Lab 2-2: Connecting to theInternetActivity OverviewObjectivesIn this activity, you will establish Internet connectivity by enabling static routing, DHCP, and NAT. Aftercompleting this activity, you will be able to meet these objectives:Configure a static default routeEnable DHCP on a public interfaceConfigure NAT using a poolConfigure NAT with PAT

Visual ObjectiveThe figure illustrates what you will accomplish in this activity.Visual Objective for Lab 2-2: Connecting to theInternetBranch ServerHQPC1 SW1PC2 SW2 2013 Cisco Systems, Inc.Detailed Visual ObjectiveConfigure NATwith PAT. Branch HQOutside Internet ServerInsideConfigure static and DHCP-obtained IP addresses.PC1 SW1PC2 2013 Cisco Systems, Inc.Required ResourcesNo additional resources are required for this lab.L32 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.

Command ListThe table describes the commands that are used in this activity. The commands are listed in alphabeticalorder so that you can easily locate the information that you need. Refer to this list if you need configurationcommand assistance during the lab activity.Command Descriptionaccess-list acl_id permit network Configures a standard ACL that permits a networkwildcard_maskconfigure terminal Enters global configuration modedebug ip icmp Enables debugging of ICMP packetsinterface interface Enters interface configuration modeip address dhcp Configures an interface to obtain an IP address using DHCPip address ip_address network_mask Configures an IP address manually on an interfaceip nat inside Configures an interface as NAT inside interfaceip nat inside source list acl_id pool Configures a dynamic source NAT rule that translates addresses intopool_name IP addresses defined in the poolip nat inside source list acl_id interface Configures a dynamic source NAT or PAT rule that translatesinterface_name overload addresses into the IP address of an interfaceip nat outside Configures an interface as a NAT outside interfaceip nat pool pool_name start_IP end_IP Configures a NAT poolnetmask maskip route network network_mask Configures a static routenext_hop_addressping ip_address Pings an IP addressshow ip interface brief Displays the status and IP addresses of interfacesshow ip nat translations Displays active NAT translationsshow ip route Displays the routing tableshow users Displays information about the active lines on a routershutdown Disables an interfacetelnet ip_address Establishes a Telnet session to an IP addressterminal monitor Redirects debugging output to a Telnet sessionundebug all Disables all debuggingJob AidsThese job aids are available to help you complete the lab activity.The table shows the hardware that is used in the lab and the operating system that is running on the devices. 2013 Cisco Systems, Inc. Lab Guide L33

Device Hardware Operating SystemBranch Cisco 2901 Integrated Services Router c2900-universalk9-mz.SPA.152-4.M1HQ Cisco 2901 Integrated Services Router c2900-universalk9-mz.SPA.152-4.M1SW1 Catalyst 2960 Series Switch c2960-lanbasek9-mz.150-1.SE3PC1 Any PC Microsoft Windows 7PC2 Any PC Microsoft Windows 7There are no console or enable passwords set for the routers and switches in the initial lab setup. The tableshows the username and password that are used to access PC1 and PC2.Device Username PasswordPC1 Administrator adminPC2 Administrator adminTopology and IP AddressingDevices are connected with Ethernet links. The figure illustrates the interface identification and IPaddresses that are used in this lab setup.Topology and IP AddressingGi0/1 Gi0/1209.165.201.1 209.165.201.2Branch ServerInternetVLAN 1: 10.1.1.1 172.16.1.100Gi0/0 HQFa0/13PC1 SW1Fa0/1 10.1.1.1110.1.1.100 Fa0/30/3PC210.1.1.101 2013 Cisco Systems, Inc.The table shows the interface identification and IP addresses that are used in this lab setup.Device Interface IP Address/Subnet MaskBranch Gi0/1 209.165.201.1/27Branch Gi0/0 10.1.1.1/24HQ Gi0/1 209.165.201.2/27L34 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.

Device Interface IP Address/Subnet MaskHQ Loopback0 172.16.1.100/24SW1 VLAN1 10.1.1.11/24PC1 Ethernet adapter local area connection 10.1.1.100/24PC2 Ethernet adapter local area connection 10.1.1.101/24Task 1: Configure a Manual IP Address and StaticDefault RouteIn this task, you will configure an IP address on the Internet-facing interface of the Branch router. You willalso configure a static default route on the Branch router to reach Internet networks. Then you will verifyconnectivity between the Branch router, HQ router, and server.Activity ProcedureComplete the following steps:Step 1Access the Branch router.Step 2Verify interface status and IP address on the Branch router.Branch#show ip interface briefInterface IP-Address OK? Method Status ProtocolEmbedded-Service-Engine0/0 unassigned YES NVRAM administratively down downGigabitEthernet0/0 10.1.1.1 YES manual up upGigabitEthernet0/1 unassigned YES NVRAM administratively down downGigabitEthernet0/2 unassigned YES NVRAM administratively down downYou should see that only GigabitEthernet0/0 is up and configured with an IP address.Step 3Enable the GigabitEthernet0/1 interface. Manually assign the 209.165.201.1 IP address to the interface. Usea mask of 255.255.255.224. 2013 Cisco Systems, Inc. Lab Guide L35Branch(config)#interface gigabitEthernet 0/1Branch(config-if)#ip address 209.165.201.1 255.255.255.224Branch(config-if)#no shutdown

Step 4Verify interface status and IP address on the Branch router again.Branch#show ip interface briefInterface IP-Address OK? Method Status ProtocolEmbedded-Service-Engine0/0 unassigned YES NVRAM administratively down downGigabitEthernet0/0 10.1.1.1 YES manual up upGigabitEthernet0/1 209.165.201.1 YES manual up upGigabitEthernet0/2 unassigned YES NVRAM administratively down downSerial0/0/0 unassigned YES manual administratively down downThe GigabitEthernet0/1 interface should be up and it should have an IP address configured.Step 5From the Branch router, ping the HQ router at 209.165.201.2.Branch#ping 209.165.201.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 mThe ping should be successful, because the destination IP address is in a directly connected network.Step 6From the Branch router, ping the server at 172.16.1.100, which is behind the HQ router.Branch#ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:.....Success rate is 0 percent (0/5)The ping should not be successful. What is the reason for an unsuccessful ping?L36 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.

Step 7Verify the routing table on the Branch router.Branch#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is not set10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, GigabitEthernet0/0L 10.1.1.1/32 is directly connected, GigabitEthernet0/0209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, GigabitEthernet0/1L 209.165.201.1/32 is directly connected, GigabitEthernet0/1Is there a route present for the IP address of the server?Step 8On the Branch router, configure a static default route that points to the next-hop IP address 209.165.201.2.Step 9Branch#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]Branch(config)#ip route 0.0.0.0 0.0.0.0 209.165.201.2

Save the running configuration to the startup configuration.Step 10From the Branch router, ping the server at 172.16.1.100 again.Branch#ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msThe ping should be successful because you configured a static default route. 2013 Cisco Systems, Inc. Lab Guide L37

Step 11Verify the routing table on the Branch router.Branch#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is 209.165.201.2 to network 0.0.0.0S* 0.0.0.0/0 [1/0] via 209.165.201.210.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, GigabitEthernet0/0L 10.1.1.1/32 is directly connected, GigabitEthernet0/0209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, GigabitEthernet0/1L 209.165.201.1/32 is directly connected, GigabitEthernet0/1The default route is designated with S and an asterisk (*).Step 12Remove the previously configured static default route from the Branch router to prepare the router for thenext task.Step 13Branch(config)#no ip route 0.0.0.0 0.0.0.0 209.165.201.2

Verify the routing table on the Branch router again to make sure that no default route is present on therouter.Branch#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is not set10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, GigabitEthernet0/0L 10.1.1.1/32 is directly connected, GigabitEthernet0/0209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, GigabitEthernet0/1L 209.165.201.1/32 is directly connected, GigabitEthernet0/1L38 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.

Activity VerificationNo additional verification is needed in this task.Task 2: Configure a DHCP-Obtained IP AddressIn this task, you will configure the Branch router to obtain an IP address using DHCP from the HQ router.The HQ router has been preconfigured as a DHCP server. You will also verify connectivity between theBranch router, HQ router, and server.Activity ProcedureComplete the following steps:Step 1Access the Branch router.Step 2Configure the GigabitEthernet0/1 interface to obtain an IP address using DHCP.Branch(config)#interface gigabitEthernet 0/1Branch(config-if)#ip address dhcp

Step 3Branch#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]

Save the running configuration to the startup configuration.Step 4Verify interface status and IP address on the Branch router.Branch#show ip interface briefInterface IP-Address OK? Method Status ProtocolEmbedded-Service-Engine0/0 unassigned YES NVRAM administratively down downGigabitEthernet0/0 10.1.1.1 YES manual up upGigabitEthernet0/1 209.165.201.1 YES DHCP up upThe GigabitEthernet0/1 interface should be up and it should have an IP address that was configured throughDHCP. Write down the IP address in the space that is provided. 2013 Cisco Systems, Inc. Lab Guide L39

Step 5Verify the routing table on the Branch router.Branch#show ip routeCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is 209.165.201.2 to network 0.0.0.0S* 0.0.0.0/0 [254/0] via 209.165.201.210.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.0/24 is directly connected, GigabitEthernet0/0L 10.1.1.1/32 is directly connected, GigabitEthernet0/0209.165.201.0/24 is variably subnetted, 2 subnets, 2 masksC 209.165.201.0/27 is directly connected, GigabitEthernet0/1L 209.165.201.3/32 is directly connected, GigabitEthernet0/1You should see a default route present in the table. Where did the default route come from?Step 6From the Branch router, ping the HQ router at 209.165.201.2.Branch#ping 209.165.201.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 209.165.201.2, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 mThe ping should be successful.Step 7From the Branch router, ping the server at 172.16.1.100.Branch#ping 172.16.1.100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 msThe ping should be successful because the Branch router received knowledge of the default gateway fromthe DHCP server. The Branch router set the default route automatically and it set the route next-hop IPaddress to the IP address of the default gateway..L40 Interconnecting Cisco Networking Devices, Part 1 2013 Cisco Systems, Inc.

Step 8Access PC1.Step 9From PC1, ping the Branch router at its public IP address, which was obtained through DHCP.C:\>ping 209.165.201.1Pinging 209.165.201.1 with 32 bytes of data:Reply from 209.165.201.1: bytes=32 time=1ms TTL=255Reply from 209.165.201.1: bytes=32 time