Cisco ICND2 Lab Guide v1.1

© 2011 Marc Bouchard

Cisco CCNA/ICND2 Lab Guide

Covers all topics for the ICND2 exam

Version 1.1

Written by

Marc Bouchard

www.subnet192.com

www.subnet192.com 2

Cis

co C

CN

A L

ab G

uid

e

Contents Introduction .................................................................................................................................................. 3

Recommended training material .................................................................................................................. 3

Recommended lab equipment ..................................................................................................................... 3

How this guide works… ................................................................................................................................. 4

Lab 1 – VLAN Trunking Protocol (VTP) .......................................................................................................... 5

Lab 2 – Spanning Tree Protocol (STP) ......................................................................................................... 13

Lab 3 – VLAN Routing (Router on-a-stick) ................................................................................................... 21

Lab 4 – Routing Protocols ........................................................................................................................... 24

OSPF .................................................................................................................................................... 24

EIGRP ................................................................................................................................................... 28

Lab 5 – WAN ................................................................................................................................................ 31

Configuring a hub and spoke topology using Frame Relay ................................................................. 31

Lab 6 – Access Lists ..................................................................................................................................... 37

Lab 7 – Network Address Translation (NAT/PAT) ....................................................................................... 41

Appendix 1 .................................................................................................................................................. 43

Lab 1 Switch configurations ................................................................................................................ 43

Appendix 2 .................................................................................................................................................. 44

Lab 3 Router and switch configurations ............................................................................................. 44

Appendix 3 .................................................................................................................................................. 45

Lab 4 Device configurations ................................................................................................................ 45

Appendix 4 .................................................................................................................................................. 46

Lab 5 Device configurations ................................................................................................................ 46

Appendix 5 .................................................................................................................................................. 47

Lab 7 Routers and switch configurations ............................................................................................ 47

References & Resources ............................................................................................................................. 48

Software ...................................................................................................................................................... 48

Special thanks… ........................................................................................................................................... 48

www.subnet192.com 3

Cis

co C

CN

A L

ab G

uid

e

Introduction Studying for the CCENT/CCNA exams is challenging. There are a lot of resources out there, lots of

material but there was nothing I could find to meet my objective: provide me with a challenge, and then

show a step by step explanation to validate the tasks.

This guide is in no way endorsed by Cisco Systems. I created this document out of personal need and to

help myself memorize and learn the various commands and configurations. I thought I should share this

with others to assist in actually learning hands-on skills with Cisco equipment. Also, note that I didn’t

reinvent the wheel here. Most of this is inspired from personal experience in my own lab, from

information gathered on the internet, from some of the simulators, etc.

This guide is provided FREE of charge. If you paid for this guide, you got ripped off. I do however

accept donations of any amount via Paypal at [email protected] if you find this guide of use and

want to thank me for my efforts. Visit my site at www.subnet192.com for more information and the

latest guides!

Recommended training material The following are what I personally used to pass the certification. I find that going through a CBT before

hitting the books helps a lot to make the book easier to understand.

CBT Nuggets ICND2 training by Jeremy Cioara.

Cisco Press ICND2 by Wendell Odom.

Recommended lab equipment Finding the right gear to build a lab is quite a daunting task. There is a multitude of models and versions,

as well as modules to customize each device. While you can get by with simulators, (I have tried them

all), nothing compares to working with the real deal.

My recommendations, for a reasonably priced lab that would get you through the CCNA curriculum

would be the following.

3 Cisco 2950 series switches

3 Cisco 2620XM 128/45 series routers

3 WIC-2T serial interfaces

3 DCE/DTE Smart Serial cables (for the WIC-2T to WIC-2T connections)

1 NM-4A/S serial interface

3 Serial to Smart Serial cables (for the NM-4A/S to WIC-2T connections)

mailto:[email protected]

http://www.subnet192.com/

www.subnet192.com 4

Cis

co C

CN

A L

ab G

uid

e

How this guide works… First off, this is not intended to explain any of the concepts. There are fantastic books out there for that

job. This guide attempts to make you think about what you need to do, which commands are required

to complete each step and so on.

In this guide, there is no goal topology, as it will change depending on the objectives of each lab. The

various topologies are all based on my recommendations for hardware above. You can also perform

most of the steps using Cisco’s Packet Tracer software if you are part of the Cisco Learning Academy, but

be aware that some commands may not be fully implemented.

Also, by now you should be familiar with the familiar prompts of the IOS (the exec mode #, the config

mode (config)#, etc.) so steps to get you into these modes will not be identified in the walkthrough.

www.subnet192.com 5

Cis

co C

CN

A L

ab G

uid

e

Lab 1 – VLAN Trunking Protocol (VTP) Material required: 3 switches, 1 PC, rollover cable, crossover and standard Ethernet cables.

Objectives

This lab will guide you in configuring VTP in the lab environment.

Preparation

Configure all three switches using the scripts in appendix 1.

DISCONNECT all crossover cables from S1.

Configure your laptop with the IP address 192.168.1.100/24

www.subnet192.com 6

Cis

co C

CN

A L

ab G

uid

e

Tasks

Open a terminal emulator session to S1 (console)

o Display VLAN configuration.

o Display switch ports information from the running-configuration using output modifiers

to begin the display at interface FastEthernet0/1.

o Display the default VTP configuration information.

o Configure all switch ports to access mode.

o Set the VTP mode to Transparent.

o Save the configuration.



o Configure VTP

Set the VTP mode to Server.

Set the VTP domain to CCNALAB.

Set the VTP version to 2.




o Set the VTP mode to Client.


Experimentation

o Display and compare the VTP configuration information on all 3 switches.

o Connect the topology together using the diagram at the beginning of the lab.

o Telnet to S3.

o Display the VTP configuration information.

Is the domain name set? Why?

No trunks exist between the switches so VTP doesn’t do anything.

o Configure all the links between switches to trunk mode.

o Display the interface status to confirm trunk is enabled.

o Display the VTP configuration information on S1 and S3.

Is the domain name set? Why?

S1: Transparent mode switches ignore VTP broadcasts.

S3: Trunks are enabled and all server and clients receive VTP updates.

However, since no VLANs exist, no VTP traffic is generated so the

domain name might not be configured yet.

www.subnet192.com 7

Cis

co C

CN

A L

ab G

uid

e

o Create VLAN 100 on S1.

What happens? Is it propagated to other switches?

VLAN is created but remains local to this switch.


What happens?

Unable to create a VLAN, client mode doesn’t allow creation.


Is it propagated to other switches? Which ones?

Yes it is. S3 receives the update as it is in client mode.

o Display the VLAN and VTP configuration on S3 and observe what has changed.

o Enable debugging of VTP events on S3.

Attempt to perform all the tasks listed above before going through the walkthrough.

www.subnet192.com 8

Cis

co C

CN

A L

ab G

uid

e

Walkthrough

On S1:

Display VLAN configuration

S1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 1 enet 100001 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 0 0 1003 tr 101003 1500 - - - - - 0 0 1004 fdnet 101004 1500 - - - ieee - 0 0 1005 trnet 101005 1500 - - - ibm - 0 0 Remote SPAN VLANs ------------------------------------------------------------------------------ Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------

Display switch ports information from the running-configuration using output

modifiers to begin the display at interface FastEthernet0/1

S1#show running-config | begin interface FastEthernet0/1 interface FastEthernet0/1 switchport mode access speed 100 duplex full ! interface FastEthernet0/2 switchport mode access speed 100 duplex full …

www.subnet192.com 9

Cis

co C

CN

A L

ab G

uid

e

Display the default VTP configuration information

S1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 128 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 Local updater ID is 192.168.1.5 on interface Vl1 (lowest numbered VLAN interface found)

Set all switch ports to Access mode

S1(config)#interface range fa0/1 - 24 S1(config-if-range)#switchport mode access

Set the VTP mode to Transparent

S1(config)#vtp mode transparent Setting device to VTP TRANSPARENT mode.

On S2:


Same steps as S1.

Configure VTP

S2(config)#vtp mode server Setting device to VTP SERVER mode. S2(config)#vtp domain CCNALAB S2(config)#vtp version 2

On S3:


Same steps as S1.

Set the VTP mode to Client

S3(config)#vtp mode client Setting device to VTP CLIENT mode.

www.subnet192.com 10

Cis

co C

CN

A L

ab G

uid

e

Experimentation:

Display and compare the VTP configuration information on all 3 switches

S1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 128 Number of existing VLANs : 5 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 S2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : CCNALAB VTP Pruning Mode : Disabled VTP V2 Mode : Enabled VTP Traps Generation : Disabled MD5 digest : 0x88 0x1F 0x98 0xBF 0xFF 0xB8 0x36 0x9B Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 S3#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 5 VTP Operating Mode : Client VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Configure all the links between switches to trunk mode

S1(config)#interface range fa0/2 - 3 S1(config-if-range)#switchport mode trunk S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S3(config)#interface fa0/1 S3(config-if)#switchport mode trunk


Cis

co C

CN

A L

ab G

uid

e

Display the interface status to confirm trunk is enabled

S1#show interface status Port Name Status Vlan Duplex Speed Type Fa0/1 notconnect 1 full 100 10/100BaseTX Fa0/2 connected trunk full 100 10/100BaseTX Fa0/3 connected trunk full 100 10/100BaseTX Fa0/4 notconnect 1 full 100 10/100BaseTX Fa0/5 notconnect 1 full 100 10/100BaseTX Fa0/6 notconnect 1 full 100 10/100BaseTX Fa0/7 notconnect 1 full 100 10/100BaseTX Fa0/8 notconnect 1 full 100 10/100BaseTX Fa0/9 notconnect 1 full 100 10/100BaseTX Fa0/10 notconnect 1 full 100 10/100BaseTX Fa0/11 notconnect 1 full 100 10/100BaseTX Fa0/12 notconnect 1 full 100 10/100BaseTX …

Display the VTP configuration information on S1 and S3

S1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 128 Number of existing VLANs : 5 VTP Operating Mode : Transparent VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 S3#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 250 Number of existing VLANs : 5 VTP Operating Mode : Client VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x57 0xCD 0x40 0x65 0x63 0x59 0x47 0xBD Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

Create VLAN 100 on S1

S1(config)#VLAN 100


S3(config)#VLAN 300

VTP VLAN configuration not allowed when device is in CLIENT mode. Unable to create!


S2(config)#vlan 200


Cis

co C

CN

A L

ab G

uid

e

Display the VLAN and VTP configuration on S3 and observe what has changed

S3#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2

200 VLAN0200 active Propagated to S3 via VTP. 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

S3#show vtp status VTP Version : 2

Configuration Revision : 1 1 VLAN configuration update received Maximum VLANs supported locally : 250 Number of existing VLANs : 6 VTP Operating Mode : Client

VTP Domain Name : CCNALAB VTP Domain name has been configured VTP Pruning Mode : Disabled

VTP V2 Mode : Enabled VTP mode has been configured VTP Traps Generation : Disabled MD5 digest : 0x66 0x92 0xDF 0xDD 0xBD 0x35 0x2A 0xAE

Configuration last modified by 192.168.1.6 at 3-1-93 00:29:10 Last update received from this switch

Enable debugging of VTP events on S3

S3#debug sw-vlan vtp events vtp events debugging is on Observe a few events, then disable it using: S3#no debug all All possible debugging has been turned off


Cis

co C

CN

A L

ab G

uid

e

Lab 2 – Spanning Tree Protocol (STP) Material required: 3 switches, 1 PC, crossover and standard Ethernet cables.

Objectives

This lab will guide you in configuring STP in the lab environment.

Preparation

Connect a crossover cables on FastEthernet ports 02 on between S2 and S3.

Remove VLAN 100 from S1.

Remove VLAN 200 from S2.

Tasks

Configure ports FastEthernet 0/2 on S2 and S3 to trunk mode using the dynamic modes.

Display the trunk interfaces information.

Display the spanning tree information summary on all switches to identify the root.

Display the spanning tree information details on the root bridge and the blocking switch.

On the blocking switch, force a path change by changing the cost of the uplink to the root.

Disconnect one of the cables going to your root bridge. Observe the spanning tree on the switch

at the other end of that cable (switching between ports, going into listening mode etc.)

Reconnect the cable.

Force another switch to become your primary root bridge.

Disable spanning tree on all switches and cause a broadcast storm. Observe what happens.

Re-enable spanning tree.

Enable Rapid STP on all switches and verify STP summary.

On the blocking switch, enable Spanning Tree events debugging and…

o Disable the root port interface.

o Observe STP events.

o Re-enable the root port interface.

o Observe STP events.

Attempt to perform all the tasks listed above before going through the walkthrough.


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

Remove VLAN 100 from S1

S1(config)#no vlan 100

Remove VLAN 200 from S2

S2(config)#no vlan 200

Configure ports Fa0/2 on both switches to trunk mode using the dynamic modes

S2(config)#interface fastEthernet 0/2 S2(config)#switchport mode dynamic desirable S3(config)#interface fastEthernet 0/2 S3(config)#switchport mode dynamic auto

Display the trunk interfaces information

S2#show interface trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Fa0/2 desirable 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Fa0/2 1-4094 Port Vlans allowed and active in management domain Fa0/1 1 Fa0/2 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1 Fa0/2 none S3#show interface trunk Port Mode Encapsulation Status Native vlan Fa0/1 on 802.1q trunking 1 Fa0/2 auto 802.1q trunking 1 Port Vlans allowed on trunk Fa0/1 1-4094 Fa0/2 1-4094 Port Vlans allowed and active in management domain Fa0/1 1 Fa0/2 1 Port Vlans in spanning tree forwarding state and not pruned Fa0/1 1 Fa0/2 1


Cis

co C

CN

A L

ab G

uid

e

Display the spanning tree information summary on all switches

S1#show spanning-tree

VLAN0001 Note that a spanning-tree has been defined for each VLAN (PVST) Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000a.4117.5300

This bridge is the root This is the root bridge in my lab. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Bridge ID/priority Address 000a.4117.5300 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- --------------------------------

Fa0/2 Desg FWD 19 128.2 P2p Both ports are designated ports.

Fa0/3 Desg FWD 19 128.3 P2p No Root ports on the bridge. S2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000a.4117.5300 Cost 19

Port 1 (FastEthernet0/1) I can reach the root through this port. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0015.2b1c.9a40 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p Current port to reach the root.

Fa0/2 Altn BLK 19 128.2 P2p Blocked alternate path. S3#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000a.4117.5300 Cost 19 Port 1 (FastEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0013.1a2c.2700 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- --------------------------------

Fa0/1 Root FWD 19 128.1 P2p Current port to reach the root.

Fa0/2 Desg FWD 19 128.2 P2p Alternate path to reach the root.


Cis

co C

CN

A L

ab G

uid

e

Display the spanning tree information details on the root bridge and the blocking

switch

On root bridge:

S1#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 1, address 000a.4117.5300 Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Number of topology changes 2 last change occurred 00:14:00 ago from FastEthernet0/3 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 1, topology change 0, notification 0, aging 300 Port 2 (FastEthernet0/2) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.2. Designated root has priority 32769, address 000a.4117.5300 Designated bridge has priority 32769, address 000a.4117.5300 Designated port id is 128.2, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 1635, received 1 Port 3 (FastEthernet0/2) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.3. Designated root has priority 32769, address 000a.4117.5300 Designated bridge has priority 32769, address 000a.4117.5300 Designated port id is 128.3, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 1635, received 1


Cis

co C

CN

A L

ab G

uid

e

On blocking switch:

S2#show spanning-tree detail VLAN0001 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 1, address 0015.2b1c.9a40 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32769, address 000a.4117.5300 Root port is 1 (FastEthernet0/1), cost of root path is 19 Topology change flag not set, detected flag not set Number of topology changes 4 last change occurred 00:00:45 ago from FastEthernet0/2 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0, aging 300 Port 1 (FastEthernet0/1) of VLAN0001 is forwarding Port path cost 19, Port priority 128, Port Identifier 128.1. Designated root has priority 32769, address 000a.4117.5300 Designated bridge has priority 32769, address 000a.4117.5300

Designated port id is 128.2, designated path cost 0 Lower cost Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 2 Link type is point-to-point by default BPDU: sent 2, received 4223 Port 2 (FastEthernet0/2) of VLAN0001 is blocking Port path cost 19, Port priority 128, Port Identifier 128.2. Designated root has priority 32769, address 000a.4117.5300 Designated bridge has priority 32769, address 0013.1a2c.2700

Designated port id is 128.2, designated path cost 19 Higher cost Timers: message age 2, forward delay 0, hold 0 Number of transitions to forwarding state: 2 Link type is point-to-point by default BPDU: sent 4, received 4921

On the blocking switch, force a path change by changing the cost…

S2(config)#interface fastEthernet 0/1 S2(config-if)#spanning-tree vlan 1 cost 100


Cis

co C

CN

A L

ab G

uid

e

Disconnect one of the cables going to your root bridge. Observe…

S2#ping Protocol [ip]: Target IP address: 192.168.1.5 Repeat count [5]: 20000 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 20000, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!. 01:52:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down 01:52:08: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down...............!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 99 percent (1840/1856), round-trip min/avg/max = 1/3/16 ms You can repeat the following command to see the various status of the interface: S2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 000a.4117.5300 Cost 38 Port 2 (FastEthernet0/2) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0015.2b1c.9a40 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 15 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/2 Root LIS 19 128.2 P2p … Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/2 Root LRN 19 128.2 P2p … Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/2 Root FWD 19 128.2 P2p


Cis

co C

CN

A L

ab G

uid

e

Force another switch to become your primary root bridge

S2(config)#spanning-tree vlan 1 root primary You can then perform a show spanning-tree command to view the changes.

Disable spanning tree on all switches and cause a broadcast storm

Repeat the following steps on all switches: S1(config)#no spanning-tree vlan 1 S1#show spanning-tree detail No spanning tree instance exists. To cause the broadcast storm, a simple ping can do… S1#ping 4.2.2.2 Then watch the port lights on your switch. They should start blinking non-stop. The CLI will probably be slower to respond while this is happening. To restore everything back to normal, repeat the following steps on all switches: S1(config)#spanning-tree vlan 1

Enable Rapid STP on all switches and verify STP summary

Repeat on all switches… S1(config)#spanning-tree mode rapid-pvst S1#show spanning-tree summary

Switch is in rapid-pvst mode Confirm Rapid PVST mode is enabled Root bridge for: VLAN0001 EtherChannel misconfig guard is enabled Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled UplinkFast is disabled BackboneFast is disabled Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0001 0 0 0 2 2 ---------------------- -------- --------- -------- ---------- ---------- 1 vlan 0 0 0 2 2


Cis

co C

CN

A L

ab G

uid

e

On the blocking switch, enable Spanning Tree events debugging and…

S2#debug spanning-tree events Spanning Tree event debugging is on S2(config)#interface fa0/1 S2(config-if)#shutdown 12:09:04: RSTP(1): updt roles, root port Fa0/1 is going down 12:09:04: RSTP(1): Fa0/2 is now root port 12:09:06: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down 12:09:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down S2(config-if)#no shutdown S2(config-if)# 12:09:20: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up S2(config-if)# 12:09:22: RSTP(1): initializing port Fa0/1 12:09:22: RSTP(1): Fa0/1 is now designated 12:09:22: RSTP(1): transmitting a proposal on Fa0/1 12:09:22: RSTP(1): updt roles, superior bpdu on Fa0/1 (synced=0) 12:09:22: RSTP(1): Fa0/1 is now root port 12:09:22: RSTP(1): Fa0/2 blocked by re-root 12:09:22: RSTP(1): Fa0/2 not in sync 12:09:22: RSTP(1): Fa0/2 is now alternate 12:09:22: RSTP(1): synced Fa0/1 12:09:22: RSTP(1): synced Fa0/1 12:09:22: RSTP(1): transmitting an agreement on Fa0/1 as a response to a proposal 12:09:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up S2#no debug spanning-tree events Spanning Tree event debugging is off


Cis

co C

CN

A L

ab G

uid

e

Lab 3 – VLAN Routing (Router on-a-stick) Material required: 1 switch, 1 router, 2 PC, 3 standard Ethernet cables.

Objectives

Configuring and understanding inter-VLAN routing.

Preparation

Disconnect all Ethernet cables from S1.

Connect R1 to port Fa0/1 on S1.

Connect PC1 to port Fa0/4 on S1.

Connect PC2 to port Fa0/5 on S1.

Configure R1 and S1 using the scripts in appendix 2.

Prepare two computers using the following configurations.

o Both: 100mbps/full duplex

o PC1: IP address: 10.1.0.5/24, Gateway: 10.1.0.1

PC2: IP address: 10.2.0.5/24, Gateway: 10.2.0.1

Tasks

On S1, perform the following tasks

o Create VLAN 10, with a description of “Students” and assign port Fa0/4 to it.

o Create VLAN 20, with a description of “Faculty” and assign port Fa0/5 to it.

o Configure port Fa0/1 to forward VLAN information to the router.

On R1, perform the following tasks

o Create a sub-interface named Fa0/0.10, that is part of VLAN 10.

o Set the sub-interface IP address to 10.1.0.1/24

o Create a sub-interface named Fa0/0.20, that is part of VLAN 20.

o Set the sub-interface IP address to 10.2.0.1/24

o Verify the VLAN configurations summary

o Enable RIPv2 as the routing protocol

o Enable the route

On either PC, test the connectivity using Ping and Tracert.


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

On S1, perform the following tasks…

S1(config)#vlan 10 S1(config-vlan)#name Students S1(config-vlan)#vlan 20 S1(config-vlan)#name Faculty S1(config-vlan)#exit S1(config)#interface fastEthernet 0/4 S1(config-if)#switchport access vlan 10 S1(config-if)#interface fastEthernet 0/5 S1(config-if)#switchport access vlan 20 S1(config-if)#exit S1(config)#interface fastEthernet 0/1 S1(config-if)#switchport mode trunk S1(config-if)#^Z S1#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24 10 Students active Fa0/4 20 Faculty active Fa0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

On R1, perform the following tasks

R1(config)#interface fastEthernet 0/0.10 R1(config-subif)#encapsulation dot1Q 10 R1(config-subif)#ip address 10.1.0.1 255.255.255.0 R1(config-subif)#interface fastEthernet 0/0.20 R1(config-subif)#encapsulation dot1Q 20 R1(config-subif)#ip address 10.2.0.1 255.255.255.0 R1#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 192.168.1.1 YES manual up up FastEthernet0/0.10 10.1.0.1 YES manual up up FastEthernet0/0.20 10.2.0.1 YES manual up up Serial0/0 unassigned YES unset administratively down down Serial0/1 unassigned YES unset administratively down down R1(config)#router rip R1(config-router)#version 2 R1(config-router)#network 10.0.0.0 R1(config-router)#^Z


Cis

co C

CN

A L

ab G

uid

e

R1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets C 10.2.0.0 is directly connected, FastEthernet0/0.20 C 10.1.0.0 is directly connected, FastEthernet0/0.10 C 192.168.1.0/24 is directly connected, FastEthernet0/0

You are now able to ping from any VLAN to any device on the network (VLAN1, 10 or 20).

From PC1 (VLAN 10) to PC2 (VLAN 20)

From PC1 (VLAN 10) to S1 (VLAN 1)


Cis

co C

CN

A L

ab G

uid

e

Lab 4 – Routing Protocols Material required: 3 switches, 3 routers, 3 DCE-DTE Smart Serial cables, 3 standard Ethernet cables.

OSPF

Objectives

This lab simulates the connection of three different sites with different subnets using OSPF.

Preparation

Connect the DCE end of each cable to the Serial0 interface, and the DTE end to Serial1 of the

neighbor router.

Connect a standard Ethernet cable from Ethernet0 on each router to Port Fa0/1 on each switch.

Configure the switches and routers using the scripts in Appendix 3.

Tasks

Complete the following table:

R1 Fa0/0

R2 Fa0/0

R3 Fa0/0

R1-R2 Serial Link

R2-R3 Serial Link

R3-R1 Serial Link

S1 VLAN1

S2 VLAN1

S3 VLAN1

Subnet 10.0.0.0 172.16.5.0 192.168.0.0 10.50.0.0 10.50.0.0 10.50.0.0 10.0.0.0 172.16.0.0 192.168.0.0

Number of hosts 450 75 35 2 2 2 - - -

Subnet Mask bits

IP Address

o Use the first address in each subnet for the router and the last for the switch.

o For the serial links, use the first subnet for R1-R2, the 2nd for R2-R3 and the 3rd for R3-R1.

Configure the addresses on all interfaces and enable all links, set the clock rates to 64000.

Verify all links to ensure connectivity between all components.

Enable OSPF routing using the router number as process ID and enable all routes (summarize if

possible).

From each router, ping all VLAN interface IPs to verify connectivity.

Display the protocol information on R3 to confirm published routes and routing protocol used.

Display the routing table for R2.

Display the OSPF neighbor list on R2.

Display the OSPF database on R2.


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

Complete the following table…

R1 Fa0/0

R2 Fa0/0

R3 Fa0/0

R1-R2 Serial Link

R2-R3 Serial Link

R3-R1 Serial Link

S1 VLAN1

S2 VLAN1

S3 VLAN1

Subnet 10.0.0.0 172.16.5.0 192.168.0.0 10.50.0.0 10.50.0.0 10.50.0.0 10.0.0.0 172.16.0.0 192.168.0.0

Number of hosts 450 75 35 2 2 2 - - -

Subnet Mask bits 23 25 26 30 30 30 23 25 26

IP Address 10.0.0.1 172.16.5.1 192.168.0.1 10.50.0.1 10.50.0.2

10.50.0.5 10.50.0.6

10.50.0.9 10.50.0.10

10.0.1.254 172.16.5.126 192.168.0.62

Configure the addresses on all interfaces and enable all links

S1(config)#interface vlan 1 S1(config-if)#ip address 10.0.1.254 255.255.254.0 S1(config-if)#no shutdown S1(config-if)#exit S1(config)#ip default-gateway 10.0.0.1 S2(config)#interface vlan 1 S2(config-if)#ip address 172.16.5.126 255.255.255.128 S2(config-if)#no shutdown S2(config-if)#exit S2(config)#ip default-gateway 172.16.5.1 S3(config)#interface vlan 1 S3(config-if)#ip address 192.168.0.62 255.255.255.192 S3(config-if)#no shutdown S3(config-if)#exit S3(config)#ip default-gateway 192.168.0.1 R1(config)#interface fastEthernet 0/0 R1(config-if)#ip address 10.0.0.1 255.255.254.0 R1(config-if)#no shutdown R2(config)#interface fastEthernet 0/0 R2(config-if)#ip address 172.16.5.1 255.255.255.128 R2(config-if)#no shutdown R3(config)#interface fastEthernet 0/0 R3(config-if)#ip address 192.168.0.1 255.255.255.192 R3(config-if)#no shutdown R1(config)#interface serial 0/0 R1(config-if)#ip address 10.50.0.1 255.255.255.252 R1(config-if)#clock rate 64000 R1(config-if)#no shutdown R1(config-if)#interface serial 0/1 R1(config-if)#ip address 10.50.0.10 255.255.255.252 R1(config-if)#no shutdown R2(config)#interface serial 0/0 R2(config-if)#ip address 10.50.0.5 255.255.255.252 R2(config-if)#clock rate 64000 R2(config-if)#no shutdown R2(config-if)#interface serial 0/1 R2(config-if)#ip address 10.50.0.2 255.255.255.252 R2(config-if)#no shutdown R3(config)#interface serial 0/0 R3(config-if)#ip address 10.50.0.9 255.255.255.252 R3(config-if)#clock rate 64000


Cis

co C

CN

A L

ab G

uid

e

R3(config-if)#no shutdown R3(config-if)#interface serial 0/1 R3(config-if)#ip address 10.50.0.6 255.255.255.252 R3(config-if)#no shutdown

Verify all links to ensure connectivity between all components

To do so, you can either ping from each end, or use CDP to ensure devices are seen.

R3#ping 192.168.0.62 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.62, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID R2.subnet192.com Ser 0/0 151 R S I Cisco 2620Ser 0/1 R3.subnet192.com Ser 0/1 132 R S I Cisco 2620Ser 0/0 S1.subnet192.com Fas 0/0 127 S I WS-C2950-2Fas 0/1

Enable OSPF routing using the router number as process ID and enable all routes…

R1(config-router)#router ospf 0 R1(config-router)#network 10.0.0.0 0.255.255.255 area 0 R2(config-router)#network 10.50.0.0 0.0.255.255 area 0 R2(config-router)#network 172.16.0.0 0.0.255.255 area 0 R3(config-router)#network 10.50.0.0 0.0.255.255 area 0 R3(config-router)#network 192.168.0.0 0.0.255.255 area 0

From each router, ping all VLAN interface IPs to verify connectivity

From each router, ping the 3 IP addresses that were configured on the switches. Successful pings will

confirm that all sub networks are accessible from everywhere.

R3#ping 192.168.0.62 … R3#ping 10.0.1.254 … R3#ping 172.16.5.126 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.5.126, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms


Cis

co C

CN

A L

ab G

uid

e

Display the protocol information on R3 to confirm published routes…

R3#show ip protocols Routing Protocol is "ospf 3" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 192.168.0.1 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 10.50.0.0 0.0.255.255 area 0 192.168.0.0 0.0.255.255 area 0 Reference bandwidth unit is 100 mbps Routing Information Sources: Gateway Distance Last Update 10.50.0.10 110 00:07:43 172.16.5.1 110 00:07:43 Distance: (default is 110)

Display the routing table on R2

R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/25 is subnetted, 1 subnets C 172.16.5.0 is directly connected, FastEthernet0/0 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

O 10.0.0.0/23 [110/65] via 10.50.0.1, 00:10:25, Serial0/1 OSPF learned route

O 10.50.0.8/30 [110/128] via 10.50.0.6, 00:10:25, Serial0/0 OSPF learned route [110/128] via 10.50.0.1, 00:10:25, Serial0/1 C 10.50.0.0/30 is directly connected, Serial0/1 C 10.50.0.4/30 is directly connected, Serial0/0 192.168.0.0/26 is subnetted, 1 subnets

O 192.168.0.0 [110/65] via 10.50.0.6, 00:10:26, Serial0/0 OSPF learned route

Display the OSPF neighbor list on R2

R2#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.50.0.10 0 FULL/ - 00:00:34 10.50.0.1 Serial0/1 192.168.0.1 0 FULL/ - 00:00:35 10.50.0.6 Serial0/0

Display the OSPF database on R2

R2#show ip ospf database OSPF Router with ID (172.16.5.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.50.0.10 10.50.0.10 77 0x80000001 0x00F241 5 172.16.5.1 172.16.5.1 76 0x80000003 0x0087FC 5 192.168.0.1 192.168.0.1 77 0x80000005 0x001FC3 5


Cis

co C

CN

A L

ab G

uid

e

EIGRP

Objectives

This lab simulates the connection of three different sites with different subnets using EIGRP.

Preparation

The topology configured for the OSPF section will be used. No changes required.

Tasks

Disable OSPF on all routers.

Enable EIGRP using ASN 1.

Enable all routes.

Display the routing table on R2.

Display the protocol information on R3.

Display the neighbors list on R2.

From each router, ping all VLAN interface IPs to verify connectivity.


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

Disable OSPF on all routers

R1(config)#no router ospf 1 R2(config)#no router ospf 2 R3(config)#no router ospf 3

Enable EIGRP using ASN 1

R1(config)#router eigrp 1 R2(config)#router eigrp 1 R3(config)#router eigrp 1

Enable all routes

R1(config-router)#network 10.50.0.0 R2(config-router)#network 10.50.0.0 R2(config-router)#network 172.16.0.0 R3(config-router)#network 10.50.0.0 R3(config-router)#network 192.168.0.0


R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.5.0/25 is directly connected, FastEthernet0/0

D 172.16.0.0/16 is a summary, 00:00:42, Null0 EIGRP learned route 10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks

D 10.0.0.0/23 [90/2172416] via 10.50.0.1, 00:00:40, Serial0/1 EIGRP learned route

D 10.0.0.0/8 is a summary, 00:00:42, Null0 Auto summarized route

D 10.50.0.8/30 [90/2681856] via 10.50.0.6, 00:00:40, Serial0/0 EIGRP learned route [90/2681856] via 10.50.0.1, 00:00:40, Serial0/1 C 10.50.0.0/30 is directly connected, Serial0/1 C 10.50.0.4/30 is directly connected, Serial0/0

D 192.168.0.0/24 [90/2172416] via 10.50.0.6, 00:00:41, Serial0/0 EIGRP learned route


Cis

co C

CN

A L

ab G

uid

e

Display the protocol information on R3

R3#show ip protocols Routing Protocol is "eigrp 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0 EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 1 EIGRP NSF-aware route hold timer is 240s Automatic network summarization is in effect Automatic address summarization: 192.168.0.0/24 for Serial0/0, Serial0/1 Summarizing with metric 28160 10.0.0.0/8 for FastEthernet0/0 Summarizing with metric 2169856 Maximum path: 4 Routing for Networks: 10.0.0.0 192.168.0.0 Routing Information Sources: Gateway Distance Last Update (this router) 90 00:29:36 Gateway Distance Last Update 10.50.0.10 90 00:01:40 10.50.0.5 90 00:01:40 Distance: internal 90 external 170

Display the neighbors list on R2

R2#show ip eigrp neighbors IP-EIGRP neighbors for process 1 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 1 10.50.0.1 Se0/1 14 00:00:24 26 200 0 5 0 10.50.0.6 Se0/0 12 00:00:35 25 200 0 9

From each router, ping all VLAN interface IPs to verify connectivity

From each router, ping the 3 IP addresses that were configured on the switches. Successful pings will

confirm that all sub networks are accessible from everywhere.

R3#ping 192.168.0.62 … R3#ping 10.0.1.254 … R3#ping 172.16.5.126 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.5.126, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms


Cis

co C

CN

A L

ab G

uid

e

Lab 5 – WAN Material required: 4 routers, 2 switches, 1 PC, 3 DCE-DTE Serial to Smart Serial cables, 4 standard

Ethernet cables.

Ethernet R1 R2 R3 PC S1 S2

Local IP Addresses

10.1.0.1/24 10.2.0.1/24 5.1.1.1/24 10.1.0.5/24 10.1.0.2/24 10.2.0.2/24

WAN IP Addresses

10.100.0.2 10.200.0.2 10.100.0.1 10.200.0.1

- - -

Configuring a hub and spoke topology using Frame Relay

Objectives

Configuring and understanding frame relay topologies. This is a hub and spoke topology, where R3 is the

hub (head office) and R1/R2 are spoke routers (branch offices).

Preparation

R4 requires the installation of an NM4/S or equivalent serial interface.

NOTE: In my hardware recommendations at the beginning of the document, I recommend 3

routers only, which is enough for the certification. In my case, I went with 4, the fourth being

a 2610 which I used in this lab as the Frame Relay switch (R4). If you do not have a fourth

router, simply remove R2 and S2 from the topology.

Connect the Serial to Smart Serial cables from R4 Serial 0, 1 and 2 to Smart Serial 0/0 of routers

R1, R2 and R3.

Connect a standard Ethernet cable from FastEthernet0 on R1 and R2 to Port Fa0/1 on each

switch.

If available, connect your internet link to the FastEthernet0 port on R3.

Configure the switches and routers using the scripts in Appendix 4.


Cis

co C

CN

A L

ab G

uid

e

Tasks

First we will configure the Frame Relay switch (FRSwitch).

o Enable Frame Relay switching.

o Configure the serial interfaces.

Enable encapsulation.

Configure the port as a DCE.

Configure the DLCI routes using the following table

R3 uses DLCI 301 to reach R1 and 302 to reach R2.

R1 uses DLCI 123 to reach R2 and R3.

R2 uses DLCI 213 to reach R1 and R3.

Configure the hub router, using a point-to-point configuration.

Configure the spoke routers.

Display the Serial 0/0 interface information on R1.

Display the frame relay DLCI to Serial interface mappings on R1.

Display the LMI status information on R1.

Verify connectivity from the hub to the spokes.

Display the frame relay routes on FRSwitch.

Display the PVC statistics on FRSwitch.

Enable EIGRP routing on all routers.

Display the routing table on R1.

Verify connectivity from S1 to all IP addresses on the network.


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

Enable Frame Relay switching

FRSwitch(config)#frame-relay switching

Configure the serial interfaces

Link to R1 (Spoke)

FRSwitch(config)#interface serial 1/0 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)#clock rate 56000 FRSwitch(config-if)#frame-relay route 123 interface serial 1/2 301 FRSwitch(config-if)#no shutdown

Link to R2 (Spoke)

FRSwitch(config)#interface serial 1/1 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)#clock rate 56000 FRSwitch(config-if)#frame-relay route 213 interface serial 1/2 302 FRSwitch(config-if)#no shutdown

Link to R3 (Hub)

FRSwitch(config)#interface serial 1/2 FRSwitch(config-if)#encapsulation frame-relay FRSwitch(config-if)#frame-relay intf-type dce FRSwitch(config-if)#clock rate 56000 FRSwitch(config-if)#frame-relay route 301 interface serial 1/0 123 FRSwitch(config-if)#frame-relay route 302 interface serial 1/1 213 FRSwitch(config-if)#no shutdown FRSwitch(config-if)#^Z

Configure the hub router

R3(config)#interface serial 0/0 R3(config)#no shutdown R3(config-if)#encapsulation frame-relay R3(config-if)#interface serial 0/0.1 point-to-point R3(config-if)#no shutdown R3(config-subif)#ip address 10.100.0.1 255.255.255.0 R3(config-subif)#frame-relay interface-dlci 301 R3(config-fr-dlci)#exit R3(config-if)#interface serial 0/0.2 point-to-point R3(config-if)#no shutdown R3(config-subif)#ip address 10.200.0.1 255.255.255.0 R3(config-subif)#frame-relay interface-dlci 302 R3(config-fr-dlci)#^Z


Cis

co C

CN

A L

ab G

uid

e

Configure the spoke routers

R1(config)#interface serial 0/0 R1(config-if)#encapsultion frame-relay R1(config-if)#ip address 10.100.0.2 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#frame-relay interface-dlci 123 R1(config-fr-dlci)#^Z R2(config)#interface serial 0/0 R2(config-if)#encapsultion frame-relay R2(config-if)#ip address 10.200.0.2 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#frame-relay interface-dlci 213 R2(config-fr-dlci)#^Z

Display the Serial 0/0 information on R1

R1#show interfaces serial 0/0 Serial0/0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 10.100.0.2/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255

Encapsulation FRAME-RELAY, loopback not set Frame Relay encapsulation Keepalive set (10 sec) LMI enq sent 317, LMI stat recvd 318, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0

LMI DLCI 1023 LMI type is CISCO frame relay DTE LMI DLCI and type, DCE/DTE status Broadcast queue 0/64, broadcasts sent/dropped 27/0, interface broadcasts 13 Last input 00:00:00, output 00:00:06, output hang never Last clearing of "show interface" counters 00:53:16 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/1/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 1158 kilobits/sec 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 557 packets input, 37126 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 397 packets output, 10653 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up

Display the frame relay DLCI to Serial interface mappings on R1

R1#show frame-relay map

Serial0/0 (up): ip 0.0.0.0 dlci 123(0x7B,0x1CB0) DLCI for this Serial interface broadcast, CISCO, status defined, active Serial0/0 (up): ip 10.100.0.1 dlci 123(0x7B,0x1CB0), dynamic, broadcast,, status defined, active


Cis

co C

CN

A L

ab G

uid

e

Display the LMI status information on R1

R1#show frame-relay lmi LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = CISCO Invalid Unnumbered info 0 Invalid Prot Disc 0 Invalid dummy Call Ref 0 Invalid Msg Type 0 Invalid Status Message 0 Invalid Lock Shift 0 Invalid Information ID 0 Invalid Report IE Len 0 Invalid Report Request 0 Invalid Keep IE Len 0 Num Status Enq. Sent 405 Num Status msgs Rcvd 406 Num Update Status Rcvd 0 Num Status Timeouts 0

Verify connectivity from the hub to the spokes

R3#ping 10.100.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.100.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms R3#ping 10.200.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms

Display the frame relay routes on FRSwitch

FRSwitch#show frame-relay route Input Intf Input Dlci Output Intf Output Dlci Status Serial1/0 123 Serial1/2 301 active Serial1/1 213 Serial1/2 302 active Serial1/2 301 Serial1/0 123 active Serial1/2 302 Serial1/1 213 active

Display the PVC statistics on FRSwitch

FRSwitch#show frame-relay pvc PVC Statistics for interface Serial1/0 (Frame Relay DCE) Active Inactive Deleted Static Local 0 0 0 0 Switched 1 0 0 0 Unused 0 0 0 0 DLCI = 123, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial1/0 input pkts 21 output pkts 59 in bytes 2114 out bytes 15648 dropped pkts 1 in FECN pkts 0 in BECN pkts 0 out FECN pkts 0 out BECN pkts 0 in DE pkts 0 out DE pkts 0 out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 21 pvc create time 01:05:51, last time pvc status changed 00:36:57 …


Cis

co C

CN

A L

ab G

uid

e

Enable EIGRP on all routers

R1(config)#router eigrp 1 R1(config-router)#network 10.0.0.0 R2(config)#router eigrp 1 R2(config-router)#network 10.0.0.0 R3(config)#router eigrp 1 R3(config-router)#network 10.0.0.0


R1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks D 10.2.0.0/24 [90/2684416] via 10.100.0.1, 00:16:58, Serial0/0 C 10.1.0.0/24 is directly connected, FastEthernet0/0 C 10.100.0.0/24 is directly connected, Serial0/0 D 10.200.0.0/24 [90/2681856] via 10.100.0.1, 00:16:58, Serial0/0

Verify connectivity from S1 to all IP addresses on the network

S1#ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms S1#ping 10.200.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/68/72 ms S1#ping 10.200.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 128/129/132 ms And so on…


Cis

co C

CN

A L

ab G

uid

e

Lab 6 – Access Lists

Objectives

Configuring and understanding access lists and their various applications.

Preparation

This lab uses the WAN topology from Lab 5.

Tasks

Configure and apply the following access lists at the appropriate location, then test the configuration.

Standard Access Lists (use the first access list number available)

Prevent only the PC from accessing the network where S2 is located. Allow access everywhere

else.

o Verify the access lists to see if they were the ones preventing access.

Allow only S2 to telnet into R1.

Extended Access Lists (use the first access list number available)

Prevent pings to the FastEthernet interface 0/0 on R3 from the PC.

Named Access Lists

Prevent the PC’s subnet from reaching the web management page on R2. Allow all other traffic.

Add a new rule to also prevent the PC exclusively from using telnet outside its subnet.

Review the running configuration to see the configured access lists on R1.


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

Standard Access Lists

Prevent only the PC from accessing the network where S2 is located. Allow access

everywhere else.

R2#configure terminal R2(config)#access-list 1 deny host 10.1.0.5 R2(config)#access-list 1 permit any R2(config)#interface fastEthernet 0/0 R2(config)#ip access-group 1 out

Standard access lists should be applied closest to the destination, thus the outbound port of the router

connected to the subnet to block.

Test from the PC.

C:\>ping 10.2.0.2 Pinging 10.2.0.2 with 32 bytes of data: Reply from 10.200.0.2: Destination net unreachable. Reply from 10.200.0.2: Destination net unreachable. Reply from 10.200.0.2: Destination net unreachable. Reply from 10.200.0.2: Destination net unreachable. Ping statistics for 10.2.0.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), C:\>

Verify if the access lists were the ones preventing access.

R2#show access-lists Standard IP access list 1

10 deny 10.1.0.5 (8 matches) shows that this rule was “hit” 8 times.

10 permit any (5 matches) shows that this rule was “hit” 5 times.

Allow only S2 to telnet into R1.

R1#configure terminal R1(config)#access-list 1 permit 10.2.0.2 R1(config)#line vty 0 4 R1(config-line)#access-class 1 in R1(config-line)#^Z


Cis

co C

CN

A L

ab G

uid

e

Test using telnet from any device (except S2).

The remote system refused the connection.

Test using telnet from S2.

S2#telnet 10.1.0.1 Trying 10.1.0.1 ... Open User Access Verification Password:

Extended Access Lists

Prevent pings to the FastEthernet interface 0/0 on R3 from the PC.

R1#configure terminal R1(config)#access-list 100 deny icmp host 10.1.0.5 host 5.1.1.1 echo R1(config)#access-list 100 permit ip any any R1(config)#interface fastethernet 0/0 R1(config-if)#ip access-group 100 in R1(config-if)#^Z

Extended access lists should be applied closest to the source, thus the inbound port of the router

connected to the subnet to block.

Test from the PC

C:\>ping 5.1.1.1 Pinging 5.1.1.1 with 32 bytes of data: Reply from 10.1.0.1: Destination net unreachable. Reply from 10.1.0.1: Destination net unreachable. Reply from 10.1.0.1: Destination net unreachable. Reply from 10.1.0.1: Destination net unreachable. Ping statistics for 5.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), C:\>

Verify if the access lists were the ones preventing access.

R1#show access-lists Standard IP access list 1

10 permit 10.2.0.2 (8 matches) Standard access list is still present Extended IP access list 100

10 deny icmp host 10.1.0.5 host 5.1.1.1 echo (8 matches) New rule blocking pings 20 permit ip any any


Cis

co C

CN

A L

ab G

uid

e

Named Access Lists

Prevent the PC’s subnet from reaching the web management page on R2. Allow

all other traffic.

R1#configure terminal R1(config)#ip access-list extended NOWEB R1(config-ext-nacl)#deny tcp any 10.2.0.1 0.0.0.0 eq 80 R1(config-ext-nacl)#permit ip any any R1(config-ext-nacl)#interface fastethernet 0/0 R1(config-if)#ip access-group NOWEB in R1(config-if)#^Z

You can test by opening a web browser on the PC and trying to access http://10.2.0.1

Add a new rule to also prevent the PC exclusively from using telnet outside its

subnet.

R1(config)#ip access-list extended NOWEB R1(config-ext-nacl)#15 deny tcp 10.1.0.5 0.0.0.0 any eq 23 R1(config-ext-nacl)#^Z R1#show access-lists Standard IP access list 1 10 permit 10.2.0.2 (8 matches) Extended IP access list 100 10 deny icmp host 10.1.0.5 host 5.1.1.1 echo (8 matches) 20 permit ip any any Extended IP access list NOWEB 10 deny tcp any host 10.2.0.1 eq www 15 deny tcp host 10.1.0.5 any eq telnet 20 permit ip any any R1#show running-config Building configuration... <OUTPUT EDITED> Current configuration : 1385 bytes ! version 12.4 ! hostname R1 ! ip http server no ip http secure-server ! ip access-list extended NOWEB deny tcp any host 10.2.0.1 eq www deny tcp host 10.1.0.5 any eq telnet permit ip any any access-list 1 permit 10.2.0.2 access-list 100 deny icmp host 10.1.0.5 host 5.1.1.1 echo access-list 100 permit ip any any

http://10.2.0.1/


Cis

co C

CN

A L

ab G

uid

e

Lab 7 – Network Address Translation (NAT/PAT) Material required: 2 routers, 1 switch, 1 PC, 1 DCE-DTE Serial to Smart Serial cables, 2 standard Ethernet

cables.

Objectives

Understanding network/port address translation.

Preparation

Connect the DCE end of each cable to the Serial0 interface, and the DTE end to Serial0 of the

neighbor router.

Connect a standard Ethernet cable from Ethernet0 on R1 to Port Fa0/1 on S1.

Connect a standard Ethernet cable from the PC’s Ethernet adapter to Port Fa0/2 on S1.

Configure the switch and router using the scripts in Appendix 5.

Tasks

You have been assigned 6 public addresses in the 24.101.12.8/29 subnet.

o Configure Network Address Translation to allow up to 6 connections to the internet.

o Test by pinging 172.16.1.1 from the PC

o Test by pinging 172.16.1.1 from S1

o Review the translation table on R1

You have been assigned the single public address 200.1.1.18/30 (configured on R1 S0/0).

o Remove the commands from NAT that shouldn’t be there.

o Configure Port Address Translation to share the single IP address.

o Test by pinging 172.16.1.1 from the PC

o Test by pinging 172.16.1.1 from S1

o Review the translation table on R1


Cis

co C

CN

A L

ab G

uid

e

Walkthrough

Configure NAT to allow up to 6 connections to the internet.

R1#configure terminal R1(config)#ip nat pool PUBLIC-ACCESS 24.101.12.9 24.101.12.14 netmask 255.255.255.248 R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255 R1(config)#ip nat inside source list 1 pool PUBLIC-ACCESS R1(config)#interface fastEthernet 0/0 R1(config)#ip nat inside R1(config)#interface serial 0/0 R1(config)#ip nat outside

Review the translation table on R1

R1#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 24.101.12.9:26 192.168.0.100:26 172.16.1.1:26 172.16.1.1:26 icmp 24.101.12.9:27 192.168.0.100:27 172.16.1.1:27 172.16.1.1:27 icmp 24.101.12.9:28 192.168.0.100:28 172.16.1.1:28 172.16.1.1:28 icmp 24.101.12.9:29 192.168.0.100:29 172.16.1.1:29 172.16.1.1:29 icmp 24.101.12.10:12 192.168.0.2:12 172.16.1.1:12 172.16.1.1:12 icmp 24.101.12.10:13 192.168.0.2:13 172.16.1.1:13 172.16.1.1:13 icmp 24.101.12.10:14 192.168.0.2:14 172.16.1.1:14 172.16.1.1:14 icmp 24.101.12.10:15 192.168.0.2:15 172.16.1.1:15 172.16.1.1:15

One mapping to one device (up to 6 devices).

Remove the commands from NAT that shouldn’t be there.

R1#configure terminal R1(config)#no ip nat inside source list 1 pool PUBLIC-ACCESS R1(config)#no ip nat pool PUBLIC-ACCESS 24.101.12.9 24.101.12.14 netmask 255.255.255.248

Configure PAT to share the single IP address.

R1(config)#access-list 1 permit 192.168.0.0 0.0.0.255 R1(config)#ip nat inside source list 1 interface serial 0/0 overload R1(config)#interface fastEthernet 0/0 R1(config)#ip nat inside R1(config)#interface serial 0/0 R1(config)#ip nat outside

Review the translation table on R1

R1#show ip nat translations Pro Inside global Inside local Outside local Outside global icmp 200.1.1.18:34 192.168.0.100:34 172.16.1.1:34 172.16.1.1:34 icmp 200.1.1.18:35 192.168.0.100:35 172.16.1.1:35 172.16.1.1:35 icmp 200.1.1.18:36 192.168.0.100:36 172.16.1.1:36 172.16.1.1:36 icmp 200.1.1.18:37 192.168.0.100:37 172.16.1.1:37 172.16.1.1:37 icmp 200.1.1.18:26 192.168.0.2:26 172.16.1.1:26 172.16.1.1:26 icmp 200.1.1.18:27 192.168.0.2:27 172.16.1.1:27 172.16.1.1:27 icmp 200.1.1.18:28 192.168.0.2:28 172.16.1.1:28 172.16.1.1:28 icmp 200.1.1.18:29 192.168.0.2:29 172.16.1.1:29 172.16.1.1:29 icmp 200.1.1.18:30 192.168.0.2:30 172.16.1.1:30 172.16.1.1:30

One mapping to many devices using different ports.


Cis

co C

CN

A L

ab G

uid

e

Appendix 1

Lab 1 Switch configurations Using a rollover cable, connect to the console port and perform a factory default reset on all switches.

Disconnect all Ethernet cables until all resets have been completed to prevent propagation of certain

parameters.

Switch>enable Switch#write erase Switch#delete flash:vlan.dat Switch#reload

Paste the following script in the CLI on each switch to configure it. Edit to fit your specifications (# of

ports etc.)

Switch 1 (S1) Switch 2 (S2) Switch 3 (S3) enable configure terminal hostname S1 service password-encryption alias exec save copy run start ip default-gateway 192.168.1.1 enable secret ciscosecret ip domain-name subnet192.com interface range fa0/1 - 24 speed 100 duplex full exit interface vlan 1 ip address 192.168.1.5 255.255.255.0 no shutdown exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname S2 service password-encryption alias exec save copy run start ip default-gateway 192.168.1.1 enable secret ciscosecret ip domain-name subnet192.com interface range fa0/1 - 12 speed 100 duplex full exit interface vlan 1 ip address 192.168.1.6 255.255.255.0 no shutdown exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>



Cis

co C

CN

A L

ab G

uid

e

Appendix 2

Lab 3 Router and switch configurations Using a rollover cable, connect to the console port and perform a factory default reset on each device.

Router>enable Router#write erase Router#reload Switch>enable Switch#write erase Switch#delete flash:vlan.dat Switch#reload

Paste the following scripts in the CLI on the router and switch to reconfigure them.

Router 1 (R1) Switch 1 (S1) enable configure terminal hostname R1 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 ip address 192.168.1.1 255.255.255.0 speed 100 duplex full no shutdown exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>



Cis

co C

CN

A L

ab G

uid

e

Appendix 3

Lab 4 Device configurations Using a rollover cable, connect to the console port and perform a factory default reset on each device.



Switch 1 (S1) Switch 2 (S2) Switch 3 (S3) enable configure terminal hostname S1 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface range fa0/1 - 24 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname S2 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface range fa0/1 - 12 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname S3 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface range fa0/1 - 24 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

Router 1 (R1) Router 2 (R2) Router 3 (R3) enable configure terminal hostname R1 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname R2 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname R3 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>


Cis

co C

CN

A L

ab G

uid

e

Appendix 4

Lab 5 Device configurations Using a rollover cable, connect to the console port and perform a factory default reset on each device.



Switch 1 (S1) Switch 2 (S2) Router 4 (FRSwitch) enable configure terminal hostname S1 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com ip default-gateway 10.1.0.1 interface vlan 1 ip address 10.1.0.2 255.255.255.0 no shutdown interface range fa0/1 - 24 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname S2 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com ip default-gateway 10.2.0.1 interface vlan 1 ip address 10.2.0.2 255.255.255.0 no shutdown interface range fa0/1 - 12 speed 100 duplex full exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

Enable configure terminal hostname FRSwitch service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet end save <press enter to save>

Router 1 (R1) Router 2 (R2) Router 3 (R3) enable configure terminal hostname R1 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 ip address 10.1.0.1 255.255.255.0 speed 100 duplex full no shutdown exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname R2 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 ip address 10.2.0.1 255.255.255.0 speed 100 duplex full no shutdown exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname R3 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 ip address 5.1.1.1 255.255.255.0 speed 100 duplex full no shutdown exit line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>


Cis

co C

CN

A L

ab G

uid

e

Appendix 5

Lab 7 Routers and switch configurations Using a rollover cable, connect to the console port and perform a factory default reset on each device.



Router 1 (R1) Router 2 (ISP) Switch 1 (S1) Enable configure terminal hostname R1 service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name subnet192.com interface fa0/0 ip address 192.168.0.1 255.255.255.0 speed 100 duplex full no shutdown interface s0/0 ip address 200.1.1.18 255.255.255.252 clock rate 64000 no shutdown exit ip route 0.0.0.0 0.0.0.0 200.1.1.17 line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>

enable configure terminal hostname ISP service password-encryption alias exec save copy run start enable secret ciscosecret ip domain-name internet.com interface s0/0 ip address 200.1.1.17 255.255.255.252 clock rate 64000 no shutdown interface loopback 1 ip address 172.16.1.1 255.255.255.255 exit ip route 24.101.12.8 255.255.255.248 200.1.1.18 line con 0 no exec-timeout password cisco logging synchronous line vty 0 4 no exec-timeout password remote login transport input telnet line vty 5 15 no exec-timeout password remote transport input telnet end save <press enter to save>


PC

IP: 192.168.0.100 Mask: 255.255.255.0 Gateway: 192.168.0.1 Speed : 100 Duplex: Full


Cis

co C

CN

A L

ab G

uid

e

References & Resources Cisco official certification information

http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html

The Cisco Learning Network

https://learningnetwork.cisco.com/index.jspa?ciscoHome=true

Cisco Feature Navigator

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Wendell Odom’s CertSkills

http://www.certskills.com/

Software

Dynagen/Dynamips Cisco emulator

http://dynagen.org/

Tera Term terminal emulator

http://en.sourceforge.jp/projects/ttssh2/

TFTPD32 TFTP server

http://tftpd32.jounin.net/

Special thanks… To my wife Luz and my son Ian, for understanding my passion for technology; and to all of you who went

through this whole guide and thought…

“Wow! What a great guide, I can pass this exam easily now! This guy rocks!”

… and then went to Paypal and sent in a donation to [email protected] to thank me for all my hard

work.

Good luck with the exam!

Marc Bouchard http://www.subnet192.com

http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html

https://learningnetwork.cisco.com/index.jspa?ciscoHome=true

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

http://www.certskills.com/

http://dynagen.org/

http://en.sourceforge.jp/projects/ttssh2/

http://tftpd32.jounin.net/

mailto:[email protected]

http://www.subnet192.com/

Cisco ICND2 Lab Guide v1.1

Documents

Transcript of Cisco ICND2 Lab Guide v1.1