ICND2 Exercise v1

download ICND2 Exercise v1

of 59

Transcript of ICND2 Exercise v1

  • 7/22/2019 ICND2 Exercise v1

    1/59

    Table of Contents

    Exercise 1-1: Configuring RIPv2 1

    Exercise 2-1: Spanning-Tree Protocol 6

    Exercise 2-2: VLAN Trunking Protocol 9

    Exercise 2-3: Configuring Inter-VLAN Routing 13

    Exercise 3-1: Calculating VLSM Subnets 16

    Exercise 4-1: Configuring OSPF with MD5 Authentication 19

    Exercise 4-2: Electing DR and BDR 23

    Exercise 4-3: Tuning OSPF Routing Protocol 27

    Exercise 5-1: Load Balancing with EIGRP 31

    Exercise 6-1: Understanding Wildcard Mask 34

    Exercise 6-2: Configuring Standard ACL 37

    Exercise 6-3: Configuring Extended ACL 40

    Exercise 7-1: Configuring NAT 44

    Exercise 7-2: Configuring RIPng for IPv6 47

    Exercise 7-3: Configuring Manual IPv6 Tunnel 52

    Exercise 8-1: Configuring Back-to-Back Frame-Relay 54

    Exercise 8-2: Configuring Frame-Relay Switch 56

  • 7/22/2019 ICND2 Exercise v1

    2/59

    Exercise 1-1: Configuring RIPv2

    Objective

    Configure RIP v2 on routers.

    Use showcommands to verify RIP v2 operation.

    Use debugcommands to verify proper RIP operation and analyze data transmittedbetween routers.

    Use i p r out e 0. 0. 0. 0 0. 0. 0. 0command to add a default route to borderrouter and use def aul t - i nf or mat i on or i gi nat e command to advertise

    default route in autonomous system (RIP domain).

    PC

    R2R1

    172.16.0.0/16 172.17.0.0/16

    Internet

    .1.2

    200.20.2.0/24

    RIPv2

    .2.1 .1

    222.22.2.0/24

    Step 1: Configure all of three routers Internet, R1 and R2

    1. On the routers, configure the hostnames as well as the console, virtual terminal,and enable passwords. Next configure address interfaces, configure clock rate on

    the serial interfaces. Finally configure IP host names. Be sure to save the

    configurations just created.

    2. The configuration for the host connected to the router R2 is:

    IP Address 172.17.0.10 / 255.255.0.0

    Default gateway 172.17.0.1

    3. Check interfaces on all routers with the command show i p i nt er f ace br i ef.

    4. Check connectivity between the routers and the workstation and R2 using pi ng.

    Step 2: Configure the routing protocol

    1. From the global configuration mode in the router R1, enter the following:

    R1( conf i g) #r out er r i p

    R1( conf i g- r out er ) #ver si on 2

    R1( conf i g- r out er) #network 172. 16. 0. 0

    R1( conf i g- r out er) #end

    2. From the global configuration mode in the router R2, enter the following:

    R2( conf i g) #r out er r i p

    R2( conf i g- r out er ) #ver si on 2

    R2( conf i g- r out er) #network 172. 16. 0. 0

    R2( conf i g- r out er) #network 172. 17. 0. 0R2( conf i g- r out er) #end

    1 of 59

  • 7/22/2019 ICND2 Exercise v1

    3/59

    3. Prevent the R1 router from advertising its routes to the Internet router, enter thefollowing command in the router configuration mode:

    R1( conf i g- r out er ) #passi ve- i nt er f ace Fast Et her net 0/ 0

    To confirm this, use the debug i p ri p event s command on the R1 router.

    Verify from the output that the router is not sending updates out the interface to

    the Internet router.

    Disable the debug output with the no debug al l command.

    4. Ping all of the interfaces of the router R1 and R2 on the network from host

    Were all of the interfaces still able to be pinged? ___________________________

    If not, troubleshoot the network and ping again.

    Step 3: Change the network addressing scheme

    1. Show the routing tables on both routers again.

    What is the difference between RIP v2 and RIP v1? ________________________

    What must be done in order to see a difference between RIP v2 and RIP v1?

    __________________________________________________________________

    2. Change the Fast Ethernet IP subnet mask on the R2 router

    Change the subnet mask of FastEthernet 0/0 on router R2 from a default Class B

    mask (255.255.0.0) to a default Class C mask (255.255.255.0). Use the same IP

    address.

    R2( conf i g) # i nt er f ace Fast Et her net 0/ 0

    R2( conf i g- i f ) # i p addr ess 172. 17. 0. 1 255. 255. 255. 0

    R3( conf i g- i f ) # exi tShow the R1 routing table.

    Has the output changed with the addition of a subnetted IP address? ___________

    How has it changed? _________________________________________________

    Show the R2 routing table.

    Has the output changed with the addition of a subnetted IP address? ___________

    3. Change the addressing scheme of the network to a single Class B network with a255.255.255.0 (default Class C) mask.

    On the R1 router:

    R1( conf i g) # i nt er f ace ser i al 0/ 0

    R1( conf i g- i f ) # i p addr ess 172. 17. 1. 1 255. 255. 255. 252

    On the R2 router:

    R2( conf i g) # i nt er f ace ser i al 0/ 1

    R2( conf i g- i f ) # i p addr ess 172. 17. 1. 2 255. 255. 255. 252

    4. Show the routing table

    Show the R1 routing table.

    Has the output changed with the addition of subnetted IP addresses? ___________

    How has it changed? _________________________________________________

    Show the R2 routing table.

    2 of 59

  • 7/22/2019 ICND2 Exercise v1

    4/59

    Has the output changed with the addition of a subnetted IP address? ___________

    5. Change the host configuration to reflect the new IP addressing scheme of thenetwork:

    IP Address 172.17.0.10 / 255.255.255.0

    Default gateway 172.17.0.1

    6. Ping all of the interfaces on the network from each host

    Were all of the interfaces still able to be pinged? ___________________________

    If not, troubleshoot the network and ping again.

    Step 4: Configur ing default route and advertising default route

    1. Since Internet router is not getting routing updates, it does not have a route to theRIP domain. It needs to be provided with a static route.

    From the global configuration mode of Internet, enter:

    I nt er net ( conf i g) # i p r out e 172. 17. 0. 0 255. 255. 0. 0 200. 20. 2. 1Verify the static route is in the Internet routing table by issuing the show i p

    routecommand.

    There should be an output similar to the following:

    I nt ernet # show i p rout e

    C 200. 20. 2. 0/ 24 i s di r ect l y connect ed, Fast Et her net 0/ 0

    S 172. 17. 0. 0/ 16 [ 1/ 0] vi a 200. 20. 2. 1

    2. Because router R1 link RIP domain with the outside world, R1 should be

    configured with a default route therefore R1 can send packet to every Internetdestination. A default route is the route that data is sent out if the routing table

    does not have a specific route to use.

    From the global configuration mode of R1, enter:

    R1( conf i g) # i p r out e 0. 0. 0. 0 0. 0. 0. 0 200. 20. 2. 2

    Verify the default route is in the R1 routing table by issuing the show i p rout e

    command.

    From R1 privileged mode, try to ping Internets interface on the subnet 222.22.2.0

    If not, troubleshoot the network and ping again.

    3. Check connectivity from the workstations to the Internet using ping. From theworkstation attached to the R2, ping any interfaces on the Internet router.

    Was the ping successful? _____________________________________________

    Why did the ping fail? _______________________________________________

    4. Using the command show i p rout e, view the IP routing table for R2.

    R2#show i p rout e

    Gat eway of l ast r esor t i s not set

    172. 17. 0. 0 i s var i abl y subnet t ed, 2 subnet s, 2 masks

    C 172. 17. 0. 0/ 24 i s di r ect l y connect ed, Fast Et her net 0/ 0

    C 172. 17. 1. 0/ 30 i s di r ect l y connect ed, Ser i al 0/ 1

    Are all of the routes needed in the routing tables? __________________________

    3 of 59

  • 7/22/2019 ICND2 Exercise v1

    5/59

    Based on these output from the show i p rout e, can a host on network

    172.17.0.0 connect to a host on network 222.22.2.0? _______________________

    5. R2 needs to know a route to Internet. Use def aul t - i nf or mat i on ori gi nat ecommand on the router R1 to advertise default route into RIP domain.

    From the router configuration mode of R1, enter:

    R1( conf i g- r out er ) # def aul t - i nf or mat i on or i gi nat eVerify the default route is in the R2 routing table by issuing the show i p r out e

    command.

    There should be an output similar to the following:

    R2#show i p r out e

    Gat eway of l ast r esor t i s not set

    172. 17. 0. 0 i s var i abl y subnet t ed, 2 subnet s, 2 masks

    C 172. 17. 0. 0/ 24 i s di r ect l y connect ed, Fast Et her net 0/ 0

    C 172. 17. 1. 0/ 30 i s di r ect l y connect ed, Ser i al 0/ 1

    R* 0. 0. 0. 0/ 0 [ 120/ 1] vi a 172. 17. 1. 1, 00: 00: 21, Ser i al 0/ 1

    6. Check connectivity between the workstations and Internet router using pi ng.From the workstation attached to the router R2, ping interface at 222.22.2.0 subnet

    of the Internet router.

    C: \ >pi ng 222. 22. 2. 1

    Pi ngi ng 222. 22. 2. 1 wi t h 32 bytes of dat a:

    Repl y f r om 222. 22. 2. 1: bytes=32 t i me=32ms TTL=254

    Repl y f r om 222. 22. 2. 1: bytes=32 t i me=32ms TTL=254

    Repl y f r om 222. 22. 2. 1: bytes=32 t i me=32ms TTL=254

    Repl y f r om 222. 22. 2. 1: bytes=32 t i me=32ms TTL=254

    Pi ng st at i st i cs f or 222. 22. 2. 1: Packet s: Sent = 4, Recei ved= 4, Lost = 0 ( 0% l oss) , Appr oxi mat e r ound t r i p t i mes i nmi l l i - seconds: Mi ni mum = 32ms, Maxi mum = 32ms, Average =32ms

    If the ping was not successful, check routing table to make sure static routes are

    entered correctly.

    Step 5: Verifying RIP v2 Configuration

    1. Enter show i p r out econnected on the R1 router.

    What networks are displayed? _________________________________________

    What interface is directly connected? ____________________________________

    Enter show i p r out e ri p

    List the routes listed in the routing table? _________________________________

    What is the administrative distance? ____________________________________

    2. Enter show i p r out econnected on the R2 router.

    What networks are displayed? _________________________________________

    What interface is directly connected? ____________________________________Enter show i p r out e ri p

    List the routes listed in the routing table? _________________________________

    4 of 59

  • 7/22/2019 ICND2 Exercise v1

    6/59

    3. Enter show i p pr ot ocol on the R1 router.

    When will the routes be flushed? _______________________________________

    What is the default distance listed for RIP? _______________________________

    Step 6: Troubleshooting RIP v2 using debug

    1. Show the debug IP options

    At the privileged EXEC mode type debug i p ?

    Which routing protocols can use debugcommands?

    __________________________________________________________________

    At the privileged EXEC mode type debug i p r i p ?

    How many options are available for debug i p r i p ?_____________________

    2. Show the RIP routing updates

    From the enable privileged EXEC mode, examine the routing table entries usingcommand debug i p r i pcommand on each router.

    What are the three operations that take place listed in the rip debug statements?

    __________________________________________________________________

    3. Clear the routing table

    Instead of waiting for the routes to time out, type cl ear i p r out e * . Then type

    show i p rout e.

    When an RIP update is sent how many source addresses are used? ____________

    Why are multiple source addresses used? ________________________________

    What is the source address used? _______________________________________

    Why is this address used? _____________________________________________

    4. Start the debug RIP database function

    Start the RIP database debugging by typing debug i p r i p dat abase, then

    clear the routing table by typing cl ear i p r out e * .

    Are the old routes in the table deleted? __________________________________

    Are new routes added back into the table? ________________________________

    What does the last entry in the debug output say? __________________________

    Turn off debugging by typing either no debug i p r i por undebug al l .

    5. Use the debug events function to see routing updates

    Use the debug function to see routing updates by typing debug i p r i p event s

    in privileged EXEC mode on the R1 router.

    What interfaces are the routing updates sent on? ___________________________

    How many routes are in the routing updates being sent? _____________________

    5 of 59

  • 7/22/2019 ICND2 Exercise v1

    7/59

    Exercise 2-1: Spanning-Tree Protocol

    Objective

    Create a basic switch configuration and verify it.

    Determine which switch is selected as the root with the factory default settings. Force the other switch to be selected as the root switch.

    Observe the behavior of spanning-tree algorithm in presence of switched networktopology changes.

    PC2S1

    192.168.1.1/24

    PC1S2

    192.168.1.2/24 192.168.1.3/24 192.168.1.4/24

    Step 1: Configure switches and workstations

    1. Configure the hostname, access and command mode passwords, as well as themanagement LAN settings.

    Configure the host to use the same subnet for the address, mask, and default

    gateway as on the switch.

    To verify that the hosts and switches are correctly configured, ping the switches

    from the hosts.

    Were the pings successful? ____________________________________________

    If the answer is no, troubleshoot the hosts and switches configurations.2. Display and verify configuration

    Type show i nt erf ace vl an 1

    List some of the options available: _____________ ____________ ____________

    On switch S1 and S2, type the command show i nter f ace VLAN 1 at the

    Privileged EXEC mode prompt.

    What is the MAC address of the switch S1? ______________________________

    What is the MAC address of the switch S2? ______________________________

    Which switch should be the root of the spanning-tree for VLAN 1? ___________

    Step 2: Verify the spanning-tree information

    1. Display the spanning-tree table on each switch

    At the Privileged EXEC mode prompt on switches S1 and S2, type show

    spanni ng- t r ee br i ef if running version 12.0 of the IOS. If running version

    12.1 of the IOS, type show spanni ng- t r ee.

    2. Examine the output and answer the following questions.

    Which switch is the root switch? _______________________________________

    What is the priority of the root switch? __________________________________

    What is the bridge id of the root switch? _________________________________

    6 of 59

  • 7/22/2019 ICND2 Exercise v1

    8/59

    Which ports are forwarding on the root switch? ___________________________

    Which ports are blocking on the root switch? _____________________________

    What is the priority of the non-root switch? _______________________________

    What is the bridge id of the non-root switch? _____________________________

    Which ports are forwarding on the non-root switch? ________________________

    Which ports are blocking on the non-root switch? __________________________

    What is the status of the link light on the blocking port? _____________________

    Step 3: Reassign the root bridge

    It has been determined that the switch selected as the root bridge, by using default

    values, is not the best choice. It is necessary to force the other switch to become

    the root switch.

    For example the root switch by default is S1. Switch S2 is preferred as the root

    switch. Go to the console and enter configuration mode if necessary.

    1. Determine the parameters that can be configured for the Spanning-Tree Protocolby issuing the following:

    S2( conf i g) # spanni ng- t r ee ?

    List the options.

    ________________ ________________ ________________ ________________

    ________________ ________________ ________________ ________________

    Set the priority of the switch that is not root to 4096.

    S2( conf i g) # spanni ng- t r ee vl an 1 pr i ori t y 4096

    S2( conf i g) # exi t

    2. Display the switch spanning-tree table

    At the Privileged EXEC mode prompt on switches S1 and S2, type show

    spanni ng- t r ee br i ef if running version 12.0 of the IOS. If running version

    12.1 of the IOS, type show spanni ng- t r ee.

    3. Examine the output and answer the following questions.

    Which switch is the root switch? _______________________________________

    What is the priority of the root switch? __________________________________

    Which ports are forwarding on the root switch? ___________________________

    Which ports are blocking on the root switch? _____________________________

    What is the priority of the non-root switch? _______________________________

    Which ports are forwarding on the non-root switch? ________________________

    Which ports are blocking on the non-root switch? __________________________

    What is the status of the link light on the blocking port? _____________________

    4. Verify the running configuration file on the root switch

    On the switch that was changed to be the root bridge, type show r unni ng-

    conf i gat the Privileged EXEC mode prompt.

    Is there an entry in the running configuration file that specifies the spanning-tree

    priority of this router? ________________________________________________

    What does that entry say? _____________________________________________

    7 of 59

  • 7/22/2019 ICND2 Exercise v1

    9/59

    Step 4: Spanning-Tree Recalculation

    1. Remove the cable from the forwarding port on the non-root switch. For thisexample this is interface FastEthernet 0/1 on switch S2.

    Wait for at least two minutes.

    What has happened to the switch port LEDs? _____________________________

    Look at the spanning-tree table on each switch

    At the Privileged EXEC mode prompt on switches S1 and S2, type show

    spanni ng- t r ee br i ef if running version 12.0 of the IOS. If running version

    12.1 of the IOS, type show spanni ng- t r ee.

    What changes have taken place in the command output?

    On switch S1? ______________________________________________________

    On switch S2? ______________________________________________________

    2. Replace the cable in the port that it was removed from. For this example this isinterface FastEthernet 0/1 on switch S2.

    Wait for at least two minutes.

    What has happened to the switch port LEDs? _____________________________

    Look at the spanning-tree table on each switch

    At the Privileged EXEC mode prompt on switches S1 and S2, type show

    spanni ng- t r ee br i ef if running version 12.0 of the IOS. If running version

    12.1 of the IOS, type show spanni ng- t r ee.

    What changes have taken place in the command output?

    On switch S1? ______________________________________________________

    On switch S2? ______________________________________________________

    8 of 59

  • 7/22/2019 ICND2 Exercise v1

    10/59

    Exercise 2-2: VLAN Trunking Protocol

    Objective

    Create multiple VLANs, name them, and assign multiple member ports to them.

    Create an 802.1q trunk line between the two switches to allow communicationbetween paired VLANs.

    Configure the VTP protocol to establish Server and client switches.

    Test the VLANs functionality by moving a workstation from one VLAN toanother.

    PC2S1

    192.168.20.1/24

    PC1

    VLAN Number VLAN Name Assigned Port (S1 & S2)

    1 (Native) Fa0/2 Fa0/3

    10 Accounting Fa0/4 Fa0/6

    20 Marketing Fa0/7 Fa0/9

    30 Engineering Fa0/10 Fa0/12

    Step 1: Configure switches and workstations

    1. Configure the Hostname, access and command mode passwords, as well as themanagement LAN settings.

    2. Configure the IP address, mask, and default gateway on each host.

    3. To verify that the host and switch are correctly configured, ping the switch fromthe hosts.

    Were the pings successful? ____________________________________________

    If the answer is no, troubleshoot the host and switches configurations.

    4. On switch S1 and S2, type the command show vl an at the Privileged EXECprompt as follows:

    S1# show vl an

    Note: There should be an entry for VLAN 1 and the default VLANs (1002 +). If

    other VLANs appear, they could be deleted by no vlan command on

    global configuration mode.

    Step 2: Configure VTP Server

    1. VLAN Trunking Protocol (VTP) needs to be configured on both switches. VTP isthe protocol that will communicate information about which VLANs exist from

    one switch to another. If VTP did not provide this information, VLANs would

    have to be created on all switches individually.

    S2

    192.168.1.2/24 192.168.1.3/24 192.168.20.4/24

    Fa0/12 Fa0/12Fa0/1Fa0/1

    9 of 59

  • 7/22/2019 ICND2 Exercise v1

    11/59

    2. By default, the Catalyst switch series are configured as VTP servers. In the eventthat the server services are turned off, use the following command to turn it back

    on:

    S1# vl an database

    S1( vl an) # vt p server

    S1( vl an) # vt p domai n group1

    S1( vl an) # exi t .

    Step 3: Create and name three VLANs

    1. Enter the following commands to create and name three VLANs on the switchesS1 and S2:

    S1# vl an database

    S1( vl an) # vl an 10 name Account i ng

    S1( vl an) # vl an 20 name Market i ng

    S1( vl an) # vl an 30 name Engi neer i ngS1( vl an) # exi t

    2. Use the show vl an command to verify that the VLANs have been createdcorrectly.

    Step 4: Create the trunk

    1. On both switches, S1 and S2, type the following command at the fastEthernet 0/1interface command prompt. Note that it is not necessary to specify the

    encapsulation on a 2950, since it only supports 802.1Q.

    S1( conf i g) # i nt er f ace f ast Et her net 0/ 1S1( conf i g- i f ) # swi t chport mode t r unk

    S1( conf i g- i f ) # end

    S2( conf i g) # i nt er f ace f ast Et her net 0/ 1

    S2( conf i g- i f ) # swi t chport mode t r unk

    S2( conf i g- i f ) # end

    2. To verify that port FastEthernet 0/1 has been established as a trunk port, typeshow i nt er f ace f ast et her net 0/ 1 swi t chpor t at the Privileged EXEC

    mode prompt.

    What type of trunking encapsulation is shown on the output results? ___________

    3. According to the output with show i nt er f ace f ast Et her net 0/ 1

    swi t chpor t on S2, is there a difference from the Administrative Trunking

    Encapsulation from the Operational Trunking Encapsulation?

    __________________________________________________________________

    On the fragment Tr unki ng VLANs Enabl e from the output, what does the

    word ALL mean?

    __________________________________________________________________

    What would happen if the two ports of the trunk were using different

    encapsulation? Explain.__________________________________________________________________

    __________________________________________________________________

    10 of 59

  • 7/22/2019 ICND2 Exercise v1

    12/59

    Step 5: Configure VTP Client

    1. Enter the following commands to configure S2 to be a VTP client:

    S2# vl an database

    S2( vl an) # vtp cl i ent

    S2( vl an) # vt p domai n group1

    S2( vl an) # exi t

    2. On S2, type the command show vlan at the Privileged EXEC prompt as follows:

    S2# show vl an

    Do VLANs 10, 20, and 30 show without having to type them in? _____________

    Why did this happen? ________________________________________________

    Step 6: Assign ports to VLANs

    1. Assigning ports to VLANs must be done from the interface mode. For example,

    enter the following commands to add ports VLAN on switch S1:S1# conf i gur e t er mi nal

    S1( conf i g) # i nt er f ace r ange f ast et her net 0/ 4 - 6

    S1( conf i g- i f ) # swi t chport mode access

    S1( conf i g- i f ) # swi t chpor t access vl an 10

    S1( conf i g- i f ) # exi t

    S1( conf i g) # i nt er f ace r ange f ast et her net 0/ 7 - 9

    S1( conf i g- i f ) # swi t chport mode access

    S1( conf i g- i f ) # swi t chpor t access vl an 20

    S1( conf i g- i f ) # exi t

    S1( conf i g) # i nt er f ace r ange f ast et her net 0/ 10 - 12

    S1( conf i g- i f ) # swi t chport mode access

    S1( conf i g- i f ) # swi t chpor t access vl an 20

    S1( conf i g- i f ) # end

    Repeat above tasks on the switch S2 to assign ports to its VLANs

    2. On both switches, type the command show vl anat the Privileged EXEC prompt.

    Are ports 0/10 through 0/12 assigned to VLAN 30? ________________________

    Step 7: Test the VLANS and the trunk

    1. Ping from the host in S1 port 0/12 to the host in S2 port 0/12.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    Ping from the host in S1 port 0/12 to the switch IP 192.168.1.2.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    2. Move the host in S1 from port 0/12 to port 0/8. Wait until the port LED goes greenand then go to the next step.

    Ping from the host in S1 port 0/8 to the host in S2 port 0/12.

    11 of 59

  • 7/22/2019 ICND2 Exercise v1

    13/59

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    Ping from the host in S1 port 0/8 to the switch IP 192.168.1.2.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    3. Move the host in S2 from port 0/12 to port 0/7. Wait until the port LED goes greenand then go to the next step.

    Ping from the host in S1 port 0/8 to the host in S2 port 0/7.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    Ping from the host in S2 port 0/7 to the switch IP 192.168.1.3.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    4. Move the host in S1 from port 0/8 to port 0/2. Wait until the port LED goes greenand then go to the next step.

    Ping from the host in S1 port 0/2 to the host in S2 port 0/7.

    Was the ping successful? _____________________________________________

    Ping from the host in S1 port 0/2 to the switch IP 192.168.1.2.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    5. Move the host in S2 from port 0/7 to port 0/3. Wait until the port LED goes greenand then go to the next step.

    Ping from the host in S1 port 0/2 to the host in S2 port 0/3.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    Ping from the host in S2 port 0/3 to the switch IP 192.168.1.3.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    Ping from the host in S2 port 0/3 to the switch IP 192.168.1.2.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    6. What conclusions can be drawn from the testing that was just performed in regardsto VLAN membership and VLANs across a trunk?

    __________________________________________________________________

    __________________________________________________________________

    __________________________________________________________________

    12 of 59

  • 7/22/2019 ICND2 Exercise v1

    14/59

    Exercise 2-3: Configuring Inter-VLAN Routing

    Objective

    Create multiple VLANs, name them and assign multiple member ports to them.

    Create a basic configuration on a router. Create an 802.1q trunk line between the switch and router to allow communication

    between VLANs.

    Test the routing functionality.

    PC2

    S1

    PC1

    Fa0/5Fa0/1

    R1

    Fa0/9

    VLAN Number VLAN Name Assigned Port (S1 & S2)

    1 (Native) Fa0/1 Fa0/4

    10 Sales Fa0/5 Fa0/8

    20 Support Fa0/9 Fa0/12

    Step 1: Configure switches and workstations

    1. Configure the hostname, access, and command mode passwords, as well as themanagement LAN settings. These values are shown in the chart. If problems occur

    while performing this configuration, refer to the Basic Switch Configuration lab.

    2. Configure the hosts using the following information.

    For the host in port 0/5:

    IP address 192.168.5.2

    Subnet mask 255.255.255.0

    Default gateway 192.168.5.1

    For the host in port 0/9:

    IP address 192.168.7.2

    Subnet mask 255.255.255.0

    Default gateway 192.168.7.1

    3. Check to see if the hosts can ping the switch.

    Ping the switch IP address from the hosts.

    Were the pings successful? ____________________________________________

    Why or why not? ___________________________________________________

    13 of 59

  • 7/22/2019 ICND2 Exercise v1

    15/59

    Step 2: Create two VLANs, assign port to VLANs

    1. Enter the following commands to create and name two VLANs:

    S1# vl an database

    S1# vl an 10 name Sal es

    S1( vl an) # vl an 20 name Support

    S1( vl an) # exi t

    2. Assigning ports to VLANs must be done from the interface mode. Enter thefollowing commands to add ports 0/5 to 0/8 to VLAN 10:

    S1( conf i g) # i nt er f ace r ange f ast et her net 0/ 5 - 8

    S1( conf i g- i f ) # swi t chport mode access

    S1( conf i g- i f ) # swi t chpor t access vl an 10

    S1( conf i g- i f ) # end

    3. Enter the following commands to add ports 0/9 to 0/12 to VLAN 20:

    S1( conf i g) # i nt er f ace r ange f ast et her net 0/ 9 - 12

    S1( conf i g- i f ) # swi t chport mode access

    S1( conf i g- i f ) # swi t chpor t access vl an 20

    S1( conf i g- i f ) # end

    4. Display the VLAN interface information

    On S1, type the command show vl anat the Privileged EXEC prompt as follows:

    S1# show vl an

    Are ports assigned correctly? __________________________________________

    Step 3: Create the trunk

    1. On S1, type the following commands at the Fast Ethernet 0/1 interface commandprompt.

    S1( conf i g) # i nt er f ace f ast et her net 0/ 1

    S1( conf i g- i f ) # swi t chport mode t r unk

    Step 4: Create the router

    1. Configure the router with the following data. Note that in order to supporttrunking and inter-VLAN routing, the router must have a Fast Ethernet interface.

    Hostname is R1

    Console, VTY, and enable passwords are ci sco.

    Enable secret password is cl ass.

    2. Then configure the Fast Ethernet interface using the following commands:

    R1( conf i g) # i nt er f ace f ast et her net 0/ 0

    R1( conf i g- i f ) # no shut down

    R1( conf i g- i f ) # i nt er f ace f ast et her net 0/ 0. 1

    R1( conf i g- subi f ) # encapsul at i on dot1q 1 nat i ve

    R1( conf i g- subi f ) # i p addr ess 192. 168. 1. 1 255. 255. 255. 0

    R2( conf i g- i f ) # i nt er f ace f ast et her net 0/ 0. 2

    14 of 59

  • 7/22/2019 ICND2 Exercise v1

    16/59

    R1( conf i g- subi f ) # encapsul at i on dot1q 10

    R1( conf i g- subi f ) # i p addr ess 192. 168. 5. 1 255. 255. 255. 0

    R1( conf i g- i f ) # i nt er f ace f ast et her net 0/ 0. 3

    R1( conf i g- subi f ) # encapsul at i on dot1q 20

    R1( conf i g- subi f ) # i p addr ess 192. 168. 7. 1 255. 255. 255. 0

    R1( conf i g- subi f ) # end

    3. If IOS doesnt support parameter nat i vein the encapsul at i oncommand:

    R1( conf i g) # i nt er f ace f ast et her net 0/ 0

    R1( conf i g- i f ) # no shut down

    R1( conf i g- i f ) # i p addr ess 192. 168. 1. 1 255. 255. 255. 0

    R2( conf i g- i f ) # i nt er f ace f ast et her net 0/ 0. 2

    R1( conf i g- subi f ) # encapsul at i on dot1q 10

    R1( conf i g- subi f ) # i p addr ess 192. 168. 5. 1 255. 255. 255. 0

    R1( conf i g- i f ) # i nt er f ace f ast et her net 0/ 0. 3

    R1( conf i g- subi f ) # encapsul at i on dot1q 20

    R1( conf i g- subi f ) # i p addr ess 192. 168. 7. 1 255. 255. 255. 0

    R1( conf i g- subi f ) # end

    4. Save the router configuration

    Step 4: Verify the configuration

    1. Type show i p rout eat the Privileged EXEC mode prompt.

    Are there entries in the routing table? ___________________________________

    What interface are they all pointing to? __________________________________

    Why is there not a need to run a routing protocol? _________________________

    2. Ping from the host in S1 port 0/9 to the host in port 0/5.

    Was the ping successful? _____________________________________________

    Why? _____________________________________________________________

    3. Ping from the host in S1 port 0/5 to the switch IP 192.168.1.2.

    Was the ping successful? _____________________________________________

    4. Move the hosts to other VLANs and try pinging the management VLAN 1.

    Note the results of the pinging.

    __________________________________________________________________

    __________________________________________________________________

    __________________________________________________________________

    __________________________________________________________________

    __________________________________________________________________

    15 of 59

  • 7/22/2019 ICND2 Exercise v1

    17/59

    Exercise 3-1: Calculating VLSM Subnets

    Objective

    Use variable-length subnet mask (VLSM) to support more efficient use of theassigned IP addresses and to reduce the amount of routing information at the top

    level.

    R1

    28 hosts

    R2 R3 R4

    60 hosts 12 hosts 12 hosts

    192.168.10.0/24

    Step 1: Divide the allocated address in to four equal size address blocks

    The first step in the sub-netting process is to divide the allocated address of

    192.168.10.0/24 into four equal size address blocks. Since 4 = 22, 2 bits are

    required to identify each of the 4 subnets.

    Next, take subnet #0 (192.168.10.0/26) and identify each of its hosts.

    Al located Address Sub-Networks Usable hosts

    192.168.10.0/24 192.168.10.0/26 192.168.10.1 192.168.10.62

    192.168.10.64/26 192.168.10.65 192.168.10.126

    192.168.10.128/26 192.168.10.129 192.168.10.190

    192.168.10.192/26 192.168.10.193 192.168.10.254

    Here is the range for the /26 mask.

    R2 Range of addresses in the last octets

    192.168.10.0/26 From 0 to 63, 60 hosts required.

    Hosts 0 and 63 cannot be used because they are thenetwork and broadcast addresses for their subnet.

    Step 2: Al locate the next level for R1s LANs

    Allocate the next level after all the requirements are met for the higher level orlevels.

    16 of 59

  • 7/22/2019 ICND2 Exercise v1

    18/59

    R1 requires 28 hosts. The next available address after 192.168.10.63/26 is

    192.168.10.64/26. Note from the above table that this is subnet number #1. Since

    28 hosts are required, 5 bits will be needed for the host addresses, 25 2 = 30

    usable host addresses. Thus 5 bits will be required to represent the hosts and 3 bits

    will be used to represent the extended-network-prefix of /27. Applying VLSM on

    address 192.168.10.64/27 gives:

    Sub-Networks #1 Sub-Sub-Networks Usable hosts

    192.168.10.64/24 192.168.10.64/27 192.168.10.65 192.168.10.94

    192.168.10.96/27 192.168.10.97 192.168.10.126

    Here is the range for the /27 mask.

    R1 Range of addresses in the last octets

    192.168.10.64/27 From 64 to 95, 28 hosts required.

    Hosts 64 and 95 cannot be used because they are thenetwork and broadcast addresses for their subnet. Thirtyusable addresses are available in this range for the hosts.

    Step 4: Allocate the next level for R3 and R4s LANs

    Now R3 and R4 require 12 hosts each. The next available address starts from

    192.168.10.96/27. Note from Table 2 that this is the next subnet available. Since

    12 hosts are required, 4 bits will be needed for the host addresses, 24 = 16, 16 2

    = 14 usable addresses. Thus 4 bits are required to represent the hosts and 4 bits for

    the extended-network-prefix of /28. Applying VLSM on address 192.168.10.96/27

    gives:

    Sub-Networks Sub-Sub-Networks Usable hosts

    192.168.10.96/27 192.168.10.96/28 192.168.10.97 192.168.10.110

    192.168.10.112/28 192.168.10.113 192.168.10.126

    Here is the range for the /28 mask.

    R1 Range of addresses in the last octets

    192.168.10.96/28 From 96 to 111, 12 hosts required.

    Hosts 96 and 111 cannot be used because they arenetwork and broadcast addresses for their subnet. Fourteenuseable addresses are available in this range for the hosts.

    Since R4 also requires 12 hosts, the next set of host addresses can be derived from

    the next available subnet (192.168.10.112/28). Here is the range for the /28 mask.

    R1 Range of addresses in the last octets

    192.168.10.112/28 From 112 to 127, 12 hosts required.

    Hosts 112 and 127 cannot be used because they are

    network and broadcast addresses for their subnet. Fourteenusable addresses are available in this range for the hosts.

    17 of 59

  • 7/22/2019 ICND2 Exercise v1

    19/59

    Step 5: Allocate the next level for WAN links

    Now allocate addresses for the WAN links. Remember that each WAN link will

    require two IP addresses. The next available subnet is 192.168.10.128/26. Since 2

    network addresses are required for each WAN link, 2 bits will be needed for host

    addresses, 22 2 = 2 usable addresses. Thus 2 bits are required to represent the

    links and 6 bits for the extended-network-prefix of /30. Applying VLSM on

    192.168.10.128/26 gives:

    Sub-Networks Sub-Sub-Networks Usable hosts

    192.168.10.128/26 192.168.10.128/30 192.168.10.129 192.168.10.130

    192.168.10.132/30 192.168.10.133 192.168.10.134

    192.168.10.136/30 192.168.10.137 192.168.10.138

    192.168.10.140/30 192.168.10.141 192.168.10.142

    192.168.10.144/30 192.168.10.145 192.168.10.146

    192.168.10.148/30 192.168.10.149 192.168.10.150

    192.168.10.152/30 192.168.10.153 192.168.10.154

    192.168.10.156/30 192.168.10.157 192.168.10.158

    192.168.10.160/30 192.168.10.161 192.168.10.162

    192.168.10.164/30 192.168.10.165 192.168.10.166

    192.168.10.168/30 192.168.10.168 192.168.10.169

    192.168.10.172/30 192.168.10.173 192.168.10.174

    192.168.10.176/30 192.168.10.177 192.168.10.178

    192.168.10.180/30 192.168.10.181 192.168.10.182

    192.168.10.184/30 192.168.10.184 192.168.10.185

    192.168.10.188/30 192.168.10.189 192.168.10.190

    The available addresses for the WAN links can be taken from the available

    addresses in each of the /30 subnets.

    18 of 59

  • 7/22/2019 ICND2 Exercise v1

    20/59

    Exercise 4-1: Configuring OSPF with MD5 Authentication

    Objective

    Setup an IP addressing scheme for OSPF area 0.

    Configure and verify Open Shortest Path First (OSPF) routing. Introduce OSPF authentication into the area.

    Configure the OSPF network so that all hosts in OSPF area can connect to outsidenetworks.

    PC

    R2R1192.168.1.0/24 192.168.2.0/24

    ISP

    .1.2

    200.20.2.0/24

    OSPFArea 0

    .2.1 .1

    222.22.2.0/24

    Step 1: Configure the routers and workstation

    1. On the routers, enter the global configuration mode and configure the hostname asshown in the diagram. Then configure the console, virtual terminal and enable

    passwords. Next configure the interfaces according to the diagram. Do not

    configure the routing protocol until specifically told to.

    Save the configuration information from the privileged EXEC command mode.

    1. Configure the hosts with the proper IP address, subnet mask, and default gatewayThe workstation should be able to ping the attached router. Troubleshoot as

    necessary. Remember to assign a specific IP address and default gateway to the

    workstation.

    At this point the workstation will not be able to communicate with R1 and

    Internet. The following steps will demonstrate the process required to get

    communication working using OSPF as the routing protocol.

    2. Using the show i p i nt er f ace br i efcommand, check the status of interfaces.

    Ping from one of the connected Serial or Ethernet interfaces to the other.

    If the ping was not successful, troubleshoot the router configuration.

    Step 2: Configure OSPF routing on router R1 and R2

    1. Configure an OSPF routing process on router R1. Use OSPF process number 1and ensure all networks are in area 0.

    R1( conf i g) # r out er ospf 1

    R1( conf i g- r out er ) # l og- adj acency- changes

    R1( conf i g- r out er) # net work 192. 168. 1. 0 0. 0. 0. 255 area 0

    R1( conf i g- r out er ) # end

    2. Show the routing table for the R1 router.R1# show i p rout e

    Are there any entries in the routing table? __________________

    19 of 59

  • 7/22/2019 ICND2 Exercise v1

    21/59

    Why? _______________________________________________________

    3. Configure an OSPF routing process on router R2. Use OSPF process number 1and ensure all networks are in area 0.

    R2( conf i g) # r out er ospf 1

    R2( conf i g- r out er ) # l og- adj acency- changes

    R2( conf i g- r out er ) # net work 192. 168. 1. 0 0. 0. 0. 255 ar ea 0R2( conf i g- r out er ) # net work 192. 168. 2. 0 0. 0. 0. 255 ar ea 0

    R2( conf i g- r out er ) # end

    4. Show the routing table for the R2 router:

    R2# show i p rout e

    Are there any OSPF entries in the routing table now? _______________________

    What is the metric value of the OSPF route? ______________________________

    What is the vi a address in the OSPF route? ____________________________

    Are routes to all networks shown in the routing table? ______________________What does the O mean in the first column of the routing table? _______________

    5. Ping the R1 from the workstation. Was it successful? _______________________

    If not troubleshoot as necessary.

    Step 3: Configure the ISP router

    1. Normally the ISP router would be configured by the Internet service provider(ISP). For the purpose of this lab, after erasing the old configuration, configure the

    ISP router this way by typing:

    Router> enabl e

    Rout er# conf i gur e termi nal

    Rout er( conf i g) # host name I SP

    I SP( conf i g) # l i ne vt y 0 4

    I SP( conf i g- l i ne) # passwor d ci sco

    I SP( conf i g- l i ne) # l ogi n

    I SP( conf i g- l i ne) # i nt er f ace ser i al 0/ 0

    I SP(conf i g- i f ) # i p addr ess 200. 20. 2. 2 255. 255. 255. 255

    I SP( conf i g- i f ) # cl ock r at e 64000

    I SP(conf i g- i f ) # no shut down

    I SP( conf i g- i f ) # i nt er f ace l oopback 0

    I SP( conf i g- i f ) # i p addr ess 222. 22. 2. 1 255. 255. 255. 0

    I SP( conf i g- i f ) # exi t

    I SP(conf i g) # i p rout e 192. 168. 1. 0 255. 255. 255. 0 200. 20. 2. 1

    I SP(conf i g) # i p rout e 192. 168. 2. 0 255. 255. 255. 0 200. 20. 2. 1

    I SP(conf i g) # end

    I SP# copy r unni ng- conf i g st ar t up- conf i g

    20 of 59

  • 7/22/2019 ICND2 Exercise v1

    22/59

    Step 4: Create a default route to the ISP

    1. On the R1 router only, type in a static default route through serial interface.

    R1( conf i g) # i p r out e 0. 0. 0. 0 0. 0. 0. 0 200. 20. 2. 2

    Verify the default static route by looking at the R1 routing table.

    Is the default route in the routing table? __________________________________

    2. Verify connectivity from the R1 router by pinging the ISP serial interface from theR1 router.

    Can the interface be pinged? __________________________________________

    3. This time, ping the loopback address of the ISP router, which represents the ISPconnection to the Internet.

    Can the loopback interface be pinged? ___________________________________

    All of these pings should be successful. If they are not, troubleshoot the

    configurations on the host and the R1 and ISP routers.

    4. Verify the connection between the ISP and the R2 by pinging the serial interface

    of the ISP router on the R2 router.

    Can the interface be pinged? __________________________________________

    If yes, why? If not, why not? __________________________________________

    Step 5: Redistribute the static default route

    1. Propagate the gateway of last resort to the other routers in the OSPF domain. Atthe configure router prompt on the R1 router type def aul t - i nf or mat i on

    or i gi nat e.

    R1( conf i g- r out er ) # def aul t - i nf or mat i on or i gi nat e

    Is there now a default route on the R2 router? _____________________________

    What is the address of the Gateway of last resort? _________________________

    There is an O* E2entry in the routing table. What type of route it is? __________

    Can the ISP server address at 222.22.2.0 be pinged from both workstations? ____

    If no, troubleshoot both hosts and all three routers.

    Step 6: Configuring OSPF MD5 Authentication

    1. OSPF authentication is being established on the routers in the network. First,introduce authentication only on the R1 router.

    In the interface configuration mode on the R1s interface in which connects to

    router R2, enter the command i p ospf message- di gest - key 1 md5 7

    secr et _key.

    R1( conf i g) # i nt er f ace Fast Et her net 0/ 0

    R1( conf i g- i f ) # i p ospf message- di gest - key 1 md5 7 secret _key

    What is the OSPF password being used for md5 authentication? ______________

    What encryption type is being used? ____________________________________

    2. Enable OSPF authentication in this area, area 0

    R1( conf i g- i f ) # r out er ospf 1

    R2( conf i g- r out er) # area 0 aut hent i cat i on message- di gest

    21 of 59

  • 7/22/2019 ICND2 Exercise v1

    23/59

    Wait for a few seconds. Does the router generate any output? ________________

    3. Enter the command show i p ospf nei ghbor .

    Are there any OSPF neighbors? ________________________________________

    Examine the routing table by entering show i p r out e.

    Are there any OSPF routes in the R1 router routing table?

    Can the R1 ping the R2 host? __________________________________________

    4. Enter these configuration commands, one per line. End with CNTL/Z.

    R2#conf i gur e t ermi nal

    R2( conf i g) # i nt er f ace Fast Et her net 0/ 0

    R2( conf i g- i f ) # i p ospf message- di gest - key 1 md5 7 secret _key

    R2( conf i g- i f ) # r out er ospf 1

    R2( conf i g- r out er ) # area 0 aut hent i cat i on message- di gest

    5. Verify that there is an OSPF neighbor by entering show i p ospf nei ghbor

    command.

    Show the routing table by typing show i p r out e.

    Ping the R2 host from R1. If this was not successful troubleshoot as necessary.

    22 of 59

  • 7/22/2019 ICND2 Exercise v1

    24/59

    Exercise 4-2: Electing DR and BDR

    Objective

    Configure routers with a Class C IP addressing scheme.

    Observe the election process for designated routers (DR) and backup designatedrouters (BDR) on the multiaccess network.

    Configure loopback addresses for Open Shortest Path First (OSPF) stability.

    Assign priority to force the election of a specific router as DR.

    PC

    R1

    192.168.1.0/24

    OSPFArea 0

    R2

    R3

    Step 1: Configure the routers and workstation

    1. On the routers, enter the global configuration mode and configure the hostname asshown in the diagram. Then configure the console, virtual terminal and enable

    passwords. Next configure the interfaces according and the IP hostnames. Do not

    configure loopback interfaces and routing protocol yet.

    2. Configure the hosts with the proper IP address, subnet mask and default gateway.

    3. Each workstation should be able to ping all of the attached routers. That is becausethey are all part of the same subnetwork. Troubleshoot as necessary.

    Step 2: View the routers configuration and interface information

    1. Using the show i p i nt er f ace br i ef command, check the status of eachinterface.

    What is the state of the interfaces on each router?

    R1, FastEthernet 0/0: ________________________________________________

    R2, FastEthernet 0/0: ________________________________________________

    R3, FastEthernet 0/0: ________________________________________________

    2. Ping all of the connected FastEthernet interfaces from each other.

    Were the pings successful? ____________________________________________

    If the pings were not successful, troubleshoot the router configuration, until the

    ping is successful.

    23 of 59

  • 7/22/2019 ICND2 Exercise v1

    25/59

    Step 3: Configure OSPF routing

    1. Configure an OSPF routing process on the router R1. Use OSPF process number 1and ensure all networks are in area 0.

    R1( conf i g) # r out er ospf 1

    R1( conf i g- r out er ) # l og- adj acency- changes

    R1( conf i g- r out er ) # net work 192. 168. 1. 0 0. 0. 0. 255 ar ea 0R1( conf i g- r out er ) # end

    R1# show i p rout e

    Are there any entries in the routing table? ________________________________

    Why? _____________________________________________________________

    2. Configure an OSPF routing process on the router R2. Use OSPF process number 1and ensure all networks are in area 0.

    R2( conf i g) # r out er ospf 1

    R2( conf i g- r out er ) # l og- adj acency- changes

    R2( conf i g- r out er ) # net work 192. 168. 1. 0 0. 0. 0. 255 ar ea 0

    R2( conf i g- r out er ) # end

    3. Configure an OSPF routing process on the router R3. Use OSPF process number 1and ensure all networks are in area 0.

    R3( conf i g) # r out er ospf 1

    R3( conf i g- r out er ) # l og- adj acency- changes

    R3( conf i g- r out er ) # net work 192. 168. 1. 0 0. 0. 0. 255 ar ea 0

    R3( conf i g- r out er ) # end

    Step 4: Test network connectiv ity

    1. Ping the R3 router from the R1 router.

    Was it successful? ___________________________________________________

    If not troubleshoot as necessary.

    2. Type the command show i p ospf nei ghbor on all routers to verify that theOSPF routing has formed adjacencies.

    Is there a designated router identified? ___________________________________

    Is there a backup designated router? _____________________________________

    3. Type the command show i p ospf nei ghbor detai l for more information.

    What is the neighbor priority of R1 from router R3? ________________________

    What interface is Identified as being part of Area 0? ________________________

    24 of 59

  • 7/22/2019 ICND2 Exercise v1

    26/59

    Step 5: Configure the loopback in terfaces

    1. Configure the loopback interface on each router to allow for an interface that willnot go down due to network change or failure. This task is performed by typing

    interface loopback # at the global configuration mode prompt, where the #

    represents the number of the loopback interface from 0 - 2,147,483,647.

    R1( conf i g) # i nt er f ace l oopback 0

    R1( conf i g- i f ) # i p addr ess 192. 168. 31. 11 255. 255. 255. 255

    R1( conf i g- r out er ) # end

    R2( conf i g) # i nt er f ace l oopback 0

    R2( conf i g- i f ) # i p addr ess 192. 168. 31. 22 255. 255. 255. 255

    R2( conf i g- r out er ) # end

    R3( conf i g) # i nt er f ace l oopback 0

    R3( conf i g- i f ) # i p addr ess 192. 168. 31. 33 255. 255. 255. 255

    R3( conf i g- r out er ) # end

    2. Type the command show i p ospf nei ghbor on all routers to verify that theOSPF routing has formed adjacencies.

    Is there a designated router identified? ___________________________________

    Write down the router ID and link address of the DR:

    _________________________________ ________________________________

    Is there a backup designated router? _____________________________________

    Write down the router ID and link address of the BDR:

    _________________________________ ________________________________

    What is the third router referred to as? ___________________________________

    Write down that Routers ID and link address:

    _________________________________ ________________________________

    3. Type the command show i p ospf nei ghbor detai l for more information.

    What is the neighbor priority of R1 from router R3? ________________________

    What interface is Identified as being part of Area 0? ________________________

    4. Type show i p ospf i nt er f ace f ast et her net 0/ 0on the R1 router.

    What is the OSPF state of the interface? _________________________________

    What is the default priority of the interface? ______________________________What is the network type of the interface? ________________________________

    25 of 59

  • 7/22/2019 ICND2 Exercise v1

    27/59

    Step 6: Configure R1 to always be the DR

    1. To ensure that the R1 router always becomes the DR for this multi-accesssegment, the OSPF priority must be set. R1 is the most powerful router in the

    network and so best suited to become DR. To assign the R1 loopback a higher IP

    address is not advised, as the numbering system has advantages for

    troubleshooting. Also R1 is not to act as DR for all segments to which it may

    belong. Set the priority of the interface to 50 on the R1 router only.R1( conf i g) # i nt er f ace Fast et her net 0/ 0

    R1( conf i g- i f ) # i p ospf pr i or i t y 50

    R1( conf i g- i f ) # end

    2. Display the priority for Interface fastethernet 0/0.

    R1# show i p ospf i nt er f ace f ast et her net 0/ 0

    3. To watch the OSPF election process restart all of the routers using the reloadcommand. Be sure to save the running config before restarting the routers. As

    soon as the router prompt is available type:

    R2> enabl e

    R2# debug i p ospf event s

    Which router was elected DR? _________________________________________

    Which router was elected BDR? _______________________________________

    Why? _____________________________________________________________

    To turn off all debugging type undebug al l .

    4. Type the command show i p ospf nei ghbor on the R2 router to verify that theOSPF routing has formed adjacencies.

    What is the priority of the DR? ________________________________________

    26 of 59

  • 7/22/2019 ICND2 Exercise v1

    28/59

    Exercise 4-3: Tuning OSPF Routing Protocol

    Objective

    Setup an IP addressing scheme for Open Shortest Path First (OSPF) area.

    Configure and verify OSPF routing. Modify OSPF cost metric on an interface.

    Modify OSPF interface timers to adjust efficiency of network.

    Step 1: Configure the routers and workstation

    2. On the routers, enter the global configuration mode and configure the hostname asshown in the diagram. Then configure the console, virtual terminal and enable

    passwords. Next configure the interfaces according to the diagram. Do not

    configure the routing protocol until specifically told to.

    Save the configuration information from the privileged EXEC command mode

    3. Each workstation should be able to ping the attached router. Troubleshoot as

    necessary. Remember to assign a specific IP address and default gateway to theworkstation.

    At this point the workstations will not be able to communicate with each other.

    4. Using the show i p i nt er f ace br i ef command, check the status of eachinterface.

    What is the state of the interfaces on each router?

    R1, FastEthernet 0/0: ________________________________________________

    R1, Serial 0/0: ______________________________________________________

    R2, FastEthernet 0/0: ________________________________________________

    Serial 0/1: _________________________________________________________

    5. On a router, ping the serial interface of the other router.

    Was the ping successful? _____________________________________________

    If the ping was not successful, troubleshoot the router configuration until the ping

    is successful.

    Step 2: Configure OSPF routing

    1. Configure OSPF routing on each router. Use OSPF process number 1 and ensureall networks are in area 0.

    R1( conf i g) # r out er ospf 1

    R1( conf i g- r out er ) # l og- adj acency- changes

    PC1R2R1 192.168.2.0/24

    .1 .2

    OSPF

    Area 0

    .1.1

    PC2

    192.168.1.0/24 192.168.3.0/24

    27 of 59

  • 7/22/2019 ICND2 Exercise v1

    29/59

    R1( conf i g- r out er ) # net work 192. 168. 1. 0 0. 0. 0. 255 ar ea 0

    R1( conf i g- r out er ) # net work 192. 168. 2. 0 0. 0. 0. 255 ar ea 0

    R1( conf i g- r out er ) # end

    2. Configure OSPF routing on R2 router.

    R2( conf i g) # r out er ospf 1

    R2( conf i g- r out er ) # l og- adj acency- changes

    R2( conf i g- r out er ) # net work 192. 168. 2. 0 0. 0. 0. 255 ar ea 0

    R2( conf i g- r out er ) # net work 192. 168. 3. 0 0. 0. 0. 255 ar ea 0

    R2( conf i g- r out er ) # end

    3. Show the routing table entries for the R1 router.

    R1# show i p rout e

    Are there any OSPF entries in the routing table now? _______________________

    What is the metric value of the OSPF route? ______________________________

    What is the VIA address in the OSPF route? ______________________________Are routes to all networks shown in the routing table? ______________________

    What does the O mean in the first column of the routing table? _______________

    4. Ping the R1 host from the R2 host. Was it successful? ______________________

    If not troubleshoot as necessary.

    Step 3: Determining OSPF cost

    Link Bandwid th Default OSPF Cost

    56 Kbps 1785

    T1 65

    Ethernet 10 Mbps 10

    Token-Ring 16 Mbps 6

    FDDI / Fast Ethernet 100 Mbps 1

    1. Show the properties of the R1 router serial and FastEthernet interfaces using theshow i nt erf acescommand.

    What is the default bandwidth of the interfaces?

    Serial Interface: _____________________________________________________

    FastEthernet Interface: _______________________________________________

    Calculate the OSPF cost.

    Serial Interface: _____________________________________________________

    FastEthernet Interface: _______________________________________________

    2. Using the show i p ospf i nt er f acecommand, record the OSPF cost of theserial and Fast Ethernet interfaces.

    OSPF cost of Serial Interface: _________________________________________

    28 of 59

  • 7/22/2019 ICND2 Exercise v1

    30/59

    OSPF cost of Ethernet Interface: _______________________________________

    Do these agree with the calculations? ____________________________________

    The clock rate set for the interface should have been 64000. To calculate the cost

    of this actual bandwidth divide 108by 64000.

    Step 4: Manually set the cost on the serial interface

    1. On the Serial interface of the R1 router, set the OSPF cost to 1562 by typing i p

    ospf cost 1562at the serial interface configuration mode prompt.

    Note that it is essential that all connected links agree about the cost for consistent

    calculation of the shortest path first algorithm (SPF) in an area.

    Verify that the interface OSPF cost was successfully modified.

    2. Reverse the effect of this command by entering in interface configuration modethe command no i p ospf cost .

    Verify that the default cost for the interface has returned.

    3. Enter the command bandwi dt h 2000 at the serial 0 interface configurationmode.

    Record the new OSPF cost of the Serial interface. __________________________

    Can the OSPF cost of an Ethernet interface be modified in this way? ___________

    4. The speed can be set on an Ethernet interface. Will this affect the OSPF cost ofthat interface?

    __________________________________________________________________

    Verify or explain the above answer.

    ____________________________________________________________________________________________________________________________________

    __________________________________________________________________

    __________________________________________________________________

    5. Reset the bandwidth on the serial interface using the no bandwi dt h 2000at theserial 0 interface configuration mode.

    Step 4: Determining OSPF timers

    1. At the privileged EXEC mode type the command debug i p ospf event s and

    observe the output.

    How frequently are Hello messages sent? ________________________________

    Where are they coming from? _________________________________________

    Turn off debugging by typing no debug i p ospf events or undebug al l .

    2. Show the hello and dead interval timers on the R1 router Ethernet and Serial

    interfaces by entering the command show i p ospf i nt er f ace in privileged

    EXEC mode.

    Record the Hello and Dead Interval timers for these interfaces

    Hello Interval: ______________________________________________________

    Dead Interval: ______________________________________________________

    What is the purpose of the dead interval? _________________________________

    29 of 59

  • 7/22/2019 ICND2 Exercise v1

    31/59

    Step 5: Modify the OSPF timers

    1. Modify the Hello and Dead-Interval timers to smaller values to try to improve

    performance. On the R1 router only enter the commands i p ospf hel l o-

    i nt er val 5and i p ospf dead- i nt er val 20for interface Serial 0/0.

    R1( conf i g) # i nt er f ace Ser i al 0/ 0

    R1( conf i g- i f ) # i p ospf hel l o- i nt er val 5R1( conf i g- i f ) # i p ospf dead- i nt er val 20

    2. Wait for a minute and then enter the command show i p ospf nei ghbor .

    Are there any OSPF neighbors? ________________________________________

    3. Examine the R1 router routing table by entering show i p r out e.

    Are there any OSPF routes in the table? __________________________________

    Can the R1 Host ping the R2 host? ______________________________________

    4. Enter the command debug i p ospf event sin privileged EXEC mode.

    Is there an issue that is identified? ______________________________________If there is, what is the issue? ___________________________________________

    5. a. On the R2 router check the routing table by typing show i p r out e.

    Are there any OSPF routes in the table? __________________________________

    6. Set the R2 router interval timers

    Match the timer values on the R2 serial link with the R1 router.

    R2( conf i g) # i nt er f ace ser i al 0/ 1

    R2( conf i g- i f ) # i p ospf hel l o- i nt er val 5

    R2( conf i g- i f ) # i p ospf dead- i nt er val 20

    Verify the OSPF neighbor by entering show i p ospf nei ghbor command.

    7. Show the routing table by typing show i p r out e.

    Are there OSPF routes in the table? _____________________________________

    8. Ping the R2 host from R1.

    If this was not successful troubleshoot the configurations.

    9. Use the noform of the i p ospf hel l o- i nt er val and the i p ospf dead-

    i nt er val to reset the OSPF timers back to their default values.

    Use the show i p ospf i nt er f acecommand to verify the timers are reset to

    their default values.

    Are the values back to the default? ______________________________________

    30 of 59

  • 7/22/2019 ICND2 Exercise v1

    32/59

    Exercise 5-1: Load Balancing with EIGRP

    Objective

    Configure and verify EIGRP routing.

    Observe unequal-cost load balancing.

    Step 1: Configure the routers and workstation1. On the routers, enter the global configuration mode and configure the hostname.

    Then configure the console, virtual terminal and enable passwords. Next configure

    the interfaces. Finally configure EIGRP routing on the routers using the

    Autonomous System (AS) of 100.

    Make sure to copy the running-config to the startup-config on each router.

    2. Configure the hosts with the proper IP address, subnet mask and default gateway.

    Test the configuration by pinging all interfaces from each host.

    If the pinging is not successful, troubleshoot the configuration.

    Step 2: Configure bandwidth on the R1 router in terfaces

    1. In order to make unequal cost load balancing to work, it is necessary need toestablish different metrics for the EIGRP routes. This is done with the bandwidth

    command. The serial 0/0 interface will be set to a bandwidth of 56K and the serial

    0/1 interface will be set to a value of 384K.

    Note: The route-cache must also be turned off for load balancing. Both

    serial interfaces must use process switching. Process switching forces the

    router to look in the routing table for the destination network of each

    routed packet. In contrast fast-switching, which is the default, stores the

    initial table lookup in a high-speed cache and uses the info to routepackets to the same destination.

    2. Enter the following statements on the R1 router:

    R1( conf i g) # i nt er f ace ser i al 0/ 0

    R1( conf i g- i f ) # bandwi dt h 56

    R1( conf i g- i f ) # no i p r out e- cache

    R1( conf i g- i f ) # i nt er f ace ser i al 0/ 1

    R1( conf i g- i f ) # bandwi dt h 384

    R1( conf i g- i f ) # no i p r out e- cache

    Because the EIGRP metric includes bandwidth in its calculation, bandwidth mustbe manually configured on the serial interfaces in order too ensure accuracy. For

    PC1R2R1

    192.168.2.0/24

    EIGRPAS 100

    PC2

    192.168.1.0/24 192.168.3.0/24S0/0

    192.168.4.0/24

    S0/1

    S0/0

    S0/1

    31 of 59

  • 7/22/2019 ICND2 Exercise v1

    33/59

    the purposes of this lab, the alternative paths to network 192.168.3.0 from the R1

    router are not of unequal cost until the appropriate bandwidths are set.

    3. Use the show i nt er f ace command output to verify the correct bandwidth

    settings and the show i p i nt er f acecommand to ensure that fast switching is

    disabled.

    Can the bandwidth of Ethernet interfaces be set manually? ___________________

    Step 3: Configure unequal-cost load balancing

    1. The variance value determines whether EIGRP will accept unequal-cost routes.An EIGRP router will only accept routes equal to the local best metric for the

    destination multiplied by the variance value. So if the local best metric of an

    EIGRP router for a network is 10000, and the variance is 3, the router will accept

    unequal-cost routes with any metric up to 30000 or 10,000 x 3. This is as long as

    the advertising router is closer to the destination. An EIGRP router accepts only

    up to four paths to the same network.

    Note: An alternate route is added to the route table only if the next-hop

    router in that path is closer to the destination (has a lower metric value)

    than the current route.

    By default, EIGRP variance is set to 1, which means that only routes that are

    exactly 1 times the local best metric are installed. Therefore, a variance of 1

    disables unequal-cost load balancing.

    2. Configure the R1 router to enable unequal-cost load balancing using the followingcommands:

    R1( conf i g) # r out er ei gr p 100

    R2( conf i g- r out er ) # var i ance 10

    According to the help feature, what is the maximum variance value? ___________

    3. Check the R1 routing table. It should have two routes to network 192.168.3.0 withunequal metrics.

    What is the EIGRP metric for the route to 192.168.3.0 through serial 0/0? ______

    What is the EIGRP metric for the route to 192.168.3.0 through serial 0/1? ______

    Step 4: Verify per-packet load balancing

    1. Because there are two routes to the destination network, half the packets will besent along one path, and half will travel over the other. The path selection

    alternates with each packet received.

    Observe this process by using the debug i p packet command on the R1 router.

    Send a 30 ping packets across the network from the host attached to R2 router to

    the host attached to the R1 router. This can be done with the pi ng 192. 168. 1. 2

    n 30command on the host. As the pings are responded to, the router outputs IP

    packet information.

    Stop the debug after the pings by using the command undebug al l .

    2. Examine and record part of the debug output.

    What is the evidence of load balancing in the output?

    __________________________________________________________________

    __________________________________________________________________

    32 of 59

  • 7/22/2019 ICND2 Exercise v1

    34/59

    Step 5: Verify per-destination load balancing

    1. After verifying per-packet load balancing, configure the router to use per-destination load balancing. Both serial interfaces must use fast switching so that

    the route-cache can be used after the initial table lookup.

    2. Use the command i p rout e- cacheon both serial interfaces of the R1 router.

    3. Use the show i p i nt er f aceto verify that fast switching is enabled.Is fast switching enabled? _____________________________________________

    The routing table is consulted only once per destination. Therefore, packets that

    are part of a packet train to a specific host will all follow the same path. Only

    when a second destination forces another table lookup or when the cached entry

    expires will the alternate path be used.

    4. Use the debug i p packet command and ping across the network. Note whichserial interface the packet was sent out on.

    Examine and record part of the debug output.

    Which serial interface was the packet sent out on?

    __________________________________________________________________

    33 of 59

  • 7/22/2019 ICND2 Exercise v1

    35/59

    Exercise 6-1: Understanding Wildcard Mask

    Objective

    Study wildcard mask structure.

    Write wildcard mask from a given IP address range. Determine IP address range.

    Step 1: Understand the wildcard masking

    1. Which two of the following could be used to permit or deny one computer?

    A. 1.1.1.1

    B. 0.0.0.0

    C. Any

    D. Host

    2. In a wildcard mask, a bit value of zero mans that the bit must be _____________,while a bit value of one means that the bit must be ___________.

    3. In a subnet mask, a bit value of zero mans that the bit must be ___________,while a bit value of one means that the bit must be ___________.

    4. Why should each Access Control List (ACL) have to have at least one permitstatement in it? _____________________________________________________

    Step 2: Calculate IP address range from a given ACL statement

    1. After you have successfully entered the command below, will a host with an IPaddress of 172.16.10.25 be allowed, denied, or neither?

    R1( conf i g) # access- l i st 1 deny 172. 16. 10. 0 0. 0. 0. 255

    Answer: ___________________________________________________________

    2. Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 2 deny 172. 16. 16. 0 0. 0. 31. 255

    Answer: ___________________________________________________________

    3. Which networks will be allowed by the following router command?

    R1( conf i g) # access- l i st 3 per mi t 210. 105. 23. 0 0. 0. 16. 255

    Answer: ___________________________________________________________

    4. Which networks will be allowed by the following router command?

    R1( conf i g) # access- l i st 4 per mi t 168. 192. 132. 0 0. 3. 255. 255

    Answer: ___________________________________________________________

    5. Which networks will be allowed by the following router command?

    R1( conf i g) # access- l i st 5 deny 158. 16. 2. 0 0. 0. 7. 255

    Answer: ___________________________________________________________

    6. Which networks will be allowed by the following router command?

    R1( conf i g) # access- l i st 6 per mi t 196. 122. 86. 13 0. 3. 31. 0

    Answer: ___________________________________________________________

    34 of 59

  • 7/22/2019 ICND2 Exercise v1

    36/59

    7. Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 7 deny 135. 116. 18. 0 0. 3. 0. 0

    Answer: ___________________________________________________________

    8. Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 8 deny 142. 55. 56. 0 0. 0. 0. 63

    Answer: ___________________________________________________________

    9. Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 9 deny 177. 37. 205. 0 3. 7. 0. 0

    Answer: ___________________________________________________________

    10.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 10 deny 157. 118. 237. 0 7. 63. 0. 0

    Answer: ___________________________________________________________

    11.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 11 deny 35. 8. 2. 3 3. 7. 15. 31

    Answer: ___________________________________________________________

    12.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 12 deny 43. 34. 42. 0 0. 0. 15. 255

    Answer: ___________________________________________________________

    13.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 13 deny 84. 7. 109. 0 63. 3. 0. 63

    Answer: ___________________________________________________________

    14.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 14 deny 222. 16. 5. 0 0. 0. 3. 15. 255

    Answer: ___________________________________________________________

    15.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 15 deny 10. 5. 16. 2 0. 0. 92. 0

    Answer: ___________________________________________________________

    16.Which networks would be denied by the following router command?

    R1( conf i g) # access- l i st 16 deny 208. 172. 2. 16 102. 0. 0. 0

    Answer: ___________________________________________________________

    Step 3: Determine a wildcard mask f rom a range of IP addresses

    1. Finish the command below such that it allows IP Addresses 112.85.96-99.0-255

    Answer: R1( conf i g) # access- l i st 1 deny 112. 85. 96. 0____________

    __________________________________________________________________

    2. Finish the command below such that it denies IP Addresses 133.8-15.0-31.0-255

    Answer: R1( conf i g) # access- l i st 2 deny 133. 8. 0. 0______________

    __________________________________________________________________

    3. Complete the command below such that it allows IP Addresses 192-223.108.23.29

    35 of 59

  • 7/22/2019 ICND2 Exercise v1

    37/59

    Answer: R1( conf i g) # access- l i st 3 per mi t 198. 108. 23. 29________

    __________________________________________________________________

    4. Complete the command below such that it allows IP Addresses 65.163.234.16-31

    Answer: R1( conf i g) # access- l i st 4 per mi t 65. 163. 234. 16________

    __________________________________________________________________

    5. Complete the command below such that it allows IP Addresses 144-147.216-223.34.0-255

    Answer: R1( conf i g) # access- l i st 5 per mi t 144. 216. 34. 0_________

    __________________________________________________________________

    6. Complete the command below such that it allows IP Addresses 160-175.80-87.19.254

    Answer: R1( conf i g) # access- l i st 6 per mi t 160. 80. 19. 0__________

    __________________________________________________________________

    7. Complete the command below such that it allows IP Addresses 198.133.208-223.0-255

    Answer: R1( conf i g) # access- l i st 7 per mi t 198. 133. 208. 0________

    __________________________________________________________________

    8. Complete the command below such that it allows IP Addresses 0-31.160-191.160-191.0-255

    Answer: R1( conf i g) # access- l i st 8 per mi t 0. 160. 160. 0__________

    __________________________________________________________________

    9. Complete the command below such that it allows IP Addresses 0-255.120-

    123.12.101

    Answer: R1( conf i g) # access- l i st 9 per mi t 0. 120. 12. 101_________

    __________________________________________________________________

    10.Complete the command below such that it allows IP Addresses 0-255.104-107.0-255.64-127

    Answer: R1( conf i g) # access- l i st 10 per mi t 0. 104. 0. 64__________

    __________________________________________________________________

    11.Complete the command below such that it allows IP Addresses122.70.3,7,11,15,19,23,27,31.12

    Answer: R1( conf i g) # access- l i st 11 per mi t 122. 70. 3. 12_________

    __________________________________________________________________

    12.Complete the command below such that it allows IP Addresses193,195,197,199,201,203,205,207.5.16.2

    Answer: R1( conf i g) # access- l i st 12 per mi t 193. 5. 16. 2__________

    __________________________________________________________________

    13.Complete the command below such that it allows IP Addresses192.168.123.0,2,16,18,64,66,80,82,128,130,144,146,192,194,208,210

    Answer: R1( conf i g) # access- l i st 13 per mi t 192. 168. 123. 0_______

    __________________________________________________________________

    36 of 59

  • 7/22/2019 ICND2 Exercise v1

    38/59

    Exercise 6-2: Configuring Standard ACL

    Objective

    Configure, and apply a standard ACL to permit or deny specific traffic.

    Test the ACL to determine if the desired results were achieved.

    PC1R2R1 192.168.2.0/24

    .1 .2.1

    192.168.1.0/24

    192.168.3.0/24.2

    Lo0

    Step 1: Configure the routers and workstation

    1. On the routers, enter the global configuration mode and configure the hostname asshown in the diagram. Then configure the console, virtual terminal and enable

    passwords. Next configure the interfaces according to the diagram. Do not

    configure the routing protocol until specifically told to.

    Save the configuration information from the privileged EXEC command mode.

    2. Configure the workstation

    IP address 192.168.1.2

    Subnet mask 255.255.255.0

    Default gateway 192.168.1.1

    3. Confirm connectivity by pinging the default gateway from the host

    If the pings are not successful, correct the configuration and repeat until they aresuccessful.

    Step 2: Configure the routing protocol

    1. From the global configuration mode in the router R1, enter the following:

    R1( conf i g) #r out er r i p

    R1( conf i g- r out er ) #ver si on 2

    R1( conf i g- r out er) #network 192. 168. 1. 0

    R1( conf i g- r out er) #network 192. 168. 2. 0

    R1( conf i g- r out er) #end

    2. From the global configuration mode in the router R2, enter the following:

    R2( conf i g) #r out er r i p

    R2( conf i g- r out er ) #ver si on 2

    R2( conf i g- r out er) #network 192. 168. 2. 0

    R2( conf i g- r out er) #network 192. 168. 3. 0

    R2( conf i g- r out er) #end

    Ping all of the interfaces of the router R1 and R2 on the network from the host

    Were all of the interfaces still able to be pinged? ___________________________

    If not, troubleshoot the network and ping again.

    37 of 59

  • 7/22/2019 ICND2 Exercise v1

    39/59

    Step 3: Prevent access to the Ethernet interface of R1 from the hosts

    1. Create an access list that will prevent access to FastEthernet 0/0 from the192.168.1.0 network.

    At the router configuration prompt type the following command:

    R1( conf i g) # access- l i st 1 deny 192. 168. 14. 0 0. 0. 0. 255

    R1( conf i g) # access- l i st 1 per mi t any

    Why is the second statement needed? ___________________________________

    2. Ping the router from the hosts

    Were these pings successful? __________________________________________

    Why or why not? ___________________________________________________

    3. Apply the Access list to the interface

    At the FastEthernet 0/0 interface mode prompt type the following:

    R1( conf i g- i f ) # i p access- gr oup 1 i n

    4. Ping the router from the hosts

    Were these pings successful? __________________________________________

    Why or why not? ___________________________________________________

    5. Remove the Access list from the interface before finishing step

    R1( conf i g- i f ) # no i p access- gr oup 1 i n

    Step 4: Create an access list that will not allow the even numbered hosts toping but permit the odd numbered hosts to ping the Ethernet interface of R1

    1. What will that access list look like? Finish this command with an appropriatecomR3on IP address and wildcard mask:

    access- l i s t 2 permi t ____. ____. ____. ____ ____. ____. ____. ____

    Why was it not necessary to have the permit any statement at the end this time?

    __________________________________________________________________

    Apply the new access list by typing i p access- gr oup 2 i n

    2. Assign an even address to host and ping the router R1

    Was the ping from host successful? _____________________________________

    Why or why not? ___________________________________________________

    3. Assign an odd address to host and ping the router R1

    Was the ping from host 2 successful? ___________________________________

    Why or why not? ___________________________________________________

    4. Remove the Access list from the interface before finishing step

    R1( conf i g- i f ) # no i p access- gr oup 2 i n

    Step 4: Prevent access from the host to the local network on the router R2

    1. The host needs to be prevented access to the local network on the router R2. It is

    determined that a standard access list needs to be created to prevent traffic fromthis host from accessing loopback interface of R2. The access control list should

    block traffic from this host and not affect other traffic from this network.

    38 of 59

  • 7/22/2019 ICND2 Exercise v1

    40/59

    2. First, define the information needed to create the ACL. Remember that statementsare added sequentially to an ACL. Therefore, the order of the statements needs to

    be planned carefully.

    3. It has been determined that this ACL will require 2 logical steps. Each of thesesteps can be accomplished with one statement each:

    ! s top t r af f i c f r om host

    ! permi t al l ot her t raf f i c

    4. From this logic the actual ACL will be written. Write each statement: access-list[permit/deny], comR3on IP address and wildcard mask.

    access- l i s t 3 ______ ____. ____. ____. ____ ____. ____. ____. ____

    access- l i s t 3 ______ ____. ____. ____. ____ ____. ____. ____. ____

    What would be the result of not including a statement to permit all other source

    addresses?

    __________________________________________________________________

    What would be the result of reversing the order of the 2 statements in the list?

    __________________________________________________________________

    Why are both statements using the same ACL number?

    __________________________________________________________________

    5. The final step is to determine the best location for the access list and the directionthe list should be applied. Examine the inter-network diagram and choose the

    appropriate interface and direction:

    Router: _____________, Interface: ______________, Direction: ______________

    The command to apply the access list: i p access- gr oup 3 ___ __

    6. Now that the ACL is completed, the ACL needs to be confirmed and tested.Test the functionality of the ACL by trying to send packets from the source host

    and verify that is to be permitted or denied as appropriate. In this case, ping will

    be used to test this.

    Ping the router from the host 192.168.1.2

    Were these pings successful? __________________________________________

    Why or why not? ___________________________________________________

    Change host IP address to 192.168.1.3, ping the router from the host

    Were these pings successful? __________________________________________

    Why or why not? ___________________________________________________

    5. Remove the Access list from the interface before finishing step

    Rx(conf i g- i f ) # no i p access- gr oup 3 [ i n | out ]

    39 of 59

  • 7/22/2019 ICND2 Exercise v1

    41/59

    Exercise 6-3: Configur ing Extended ACL

    Objective

    Configure, and apply an extended ACL to permit or deny specific traffic.

    Test the ACL to determine if the desired results were achieved.

    PC1R2R1 192.168.2.0/24

    .1 .2.1

    192.168.1.0/24

    192.168.3.0/24.2

    Lo0

    Step 1: Configure the routers and workstation

    1. On the routers, enter the global configuration mode and configure the hostname asshown in the diagram. Then configure the console, virtual terminal and enable

    passwords. Next configure the interfaces according to the diagram. Do not

    configure the routing protocol until specifically told to.

    Save the configuration information from the privileged EXEC command mode.

    2. Configure the workstation

    IP address 192.168.1.2

    Subnet mask 255.255.255.0

    Default gateway 192.168.1.1

    3. Confirm connectivity by pinging the default gateway from the host

    If the pings are not successful, correct the configuration and repeat until they aresuccessful.

    Step 2: Configure the routing protocol

    1. From the global configuration mode in the router R1, enter the following:

    R1( conf i g) #r out er r i p

    R1( conf i g- r out er ) #ver si on 2

    R1( conf i g- r out er ) #network 192. 168. 1. 0

    R1( conf i g- r out er ) #network 192. 168. 2. 0

    R1( conf i g- r out er ) #end

    2. From the global configuration mode in the router R2, enter the following:

    R2( conf i g) #r out er r i p

    R2( conf i g- r out er ) #ver si on 2

    R2( conf i g- r out er ) #network 192. 168. 2. 0

    R2( conf i g- r out er ) #network 192. 168. 3. 0

    R2( conf i g- r out er ) #end

    Ping all of the interfaces of the router R1 and R2 on the network from the host

    Were all of the interfaces sti