFIG_I: Configured from console by console
SW2(config)#vtp mode clientSetting device to VTP CLIENT mode.
SW2(config)#^Z
01:10:47: %SYS-5-CONFIG_I: Configured from console by console
SW2#show vtp statusVTP Version : 2
Configuration Revision : 1Maximum VLANs supported locally : 64Number of existing VLANs : 5
VTP Operating Mode : ClientVTP Domain Name : CCNAVTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB2 0xD2 0xE9 0x70 0xF1 0x6B 0xA1 0x04Configuration last modified by 0.0.0.0 at 3-1-93 01:10:14
Run show cdp neighbors on the switches to see what devices aredirectly connected to the switches.
SW1#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port IDSW2 Fas 0/12 152 S I WS-C2950-1 Fas 0/12
SW2 Fas 0/11 152 S I WS-C2950-1 Fas 0/11
R2 Fas 0/2 129 R 2520 Eth 0
SW2#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port IDSW1 Fas 0/12 150 S I WS-C2950-2 Fas 0/12
Chris Bryant, CCIE #12933www.thebryantadvantage.com
7
SW1 Fas 0/11 150 S I WS-C2950-2 Fas 0/11
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
19/106
R3 Fas 0/3 138 R 2500 Eth 0
You can see in the output ofshow cdp neighbors that the two
switches are connected at fast 0/11 and fast 0/12. Show interfacetrunk shows that the trunk has already been created dynamically,
with no additional configuration.
SW2#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/11 desirable 802.1q trunking 1
Fa0/12 desirable 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/11 1-4094
Fa0/12 1-4094
Port Vlans allowed and active in management domainFa0/11 1Fa0/12 1
Port Vlans in spanning tree forwarding state and not prunedFa0/11 1
Fa0/12 none
Show vlan briefreinforces the theory that by default, all switch portsare placed into VLAN 1 (except the trunk ports).
SW2#show vlan brief
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10
R2 and R3s Ethernet addresses have already been configured, the
trunk line is operational, and both ports are in VLAN 1. Ping R2sEthernet interface from R3, and then R3s Ethernet interface from R2to verify IP connectivity.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
8
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
20/106
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:
!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
R3#ping 172.23.23.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
With pings, exclamation points indicate good connectivity, and periods
indicate no connectivity.
Now, create VLAN 23. Try creating this vlan on SW2 first.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#vlan 23
VTP VLAN configuration not allowed when device is in CLIENT mode.
As you can see, you cannot create, delete, or modify VLANs on VTPclients. This VLAN will have to be created on SW1, the VTP server.
After doing so, the VTP client should see VLAN 23 as well.
SW1#conf tEnter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan 23
SW1(config-vlan)#^Z
01:23:34: %SYS-5-CONFIG_I: Configured from console by consoleSW1#show vlan brief
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22Fa0/23, Fa0/24
23 VLAN0023 active
Chris Bryant, CCIE #12933www.thebryantadvantage.com
9
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
21/106
SW2#show vlan br
01:23:55: %SYS-5-CONFIG_I: Configured from console by consoleSW2#show vlan brief
VLAN Name Status Ports---- -------------------------------- --------- ------------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/1023 VLAN0023 active
On sw1, put port fast 0/2 into VLAN 23. (Thats the port connected toR2.) Verify with show vlan brief.
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fast 0/2SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 23
SW1(config-if)#^Z
SW1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/2423 VLAN0023 active Fa0/2
Chris Bryant, CCIE #12933www.thebryantadvantage.com
10
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
22/106
Now that R2 and R3 are in separate VLANs, can they still send pingsback and forth?
R2#ping 172.23.23.3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:.....
Success rate is 0 percent (0/5)
R3#ping 172.23.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
.....
No, they cant. The difference is that theyre now in separate VLANs,and devices in different VLANs cant communicate unless routing is
taking place somewhere. Here, no routing is taking place, so thepings dont go through.
Put R3s switch port into VLAN 23, and try the ping again.
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#interface fast0/3
SW2(config-if)#switchport mode access
SW2(config-if)#switchport access vlan 23SW2(config-if)#^Z01:31:57: %SYS-5-CONFIG_I: Configured from console by console
SW2#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------
1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
23 VLAN0023 active Fa0/3
R3#ping 172.23.23.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.23.23.2, timeout is 2 seconds:
!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
Chris Bryant, CCIE #12933www.thebryantadvantage.com
11
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
23/106
R2#ping 172.23.23.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.23.23.3, timeout is 2 seconds:!!!!!
Now that R2 and R3 are in the same VLAN, pings can go through.
On SW1, view the spanning tree information for VLAN 23 with the
show spanning tree vlan 23 command. Do the same on SW2.
SW1#show spanning vlan 23
VLAN0023Spanning tree enabled protocol ieee
Root ID Priority 32791Address 000e.d7f5.a040
This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)
Address 000e.d7f5.a040
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------Fa0/2 Desg FWD 100 128.2 Shr
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
SW2#show spanning vlan 23
VLAN0023
Spanning tree enabled protocol ieee
Root ID Priority 32791
Address 000e.d7f5.a040
Cost 19Port 11 (FastEthernet0/11)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)
Address 000f.90e2.14c0Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Chris Bryant, CCIE #12933www.thebryantadvantage.com
12
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
24/106
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/3 Desg FWD 100 128.3 ShrFa0/11 Root FWD 19 128.11 P2p
Fa0/12 Altn BLK 19 128.12 P2p
Your root bridge may be SW2 at this point. The important point hereis that you know how to identify the root bridge for a vlan.
Recall that the lowest BID will win the root bridge election. Both
bridges have the same priority; since the BID is a concatenation of thepriority and MAC address, the device with the lowest MAC address will
be the root bridge.
Look under the BridgeID on both switches. The highlighted address is
that switchs MAC address. In this example, the first four bits of theMAC address on SW1 are 0009, where the first four bits of SW2s MAC
are 000a. MAC addresses are expressed in hex, and since a in hex
represents 10, SW1 will have the lower MAC address and is thereforeelected the root bridge.
The default behavior of the root bridge is that all ports will be inforwarding mode, which is exactly what is happening on SW1. On
SW2, one port is the root port and is in forwarding mode. The otherport is placed into blocking mode.
The root bridge can be changed with one simple command. This
command will adjust the numeric priority of the switch its configuredon to a low enough value so its BID will be the lowest for that VLAN,making it the root bridge. Run the command spanning-tree vlan 23
root primary on your non-root bridge. Then run show spanningvlan 23 to verify that your non-root bridge has indeed become the
root bridge.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
13
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
25/106
SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#spanning-tree vlan 23 root primarySW2(config)#^Z
SW2#show spanning vlan 23
VLAN0023Spanning tree enabled protocol ieee
Root ID Priority 24599
Address 000f.90e2.14c0
This bridge is the rootHello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 24599 (priority 24576 sys-id-ext 23)Address 000f.90e2.14c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------Fa0/3 Desg FWD 100 128.3 Shr
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
On SW1, configure PortFast on the port leading to R2 with spanning
portfast, and note the warning the router displays. Remove PortFastwith no spanning portfast.
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#int fast 0/2SW1(config-if)#spanning portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.Use with CAUTION
%Portfast has been configured on FastEthernet0/2 but will onlyhave effect when the interface is in a non-trunking mode.
SW1(config-if)#no spanning portfast
SW1(config-if)#^Z
Chris Bryant, CCIE #12933www.thebryantadvantage.com
SW1#
14
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
26/106
Combine the two physical connections between the two switches intoone logical connection by creating an EtherChannel. On each of the
ports physically connected to the other switch, run channel-group 1mode on.
SW1#conf t
SW1(config)#interface fast 0/11
SW1(config-if)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
03:37:59: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW1(config)#interface fast 0/12
SW1(config-if)#channel-group 1 mode on
SW2#conf tSW2(config)#interface fast 0/11SW2(config-if)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
03:38:11: %LINK-3-UPDOWN: Interface Port-channel1, changed state to upSW2(config-if)#interface fast 0/12
SW2(config-if)#channel-group 1 mode on
One benefit of EtherChannels is that the bandwidth of both physicalchannels is now being used. (STP put one of the ports in blocking
mode; only one physical path was being used.) Another benefit is thatSTP considers the Etherchannel to be one single connection; if one of
the two lines went down, the STP algorithm would not run, and therewould be no break in transmission, since STP is only concerned with
the logical portchannel, not the physical interfaces:
SW1#show spanning vlan 23
VLAN0023Spanning tree enabled protocol ieee
Root ID Priority 24599
Address 000a.8a4b.fb00
Cost 12Port 65 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)Address 0009.b738.9180
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Chris Bryant, CCIE #12933www.thebryantadvantage.com
15
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
27/106
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -----------------------------
Po1 Root FWD 12 128.65 P2p
Chris Bryant, CCIE #12933www.thebryantadvantage.com
16
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
28/106
Frame Relay Lab
A hub-and-spoke Frame Relay network will now be configured, with R1
serving as the hub and R2 and R3 as the spokes. First, configure
Frame Relay on R1s Serial0 interface with encapsulation frame-relay, and disable dynamic mapping with no frame-relay inverse-arp. After doing so, run show frame map on R1; no mappings
should appear.
R1#conf t
R1(config)#interface serial0
R1(config-if)#encapsulation frame-relayR1(config-if)#no frame-relay inverse-arp
R1#show frame map
R1#If nothing appears after running show frame map, as shown here, no maps exist.
Configure two Permanent Virtual Circuits (PVC) on R1 with two frame
map statements, mapping DLCI 122 to R2 and DLCI 123 to R3.Ensure that broadcasts will be sent over these virtual circuits with thebroadcast keyword. Run show frame map after doing so.
Configuring frame map statements on the hub router.
R1#conf t
R1(config)#interface serial0R1(config-if)#frame map ip 172.12.123.2 122 broadcast
R1(config-if)#frame map ip 172.12.123.3 123 broadcast
R1(config-if)#int s0R1(config-if)#no shut
R1(config-if)#
03:05:51: %LINK-3-UPDOWN: Interface Serial0, changed state to up
03:05:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changedstate to up
R1#show frame map
Serial0 (up): ip 172.12.123.2 dlci 122(0x7A,0x1CA0), static,
broadcast,CISCO, status defined, inactive
Serial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static,
broadcast,
CISCO, status defined, inactive
Chris Bryant, CCIE #12933www.thebryantadvantage.com
17
The mappings are inactive because frame-relay has not yet been configured on the remote
routers R2 and R3.
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
29/106
With show frame map, if you see the PVC is inactive, theres aproblem on the other end. If you see deleted, theres a problem on
the local end. (A problem with the mapping or the interface is stillshut.)
R2s serial0.123 interface was configured as multipoint. Configure S0and S0.123 as follows:
R2#conf t
R2(config)#interface serial0R2(config-if)#encapsulation frame-relay
R2(config-if)#no frame inverse-arp
R2(config-if)#interface s0.123 multipoint
R2(config-subif)#frame map ip 172.12.123.1 221 broadcastR2(config-subif)#frame map ip 172.12.123.3 221
R2(config-subif)#int s0R2(config-if)#no shut
R2(config-if)#
03:06:56: %LINK-3-UPDOWN: Interface Serial0, changed state to up03:06:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up
A logical Serial interface can be either multipoint or point-to-point. When using a
multipoint interface on a frame relay network, frame map statements are used just as they
are on a physical interface. Enabling frame relay and disabling or enabling Inverse ARP
are still done on the physical interface.
Note that the frame map statement for 172.12.123.3 does not include a broadcast
statement. Routers do not forward broadcasts, so R1 would not forward a broadcast
from R2 to R3. Therefore, there is no reason to send them. (Its not wrong to do so, but
you will be sending unnecessary broadcasts.)
Run show frame map on R2:
R2#show frame map
Serial0.123 (up): ip 172.12.123.1 dlci 221(0xDD,0x34D0), static,broadcast,
CISCO, status defined, activeSerial0.123 (up): ip 172.12.123.3 dlci 221(0xDD,0x34D0), static,
CISCO, status defined, active
Chris Bryant, CCIE #12933www.thebryantadvantage.com
18
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
30/106
You configured a point-to-point interface on R3 in the previous lab.
The command for frame relay is a little different in this situation:
R3#conf t
R3(config)#interface serial0R3(config-if)#encapsulation frame-relayR3(config-if)#no frame-relay inverse-arp
R3(config-if)#interface serial 0.31 point-to-point
R3(config-subif)#frame-relay interface-dlci 321
R3(config-subif)#int s0
R3(config-if)#no shut03:06:52: %LINK-3-UPDOWN: Interface Serial0, changed state to up
03:06:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0,
changed state to up
Point-to-point Serial interfaces on a frame relay network do not use dynamic or staticmappings. A point-to-point interface has only one possible destination the other end of
the point-to-point connection. With only one possibly destination, no mapping is
necessary. Instead, the commandframe-relay interface-dlci indicates the single DLCI
that will be used by this interface.
R3#show frame map
Serial0.31 (up): point-to-point dlci, dlci 321(0x141,0x5010), broadcast
status defined, active
From each router, ping the other two routers Serial interfaces on the
frame relay network. All pings will be successful. Run show frame lmiand show frame map on each router as well. Notice that the LMI
counters are incrementing, and the frame map commands show allmaps as active. (Only R1 is shown here, but send pings and run your
show commands on all three routers.)
R1#ping 172.12.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
R1#ping 172.12.123.3
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.123.3, timeout is 2 seconds:
!!!!!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
19
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/68/68 ms
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
31/106
R1#show frame lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 121 Num Status msgs Rcvd 123Num Update Status Rcvd 0 Num Status Timeouts 0
On R1, change the frame LMI type to ANSI with the frame-relay lmi-type command. After about 30 seconds, the line will go down.
R1#conf tR1(config)#interface serial0
R1(config-if)#frame-relay lmi-type ansi
00:46:40: %SYS-5-CONFIG_I: Configured from console by consoleR1#
00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed to
INACTIVE
00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed toINACTIVE
00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed to
DELETED00:47:12: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed to
DELETED
00:47:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changedstate to down
The LMI mismatch leads to the line going down and the DLCIs going inactive.
Run show frame lmi on R1. Wait a few seconds, then run it again,then again. Notice that the timeouts are incrementing. Once it hit 3,
the line protocol came down.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
20
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
32/106
R1#show frame lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0Invalid dummy Call Ref 0 Invalid Msg Type 0Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 256 Num Status msgs Rcvd 240Num Update Status Rcvd 0 Num Status Timeouts 16
The router is receiving LMI status messages, but when the LMI type was changed, the
Status Timeouts began to accrue. This command gives an indication that there is a
problem with the LMIs. The LMIs are the heartbeat of frame relay; without the right
LMIs, the frame connection dies.
Run debug frame lmi on R1.
R1#debug frame lmi
Frame Relay LMI debugging is onDisplaying all Frame Relay LMI data
00:52:12: Serial0(out): StEnq, myseq 31, yourseen 0, DTE down
00:52:12: datagramstart = 0xE0183C, datagramsize = 1400:52:12: FR encap = 0x00010308
00:52:12: 00 75 95 01 01 00 03 02 1F 00
00:52:12:00:52:22: Serial0(out): StEnq, myseq 32, yourseen 0, DTE down00:52:22: datagramstart = 0xE0183C, datagramsize = 14
00:52:22: FR encap = 0x00010308
00:52:22: 00 75 95 01 01 00 03 02 20 0000:52:22:
00:52:32: Serial0(out): StEnq, myseq 33, yourseen 0, DTE down
00:52:32: datagramstart = 0xE0183C, datagramsize = 1400:52:32: FR encap = 0x00010308
00:52:32: 00 75 95 01 01 00 03 02 21 00
The myseq value continues to increase, but the yourseen value remains at 0.Between debug frame lmi and show frame lmi, it can be seen that LMI messages are
being received from the DCE, but not accepted another indicator of an LMI mismatch.
Leave that debug command on, and change the LMI default back toCisco. (You must know all three LMI types before taking the CCNA
exams!)
Chris Bryant, CCIE #12933www.thebryantadvantage.com
21
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
33/106
R1#debug frame lmiFrame Relay LMI debugging is on
Displaying all Frame Relay LMI data
R1#conf t
R1(config)#interface serial0R1(config-if)#frame-relay lmi-type cisco
00:56:22: Serial0(out): StEnq, myseq 1, yourseen 0, DTE down
00:56:22: datagramstart = 0xE0183C, datagramsize = 13
00:56:22: FR encap = 0xFCF1030900:56:22: 00 75 01 01 00 03 02 01 00
00:56:22: Serial0(in): Status, myseq 100:56:22: RT IE 1, length 1, type 0
00:56:22: KA IE 3, length 2, yourseq 1 , myseq 100:56:22: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 0
00:56:22: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 000:56:32: Serial0(out): StEnq, myseq 2, yourseen 1, DTE down00:56:32: datagramstart = 0xE0183C, datagramsize = 13
00:56:32: FR encap = 0xFCF10309
00:56:32: 00 75 01 01 01 03 02 02 01
00:56:32: Serial0(in): Status, myseq 200:56:32: RT IE 1, length 1, type 0
00:56:32: KA IE 3, length 2, yourseq 2 , myseq 2
00:56:32: PVC IE 0x7 , length 0x6 , dlci 122, status 0x2 , bw 000:56:32: PVC IE 0x7 , length 0x6 , dlci 123, status 0x2 , bw 0
00:56:42: Serial0(out): StEnq, myseq 3, yourseen 2, DTE up
00:56:42: datagramstart = 0xE0183C, datagramsize = 1300:56:42: FR encap = 0xFCF10309
00:56:42: 00 75 01 01 01 03 02 03 02
00:56:42: Serial0(in): Status, myseq 300:56:42: RT IE 1, length 1, type 1
00:56:42: KA IE 3, length 2, yourseq 3 , myseq 300:56:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed
state to up
00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 122 state changed toACTIVE
00:57:22: %FR-5-DLCICHANGE: Interface Serial0 - DLCI 123 state changed to
ACTIVE
The incoming myseq packets are now being accepted, and the outgoing messages see
the yourseen value begin to accrue. The DTE end of the connection goes up, the line
protocol goes up soon after that, and finally the previously deleted DLCIs are again
active.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
22
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
34/106
Use IOS Help to see what the LMI options are.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int serial 0R1(config-if)#frame lmi-type ?
cisco
ansi
q933a
Run show frame pvc on R1. Note the status for each DLCI, and theuptime.
R1#show frame pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 2 0 0 0Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =Serial0
input pkts 5 output pkts 5 in bytes 520
out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
pvc create time 00:49:19, last time pvc status changed 00:01:15
DLCI = 123, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE =
Serial0
input pkts 17 output pkts 5 in bytes 4024
out bytes 520 dropped pkts 0 in pkts dropped 0out pkts dropped 0 out bytes dropped 0in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0pvc create time 00:49:12, last time pvc status changed 00:01:17
Chris Bryant, CCIE #12933www.thebryantadvantage.com
23
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
35/106
Before you take your CCNA exams, be very familiar with what each ofthese commands show you, and what the letters FECN, BECN, and DE
mean:
FECN: Congestion was experienced in the direction in which this
packet was traveling.
BECN: Congestion was experienced in the opposite direction in which
this packet was traveling.
DE: Packet was marked discard eligible.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
24
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
36/106
ISDN / Point-To-Point Lab
R1 and R3 are directly connected via their S1 interfaces by a DTE/DCE
cable. Before taking your CCNA exams, you MUST know what
command will tell you whether the DTE or DCE end of the cable isconnected to a router. Heres how you do it:
show controller displays the DTE and DCE ends of the connection. The output of
these commands has been truncated for clarity.
R1#show controller serial 1
HD unit 1, idb = 0x107114, driver structure at 0x10C590buffer size 1524 HD unit 1, V.35 DTE cable
R3#show controller serial 1
HD unit 1, idb = 0xC7D1C, driver structure at 0xCCAA0buffer size 1524 HD unit 1, V.35 DCE cable
Ping R1s serial interface from R3.
R3#ping 172.12.13.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The escape sequence for pings is CTRL-SHIFT-6 performed twice in succession.
The ping fails. Run show interface serial1 to see why.
R3#show interface serial1
Serial1 is up, line protocol is downHardware is HD64570
Internet address is 172.12.13.3/24
The truncated output of show interface serial1 shows the physical interface is up, but
the line protocol is down.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
25
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
37/106
The line protocol is down because the DCE end of the cable mustsupply a clock rate to the DTE end. To resolve this, configure clock
rate 56000 on R3s Serial interface. Once the line protocol is up, runshow interface serial1 again to verify, and ping R1s Serial interface
again. The ping will succeed.
R3#conf tR3(config)#interface serial1
R3(config-if)#clock rate 56000
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state to up
R3#show interface serial1
Serial1 is up, line protocol is upHardware is HD64570
Internet address is 172.12.13.3/24
Once the DCE supplies a clock rate to the DTE, the line comes up.
R3#ping 172.12.13.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/36 msThe ping is successful.
The two BRI interfaces will now be configured with PPP PAP
authentication. You assigned IP addresses to these interfaces in the IPaddressing lab. You will use the phone numbers sent with your
authentication information. Configure the ISDN switchtype with theglobal isdn switch-type command, and run show isdn status to
verify. Layer 1 will be ACTIVE and Layer 2 will show a TEI assigned.
Note that while only R1 is shown here, isdn switch-type must
be configured on R1 AND R2; this command is necessary on any
Cisco router running ISDN if you leave it out, everything elsecan be perfect and the connection will not work.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
26
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
38/106
R1#conf t
R1(config)#isdn switch-type basic-niR1(config)#^Z
R1#show isdn status
Global ISDN Switchtype = basic-ni
ISDN BRI0 interfacedsl 0, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVELayer 2 Status:
TEI = 66, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:0 Active Layer 3 Call(s)
Configure dialer map statements on R1 and R2, each mapping to theother routers BRI interface. Ping R1s BRI interface from R2. Put the
phone numbers you were sent in email in place of the xxxxxxx you see
below.
NOTE: If you changed the names of R1 and R2, change themback to those names with the hostname command. The
hostnames R1 and R2 will be used for authentication in thislab, as youll soon see.
R1#conf tR1(config)#interface bri0
R1(config-if)#dialer map ip 172.12.21.2 name R2 broadcast xxxxxxx
R2#conf tR2(config)#interface bri0
R2(config-if)#dialer map ip 172.12.21.1 name R1 broadcast xxxxxxx
R2#ping 172.12.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:.....
Success rate is 0 percent (0/5)
The dialer map configuration is correct, but the pings do not go through.
The ping fails because there is no interesting traffic defined that will
bring the line up. Using the dialer-list and dialer-group commands,allow any IP traffic to bring up the line. Ping R1 from R2. After the
ping goes through, run show dialer to see what packets brought theline up.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
27
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
39/106
All IP traffic is defined as interesting traffic by thedialer-list command, and that list is
called by thedialer-group command. The ping packets bring the line up.
R1#conf t
R1(config)#dialer-list 1 protocol ip permit
R1(config)#interface bri0R1(config-if)#dialer-group 1
R2#conf tR2(config)#dialer-list 1 protocol ip permit
R2(config)#interface bri0
R2(config-if)#dialer-group 1
R2#ping 172.12.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:
.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms
%LINK-3-UPDOWN: Interface BRI0:1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state to up
R2#
%ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358661 R1
Its normal for a ping to be 80 percent successful the first time youping a destination. After that, youll see 100 percent connectivity.
R2#show dialer
BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last status
8358661 2 0 00:00:04 successful
0 incoming call(s) have been screened.
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up
Dial reason: ip (s=172.12.21.2, d=172.12.21.1)
Time until disconnect 117 secsConnected to 8358661 (R1)
The dial reason in the output of show dialer clearly shows the source (s) and
destination (d) of the packet that caused the line to dial. While it was obvious here why
the line went up, routing protocols send multicasts and broadcasts that can cause such a
line to dial and stay dialed for days, weeks, or even months at a time, which costs a great
Chris Bryant, CCIE #12933www.thebryantadvantage.com
28
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
40/106
deal of money. This command is vital in diagnosing any issue involving an ISDN line
that dials and stays up.The routers will now authenticate each other with PAP over the ISDNlink. Configure the global command username / password on each
router, naming the remote router as the username and the passwordthe remote router will be sending as the password. Use
encapsulation ppp and ppp authentication pap to enable eachrouter to authenticate the other. Have R1 send a password of CCNA
and R2 to send a password of CISCO. Use the ppp pap sent-username command as shown in the following illustration.
Note that you have to manually configure PPP. The default
encapsulation for a Serial or BRI interface is HDLC. Youll also see theTEI go down and then come back up; thats normal when you change
the encapsulation.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.R1(config)#username R2 password CISCO
R1(config)#int bri0
R1(config-if)#encapsulation ppp
03:45:46: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown
03:45:48: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
R1(config-if)#ppp authentication papR1(config-if)#ppp pap sent-username R1 password CCNA
R1(config-if)#^ZR1#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.R2(config)#username R1 password CCNA
R2(config)#int bri0R2(config-if)#encapsulation ppp
03:47:36: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to
down
03:47:37: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
R2(config-if)#ppp pap sent-username R2 password CISCOR2(config-if)#^Z
R2#
Chris Bryant, CCIE #12933www.thebryantadvantage.com
29
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
41/106
Run debug ppp negotiation on R2 and ping R1s BRI interface.
R2#debug ppp negotiation
PPP protocol negotiation debugging is on
R2#ping 172.12.21.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/37/40 ms%LINK-3-UPDOWN: Interface BRI0:1, changed state to up
BR0:1 PPP: Phase is AUTHENTICATING, by both< Both routers are authenticating the other. >
BR0:1 PAP: O AUTH-REQ id 1 len 13 from "R2"< R2 is sending an authentication request to R1. >
BR0:1 PAP: I AUTH-ACK id 1 len 5
< The I indicates an incoming packet; the remote route is acknowledging theauthentication request. >
BR0:1 PAP: I AUTH-REQ id 1 len 12 from "R1"< A PAP authentication request has been received from R1. >
BR0:1 PAP: Authenticating peer R1< R1 is being authenticated. >
BR0:1 PAP: O AUTH-ACK id 1 len 5
Notice that with PAP, there is authentication, but there are no
challenge/responses shown in the debug. That will change when you
configure CHAP.
Before configuring CHAP, do the following:
1. Run no encapsulation ppp under both BRI interfaces.
2. Remove the username/password statements simply byrepeating the earlier commands with the word no in front of thecommand, as shown below.
A tip: When you need to remove a command from a Cisco router,youll usually do it just by running the command by putting the word
no in front of it.
Also, anytime you want to look at the running configuration of therouter, run show config. Hit the enter key to go down one line at atime, and the space bar to go down a full screen. When you see what
you wanted to see, hit ESC to back to the prompt.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
30
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
42/106
R1#conf t
R1(config)#no username R2 password CISCOR1(config)#int bri0
R1(config-if)#no encapsulation ppp
R1(config-if)#^Z
R1#03:56:01: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to
down
03:56:02: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.R2(config)#no username R1 password CCNA
R2(config)#interface bri0
R2(config-if)#no encapsulation ppp
R2(config-if)#^Z
03:56:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed todown
03:56:59: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
Configure the routers for CHAP authentication. The switch-type, dialermap statements, and dialer-lists have already been configured. On
both R1 and R2, configure a username / password statement withthe password CCNA. Configure both routers for PPP encapsulation andCHAP authentication with the encapsulation ppp and ppp
authentication chap commands.
R1#conf tR1(config)#username R2 password CCNAR1(config)#interface bri0
R1(config-if)#encapsulation ppp
03:58:58: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to do
03:58:59: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to upR1(config-if)#ppp authentication chap
R1(config-if)#^Z
R1#
R2#conf t
R2(config)#username R1 password CCNAR2(config)#interface bri0
R2(config-if)#encapsulation ppp
04:00:00: %ISDN-6-LAYER2DOWN: Layer 2 for Interface BR0, TEI 66 changed to
down04:00:01: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0, TEI 66 changed to up
R2(config-if)#ppp authentication chap
R2(config-if)#^Z
Chris Bryant, CCIE #12933www.thebryantadvantage.com
31
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
43/106
With CHAP, the passwords must be the same. Note that there is nosent-password command, as there was with PAP.
Run debug ppp negotiation, and ping R1 from R2.
R2#debug ppp negotiationPPP protocol negotiation debugging is on
R2#ping 172.12.21.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.12.21.1, timeout is 2 seconds:
04:01:30: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
04:01:30: BR0:1 PPP: Using dialer call direction
04:01:30: BR0:1 PPP: Treating connection as a callout04:01:30: BR0:1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]
04:01:30: BR0:1 LCP: O CONFREQ [Closed] id 1 len 1504:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)04:01:30: BR0:1 LCP: O CONFACK [REQsent] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
04:01:30: BR0:1 LCP: MagicNumber 0x1158F056 (0x05061158F056)04:01:30: BR0:1 LCP: I CONFACK [ACKsent] id 1 len 15
04:01:30: BR0:1 LCP: AuthProto CHAP (0x0305C22305)
04:01:30: BR0:1 LCP: MagicNumber 0x1158551A (0x05061158551A)04:01:30: BR0:1 LCP: State is Open04:01:30: BR0:1 PPP: P.!hase is AUTHENTICATING, by both [0 sess, 0 load]
04:01:30: BR0:1 CHAP: O CHALLENGE id 1 len 23 from "R2"
04:01:30: BR0:1 CHAP: I CHALLENGE id 1 len 23 from "R1"04:01:30: BR0:1 CHAP: O RESPONSE id 1 len 23 from "R2"
04:01:30: BR0:1 CHAP: I SUCCESS id 1 len 4
04:01:30: BR0:1 CHAP: I RESPONSE id 1 len 23 from "R1"04:01:30: BR0:1 CHAP: O SUCCESS id 1 len 4
04:01:30: BR0:1 PPP: Phase is UP [0 sess, 0 load]
04:01:30: BR0:1 IPCP: O CONFREQ [Closed] id 1 len 10
04:01:30: BR0:1 IPCP: Address 172.12.21.2 (0x0306AC0C1502)04:01:30: BR0:1 CDPCP: O CONFREQ [Closed] id 1 len 4
04:01:30: BR0:1 IPCP: I CONFREQ [REQsent] id 1 len 10
04:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)04:01:30: BR0:1 IPCP: O CONFACK [REQsent] id 1 len 10
04:01:30: BR0:1 IPCP: Address 172.12.21.1 (0x0306AC0C1501)04:01:30: BR0:1 CDPCP: I CONFREQ [REQsent] id 1 len 4
04:01:30: BR0:1 CDPCP: O CONFACK [REQsent] id 1 len 4
Chris Bryant, CCIE #12933www.thebryantadvantage.com
32
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
44/106
04:01:30: BR0:1 IPCP: I CONFACK [ACKsent] id 1 len 10
04:01:30: BR0:1 IPCP: Addr!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 36/49/88 ms
R2#ess 172.12.21.2 (0x0306AC0C1502)
04:01:30: BR0:1 IPCP: State is Open
04:01:30: BR0:1 CDPCP: I CONFACK [ACKsent] id 1 len 404:01:30: BR0:1 CDPCP: State is Open
04:01:30: BR0 IPCP: Install route to 172.12.21.1
04:01:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changedstate to up
R2#
04:01:36: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 5551111 R1
As before, run show dialer to see what interesting traffic brought the link up.
R2#show dialer
BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last statu8358661 4 0 00:00:12 successfu
0 incoming call(s) have been screened.
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up
Dial reason: ip (s=172.12.21.2, d=172.12.21.1)
Time until disconnect 109 secsConnected to 8358661 (R1)
BRI0:2 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
The ping packet from R2 was the cause of the line dialing.
Obviously, theres a lot more going on here. Notice the challengesand responses being sent by both sides.
I recommend you run CHAP by using mismatched passwords, and run
this same debug so you can see what it looks like when theres aproblem with passwords.
Turn your debugs off with undebug all .
Chris Bryant, CCIE #12933www.thebryantadvantage.com
33
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
45/106
Using ppp multilink and dialer load-threshold, configure the ISDNinterface on R1 to bring up the second B-channel when the first B-
channel reaches 50% of its outbound capacity. You can also changethe dialer idle-timeout default of 120 seconds as shown below.
(Remember that only interesting traffic resets the idle-timeout.)
R1#conf tEnter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface bri0R1(config)#dialer idle-timeout 30 (This value is in seconds, not minutes!)
R1(config-if)#ppp multilinkR1(config-if)#dialer load-thresh 127 ?
either Threshold decision based on max of inbound and outbound traffic
inbound Threshold decision based on inbound traffic onlyoutbound Threshold decision based on outbound traffic only
R1(config-if)#dialer load-thresh 127 outbound
Its very important that you realize that the value you enter withdialer load-threshold is a ratio of 255, not 100. If you wanted tohave the second b-channel come up when the first one reaches 75%
capacity, youd need to enter the number that is 75% of 255, NOT
100.
Also, you must configure ppp multilink to have the second link comeup at the specified capacity level.
The following dialer profile lab is a bonus. Its doubtful youll beasked anything about dialer profiles on the CCNA exams, but the
chance is there. Make sure youre proficient with PAP, CHAP, and thedifferent ISDN show and debug commands covered earlier before
spending time configuring dialer profiles.
On the BRI interface, remove the following: the PPP encapsulationtype, the dialer-map statement, the dialer-group statement, the
dialer-load statement, the IP address, and any commands referencingPAP or CHAP authentication.
The ISDN switch-type command and username / password
command should remain.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
34
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
46/106
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0
R1(config-if)#no encapsulation ppp
R1(config-if)#no dialer map ip 172.12.21.2 name R2 broadcast 8358662
R1(config-if)#no dialer-group 1R1(config-if)#no dialer load-threshold 127 outbound
R1(config-if)#no ip address
Make sure the TEI comes back up after going down. If it does not, shut and reopen the
BRI interface.
After removing these statements, the running config should show this for the BRI
interface:
interface BRI0
no ip addressisdn switch-type basic-ni
Configure a dialer profile with the command interface dialer 1 on R1.The IP address that was on the BRI interface will be placed on this
logical interface. Use dialer remote-name to indicate the name ofthe remote router to be dialed, and dialer string to configure the
number to be dialed.
R1#conf t
R1(config)#interface dialer 1
R1(config-if)#ip address 172.12.21.1 255.255.255.252R1(config-if)#dialer remote-name R2
R1(config-if)#dialer string xxxxxxx
R1#conf t
R1(config)#interface dialer1
R1(config-if)#dialer-group 1
The physical BRI interface and logical Dialer interface must now belinked. Configure Dialer1 with the dialer pool 1 command, then
make the BRI interface a member of that pool with the dialer pool-
member 1 command.
R1#conf t
R1(config)#interface dialer1
R1(config-if)#dialer pool 1
Chris Bryant, CCIE #12933www.thebryantadvantage.com
35
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
47/106
R1#conf t
R1(config)#interface bri0R1(config-if)#dialer pool-member 1
R2 is still using PPP encapsulation and CHAP authentication; R1 mustalso. On both the physical and logical interfaces, configure
encapsulation ppp and ppp authentication chap.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.R1(config)#interface bri0
R1(config-if)#encapsulation ppp
R1(config-if)#ppp authentication chap
R1(config)#interface dialer1
R1(config-if)#encapsulation pppR1(config-if)#ppp authentication chap
When the encapsulation type is changed on the physical interface, the TEI goes up and
down.. If the TEI doesnt come back up, open and shut the physical interface. No such
up / down behavior will occur when the encapsulation type is configured on the
logical interface.
Run debug ppp negotiation and ping R2s BRI interface.
R1#debug ppp negotiation
PPP protocol negotiation debugging is onR1#ping 172.12.21.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.12.21.2, timeout is 2 seconds:.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36 ms
22:12:07: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up
22:12:07: %DIALER-6-BIND: Interface BRI0:1 bound to profile Dialer122:12:07: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 8358662
22:12:07: BR0:1 PPP: Phase is AUTHENTICATING, by both
22:12:07: BR0:1 CHAP: O CHALLENGE id 3 len 23 from "R1"22:12:07: BR0:1 CHAP: I CHALLENGE id 3 len 23 from "R2"
22:12:07: BR0:1 CHAP: O RESPONSE id 3 len 23 from "R1"22:12:07: BR0:1 CHAP: I SUCCESS id 3 len 422:12:07: BR0:1 CHAP: I RESPONSE id 3 len 23 from "R2"
22:12:07: BR0:1 CHAP: O SUCCESS id 3 len 4
22:12:07: BR0:1 PPP: Phase is UP
Chris Bryant, CCIE #12933www.thebryantadvantage.com
36
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
48/106
< The expected series of challenges, responses, and successes occur. >
R1#show dialer
BRI0:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)Dialer state is data link layer up
Dial reason: ip (s=172.12.21.1, d=172.12.21.2)
Interface bound to profile Dialer1Time until disconnect 112 secs
Current call connected 00:00:10Connected to 8358662 (R2)
Dialer1 - dialer type = DIALER PROFILEIdle timer (120 secs), Fast idle timer (20 secs)Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
The BRI physical interface is bound to Dialer1, the logical interface, and the status of the
Dialer Profile is up as well.
NOTE: If you keep the dialer profile on this routerduring the protocol labs, make sure to substi tute dialer0 or dialer1 , whichever you named thisinterface, for bri0 in the passive-interface command in
the following labs.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
37
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
49/106
Passwords and Services Lab
REMINDER: Please use only the words cisco and ccna for
passwords, without the quotation marks. Thank you!
Co n f i g u r i n g R o u t e r P a ss w o r d s
The first two passwords to configure are the enable secret andenable password. If the names sound alike, thats because they
have the same function. The user will be prompted to enter thispassword when entering privileged exec mode. The enable password
is for older routers, also referred to as legacy routers. The enablesecretpassword will be used by the majority of the users.
If both passwords are in effect, the enable secret password
takes precedence.
R3#conf tR3(config)#enable password cisco
R3(config)#^Z
R3#logout
The enable password has been set. Users will be prompted for this password when
attempting to enter privileged exec mode. To test this, log out with the logout command
as shown, and use the password cisco to get back in.
R3 con0 is now availablePress RETURN to get started.
R3>en
Password:R3#The user was prompted for the enable password before being allowed into privileged
exec mode. The password does not appear as it is being keyed in.
Now set an enable secret password of ccna. Log out, and try the
enable password cisco. You wont be allowed access, since the enablesecret of ccna is taking precedence. The enable secret passwordalways has precedence over the enable password.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
38
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
50/106
R3#conf t
R3(config)#enable secret ccnaR3(config)#^Z
R3#logout
The enable secretpassword has been set. Users will be prompted for this password whenattempting to enter privileged exec mode.
R3 con0 is now availablePress RETURN to get started.
R3>en
Password:R3#The user was prompted for the enable secret password before being allowed into
privileged exec mode. The password does not appear as it is being keyed in. Thepreviously set enable password of cisco no longer works.
A password can also be set for the console. Enter line configurationmode with the command line console 0, enter login to have the user
prompted for a password when logging on to the console, and thepassword command is used to set the password.
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.
R3(config)#line console 0
R3(config-line)#loginR3(config-line)#password cisco
R3(config-line)#^Z
R3(config)#logout
R3 con0 is now available
Press RETURN to get started.
User Access Verification
Password: < cisco was entered here >
R3>enablePassword: < ccna was entered here. >
R3#
The user is now prompted for the console password before user exec mode can be
accessed. After entering that password, the user is prompted for the enable secretpassword to enter privileged exec mode.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
39
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
51/106
Now youve set an enable password, an enable secret password, and aconsole password. The final password you need to set is the
password that will be used to authentication telnet users. (By default,a Cisco router can support five simultaneous telnet sessions. This
configuration will apply the same password to all five sessions.)
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.
R3(config)#line vty 0 4
R3(config-line)#login
% Login disabled on line 2, until 'password' is set% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set% Login disabled on line 6, until 'password' is set
R3(config-line)#password cisco
It really doesnt matter what order you enter the login command and
the password; as you can see, if you enable login first, yourereminded that no one can log in until a password is set. By default, aCisco router will not allow anyone to connect to it via Telnet
unless a password has been configured on the vty lines.
Encrypting All Router Passwords In The Running Configuration
After configuring a console password and a telnet password, the
passwords appear in the running configuration in clear-text.
R3#show config< output truncated for clarity >
!
line con 0password cisco
login
line aux 0
line vty 0 4password cisco
login
Chris Bryant, CCIE #12933www.thebryantadvantage.com
40
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
52/106
By default, only the enable secret password will be encrypted in therunning configuration. To encrypt all passwords in the running config,
use the global command service password-encryption.
R3#conf t
R3(config)#service password-encryption
R3#show config
service password-encryption!
line con 0
password 7 10692C2D3C3827392F27040Alogin
line aux 0
line vty 0 4
password 7 14343B382F2B
login!
end
The number you see is the level of encryption, which can range from 0 7. The command service password-encryption gives the
strongest possible encryption level on the router.
Cisco Discovery Protocol
Cisco Discovery Protocol (CDP) runs by default between all directly
connected Cisco devices.
Show cdp neighbor displays all directly connected Cisco routers and
switches. CDP is Cisco-proprietary, so it will not display non-Ciscodevices.
CDP can be disabled at both the global and interface level. To disableCDP at the interface level, run no cdp enable on the interface, and
cdp enable to turn it back on.
By default, the cdp timer defines how often CDP packets aretransmitted, and cdp holdtime defines how long a device will hold a
received packet.
To turn CDP off for the entire router, run no cdp run. To view the
current global status of CDP, run show cdp.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
41
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
53/106
Run each of these commands on all five of your devices. Practiceturning CDP off and on at the global level and the interface level until
youre very confident that you know which command is which.
R2#show cdp
Global CDP information:Sending CDP packets every 45 seconds
Sending a holdtime value of 100 seconds
The CDP values have been successfully changed. show cdp interface will give the
timer information for each interface on the router.
R2#conf t
R2(config)#interface bri0
R2(config-if)#no cdp enable
CDP is disabled on the BRI interface. This does NOT have to be done to keep the linefrom dialing, as will be shown.
R2#conf t
R2(config)#no cdp run
CDP is disabled globally.
R2#show cdp% CDP is not enabled
CDP has been successfully disabled.
Knowing which password does what is vital to passing the CCNAexams. Know how to configure and spot a correctly configured console
password, enable password, and telnet password. And you REALLYneed to know CDP inside and out! Theres not much there, but yougotta know it!
Chris Bryant, CCIE #12933www.thebryantadvantage.com
42
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
54/106
Static Routing Lab
Create a static route on R3 and one on R1 that will allow R3 to
successfully ping R2s loopback interface, 2.2.2.2. The route should
only consider traffic destined for 2.2.2.2. Use show ip route todisplay the static routes.
R3#conf t
R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1R3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 172.12.123.13.0.0.0/27 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
172.12.0.0/24 is subnetted, 2 subnets
C 172.12.13.0 is directly connected, Serial1C 172.12.123.0 is directly connected, Serial0.31
172.23.0.0/27 is subnetted, 1 subnetsC 172.23.23.0 is directly connected, Ethernet0
R1#conf t
R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2
R1#show ip route
< codes deleted for clarity >
Gateway of last resort is not set
1.0.0.0/27 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
S 2.2.2.2 [1/0] via 172.12.123.2172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.12.13.0/24 is directly connected, Serial1
C 172.12.21.0/30 is directly connected, BRI0
C 172.12.123.0/24 is directly connected, Serial0
Chris Bryant, CCIE #12933www.thebryantadvantage.com
43
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
55/106
Examining the syntax of the ip route commands used in this lab:
R3(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.1
ip route: The command.
2.2.2.2 : The destination address.255.255.255.255: The wildcard mask. This particular mask means that only traffic
destined for 2.2.2.2 will use this static route.
172.12.123.1: The next-hop IP address used to reach the destination.
R1(config)#ip route 2.2.2.2 255.255.255.255 172.12.123.2
ip route: The command.2.2.2.2: The destination address.
255.255.255.255. The wildcard mask. Again, only traffic destined for 2.2.2.2 will use this
static route.
172.12.123.2: The next-hop IP address used to reach this destination.
On R3, run debug ip packet, then ping 2.2.2.2. The pings willreturn successfully, and the packets can be seen leaving and entering
the router. Turn all debugs off with undebug all.
R3#debug ip packet
IP packet debugging is onR3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 132/136/144 m
R3#
IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3
IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3IP: s=172.12.123.3 (local), d=2.2.2.2 (Serial0.31), len 100, sending
IP: s=2.2.2.2 (Serial0.31), d=172.12.123.3 (Serial0.31), len 100, rcvd 3
R3#undebug allAll possible debugging has been turned off
Chris Bryant, CCIE #12933www.thebryantadvantage.com
44
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
56/106
Remove the static routes with the command no ip route. Replacethem with a static route with a destination and wildcard mask of
0.0.0.0. This route will serve as a default route; to verify this, run
show ip route after configuring these default static routes.
Notice that with static routes, you can configure either a next-hopaddress or an exit interface on the end of the static route command.
Here, youll configure both.
R3#conf tR3(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.1
R3(config)#ip route 0.0.0.0 0.0.0.0 serial0.31
R1#conf t
R1(config)#no ip route 2.2.2.2 255.255.255.255 172.12.123.2R1(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.2
A static route configured with a destination and subnet mask of 0.0.0.0 will serve as a
default route.
Examining the routing table of R3 after configuring the default static route.
R3#show ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
3.0.0.0/24 is subnetted, 1 subnetsC 3.3.3.0 is directly connected, Loopback0
172.12.0.0/24 is subnetted, 2 subnets
C 172.12.13.0 is directly connected, Serial1
C 172.12.123.0 is directly connected, Serial0.31172.23.0.0/24 is subnetted, 1 subnets
C 172.23.23.0 is directly connected, Ethernet0
S* 0.0.0.0/0 is directly connected, Serial0.31
The static route appears on R3 as a candidate default route, and isthen used as the default route. The gateway of last resort is now
set to 0.0.0.0. This is a result of using an exit interface to configurethe static default route, rather than a next-hop IP address.
Chris Bryant, CCIE #12933www.thebryantadvantage.com
45
2005 The Bryant Advantage
-
7/29/2019 CCNALabWorkbook
57/106
Examining R1s routing table after configuring the static default route.
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is 172.12.123.2 to network 0.0.0.0
1.0.0.0/27 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masksC 172.12.13.0/24 is directly connected, Ser