Lab Guide Icnd2v1.1 Sls Latam-final-corregido

8/12/2019 Lab Guide Icnd2v1.1 Sls Latam-final-corregido

1/61

ICND2

Interconnecting CiscoNetworking DevicesPart 2

Version 1.0

Lab Guide


2/61

ICND2v1.0 SLS LATAM Lab Guide 1

Lab 1-1: Implementing a Small Network(Review Lab)

Activity Objective

In this activity, you will use the skills and knowledge that you acquired prior to taking this course to

implement a small network. You will use the commands reviewed in the related module to provide your

workgroup switch and router with a basic configuration for IP connectivity.

After completing this activity, you will be able to meet these objectives:

o Return your workgroup switch and router to their default configurationso Configure your workgroup switch and router with their proper identities and IP addressingo Provide basic security with passwords and port security

Visual Objetive

RouterA

SwitchA CoreRouter

CoreSwitchA

F0/11

F0/1 F0/13

F0/0 S0/0

F0/0

F0/2

ICND2v1.0 - Lab 1-1 - Topology

10.1.1.0/24

.10

.11

.3

VLAN1 VLAN1 VLAN1

Task 1: Setting Up the Workgroup Router

In this task, you will use the commands reviewed in the related module to provide your router with a basic

configuration for IP connectivity.

Activity Procedure

Complete these steps:


3/61


1. From your PC, establish a connection to the lab equipment.2. Configure your workgroup router with a hostname.

Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname RouterA

RouterA(config)#

3. Configure an enable secret password of sanfran, which will be used to gain access to privilegedEXEC mode.

RouterA(config)#enable secret sanfran

4. Assign an IP address to the first Ethernet interface (Fa1/0) of your router.

RouterA(config)#int f1/0RouterA(config-if)#ip address 10.1.1.11 255.255.255.0RouterA(config-if)#no shutdown

11:37:46: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up11:37:47: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceFastEthernet0/0, changed state to up

5. Provide a description for the interface configuration describing the connected destination.

RouterA(config-if)#description - Connected to SwitchA

6. Configure a message of the day banner warning unauthorized users not to log in.

RouterA(config)#banner login %Enter TEXT message. End with the character '%'.************************* Warning *****************************

Access to this device is restricted to authorized persons only!Un-authorized access is prohibited. Violators will be prosecuted.*****************************************************************%RouterA(config)#

7. Configure the router to require a password when accessing the router through the console port. Usethe password cisco.

RouterA(config)#line console 0RouterA(config-line)#password ciscoRouterA(config-line)#login

8. Configure the console port with the logging synchronous command.

RouterA(config-line)#logging synchronous

9. Configure the router to require a password when accessing the router through the first five vtylines, 0 through 4. Use a password of sanjose.

RouterA(config)#line vty 0 4RouterA(config-line)#password ciscoRouterA(config-line)#login

10. Save your running configuration to NVRAM.

RouterA(config-line)#end00:28:07: %SYS-5-CONFIG_I: Configured from console by console


4/61


RouterA#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]RouterA#

11.Utilize the following commands to verify your configuration settings:o show interfaces

What is the MAC address of the first Ethernet interface of the router (Fa1/0) which connects to

your switch?

o show running-configurationo show startup-configuration

Activity Verification

You have completed this task when you attain these results:

o Your router has the proper identity and IP addresses.o Your router has basic security configured with passwords.

Task 2: Setting Up the Workgroup Switch

In this task, you will use the commands reviewed in the related module to provide your switch with a basic

configuration for IP connectivity.

Activity Procedure


1. From your PC, establish a connection to the lab equipment.2. Configure your switch with a hostname.

Switch#conf tEnter configuration commands, one per line. End with CNTL/Z.Switch(config)#hostname SwitchA

1. Configure an enable secret password of sanfran, which will be used to gain access to privilegedEXEC mode.

SwitchA(config)#enable secret sanfran

3. Assign an IP address to the management VLAN interface of your workgroup switch.

SwitchA(config)#interface vlan 1SwitchA(config-if)#ip add 10.1.1.10 255.255.255.0

4. Assign a default gateway to your workgroup switch. Use the address of the CoreRouter, 10.1.1.3.

SwitchA(config)#ip default-gateway 10.1.1.3

5. Configure a message-of-the-day banner warning unauthorized users not to log in.

SwitchA(config)#banner login %Enter TEXT message. End with the character '%'.


5/61


************************* Warning *****************************Access to this device is restricted to authorized persons only!Un-authorized access is prohibited. Violators will be prosecuted.*****************************************************************%

SwitchA(config)#

6. Set the speed of port Fa0/11 on your workgroup switch to 100Mb/s.

SwitchA(config)#int f0/11SwitchA(config-if)#speed 100

7. Set the duplex setting of port Fa0/11 on your workgroup switch to full duplex.

SwitchA(config-if)#duplex full

8. Provide a description for the Fa0/11 interface describing the connected destination.

SwitchA(config-if)#description - Connected to SwitchCoreA

9. Provide a description for the Fa0/2 interface describing the connected destination.

SwitchA(config)#int f0/2SwitchA(config-if)#description - Connected to RouterA

10.Configure the switch to require a password when accessing the switch through the console port.Use the password cisco.

SwitchA(config)#line console 0SwitchA(config-line)#password ciscoSwitchA(config-line)#login

11.Configure the console port with the logging synchronous command.

SwitchA(config-line)#logging synchronous

12.Configure the switch to require a password when accessing the switch using the first five vty lines,0 through 4. Use a password of sanjose.

SwitchA(config)#line vty 0 4SwitchA(config-line)#password sanjoseSwitchA(config-line)#login

13.Shutdown unused ports.

SwitchA(config)#int range f0/0 - 1, f0/3 - 10, f0/12 - 15SwitchA(config-if-range)#shutdown

14.Save your running configuration to NVRAM.

SwitchA#copy running-config startup-configDestination filename [startup-config]?Building configuration...[OK]SwitchA#

15.Utilize the following commands to verify your configuration settings:

o show interfaceso show ip interface brief


6/61


o show running-configurationo show startup-configuration

16. Configure CoreRouter.

hostname CoreRouter

!interface FastEthernet1/0ip address 10.1.1.3 255.255.255.0speed 100full-duplexno shut!

17.Configure CoreSwitchA.

hostname CoreSwitchA!interface FastEthernet0/13duplex fullspeed 100!interface Vlan1no ip address!



o The switch has the proper identity and IP address.o The switch has basic security with passwords.

Task 3: Verifying Workgroup Connectivity

In this task, you will use the commands reviewed in the related module to verify your switch and router

connectivity.

Activity Procedure

Complete these steps from your switch:

1. Use Cisco Discovery Protocol to identify your router and core switch A as neighbors.

SwitchA#sh cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform PortIDSwitchCoreA Fas 0/11 144 R S I 3640 Fas0/1RouterA Fas 0/2 153 R 3640 Fas1/0

2. Ping the first Ethernet interface (Fa1/0) of your workgroup router.


7/61


SwitchA#ping 10.1.1.11

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.11, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/80 ms

3. Ping the CoreRouter address of 10.1.1.3.



Complete these steps from your router:

4. Use Cisco Discovery Protocol to identify your workgroup switch as a neighbor.

RouterA#sh cdp neighCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port IDSwitchA Fas 1/0 152 S I 3640 Fas 0/2

5. Ping the VLAN 1 interface of your workgroup switch.

RouterA#ping 10.1.1.10


6. Ping the CoreRouter address of 10.1.1.3.





o You have successfully viewed your directly connected Cisco Discovery Protocol neighbors fromyou workgroup router and switch.

o All of the pings from your workgroup router and switch were successful.


8/61


Lab 2-1: Configuring Expanded SwitchedNetworks

Activity Objective

In this activity, you will configure a switch to meet the specific VLAN requirements. After

completing this activity, you will be able to meet these objectives:

o Configure the switch to participate in a VTP domain and configure the switch for transparent modeo Configure trunking on a trunk port to provide access to a router on the networko Configure separate VLANs for separate logical networkso Configure spanning tree

Visual Objetive

RouterA SwitchA CoreRouterCoreSwitchA

F0/11

F0/1 F0/13

F0/0VLAN1

10.1.1.3/24

F0/0.2VLAN 2

10.2.2.3/24

F0/0 F0/2


10.1.1.10/24

VLAN2

Trunk 802.1qTrunk 802.1q

10.1.1.10/24

Task 1: Configure VTP and VTP Domains

In this activity, you will configure your workgroup switch to participate in a VTP domain in the

transparent mode. This will prevent VLAN changes made on the workgroup switch from propagating to

other switches in the lab.

Activity Procedure

Complete the following steps on your workgroup switch:

1. From your PC, establish a connection to the lab equipment.2. Use the enable command to enter privileged EXEC mode.3. Set the VTP domain name to ICND.


9/61


SwitchA#vlan databaseSwitchA(vlan)#vtp domain ICNDChanging VTP domain name from NULL to ICND

4. Set the VTP mode to transparent.

SwitchA(vlan)#vtp transparentSetting device to VTP TRANSPARENT mode.SwitchA(vlan)#exitAPPLY completed.Exiting....

5. Verify the VTP configuration using the show vtp status command. Your output should looksimilar to the following display:

SwitchA#show vtp statusVTP Version : 2Configuration Revision : 0Maximum VLANs supported locally : 256Number of existing VLANs : 5

VTP Operating Mode : TransparentVTP Domain Name : ICNDVTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x52 0x88 0x51 0xBF 0x58 0xC3 0x110xA7Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00


You have completed this task when you attain this result:

o Configured your workgroup switch to participate in a VTP domain in the transparent mode so thatany VLAN changes made on the workgroup switch are prevented from propagating to other

switches.

Task 2: Assign a Switch Port to Perform Trunking

The instructor has configured the core switches to trunk to the workgroup switches from their previous

nontrunking mode. This configuration effectively shuts off frames from passing between the core switches

and the workgroup switches and blocks your access to the core devices. You will configure trunking onone of the trunk ports so that you can reach the core router again.

Activity Procedure

Complete the following steps to configure trunking mode on your workgroup switch:

1. Set port Fa0/11 on your workgroup switch to trunk mode.

SwitchA(config)#int f0/11SwitchA(config-if)#switchport mode trunk*Mar 1 04:10:17.638: %DTP-5-TRUNKPORTON: Port Fa0/11 has become dot1q

trunk


10/61


2. Verify the trunk configuration. Your output should look similar to the following display:

SwitchA#show interface FastEthernet 0/11 switchportName: Fa0/11Switchport: Enabled

Administrative Mode: trunk

Operational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: DisabledAccess Mode VLAN: 0 ((Inactive))Trunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: ALLTrunking VLANs Active: 1Priority for untagged frames: 0Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: none

3. Set port Fa0/1 on your SwitchCoreA to trunk mode.

SwitchCoreA(config)#int f0/1SwitchCoreA(config-if)#switchport mode trunk*Mar 1 04:10:17.638: %DTP-5-TRUNKPORTON: Port Fa0/11 has become dot1qtrunk

4. To verify trunking, ping the core router at 10.1.1.3 from the workgroup switch.


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 24/45/112 ms


You have completed this task when you attain these results.

o Configured trunking on one trunk porto Pinged the core router to verify trunking and connectivity

Task 3: Configure Separate VLANs on the SwitchIn this task, you will configure a VLAN for the switch port that is connected to your workgroup router and

change the IP address of the first Ethernet interface on your workgroup router.

Activity Procedure

Complete the following steps to configure separate VLANs on your workgroup switch:

1. Create a VLAN for your workgroup switch.

SwitchA#vlan database

SwitchA(vlan)#vlan 2VLAN 10 added:Name: VLAN0002


11/61


SwitchA(vlan)#exitAPPLY completed.Exiting....

2. Using the show vlan-switch command from the EXEC mode, verify that the correct VLAN hasbeen added.

SwitchA#sh vlan-switch

VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/0, Fa0/1, Fa0/2, Fa0/3

Fa0/4, Fa0/5, Fa0/6, Fa0/7Fa0/8, Fa0/9, Fa0/10, Fa0/12Fa0/13, Fa0/14, Fa0/15

2 VLAN0002 active1002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 1002 10032 enet 100002 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 1 10031003 tr 101003 1500 1005 0 - - srb 1 10021004 fdnet 101004 1500 - - 1 ibm - 0 01005 trnet 101005 1500 - - 1 ibm - 0 0

3. Access the console port of CoreRouter.4. From your CoreRouter, configure one subinterfaces to FastEthernet interface (Fa1/0).

CoreRouter(config-subif)#int f1/0.2CoreRouter(config-subif)#encapsulation dot1q 2CoreRouter(config-subif)#ip address 10.2.2.3 255.255.255.0

CoreRouter#vlan database% Warning: It is recommended to configure VLAN from config mode,as VLAN database mode is being deprecated. Please consult userdocumentation for configuring VTP/VLAN in config mode.

CoreRouter(vlan)#vlan 2VLAN 2 added:

Name: VLAN0002CoreRouter(vlan)#exitAPPLY completed.Exiting....

5. Access the console port of your CoreSwitchA.6. From your SwitchCoreA, enter interface configuration mode for your interface (Fa0/13).

CoreSwitchA(config)#int f0/13CoreSwitchA (config-if)#switchport mode trunk*Mar 1 00:13:53.519: %DTP-5-TRUNKPORTON: Port Fa0/13 has become dot1qtrunk

CoreSwitchA #vlan databaseCoreSwitchA (vlan)#vlan 2VLAN 2 added:

Name: VLAN0002CoreSwitchA (vlan)#exit

APPLY completed.Exiting....


12/61


7. Set the workgroup switch port (port Fa0/2) that is connected to your workgroup router to yourassigned VLAN number.

SwitchA(config)#int f0/2SwitchA(config-if)#switchport access vlan 2

8. Configure spanning-tree portfast on the workgroup switch port that is connected to yourworkgroup router (port Fa0/2).

SwitchA(config-if)#spanning-tree portfast%Warning: portfast should only be enabled on ports connected to a single host.Connecting hubs, concentrators, switches, bridges, etc.to this interfacewhen portfast is enabled, can cause temporary spanning tree loops.Use with CAUTION

%Portfast has been configured on FastEthernet0/2 but will onlyhave effect when the interface is in a non-trunking mode.

Enter the proper show command for verifying that port Fa0/2 is now in the correct VLAN.

Your output should look similar to the following display:

SwitchA#sh vlan-switch brief


Fa0/5, Fa0/6, Fa0/7, Fa0/8Fa0/9, Fa0/10, Fa0/12, Fa0/13Fa0/14, Fa0/15

2 VLAN0002 active Fa0/2

1002 fddi-default active

1003 token-ring-default active1004 fddinet-default active1005 trnet-default active

9. Access the console port of your workgroup router.10.From your workgroup router, enter interface configuration mode for your first Ethernet interface

(Fa1/0).

RouterA(config)#intf1/0

11.Change the primary Ethernet interface in your workgroup router to 10.2.2.12 and assign a subnetmask of 24 bits.

RouterA(config-if)#ip add 10.2.2.12 255.255.255.0

12.Ping the core router at 10.x.x.3, in whichx is your assigned VLAN number, from your workgrouprouter.


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.2.2.3, timeout is 2 seconds:.!!!!Success rate is 80 percent (4/5), round-trip min/avg/max = 1/45/104 ms

Your ping should be successful. Why?


13/61


..

13.Ping your workgroup switch from your workgroup router.


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:.....Success rate is 0 percent (0/5)

Your ping should notbe successful. Why?

..

14.Enable inter-VLAN communications by configuring a default route on your workgroup router thatpoints to the core router using the ip route 0.0.0.0 0.0.0.0 10.2.2.3 command.Now ping your

workgroup switch.

RouterA(config)#ip route 0.0.0.0 0.0.0.0 10.2.2.3RouterA#exitRouterA#ping 10.1.1.10


Your ping should be successful? Why?

..

Note Notice that the default gateway on your workgroup switch is set to 10.1.1.3 so that

your workgroup switch can ping devices in other VLANs via the core router. If the

default gateway is not present in your configuration, add it by using the ip default-

gateway 10.1.1.3 command in global configuration mode.



o Configured a VLAN and assigned that VLAN to the switch port that is connected to yourworkgroup router

o Changed the IP address of the first Ethernet interface on your workgroup routero Assigned a default route to your workgroup routero Pinged devices in other VLANs to verify connectivity

Task 4: Configure the Rapid-PVST Protocol

In this task, you will configure the Rapid-PVST protocol, configure the second trunk port on your

workgroup switch so that it trunks to core switch B, and observe the Rapid-PVST convergence when aloop is created.


14/61


Visual Objetive

RouterA

SwitchARoot Bridge

CoreRouter

CoreSwitchANon-RootBridge

F0/11

F0/12

F0/13

F0/0VLAN1

10.1.1.3/24

F0/0.2VLAN 2

10.2.2.3/24

F0/0 F0/2


10.1.1.10/24

VLAN2

Trunk 802.1q

Trunk 802.1q

10.1.1.10/24

Trunk 802.1q

F0/1

F0/2

F

FB

F

10.1.1.2/24

Activity Procedure

Complete the following steps to configure the Rapid-PVST protocol on your workgroup switch:

1. Configure the interface on core switch A (F0/2) for trunking.

CoreSwitchA (config)#int f0/2CoreSwitchA (config-if)#switchport mode trunkCoreSwitchA (config-if)#speed 100CoreSwitchA (config-if)#duplex full

2. Make sure that the Fa0/12 interface on your workgroup switch is still shut down.

SwitchA#sh ip int briefInterface IP-Address OK? Method Status ProtocolFastEthernet0/0 unassigned YES unset administratively down down

FastEthernet0/1 unassigned YES unset administratively down downFastEthernet0/2 unassigned YES unset up upFastEthernet0/3 unassigned YES unset administratively down downFastEthernet0/4 unassigned YES unset administratively down downFastEthernet0/5 unassigned YES unset administratively down downFastEthernet0/6 unassigned YES unset administratively down downFastEthernet0/7 unassigned YES unset administratively down downFastEthernet0/8 unassigned YES unset administratively down downFastEthernet0/9 unassigned YES unset administratively down downFastEthernet0/10 unassigned YES unset administratively down downFastEthernet0/11 unassigned YES unset up upFastEthernet0/12 unassigned YES unset administratively down down

FastEthernet0/13 unassigned YES unset administratively down downFastEthernet0/14 unassigned YES unset administratively down downFastEthernet0/15 unassigned YES unset administratively down down

Vlan1 10.1.1.10 YES NVRAM up up


15/61


3. Configure the best spanning-tree priority to vlan 2 on Core Switch A .

CoreSwitchA (config)#spanning-tree vlan 2 priority 0

4. Set the speed of port Fa0/12 on your workgroup switch to 100Mb/sfull duplex.

SwitchA(config)#int f0/12SwitchA(config-if)#speed 100SwitchA(config-if)#duplex full

5. Set the port Fa0/12 on your workgroup switch to trunk mode.

SwitchA(config-if)#switchport mode trunk

6. Display trunk configuration.

SwitchA#sh interface f0/12 switchportName: Fa0/12Switchport: Enabled

Administrative Mode: trunkOperational Mode: downAdministrative Trunking Encapsulation: dot1qNegotiation of Trunking: DisabledAccess Mode VLAN: 0 ((Inactive))Trunking Native Mode VLAN: 1 (default)Trunking VLANs Enabled: ALLTrunking VLANs Active: nonePriority for untagged frames: 0Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: none

7. Enter the no shutdown command on the Fa0/12 interface on your workgroup switch.

SwitchA(config)#int f0/12SwitchA(config-if)#no shut

*Mar 1 02:01:29.067: %DTP-5-TRUNKPORTON: Port Fa0/12 has become dot1qtrunk

*Mar 1 02:01:31.503: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceFastEthernet0/12, changed state to up

8. Enter the command on Switch A to determine the spanning-tree state of the VLAN you created

earlier.

Which interfaces are in the forwarding state for the VLAN you created?

..

SwitchA#sh spanning-tree brief

VLAN1

Spanning tree enabled protocol ieeeRoot ID Priority 32768

Address cc01.18e0.0000This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768


16/61


Address cc01.18e0.0000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300

Interface DesignatedName Port ID Prio Cost Sts Cost Bridge ID Port ID-------------------- ------- ---- ----- --- ----- -------------------- -------

FastEthernet0/11 128.12 128 19 FWD 0 32768 cc01.18e0.0000 128.12FastEthernet0/12 128.13 128 19 FWD 0 32768 cc01.18e0.0000 128.13

VLAN2


Address cc04.24ac.0001Cost 19Port 12 (FastEthernet0/11)Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Address cc01.18e0.0001Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Interface DesignatedName Port ID Prio Cost Sts Cost Bridge ID Port ID-------------------- ------- ---- ----- --- ----- -------------------- -------FastEthernet0/2 128.3 128 19 FWD 19 32768 cc01.18e0.0001 128.3FastEthernet0/11 128.12 128 19 FWD 0 0 cc04.24ac.0001 128.2FastEthernet0/12 128.13 128 19 BLK 0 0 cc04.24ac.0001 128.3

9. Enter the command on CoreSwitchAto determine the spanning-tree state of the VLAN youcreated earlier.

Which interfaces are in the forwarding state for the VLAN you created?

..

CoreSwitchA#sh spanning-tree brief

VLAN1


Address cc01.18e0.0000Cost 19Port 2 (FastEthernet0/1)Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Address cc04.24ac.0000Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300

Interface DesignatedName Port ID Prio Cost Sts Cost Bridge ID Port ID-------------------- ------- ---- ----- --- ----- -------------------- -------FastEthernet0/1 128.2 128 19 FWD 0 32768 cc01.18e0.0000 128.12FastEthernet0/2 128.3 128 19 BLK 0 32768 cc01.18e0.0000 128.13FastEthernet0/13 128.14 128 19 FWD 19 32768 cc04.24ac.0000 128.14

VLAN2

Spanning tree enabled protocol ieee

Root ID Priority 0Address cc04.24ac.0001This bridge is the root


17/61


Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec


Address cc04.24ac.0001Hello Time 2 sec Max Age 20 sec Forward Delay 15 secAging Time 300

Interface DesignatedName Port ID Prio Cost Sts Cost Bridge ID Port ID-------------------- ------- ---- ----- --- ----- -------------------- -------FastEthernet0/1 128.2 128 19 FWD 0 0 cc04.24ac.0001 128.2FastEthernet0/2 128.3 128 19 FWD 0 0 cc04.24ac.0001 128.3FastEthernet0/13 128.14 128 19 FWD 0 0 cc04.24ac.0001 128.14

10.Use the output of the previous steps to answer the following questions:

What is the MAC address of the root bridge for the VLAN you created earlier?

..

Which switch is the root bridge?

..

What is the priority of the root bridge?

..

Which port is in the blocking state?

..

11.From your workgroup router, perform an extended ping to the core router (10.2.2.3) with a countof 45000.

RouterA#pingProtocol [ip]:Target IP address: 10.2.2.3Repeat count [5]: 45000Datagram size [100]:Timeout in seconds [2]:Extended commands [n]:Sweep range of sizes [n]:Type escape sequence to abort.Sending 45000, 100-byte ICMP Echos to 10.2.2.3, timeout is 2 seconds:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Note You should see continuous successful ping replies from the core router. The current

path from your switch to the core router should be via your FastEthernet0/11 port. If

not, do not proceed to the next step; instead, troubleshoot the problem or ask your

instructor for help.

1. At your workgroup switch, shut down interface Fa0/11.

SwitchA(config)#int f0/11


18/61


SwitchA(config-if)#shutdown

What happened to the extended ping to the core router?

..

Is the ping successful after a few seconds?

..

2. At your workgroup switch, re-enable interface Fa0/11.

SwitchA(config)#int f0/11SwitchA(config-if)#no shut

What happened to the extended ping to the core router?

..

Is the ping successful after a few seconds?

..

3. Stop the extended ping from your workgroup router to the core router by pressing Ctrl-Shift-64. Save your configuration to NVRAM, using copy run start5. Notify your instructor that you have completed the activity.


You have completed this activity when you attain these results:

o Configured a second trunk port on your workgroup switch to trunk to core switch Ao Observed an extended ping to the core router and shut down the forwarding trunking port to

observe a break in the pings.


19/61


Lab 4-1: Implementing OSPF

Activity Objective

In this activity, you will determine IP routes with the OSPF routing protocol. After completing thisactivity, you will be able to meet these objectives:

o Disable the LAN connections to the coreo Enable the serial connections on a workgroup routero Configure OSPF on a workgroup routero Configure plain text authentication for OSPFo Verify the correct operation and configuration of OSPF routing and OSPF plain text authentication

Visual Objetive

RouterA RouterB

SwitchA

CoreRouter F0/0

S0/1 S0/0

S0/0

F0/0

F0/2

S0/1S0/1

S0/0


F0/0

10.1.1.0/24

Loop0 192.168.1.65/28 Loop0192.168.1.81/28

10.3.3.0/24

10.140.2.0/2410.140.1.0/24

10.23.23.0/24

.1.2

.2.2

.1 .1

.3

.3.3

.11

10.2.2.0/24

Loop0 172.16.31.100/24

.

..

Task 1: Change the topologyThis task requires that you shut down the LAN connection from your workgroup to the core. You will also

change the IP address on your workgroup switch and the first Ethernet interface on your router.

Activity Procedure

Complete the following steps to disable the LAN connections between the workgroup and core:

1. From your PC, establish a connection to the lab equipment.2. Shut down the SwitchA ports (Fa0/11 and Fa0/12) that connect to core switch A.

SwitchA(config)#int range f0/11 - 12SwitchA(config-if-range)#shutdown


20/61


3. Configure the IP address on the VLAN 1 interface of your SwitchA to 10.2.2.11/24.

SwitchA(config)#int vlan 1SwitchA(config-if)#ip add 10.2.2.11 255.255.255.0

4. Configure the default gateways on the switch to be the first Ethernet interface of your router(10.2.2.3).

SwitchA(config)#ip default-gateway 10.2.2.3

5. Change the switch port that is connected to your router (Fa0/2) to VLAN 1 by entering interfaceconfiguration mode and issuing the appropriate command.

SwitchA(config)#int f0/2SwitchA(config-if)#switchport access vlan 1

6. Enter the show interface vlan 1 command to verify that you have configured the correct IP

address.

SwitchA#sh int vlan 1Vlan1 is up, line protocol is upHardware is EtherSVI, address is cc00.1828.0000 (bia cc00.1828.0000)Internet address is 10.2.2.11/24

. . .

7. Show the running configuration to verify that the default gateway is properly configured.

SwitchA#sh run

Building configuration.... . .!interface Vlan1ip address 10.2.2.11 255.255.255.0no ip route-cache!ip default-gateway 10.2.2.3ip http serverno ip http secure-server!. . .

SwitchA#sh ip default10.2.2.3

8. Enter the proper show vlan command to verify that the port to the routers is now in VLAN 1.

SwitchA#sh vlan-switch brief


Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11Fa0/12, Fa0/13, Fa0/14, Fa0/152 VLAN0002 active


21/61


1002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active

9. On the workgroup router, change the address of the Ethernet interface.

RouterA#sh ip int briefInterface IP-Address OK? Method Status ProtocolFastEthernet1/0 10.2.2.12 YES manual up up. . .

RouterA(config)#int f1/0RouterA(config-if)#ip add 10.2.2.3 255.255.255.0

10.Verify the first Ethernet interface of the workgroup router.

RouterA#sh ip int briefInterface IP-Address OK? Method Status Protocol

FastEthernet1/0 10.2.2.3 YES manual up up. . .

11.From your workgroup router, ping your workgroup switch to test connectivity. The ping should besuccessful.


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.2.2.11, timeout is 2 seconds:..!!!Success rate is 60 percent (3/5), round-trip min/avg/max = 1/88/140 ms



o Shut down the LAN connection from your workgroup to the coreo Changed the IP address on your workgroup switch and the first Ethernet interface on your router

Task 2: Enable Serial Connections on the Workgroup Router

This task requires that you remove the default route configured previously on the router, assign an IPaddress to your serial interfaces, and verify that you only have connectivity with directly connected

devices. Also this task will have you verify that you cannot reach the core router IP address of 10.1.1.3.

You will establish connectivity in the next task.

Activity Procedure

Complete the following steps on the workgroup router to enable a serial connection:

1. Remove the default route using the no ip route 0.0.0.0 0.0.0.0 10.2.2.3 command, which youconfigured in an earlier lab.

RouterA(config)#no ip route 0.0.0.0 0.0.0.0 10.2.2.3


22/61


2. Verify that the first two serial interfaces, S0/0 and S0/1, are configured for HDLC by using theshow interfaces serial interface command. The fourth line in the output should indicate your

encapsulation type.

RouterA#sh int serial 0/0Serial0/0 is administratively down, line protocol is down

Hardware is PowerQUICC SerialMTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255Encapsulation HDLC,loopback not setKeepalive set (10 sec)CRC checking enabled

. . .

RouterA#sh int serial 0/1Serial0/1 is administratively down, line protocol is downHardware is PowerQUICC SerialMTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255Encapsulation HDLC, loopback not setKeepalive set (10 sec)CRC checking enabled

. . .

3. On the workgroup router, change the address of the first serial interface (S0/0).

RouterA(config)#int s0/0RouterA(config-if)#ip add 10.140.1.2 255.255.255.0

4. Enter the no shutdown command on your first serial interface (S0/0).

RouterA(config-if)#no shut

00:44:15: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up

00:44:16: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,changed state to up

5. Configure the CoreRouter.

CoreRouter(config)#inter s0/0CoreRouter(config-if)#ip add 10.140.1.1 255.255.255.0

CoreRouter(config-if)#description To RouterACoreRouter(config-if)#bandwidth 64CoreRouter(config-if)#no shut

05:15:30: %LINK-3-UPDOWN: Interface Serial0/1, changed state to up05:15:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,changed state to up

CoreRouter(config)#inter se0/0CoreRouter(config-if)#ip add 10.140.2.1 255.255.255.0CoreRouter(config-if)#description To RouterBCoreRouter(config-if)#bandwidth 64CoreRouter(config-if)#no shut

05:18:10: %LINK-3-UPDOWN: Interface Serial0/0, changed state to up


23/61


05:18:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,changed state to up

6. Desde RouterA Ping the core router serial interface that is directly connected to your workgrouprouter (10.140.1.1).

The ping should work. Why?

..

7. Ping the core router at 10.1.1.3.

The ping did not work. Why not?

..

8. View your IP routing table to see all of the paths listed in the table.

RouterA#sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnetsC 10.2.2.0 is directly connected, FastEthernet0/0

C 10.140.1.0 is directly connected, Serial0/0

9. Verify whether a DCE or DTE cable is connected on your second serial interface (S0/1) by usingthe show controllers serial interface command. (Notice there is a

space between the word serial and the interfaceparameter.)

RouterA#sh controllers Serial0/1Interface Serial0/1Hardware is PowerQUICC MPC860DCE530, clock rate 64000idb at 0x85BAC400, driver data structure at 0x85BB3B0C. . .

10.If your second serial interface (S0/1), which connects to your partner workgroup router, is DCE,

assign a clock rate of 64000.

RouterA(config)#int s0/1RouterA(config-if)#bandwidth 64RouterA(config-if)#clock rate 64000

Note DTE interfaces do not require a clock rate to be set.

11.Configure the IP address of the second serial interface (S0/1).


24/61


RouterA(config-if)#ip address 10.23.23.1 255.255.255.0

12.Enter the no shutdown command on your second serial interface.

RouterA(config-if)#no shutRouterA(config-if)#

05:13:32: %LINK-3-UPDOWN: Interface Serial0/1, changed state to upRouterA(config-if)#05:13:33: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,changed state to up

13.Configure the RouterB.

hostname RouterB!enable secret sanfran!interface FastEthernet1/0description - Connected to SwitchB

ip address 10.3.3.3 255.255.255.0no shut!interface Serial0/0ip address 10.140.2.2 255.255.255.0no shut!interface Serial0/1ip address 10.23.23.2 255.255.255.0no shut!

banner login %************************* Warning *****************************

Access to this device is restricted to authorized persons only!Un-authorized access is prohibited. Violators will be prosecuted.*****************************************************************%!line con 0exec-timeout 0 0

password ciscologging synchronousloginline vty 0 4password ciscologin

14.Ping the second serial interface (S0/1) of RouterB.

The ping should work. Why?

..



o Removed the default route configured previously on the routero Assigned an IP address to your serial interfaceso Verified connectivity with your directly connected serial interface neighbor routers


25/61


o Verified that you cannot reach the core router IP address of 10.1.1.3 by unsuccessfully pinging therouter

Task 3: Enable Routing with OSPF

The purpose of this task is to configure OSPF on the router. You will do this by assigning the

routing process ID and identifying the networks that will participate in the OSPF routing

process.

Activity Procedure

Complete the following steps on the workgroup router:

1. Configure the loopback 0 interface on RouterA.

RouterA(config)#int loop 0

05:40:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,changed state to upRouterA(config-if)#ip add 192.168.1.65 255.255.255.240

2. Enable the OSPF routing protocol. Use an OSPF process ID of 100.

3. Enable OSPF on your loopback 0 interface, Fa0/0 interface, and two serial interfaces, S0/0 and

S0/1. All of the interfaces should be in area 0. Use four network statements with a wildcard mask

of 0.0.0.0 for each.

RouterA(config)#router ospf 100RouterA(config-router)#network 192.168.1.65 0.0.0.0 area 0

RouterA(config-router)#network 10.2.2.3 0.0.0.0 area 0

RouterA(config-router)#network 10.140.1.2 0.0.0.0 area 0RouterA(config-router)#network 10.23.23.1 0.0.0.0 area 0

4. Configure a bandwidth of 64 Kb on both serial interfaces, S0/0 and S0/1.

RouterA(config)#int s0/0RouterA(config-if)#bandwidth 64RouterA(config-if)#int s0/1RouterA(config-if)#bandwidth 64

15.Configure the RouterB.

int loop 0ip add 192.168.1.81 255.255.255.240

router ospf 100network 192.168.1.81 0.0.0.0 area 0network 10.3.3.3 0.0.0.0 area 0network 10.140.2.2 0.0.0.0 area 0network 10.23.23.2 0.0.0.0 area 0

int s0/0bandwidth 64

int s0/1bandwidth 64


26/61


Configure the Corerouter.

CoreRouter(config)#inter loopback 0CoreRouter(config)#ip add 172.16.31.100 255.255.255.0

05:19:50: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0,changed state to up

CoreRouter(config)#router ospf 100CoreRouter(config-router)#network 10.1.1.3 0.0.0.0 area 0CoreRouter(config-router)#network 172.16.31.100 0.0.0.0 area 0CoreRouter(config-router)#network 10.140.2.1 0.0.0.0 area 0CoreRouter(config-router)#network 10.140.1.1 0.0.0.0 area 0

06:32:57: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.81 on Serial0/0from LOADING to FULL, Loading Done

06:33:15: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.65 on Serial0/1from LOADING to FULL, Loading Done



o Assigned the routing process IDo Identified the networks that will participate in the OSPF routing process

Task 4: Enable OSPF Plain Text Authentication

The purpose of this task is to configure OSPF authentication on the router. The OSPF protocol

will not advertise routes between neighbors until they have correctly identified themselves.

Activity Procedure


1. Enable your router to utilize plain text OSPF authentication with each of your neighbor OSPFrouters. Assign a password to be used with all neighboring routers that use OSPF plain text

password authentication (CoreRouter and RouterB). Use san-fran as a password.

RouterA(config)#int s0/0RouterA(config-if)#ip ospf authenticationRouterA(config-if)#ip ospf authentication-key san-fran

00:21:25: %OSPF-5-ADJCHG: Process 100, Nbr 172.16.31.100 on Serial0/0

from LOADING to FULL, Loading Done


27/61


RouterA(config-if)#int s0/1RouterA(config-if)#ip ospf authenticationRouterA(config-if)#ip ospf authentication-key san-fran

2. Enable RouterB to utilize plain text OSPF authentication with each of your neighbor OSPFrouters. Assign a password to be used with all neighboring routers that use OSPF plain text

password authentication (CoreRouter and RouterA). Use san-fran as a password.

int s0/0ip ospf authenticationip ospf authentication-key san-fran


3. Enable CoreRouter to utilize plain text OSPF authentication with each of your neighbor OSPFrouters. Assign a password to be used with all neighboring routers that use OSPF plain text

password authentication (RouterB and RouterA). Use san-fran as a password.





o Assigned an authentication passwordo Enabled authentication

Task 5: Verify OSPF Routing and Plain Text Authentication

In this topic, you will verify the operation and configuration of the OSPF routing protocol and plain text

authentication. You will do this using several show commands.

Activity Procedure


1. Use the show iproute command to verify the routes learned from the OSPF routing protocol. Youroutput should look similar to the following display:


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route


28/61



10.0.0.0/24 is subnetted, 6 subnetsC 10.23.23.0 is directly connected, Serial0/1O 10.3.3.0 [110/1563] via 10.23.23.2, 00:06:04, Serial0/1

C 10.2.2.0 is directly connected, FastEthernet1/0O 10.1.1.0 [110/1563] via 10.140.1.1, 00:16:09, Serial0/0O 10.140.2.0 [110/3124] via 10.140.1.1, 00:16:09, Serial0/0

[110/3124] via 10.23.23.2, 00:06:04, Serial0/1

C 10.140.1.0 is directly connected, Serial0/0192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.1.64/28 is directly connected, Loopback0O 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:06:04, Serial0/1

RouterB#sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route


10.0.0.0/24 is subnetted, 6 subnetsC 10.23.23.0 is directly connected, Serial0/1C 10.3.3.0 is directly connected, FastEthernet1/0O 10.2.2.0 [110/1563] via 10.23.23.1, 00:09:18, Serial0/1O 10.1.1.0 [110/1563] via 10.140.2.1, 00:11:40, Serial0/0

C 10.140.2.0 is directly connected, Serial0/0O 10.140.1.0 [110/3124] via 10.140.2.1, 00:11:40, Serial0/0[110/3124] via 10.23.23.1, 00:09:18, Serial0/1

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masksO 192.168.1.65/32 [110/1563] via 10.23.23.1, 00:09:18, Serial0/1C 192.168.1.80/28 is directly connected, Loopback0

2. Use the show ip protocols command to verify that the OSPF routing protocol is enabled and that

the routing process ID that you assigned in Task 1 are recognized by OSPF (the router ID should

be the IP address of the loopback interface of your orkgroup router). Your output should look

similar to the following display:

RouterA#sh ip protocolsRouting Protocol is "ospf 100"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setRouter ID 192.168.1.65

Number of areas in this router is 1. 1 normal 0 stub 0 nssaMaximum path: 4Routing for Networks:10.2.2.3 0.0.0.0 area 010.23.23.1 0.0.0.0 area 010.140.1.2 0.0.0.0 area 0192.168.1.65 0.0.0.0 area 0

Reference bandwidth unit is 100 mbps

Routing Information Sources:Gateway Distance Last Update


29/61


192.168.1.81 110 00:11:21172.16.31.100 110 00:21:26

Distance: (default is 110)

3. Use the show ip ospf neighbor command to display the neighbor status. Your output should look

similar to the following display:

RouterA#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface172.16.31.100 0 FULL/ - 00:00:37 10.140.1.1 Serial0/0192.168.1.81 0 FULL/ - 00:00:31 10.23.23.2 Serial0/1

What is the neighbor state to the core and adjacent workgroup router?

..

What is the neighbor ID used by these routers?

..

4. Ping the CoreRouter Ethernet Interface (10.1.1.3). Ping the Ethernet interface of RouterB(10.3.3.3). These pings should be successful.

RouterA#ping 10.1.1.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/26/88 ms


5. Use the debug ip ospf events command to display the OSPF hello messages sent to the router.

Your output should look similar to the following display:

RouterA#debug ip ospf eventsOSPF events debugging is on

00:53:43: OSPF: Rcv hello from 192.168.1.81 area 0 from Serial0/1 10.23.23.2

00:53:43: OSPF: End of hello processing00:53:44: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 10.2.2.300:53:44: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/1 from 10.23.23.100:53:44: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 10.140.1.2RouterA#00:53:46: OSPF: Rcv hello from 172.16.31.100 area 0 from Serial0/0 10.140.1.100:53:46: OSPF: End of hello processingRouterA#00:53:53: OSPF: Rcv hello from 192.168.1.81 area 0 from Serial0/1 10.23.23.200:53:53: OSPF: End of hello processing00:53:54: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 10.2.2.300:53:54: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/1 from 10.23.23.100:53:54: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0 from 10.140.1.2RouterA#

00:53:56: OSPF: Rcv hello from 172.16.31.100 area 0 from Serial0/0 10.140.1.100:53:56: OSPF: End of hello processingRouterA#


30/61


6. Turn debugging off. Your output should look similar to the following display:

RouterA#undebug allAll possible debugging has been turned off

7. Save your running configuration to NVRAM.8.Notify your instructor that you have completed the activity.



o Verified the operation and configuration of the OSPF routing protocol by using the appropriateshow and debug commands

o Verified connectivity by pinging remote addresses that are not directly connected to yourworkgroup router


31/61


Lab 5-1: Implementing EIGRP

Activity Objective

In this activity, you will determine routes from a workgroup to a core site with EIGRP. After completing

this activity, you will be able to meet these objectives:

o Configure EIGRP on the routero Configure MD5 authentication for EIGRPo Verify the correct operation and configuration of EIGRP routing using show commands, and

verify the correct operation and configuration of EIGRP MD5 authentication

o Debug the EIGRP neighbor processes

Visual Objetive

RouterA RouterB

SwitchA

CoreRouter F0/0

S0/1 S0/0

S0/0

F0/0

F0/2

S0/1S0/1

S0/0


F0/0

10.1.1.0/24

Loop0 192.168.1.65/28 Loop0192.168.1.81/28

10.3.3.0/24

10.140.2.0/2410.140.1.0/24

10.23.23.0/24

.1.2

.2.2

.1 .1

.3

.3.3

.11

10.2.2.0/24

Loop0 172.16.31.100/24

.

..

Job Aids

In this activity, you will use the default encapsulation for a serial link, HDLC, to distribute routing

protocol traffic from your workgroup to the core. You will configure the EIGRP routing protocol,

implementing EIGRP MD5 authentication to ensure routing update authenticity. Then you will verify the

configuration and operation of EIGRP.

The following table lists the IP addresses that you will use in this lab activity. Subnet masks are designated

with /bits to indicate the number of network bits inthe mask.

Task 1: Enable Routing with EIGRP

The purpose of this task is to configure EIGRP on the router. You will do this by assigning the routingautonomous system and identifying the networks that will participate in the EIGRP routing process.


32/61


33/61


RouterA(config-if)#int s0/1RouterA(config-if)#ip authentication mode eigrp 100 md5RouterA(config-if)#ip authentication key-chain eigrp 100 icndchain

3. Configure RouterB.

router eigrp 100network 10.0.0.0network 192.168.1.0

key chain icndchainkey 1key-string san-fran

int s0/0ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100 icndchain

int s0/1

ip authentication mode eigrp 100 md5ip authentication key-chain eigrp 100 icndchain

4. Configure CoreRouter.



o Created and implemented an EIGRP keychaino Enabled the EIGRP MD5 authentication

Task 3: Verify EIGRP Routing and MD5 Authentication

In this topic, you will verify the operation and configuration of the EIGRP routing protocol.

You will do this using several show commands.

Activity Procedure


1. Use the show ip route command to verify that the routes are learned from EIGRP. Your outputshould look similar to the following display:


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route


172.16.0.0/24 is subnetted, 1 subnetsD 172.16.31.0 [90/40640000] via 10.140.1.1, 00:00:12, Serial0/0


34/61


10.0.0.0/8 is variably subnetted, 7 subnets, 2 masksC 10.23.23.0/24 is directly connected, Serial0/1D 10.3.3.0/24 [90/40514560] via 10.23.23.2, 00:00:12, Serial0/1C 10.2.2.0/24 is directly connected, FastEthernet0/0D 10.1.1.0/24 [90/40514560] via 10.140.1.1, 00:00:12, Serial0/0D 10.0.0.0/8 is a summary, 00:17:36, Null0

D 10.140.2.0/24 [90/41024000] via 10.140.1.1, 00:00:12, Serial0/0[90/41024000] via 10.23.23.2, 00:00:12, Serial0/1

C 10.140.1.0/24 is directly connected, Serial0/0192.168.1.0/24 is variably subnetted, 3 subnets, 3 masks

C 192.168.1.64/28 is directly connected, Loopback0O 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:25:37, Serial0/1D 192.168.1.0/24 is a summary, 00:00:13, Null0

Do you see a mix of OSPF and EIGRP routes? Why or why not?

..

2. Use the show ip protocolscommand to verify that EIGRP is enabled and that EIGRP recognizesthe autonomous system. Your output should look similar to the following display:

RouterA#sh ip protocols. . .. . .Routing Protocol is "eigrp 100"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setDefault networks flagged in outgoing updatesDefault networks accepted from incoming updatesEIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

EIGRP maximum hopcount 100EIGRP maximum metric variance 1Redistributing: eigrp 100EIGRP NSF-aware route hold timer is 240sAutomatic network summarization is in effect

Automatic address summarization:192.168.1.0/24 for FastEthernet0/0, Serial0/0, Serial0/1

Summarizing with metric 12825610.0.0.0/8 for Loopback0Summarizing with metric 28160

Maximum path: 4Routing for Networks:10.0.0.0

192.168.1.0Routing Information Sources:Gateway Distance Last Update(this router) 90 00:03:4910.23.23.2 90 00:03:4910.140.1.1 90 00:03:49

Distance: internal 90external 170

3. Use the show ip eigrp neighbor command to display the neighbor status. Your output should looksimilar to the following display:

RouterA#sh ip eigrp neighbor

IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num


35/61


1 10.23.23.2 Se0/1 12 00:07:12 105 2280 0 80 10.140.1.1 Se0/0 14 00:19:14 69 2280 0 8

4. Ping the loopback interface (172.16.31.100) of the core router. Ping Ethernet LAN interface ofRouterB. These pings should be successful.





o Verified the operation and configuration of the EIGRP routing protocol by using the showcommands

o Verified connectivity by pinging remote addresses not directly connected to your workgroup router

Task 4: Debug Routing with EIGRP

In this task, you will debug EIGRP. This will help you know what to look for when you need to

troubleshoot EIGRP issues.

Activity Procedure


1. Display the EIGRP neighbor events with the debug eigrp neighbors command.2. Enter interface configuration mode and enter the shutdown command on your second serial

interface.

3. Wait ten seconds and then enter the no shutdown command on your serial interface. Your output

should look similar to the following display:

RouterA#debug eigrp neighborEIGRP Neighbors debugging is on

02:23:21: EIGRP: Packet from ourselves ignored

RouterA(config)#int s0/1RouterA(config-if)#shut

02:23:24: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.81 on Serial0/1 from FULLto DOWN, Neighbor Down: Interface down or detached02:23:24: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100:Neighbor 10.23.23.2 (Serial0/1) isdown: interface down


36/61


2:23:24: Going down: Peer 10.23.23.2 total=1 stub 0 template=1, iidb-stub=0 iid-all=0

02:23:24: EIGRP:Neighbor 10.23.23.2 went down on Serial0/102:23:26: %LINK-5-CHANGED: Interface Serial0/1, changed state toadministratively down02:23:27: %LINEPROTO-5-UPDOWN: Line protocolon Interface Serial0/1, changed

state to down

RouterA(config-if)#no shut

02:23:37: %LINK-3-UPDOWN: InterfaceSerial0/1, changed state to up02:23:38: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.81 on Serial0/1 fromLOADING to FULL, Loading Done02:23:38: EIGRP:New peer 10.23.23.2total=2 stub 0 template=1 idbstub=0iidball=1

02:23:38: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100:Neighbor 10.23.23.2 (Serial0/1) isup: new adjacency02:23:38: %LINEPROTO-5-UPDOWN: Line protocolon Interface Serial0/1, changedstate to up

02:23:40: EIGRP: Packet from ourselves ignored

4. Turn debugging off.

RouterA#undebug allAll possible debugging has been turned off

5. Save your running configuration to NVRAM.6. Notify your instructor that you have completed the activity.


You have completed this activity when you attain this result:

o Debugged EIGRP by using the debug eigrp neighbor command


37/61


Lab 6-1: Implementing and TroubleshootingACLs

Complete the lab activity to practice what you learned in the related module.

Activity Objective

In this activity, you will configure IP ACLs. After completing this activity, you will be able to meet these

objectives:

o Create an IP extended access list to block Telnet traffic, apply it to an interface, and verify itsoperation

o Create an IP extended ACL to permit requests from your workgroupo Troubleshoot to isolate and resolve an ACL problem

Visual Objetive

RouterA RouterB

SwitchA

CoreRouter F0/0

S0/1 S0/0

S0/0

F0/0

F0/2

S0/0


F0/0

10.1.1.0/24

10.3.3.0/24

10.140.2.0/2410.140.1.0/24

.2.2

.1 .1

.3

.3.3

.11

10.2.2.0/24

Task 1: Create an Extended ACL to Block Telnet Traffic intoYour Workgroup

In this task, you will configure an extended IP ACL to block incoming Telnet traffic from outside of your

workgroup. You will configure the ACL, apply it to an interface, and verify the configuration by having

RouterB try to establish a Telnet session into your workgroup switch. If you have correctly configured the

ACL, the Telnet request should fail. Next try to ping the same device, which should succeed.

Activity Procedure


38/61


Complete these steps on the workgroup router:

1. From your PC, establish a connection to the lab equipment.2. Shut down the second serial interface (S0/1) of your workgroup router using the shutdown

command.

RouterA(config)#int s0/1RouterA(config-if)#shutdown

02:56:23: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.81 on Serial0/1from FULL to DOWN, Neighbor Down: Interface down or detached02:56:24: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 10.23.23.2(Serial0/1) is down: interface down

02:56:25: %LINK-5-CHANGED: Interface Serial0/1, changed state toadministratively down02:56:26: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,changed state to down

3. Create an IP extended ACL to deny only Telnet traffic into your workgroup.

RouterA(config)#access-list 101 deny tcp any any eq telnetRouterA(config)#access-list 101 permit ip any any

4. Apply the IP extended ACL to your first serial interface.

Should the extended ACL be applied as an inbound or outbound ACL?

..

RouterA(config)#int s0/0

RouterA(config-if)#ip access-group 101 in

5. Enter the show ip access-list command to display the content of your IP extended ACL.

RouterA#sh ip access-listsExtended IP access list 101

10 deny tcp any any eq telnet20 permit ip any any (94 matches)

6. Enter the show ip interface serial interface command to verify that the ACL is applied to the firstserial interface.

RouterA#sh ip int s0/0Serial0/0 is up, line protocol is upInternet address is 10.140.1.2/24Broadcast address is 255.255.255.255Address determined by non-volatile memoryMTU is 1500 bytesHelper address is not setDirected broadcast forwarding is disabledMulticast reserved groups joined: 224.0.0.5 224.0.0.10Outgoing access list is not setInbound access list is 101Proxy ARP is enabled

. . .

7. From RouterB establish a Telnet session into your workgroup switch, (10.2.2.11).


39/61


Note All attempts to use Telnet into your workgroup switch should fail.

RouterB#telnet 10.2.2.11Trying 10.2.2.11 ...% Destination unreachable; gateway or host down

8. From RouterB ping your workgroup switch (10.2.2.11).

Note All traffic into your workgroup devices except Telnet traffic should be successful.

RouterB#ping 10.2.2.11




o Created an IP extended ACL that blocks incoming Telnet traffic, but allows all other traffic from

outside of your workgroup

Task 2: Create an Extended ACL to Block ICMP Traffic fromyour Workgroup

In this task, you will configure an extended IP ACL to permit only outbound Ping traffic from inside ofyour workgroup. You will configure the ACL, apply it to an interface, and verify the configuration by

having SwitchA try to ping to RouterB. If you have correctly configured the ACL, the ping request should

fail. Next try to established telnet session to the same device, which should fail.

Activity Procedure


1. Create an IP extended ACL to permit only ICMP traffic from your workgroup.

RouterA(config)#access-list 102 permit icmp any any

2. Apply the IP extended ACL to your first serial interface.

Should the extended ACL be applied as an inbound or outbound ACL?

..

RouterA(config)#int s0/0RouterA(config-if)#ip access-group 102 out

3. Enter the show ip access-list command to display the content of your IP extended ACL.

RouterA#sh ip access-listsExtended IP access list 101


40/61


10 deny tcp any any eq telnet (3 matches)20 permit ip any any (602 matches)

Extended IP access list 10210 permit icmp any any

4. Enter the show ip interface serial interface command to verify that the ACL is applied to the first

serial interface.

RouterA#sh ip int s0/0Serial0/0 is up, line protocol is upInternet address is 10.140.1.2/24Broadcast address is 255.255.255.255Address determined by non-volatile memoryMTU is 1500 bytesHelper address is not setDirected broadcast forwarding is disabledMulticast reserved groups joined: 224.0.0.5 224.0.0.10Outgoing access list is 102Inbound access list is 101

Proxy ARP is enabled. . .

5. From SwitchA establish a Telnet session to RouterB, (10.3.3.3).

Note All attempts to use Telnet from your workgroup switch should fail.

SwitchA#telnet 10.3.3.3Trying 10.3.3.3 ...% Destination unreachable; gateway or host down

6. From SwitchA ping to RouterB (10.3.3.3).

Note Only ping traffic from your workgroup devices should be successful.





o Created an IP extended ACL that permit outbound ICMP traffic from your workgroup.

Task 3: Remove the ACLs from the Serial Interface

In this task, you will clean up after the lab so that the configuration changes you made here do not

negatively affect the next lab. It is important to complete this task.

Activity Procedure


41/61



1. Remove all access groups from the serial interface.

RouterA(config)#int s0/0RouterA(config-if)#no ip access-group 101 in

RouterA(config-if)#no ip access-group 102 out

2. Remove both ACLs.

RouterA(config)#no access-list 101RouterA(config)#no access-list 102

3. Save your running configuration to NVRAM.4. Notify your instructor that you have completed the activity.



o Removed all access groups from the serial interfaceo Removed both ACLs in global configuration mode


42/61


Lab 7-1: Configuring NAT and PAT

Complete this lab activity to practice what you learned in the related module.

Activity ObjectiveIn this activity, you will configure your workgroup router for PAT. After completing this activity, you will

be able to meet these objectives:

o Configure inside and outside NAT interfaces and an IP ACL to permit hosts to use PATo Use show commands to verify the NAT configuration

Visual Objetive

RouterA RouterB

SwitchA

CoreRouter F0/0

S0/1 S0/0

S0/0

F0/0

F0/2

S0/0


F0/0

10.1.1.0/24

10.3.3.0/24

10.140.2.0/2410.140.1.0/24

.2.2

.1 .1

.3

.3.3

.11

10.2.2.0/24

Task 1: Configure PAT

In this task, you will configure your router to provide a single address to the outside world for any

workgroup address that needs to access the public network. First you will verify that you have connectivity

from your workgroup router to the core router. Then you will configure both inside and outside NAT

interfaces. Finally, you will configure an IP ACL to permit certain hosts to use PAT.

Activity Procedure

Complete these steps to configure port address translation:

1. From your PC, establish a connection to the lab equipment.2. From your workgroup switch, verify that you can ping the core router (10.1.1.3).



43/61



3. To begin your NAT configuration, configure the first Ethernet interface on your workgroup router

as the inside interface.

RouterA(config)#int f1/0RouterA(config-if)#ip nat inside

4. To continue the NAT configuration, configure the first serial interface of your workgroup router asthe outside interface.

RouterA(config-if)#int s0/0RouterA(config-if)#ip nat outside

5. Configure a standard IP ACL to permit any host on your workgroup FastEthernet subnet,

10.2.20/24, to be translated by the PAT process.

RouterA(config)#access-list 1 permit 10.2.2.0 0.0.0.255

6. Configure PAT using the first serial interface IP address as the inside global IP address.

RouterA(config)#ip nat inside source list 1 interface serial0/0 overload

7. Enable NAT debugging.

RouterA#debug ip natIP NAT debugging is on



o Verified that you have connectivity from your workgroup router to the core routero Configured both inside and outside NAT interfaceso Configured an IP ACL to permit certain hosts to use PAT

Task 2: Verify PAT Using show and debug Commands

In this task, you will verify that PAT is configured correctly.

Activity Procedure

Complete these steps to verify port address translation:

1. From your workgroup switch, verify that you can ping the core router (10.1.1.3) to trigger the PATprocess on your workgroup router.


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:


44/61


!!!!!Success rate is 100 percent (5/5),round-trip min/avg/max=100/380/1008 ms

2. You should see output from the NAT debug command.

RouterA#

04:08:44: NAT*: s=10.2.2.11->10.140.1.2, d=10.1.1.3 [15]04:08:45: NAT*: s=10.1.1.3, d=10.140.1.2->10.2.2.11 [15]04:08:45: NAT*: s=10.2.2.11->10.140.1.2, d=10.1.1.3 [16]04:08:45: NAT*: s=10.1.1.3, d=10.140.1.2->10.2.2.11 [16]04:08:45: NAT*: s=10.2.2.11->10.140.1.2, d=10.1.1.3 [17]04:08:45: NAT*: s=10.1.1.3, d=10.140.1.2->10.2.2.11 [17]04:08:46: NAT*: s=10.2.2.11->10.140.1.2, d=10.1.1.3 [18]04:08:46: NAT*: s=10.1.1.3, d=10.140.1.2->10.2.2.11 [18]04:08:46: NAT*: s=10.2.2.11->10.140.1.2, d=10.1.1.3 [19]04:08:46: NAT*: s=10.1.1.3, d=10.140.1.2->10.2.2.11 [19]

3. From your workgroup router, enter the show ip nat translations command. Your output shouldlook similar to the following display:

RouterA#sh ip nat translationsPro Inside global Inside local Outside local Outside globalicmp 10.140.1.2:4 10.2.2.11:4 10.1.1.3:4 10.1.1.3:4

4. Enter the show ip natstatistics command. Your output should look similar to the followingdisplay:

RouterA#sh ip nat statisticsTotal active translations: 1 (0 static, 1 dynamic; 1 extended)Outside interfaces:Serial0/0

Inside interfaces:FastEthernet0/0

Hits: 10 Misses: 0CEF Translated packets: 10, CEF Punted packets: 0Expired translations: 0Dynamic mappings:-- Inside Source[Id: 1] access-list 1 interface Serial0/0 refcount 1Appl doors: 0Normal doors: 0Queued Packets: 0

5. Disable all of the PAT configurations on your workgroup router.

RouterA(config)#int s0/0RouterA(config-if)#no ip nat outside

RouterA(config)#int f0/0RouterA(config-if)#no ip nat inside

RouterA(config)#no ip nat inside source list 1 interface Serial0/0overloadRouterA(config)#no access-list 1 permit 10.2.2.0 0.0.0.255

6. Ping the core router (10.1.1.3) from your workgroup switch to verify that your configuration isworking.



45/61



7. Save your running configuration to NVRAM.8. Notify your instructor that you have completed the ac9. tivity.



o Verified that PAT is configured correctly by pinging the core router (10.1.1.3)o Disabled all PAT configurations on your workgroup router


46/61


Lab 7-2: Implementing IPv6

Complete this lab activity to practice what you learned in the related module.

Activity ObjectiveIn this activity, you will allocate and configure IPv6 addresses on your workgroup routers.

After completing this activity, you will be able to meet these objectives:

o Determine how to allocate IPv6 addresses for the assigned routers, given an IPv6 numberingscheme and a prefix

o Configure router interfaces for IPv6 and assign addresseso Configure RIP to support IPv6 and IPv6 addresseso Configure and verify a dual-stack router configuration

Visual Objetive

RouterA RouterB

S0/1S0/1


Loop2

192.168.1.65/28

Loop2

192.168.1.81/28

..

Task 1: IPv6 Preparation

Task 1 is an address-planning exercise. Configuration will begin in Task 2.

Activity Procedure


1. Use the information below to complete the following worksheet for each router in your group:

IPv4 Loopback 2Interface Address

Interface S0/1IPv6 Address

Interface Loopback2 IPv6Address


47/61


48/61


RouterA(config-if)#int s0/1RouterA(config-if)#no shut

00:04:54: %LINK-3-UPDOWN: Interface Serial0/1, changed state to up00:04:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,changed state to up

3. Enable IPv6 on your workgroup router.

RouterA(config)#ipv6 unicast-routing

4. Assign the second serial interface (S0/1) the IPv6 address determined in Task 1.

RouterA(config-if)#int s0/1RouterA(config-if)#ipv6 address 2001:410:1:10::/64 eui-64

5. Create a loopback 2 interface and assign it the IPv6 address determined in Task 1.

RouterA(config)#int loopback 2

00:10:31: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback2,changed state to upRouterA(config-if)#ipv6 address 2001:0410:0001:1::/64 eui-64


ipv6 unicast-routing

int s0/1ipv6 address 2001:410:2:10::/64 eui-64

int loopback 2

ipv6 address 2001:0410:0001:2::/64 eui-64

7. Display the IPv6 interface information to verify that all of the interfaces on your workgroup routerare configured with the appropriate IPv6 address.

Your output should resemble the following:

RouterA#sh ipv6 intSerial0/1 is up, line protocol is upIPv6 is enabled, link-local address is FE80::CA02:2DFF:FE24:0No Virtual link-local address(es):Global unicast address(es):2001:410:1:10:CA02:2DFF:FE24:0, subnet is 2001:410:1:10::/64 [EUI]

Joined group address(es):FF02::1FF02::2FF02::1:FF24:0

MTU is 1500 bytesICMP error messages limited to one every 100 millisecondsICMP redirects are enabledICMP unreachables are sentND DAD is enabled, number of DAD attempts: 1ND reachable time is 30000 millisecondsHosts use stateless autoconfig for addresses.

Loopback2 is up, line protocol is upIPv6 is enabled, link-local address is FE80::CA02:2DFF:FE24:0

No Virtual link-local address(es):Global unicast address(es):


49/61


2001:410:1:1:CA02:2DFF:FE24:0, subnet is 2001:410:1:1::/64 [EUI]Joined group address(es):FF02::1FF02::2FF02::1:FF24:0

MTU is 1514 bytes

ICMP error messages limited to one every 100 millisecondsICMP redirects are enabledICMP unreachables are sentND DAD is not supportedND reachable time is 30000 millisecondsHosts use stateless autoconfig for addresses.



o Enabled IPv6 globally and configured IPv6 addresses on S0/1 and Lo2 interfaces

o Shut down the first serial interface and enabled the second serial interface of your workgrouprouter

Task 3: Enable RIP for IPv6

In this task, you will enable RIP for IPv6 on your workgroup router.

1. On your workgroup router, globally enable IPv6 RIP. Use the process name cisco.

RouterA(config)#ipv6 router rip cisco

2. Enable the IPv6 RIP process on your second serial interface (S0/1) and loopback 2 interface.

RouterA(config)#int s0/1RouterA(config-if)#ipv6 rip cisco enableRouterA(config-if)#int l2RouterA(config-if)#ipv6 rip cisco enable


ipv6 router rip ciscoint s0/1ipv6 rip cisco enableint l2

ipv6 rip cisco enable

4. Display the IPv6 RIP information to confirm that you have enabled IPv6 RIP on your routers.

The output from your routers should resemble the following:

RouterA#sh ipv6 ripRIP process "cisco", port 521, multicast-group FF02::9, pid 214

Administrative distance is 120. Maximum paths is 16Updates every 30 seconds, expire after 180Holddown lasts 0 seconds, garbage collect after 120

Split horizon is on; poison reverse is offDefault routes are not generatedPeriodic updates 8, trigger updates 2


50/61


Interfaces:Loopback2Serial0/1

Redistribution:None

5. View the IPv6 routing table on your router. Your display should resemble the following:

RouterA#sh ipv6 routeIPv6 Routing Table - 7 entriesCodes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

U - Per-user Static route, M - MIPv6I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summaryO - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2D - EIGRP, EX - EIGRP external

C 2001:410:1:1::/64 [0/0]via ::, Loopback2

L 2001:410:1:1:CA02:2DFF:FE24:0/128 [0/0]via ::, Loopback2

R 2001:410:1:2::/64 [120/2]via FE80::CA04:30FF:FE10:0, Serial0/1

C 2001:410:1:10::/64 [0/0]via ::, Serial0/1

L 2001:410:1:10:CA02:2DFF:FE24:0/128 [0/0]via ::, Serial0/1

R 2001:410:2:10::/64 [120/2]via FE80::CA04:30FF:FE10:0, Serial0/1

L FF00::/8 [0/0]via ::, Null0

Note Your IPv6 routing table should display a route to the loopback 2 interface network ofyour partner.


You have completed this activity when you attain this result:

o You have learned the IPv6 network of the loopback 2 interface of your partner router.

Task 4: Configuring and Verifying a Dual-Stack RouterIn this task, you will enable IPv4 connectivity between networks currently configured for IPv6 on your

workgroup router.

Activity Procedure

1. On your workgroup router, configure the loopback 2 interface with the IPv4 address.

RouterA(config)#int loo2RouterA(config-if)#ip address 10.123.123.1 255.255.255.0


int loo2


51/61


ip address 10.132.132.1 255.255.255.0

3. Use the show ip route command to verify EIGRP has learned the network of the loopback 2interface of your partner.

RouterA#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route


172.16.0.0/24 is subnetted, 1 subnetsD 172.16.31.0 [90/41152000] via 10.23.23.2, 00:35:28, Serial0/1

10.0.0.0/8 is variably subnetted, 8 subnets, 2 masksD 10.132.132.0/24 [90/40640000] via 10.23.23.2, 00:00:42, Serial0/1

C 10.123.123.0/24 is directly connected, Loopback2C 10.23.23.0/24 is directly connected, Serial0/1D 10.3.3.0/24 [90/40514560] via 10.23.23.2, 00:35:28, Serial0/1C 10.2.2.0/24 is directly connected, FastEthernet0/0D 10.1.1.0/24 [90/41026560] via 10.23.23.2, 00:35:28, Serial0/1D 10.0.0.0/8 is a summary, 00:39:22, Null0D 10.140.2.0/24 [90/41024000] via 10.23.23.2, 00:35:28, Serial0/1

192.168.1.0/24 is variably subnetted, 3 subnets, 3 masksC 192.168.1.64/28 is directly connected, Loopback0O 192.168.1.81/32 [110/1563] via 10.23.23.2, 00:35:26, Serial0/1D 192.168.1.0/24 is a summary, 00:35:31, Null0

Note The EIGRP network statement you configured in a previous lab (network 10.0.0.0)

should advertise the IPv4 network assigned to the loopback 2 interface.

4. Ping all of the IPv4 addresses of your partner workgroup router, including the loopback 2interface.





5. Ping all of the IPv6 addresses of your partner workgroup router, including the loopback 2interface.


52/61


Note To make it easier to ping the IPv6 addresses for the remainder of this activity, obtain

the IPv6 addresses of all of the routers in your workgroup and copy them into a

Notepad document. You can use the show cdp neighbor detailcommand to display

the IPv6 address of the directly connected interface of your partner router. You can

also establish a Telnet session into the router of your partner and use the show ipv6

interface briefcommand to display the IPv6 addresses of the rest of the interfaces ofyour partner router.

When you have documented the IPv6 addresses, simply copy the address from the

Notepad file and paste it into the ping command when you wish to ping the IPv6

interface of one of your neighboring routers.

RouterA#sh cdp neigh detail-------------------------Device ID: RouterBEntry address(es):IP address: 10.23.23.2

IPv6 address: FE80::CA04:30FF:FE10:0 (link-local)IPv6 address: 2001:410:2:10:CA04:30FF:FE10:0 (global unicast)Platform: Cisco 3640, Capabilities: Router Switch IGMP. . .

RouterA#telnet 10.3.3.3Trying 10.3.3.3 ... Open

************************* Warning *****************************Access to this device is restricted to authorized persons only!Un-authorized access is prohibited. Violators will be prosecuted.*****************************************************************

User Access Verification

Password:RouterB>enPassword:RouterB#sh ipv6 int briefFastEthernet1/0 [up/up]Serial0/0 [up/up]FastEth

Lab Guide Icnd2v1.1 Sls Latam-final-corregido

Documents

Transcript of Lab Guide Icnd2v1.1 Sls Latam-final-corregido