Network Simulator Labs 1.

0 Switch Fundamentals:
1.1 Switch Simulator:2950 password assignment Switch 2950 Console Password Assignment

Description: Select 2950 switch using the N/W Diagram button in the router simulator.Assign password "consolepass" to line console 0. Instructions: 1. Enter global configuration mode. 2. Enter line sub-configuration mode. 3. Set the console password to "consolepass". 4. Exit line configuration mode. Commands: 2950>enable 2950#configure terminal 2950(config)#line console 0 2950(config-line)#password consolepass 2950(config-line)#exit 1.2 Switch Simulator:2950 vty password assignment Switch 2950 vty Password Assignment

Description: To assign vty password for a switch for vty lines 0 to 15, choose 2950 switch from the N/W diagram, and use the following commands. Note: The password "virtualpass" is assumed. You can use any other password. Instructions: 1. 2. 3. 4. 5. 6. Enter global configuration mode. Enter line sub-configuration mode for virtual terminals 0 to 15. Assign virtual terminal password "virtualpass" to lines 0-15. Enable the switch to use the password for telnet access. Exit line sub-configuration mode. Exit to privileged mode. 2950>enable 2950#configure terminal 2950(config)#line vty 0 15 2950(config-line)#password virtualpass 2950(config-line)#login 2950(config-line)#exit 2950(config)# PS: You can also use short form commands. 1.3 Switch Simulator:2950 setting privileged EXE password Switch 2950: Setting Privileged Password

Description: Here you assign enable password, and secret password on a 2950 switch. Again, select the switch by going to the network diagram, and selecting appropriate device from the drop down box. You can also use short form commands. Instructions: 1. Enter global configuration mode. 2. Set enable password to "epass"

3. Set enable secret password to "spass" 4. Exit global configuration mode. 2950>enable 2950#configure terminal 2950(config)#enable password epass 2950(config)#enable secret spass 2950(config)#end 1.4 Switch Simulator:2950 enable interface Enable FastEthernet Interface on a 2950 Switch Description: Here you enter interface configuration mode on a 2950 switch and make the interface protocol up. Choose 2950 switch by going to the network diagram, and selecting appropriate device. Instructions: 1. Enter global configuration mode. 2. Enter interface sub-configuration mode for Ethernet slot#0 and port#1. 3. Shutdown the interface. 4. Exit to privileged mode. 2950>enable 2950#configure terminal 2950(config)#interface fastethernet 0/1 2950(config-if)#no shutdown 2950(config-if)#end 1.5 Switch Simulator: Basic interface configuration Basic switch interface configuration

Description: You configure a few switch ports for duplex. Choose 2950 switch from the n/w diagram and exit. The following commands are used for configuring the switch ports. Instructions: 1. Set the inter-switch communication to full-duplex on Switch S1, port fa 0/26 2. Set the port speed to 100 mbps, and inter-switch communication to full-duplex on Switch S2 ports fa 0/1, fa 0/2, and fa 0/3. 3. Eixit to privileged mode. 4. Save the configuration to NVRAM. k 2950>enable 2950#configure terminal 2950(config)#interface fa 0/1 2950(config-if)#duplex full 2950(config-if)#exit 2950(config)#interface fa 0/3 2950(config-if)#duplex full 2950(config-if)#speed 100 2950(config-if)#end 2950#copy running-config startup-config 1.6 Switch Simulator: Initial switch configuration Initial switch configuration

Description: This exercise helps in examining the default configurations of a switch and make changes to the configuration accordingly as required and view the changes. Instructions: 1. Enter into privileged mode of a switch 2. Enter global configuration mode 3. Assign a name to the switch by setting its hostname 4. View the version of IOS running on the switch 5. View the running-configuration on the switch 6. View the interfaces on the switch initially 7. View the interfaces on the switch and their IPs by issuing show ip interface command

8. Enter into global configuration mode and assign an ip address to the switchs interface and make the interface up 9. Exit to privileged mode 10. View the IP Address configured by issuing show ip interface brief and show interfaces command Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 1.7 Network Simulator: Catalyst 2950 switch configuration Catalyst 2950 switch configuration

Description : This lab exercise helps to understand the catalyst 2950 switch configuration and the various commands pertaining to switches.

Instructions: 1. Enter into privileged mode of SW1 and enter ? which displays the commands available in privileged mode and type disable to go back to user mode 2. Enter into global configuration mode of SW1 and change its hostname to switch1 and issue show running-config command to view the active configuration 3. Enter copy run start command to save the active configuration into NVRAM and see the saved configuration in NVRAM with show startup-config command 4. Erase the saved configuration and reload 5. Enter into privileged mode and then into global configuration mode and reassign the host name, and enable password of cisco 6. Assign IP Address of 192.168.100.99 255.255.255.0 and a default-gateway of 192.168.100.1 (R1s Ethernet Address) to SW1 7. Connect to SW2 and configure it with hostname switch2 and enable a password of cisco, assign it an IP Address of 192.168.100.100/24 and a default-gateway of 192.168.100.1 (R1s Ethernet Address) 8. Issue show mac-address-table command to display which devices are attached to which switch ports 9. On SW2, permanently assign a device with MAC Address 2222.2222.2222 to port fa 0/4. Issue show mac-address-table command to verify that the device is in the table as a permanent entry 10. On SW2, configure port security for port fa 0/7. The switch will learn the MAC address of the device connected to port fa 0/7 and will allow only that device to connect to the port in future Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

2.0

IOS Fundamentals Lab

2.1 Router Simulator: Logging to the router Entering User EXEC Mode on a Router, and Exit

Description: A basic exercise, that shows how to enter privileged EXEC prompt, and exit from the same. Note that if a password is set already, you will be prompted to enter the password. Choose R1 from the network diagram, and exit. Instructions: 1. Enter into privileged mode 2. Get back to the user mode R1> R1>enable

R1#disable R1> 2.2 Router Simulator: Router banner MOTD Banner MOTD, Set Message Of The Day Banner

Title: Banner MOTD,set Message of the Day banner. Description: Note that the banner is set in a single command line here. You can also use multiline banner motd command. Choose R1 from the N/W diagram, and exit to terminal mode. Instructions: 1. Enter into privileged mode 2. Enter into global Configuration Mode 3. Set banner to: "Welcome to local host". Starting and ending character of the banner should be "Z". (Do not use quotes.) R1>enable R1#configure terminal R1(config)#banner motd Z Welcome to local host Z 2.3 Router Simulator: Setting host name Setting Host Name

Description: You set the router host name. Go to N/W diagram and choose device R1. Note that you can also use short form commands such as "conf term" in place of full command "configure terminal". Instructions: 1. Enter into privileged mode 2. Enter into global Configuration Mode 3. Set hostname as cisco. R1>enable R1#configure terminal R1(config)#hostname cisco 2.4 Router Simulator: Interface configuration Router Interface Configuration

Description: In this lab, you configure serial 0 and ethernet 0 interfaces on a router with specified ip address and subnet mask. Choose R1 in the network diagram and exit. Instructions: 1. Enter into privileged mode 2. Enter into global Configuration Mode 3. Set ip address of serial 0 as 196.20.32.15 and subnet mask as 255.255.255.5 4. Set ip address of ethernet 0 as 195.20.32.10 and subnet mask as 255.255.255.10 R1>enable R1#configure terminal R1(config)#interface serial 0 R1(config-if)#ip address 196.20.32.15 255.255.255.5 R1(config-if)#exit R1(config)#interface ethernet 0 R1(config-if)#ip address 195.20.32.10 255.255.255.10 2.5 Router Simulator: Setting bandwidth on interface Setting Bandwidth on an Interface

Description: You setup the bandwidth on a given interface (interface serial 0) to a specified value (64 kbps). You also set the clock rate to 64000. Note that bandwidth is represented in kbps, where as clock rate is entered in bps. Choose R1 from the N/W diagram and exit to simulator terminal.

Syntax: bandwidth (interface): The command bandwidth <kilobits> will set and communicate the bandwidth value for an interface to higher-level protocols. ex: bandwidth 64 will set the bandwidth to 64 kbps. Use no form of the command to set the bandwidth to default value. Instructions: 1. Enter to serial 0 mode 2. Set bandwidth of serial 0 as 64 kbps 3. Set clockrate as 64000 bps R1>enable R1#configure terminal R1(config)#interface serial 0 R1(config-if)#bandwidth 64 R1(config-if)#clock rate 64000 2.6 Router Simulator: Setting console password Setting console password

Description: Set the line console password for line 0. Use password routercon. (Select R1 from the N/W diagram). Instructions: 1. Enter into global Configuration mode 2. Enter into line console 0 mode 3. Set console password as routercon R1>enable R1#configure terminal R1(config)#line console 0 R1(config-line)#password routercon 2.7 Routing Simulator: Setting telnet password Setting telnet password

Description: Set the vty password for lines 0 to 4. (Choose R1 from the network diagram and exit to simulator terminal) Instructions: 1. Enter into global configuration mode 2. Configure a password cisco that will enable remote users to Telnet into vty ports 0-4. R1>enable R1#configure terminal R1(config)#line vty 0 4 R1(config-line)#password cisco 2.8 Router Simulator: Copy active configuration Copy Running Configuration to Startup Configuration

Description: You will practice viewing running configuration, copying running configuration to startup configuration etc. (Choose R1 from the N/W diagram) Instructions: 1. Enter into privileged mode 2. Show the active configuration in memory 3. View the configuration stored in NVRAM 4. Copy the active configuration to NVRAM 5. View the configuration stored in NVRAM 6. Issue the command to delete the configuration file in NVRAM 7. View then configuration stored in NVRAM R1>enable R1#show running-config

R1#show startup-config R1#copy running-config startup-config R1#show startup-config R1#erase startup-config R1#show startup-config 2.9 Router Simulator: Router CDP configuration Router CDP configuration

Description: Set the cdp timer, holdtime and view configuration details. (Choose R1 from the n/w diagram to proceed with the commands). Instructions: 1. Type the command to see the status of all interfaces that are running CDP 2. enable the serial 0 interface 3. enable Ethernet 0 interface 4. Set CDP timer to to 30 seconds 5. Set CDP holdtime to 90 Seconds 6. Type the command to see the status of all interfaces that are running CDP 7. Disable CDP in Global Configuration Mode R1>enable R1#show cdp interface R1#configure terminal R1(config)#interface serial 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#interface ethernet 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#cdp timer 30 R1(config)#cdp holdtime 90 R1(config)#exit R1#show cdp interface R1#configure terminal R1(config)#no cdp run 2.10 Router Simulator: Show CDP configuration

Description:Disable/enable cdp and view cdp configuration. (Choose R1 from the n/w diagram to proceed). Note that cdp is enabled by default on a router. If you want to disable cdp on a particular interface, use no cdp enable command. To re enable cdp on an interface, use cdp run command. If the cdp is disabled in global configuration mode, you can not enable it for any specific interface using interface configuration mode. The command show cdp provides cdp information. Instructions: 1. Enter interface configuration mode for serial 0, and disable CDP on interface serial 0. 2. Issue a command to verify that Serial 0 is no longer sending CDP updates 3. Type the Command to see Global CDP information R1>enable R1#configure terminal R1(config)#interface serial 0 R1(config-if)#no cdp enable R1(config-if)#exit R1(config)#exit R1#show cdp 2.11 Network Simulator: Show CDP neighbors

Description: We try some important cdp show commands. (Choose R1 from n/w diagram). The command cdp neighbors provides the output in the following format: Router#show cdp neighbors Capability Codes:

R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID 7206 Eth 0 157 R 7206VXR Fas 0/0/0 Instructions: 1. Enter into privileged mode 2. Enter into global Configuration Mode 3. Set IP Address of Serial 0 as 192.10.1.1 and Subnet Mask as 255.255.255.0 on R1 4. Set IP Address of Serial 0 as 192.10.1.2 and Subnet Mask as 255.255.255.0 on R2 5. Type the command to view information about directly connected neighbors R1>enable R1#configure terminal R1(config)#interface s 0 R1(config-if)#ip address 192.10.1.1 255.255.255.0 R1(config-if)#no shutdown R1(config-if)#end R2>enable R2#configure terminal R2(config)#interface s 0 R2(config-if)#ip address 192.10.1.2 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#end R2#show cdp neighbors 2.12 Router Simulator: Bringing up a Router Inerface

Description: By default, an interface will be in shut-down state. We need to issue no shutdown command to bring-up the interface. Notice that the show interfaces command shows that the line protocol is up indicating that the interface is now active (sending and receiving packets). Instructions: 1. View the information about interface serial 0 2. Bring serial 0 to no shutdown state 3. Now view the state of the interface serial 0 R1>enable R1#show interfaces serial 0 R1#configure terminal R1(config)#interface serial 0 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#exit R1#show interfaces serial 0 2.13 Router Simulator: Set keepalive timers

Description: Set keep-alive on an interface. Syntax: keepalive <timer-value> no keepalive timer-value The number of seconds this router waits before sending the next keepalive message to a peer. Valid values are integers from 0 to 32767. Description: Keepalive messages check the health of a link. The keepalive timer is the number of seconds a router waits between sending keepalive messages to a peer. If no response from the peer is received, the local router retransmits the keepalive message up to five times. If no response is received from the peer, the local router brings down the link and withdraws the route from the routing table. Instructions: 1. Enter into Interface serial 0 Config mode 2. Set keepalive Parameter of interface serial 0 to 15 seconds 3. Type the show Command to see that keepalive parameter of interface serial 0 is set with 15 R1>enable R1#configure terminal

R1(config)#interface serial 0 R1(config-if)#keepalive 15 R1#show interfaces serial 0 2.14 Routing Simulator: Setting auxiliary password to router

Description: In this exercise, setting Auxiliary password to a router is being showcased. Like the console, Auxiliary Port is a physical port on every router and it is used for administrative console dial up access to the router. Instructions: 1. Enter into global Configuration mode 2. Type line aux ? to configure the auxiliary password 3. Enter login command and set auxiliary password as admin R1>enable R1#configure terminal R1(config)#line aux ? R1(config)#line aux 0 R1(config-line)#login R1(config-line)#password admin 2.15 Router Simulator: Setting Hostname and Banner Set Hostname and MOTD Banner

Description: Here you change the hostname and set motd (Message Of The Day) banner. To specify or modify the host name for the network server, use the hostname global configuration command. syntax: hostname <name> Use banner motd to define and enable a message-of-the-day (MOTD) banner command in global configuration mode. To delete the MOTD banner, use the no form of this command. syntax: banner motd d message d no banner motd where d is the delimiting character of your choice. ex a pound sign (#). A delimiting character can not be used in the banner message. message Message text. Instructions: 1. Enter privileged EXEC mode using the password is cisco. 2. Enter global configuration mode. 3. Change the host name to "Cairo" 4. Set the banner to "welcome", note that quotes not to be included in the banner. 5. Exit the global configuration mode. R1>enable R1>Password:cisco R1#configure terminal R1(config)#hostname Cairo R1Cairo(config)#banner motd #welcome# R1Cairo(config)#exit 2.16 Router Simulator: Configuring Router Console and Line Passwords

Description: We configure console password and vty password. Use enable password ccna, enable secret password exam, console and vty password of exam again. Instructions: 1. Enter global configuration mode. 2. Set the enable password to "ccna" 3. Set the enable secret to "exam" 4. Set the console password to "exam" for line console 0 5. Set the telnet access password to "exam" for line vty 0-4 6. Exit the line configuration mode. R1>enable R1#configure terminal

R1(config)#enable password ccna R1(config)#enable secret exam R1(config)#line console 0 R1(config-line)#login R1(config-line)#password exam R1(config-line)#line vty 0 4 R1(config-line)#login R1(config-line)#password exam R1(config-line)#exit 2.17 Router Simulator: Configuring and Testing a Loopback Interface

Description: The purpose of this Lab is to configure a loop back interface and test it for connectivity. The loopback interface is a logical interface internal to a router. It is not connected to any other device. A loopback interface is UP as long as the router is up and running. It is useful in managing a router as there will always be at least one interface available on the router, irrespective other physical interfaces. The command used for assigning loopback interface is Router(config)#interface loopback <number> The number can be between 0 and 2147483647 A loopback interface is automatically put in "no shutdown" state when created. However, you need to assign an ip address to use a loopback interface. Network Diagram:

Instructions: 1. Configure s0 on R1 with ip address and subnet mask as shown in the diagram. 2. Configure s0 and loopback 1 on router R2 as shown in the diagram. 3. Ping loopback 1 and verify connectivity. Commands: R1: >enable #conf term (config)# int ser 0 (config-in)#ip address 192.168.1.1 255.255.255.0 (config-in)#no shutdown (Config-in)#end # R2: >enable (config)#int ser 0 (config-if)#ip address 192.158.1.2 255.255.255.0 (config-if)#no shutdown (config-if)#exit (config)#interface loopback 1 (config-if)#ip address 192.168.1.10 255.255.255.0 (config-if)#end

# R1: >enable #ping 192.168.1.10 <you should get successful ping response> 2.18 Network Simulator: Viewing Host Table Entries

Description: An exercise to get familiar to the host table. Host tables can be used to set names for commonly used IP addresses, which helps with troubleshooting. Instructions: 1. Connect to router1 and set hostname to cairo 2. Enter into global configuration mode of router1 3. Set IP address of Serial 0 as 196.20.32.15 and subnet mask as 255.255.255.0 and enable its interface 4. Configure to router2 and set hostname to sairo 5. Enter into global configuration mode of router2 6. Set IP address of Serial 0 as 196.20.32.10 and subnet mask as 255.255.255.0 and enable its interface 7. Exit interface mode 8. Set a host table entry for cairo using the IP address 195.20.32.15 which avoids you to type cairos Serial 0 IP address every time you ping it from sairo 9. Now ping cairo s Serial 0 IP address from sairo just by typing ping cairo 10. Now enter show hosts command to verify that the entry is stored in the routers host table Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 2.19 Network Simulator: Viewing ARP Entries

Description: This lab is to view the entries in the ARP table. Firstly the ARP table is checked before configuring the routers and then the ARP table is verified again after the routers are configured.

Instructions: 1. 2. 3. 4. 5. 6. Connect to Router 1, and enter the command show arp to view the ARP table Enter into global configuration mode of Router 1 Set IP address of Ethernet 0 as 192.168.100.1 and subnet mask as 255.255.255.0 View the ARP table again Connect to Router 2 and enter into global configuration mode Set IP address of Ethernet 0 as 192.168.100.2 and subnet mask as 255.255.255.0

7. A connection should now exist between the Router 1 and Router 2 Ethernet interfaces. To ensure that the connection is functional, ping the IP address of Router 1s Ethernet 0 IP address from Router 2 8. View the ARP table on Router2 9. Clear the ARP table 10. View the ARP table once again after clearing Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 2.20 Network Simulator: Telneting between Routers

Description: This lab is to learn establishing a telnet session between two routers.

Instructions: 1. Configure R1 and then set the hostname to Router1. Use the command line vty 0 4 to access telnet lines 2. Configure the router to require the use of login and password 3. Configure cisco as the password that will be used to establish a telnet session 4. Now, assign the IP address of 192.168.100.2 255.255.255.0 to Router1s Ethernet 0 interface, and enable the interface 5. Connect to R2 and set its host name to Router2 , then access its Ethernet 0 interface and assign its IP address to 192.168.100.1 255.255.255.0 and enable it 6. From Router2, telnet into Router1s Ethernet 0 interface 7. A password will be prompted, enter the password as cisco, now the host name changes from Router2 to Router1 which indicates a telnet session has been established 8. Type the show sessions command on Router2 to view all the active telnet sessions 9. Type the command resume and type the number of session to resume, now the host name changes to Router1 10. Now go back to Router2 and disconnect the session using disconnect command Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 2.21 Network Simulator: Configuring workstation as TFTP server

Description : In this lab exercise, we will be configuring WS1 as a TFTP Server. Then we shall back up router R1's configuration and restore it to the TFTP Server. Instructions: 1. Configure WS1 to have an IP Address of 192.168.200.2 255.255.255.0 and a default-gateway of 192.168.200.1. (The WS1 is automatically enabled to be a TFTP Server) 2. Ping WS1 from R1

3. On R1, copy your running configuration to the TFTP Server. Enter the IP Address of the TFTP Server (192.168.200.2) when prompted and also enter the filename when prompted 4. Now restore the configuration you saved on the TFTP Server to NVRAM on R1. Determine whether R1s NVRAM is currently empty by issuing show startup-config command 5. Restore the configuration from TFTP Server to NVRAM on R1 by issuing appropriate copy command (Enter WS1s IP Address and previously saved file name when prompted) 6. Issue show startup-config command to view the restored configuration file in NVRAM Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 2.22 Router Simulator: Implementing exec-timeout command Implementing exec-timeout command

Description: exec-timeout command is used to configure the number of minutes without terminal activity before the session is automatically ended. Use the command in Privileged command mode to set the timeout for this session only. Use the command in Line configuration command mode to set the timeout for this and future sessions. Syntax: exec-timeout min [sec] Instructions: 1. Enter into global Configuration mode 2. Enter into line console 0 mode 3. Set the time using exec-timeout command 4. Exit to privileged mode R1>enable R1#configure terminal R1(config)#line console 0 R1(config-line)#exec-timeout 15 0 R1(config-line)#end

3.0

Switch Configuration and VLAN

3.1 Switch Simulator: Basic IP configuration

Description: Configure hostname as 2950, and set the switch ip address to 172.16.1.10 subnet mask 255.255.255.0. Also, set the default-gateway to 172.16.1.2 Instructions: 1. Enter user Exec mode. 2. Enter privileged Exec mode. 3. Assign the hostname 1900. 4. Assign an ip address 172.16.1.10 255.255.255.0. 5. Assign default gateway route 172.16.1.2. 6. Exit switch configuration mode. k >enable #configure terminal (config)#hostname 2950 (config)#ip address 172.16.1.10 255.255.255.0 (config)#ip default-gateway 172.16.1.2 (config)#end 3.2 Switch Simulator: Configuring 2950 series switch Configuring 2950 Switch VLAN

Description: Configure vlan1 on 2950 switch, and set the ip address to 192.16.2.3 mask 255.255.255.0. Set ip default-gateway to 172.16.2.2. Copy running configuration to startup configuration.

Instructions: 1. Enter privileged Exec. Mode 2. Enter global configuration mode. 3. Assign host name 2950. 4. Assign IP address 172.16.2.3 mask 255.255.255.0 on VLAN1. 5. Set the default gateway to 172.16.2.2. 6. Save the configuration to NVRAM. 2950>enable 2950#configure terminal 2950(config)#hostname 2950 2950(config)#interface vlan1 2950(config-vlan)#ip address 172.16.2.3 255.255.255.0 2950(config-vlan)#exit 2950(config)#ip default-gateway 172.16.2.2 2950(config)#end 2950#copy running-config startup-config 3.3 Switch simulator: Troubleshooting 2950 switch

Description: Configure switch ip address, default gateway (172.16.2.2),and use ping command to verify the ip address. Ping default-gateway (192.16.2.2) from the work station.

Instructions: 1. Issue appropriate command to view switch ip address, default gateway, and management vlan. 2. Enter privileged exec. Mode. 3. Enter terminal configuration mode. 4. Correct the configuration and bring up the interface using appropriate commands. 5. Use "ping" command from WS22 and verify that the connection to the default router is OK. 6. Exit privileged Exec mode. 2950> 2950>enable 2950#configure terminal 2950(config)#interface vlan 1 2950(config-if)#ip address 172.16.2.3 255.255.255.0 2950(config-if)#exit 2950(config)#ip default-gateway 172.16.2.2 2950(config)#no shutdown 2950(config)#end WS22:ping 172.16.2.3 Note: The lab is supported only on network simulator software version.

3.4

Network Simulator: 2950 Trunking Configuration

Description : This exercise concentrates on establishing a trunk-line between the switches. The command used to configure trunking is switchport mode trunk.

Instructions: 1. 2. 3. 4. 5. Connect to SW1 and configure fast ethernet interface fa 0/11 on the switch Configure trunking on the switch by issuing command switchport mode trunk Connect to SW2 and configure fast ethernet interface fa 0/11 on the switch Configure trunk line on the switch by issuing switchport mode trunk command Configure WS1 with IP Address 192.168.100.1/24 and WS2 with IP Address 192.168.100.2/24

Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 3.5 Network Simulator: Creating and Deleting 2950 VLANs

Description : This lab exercise helps in learning the concept of creating VLAN's on a 2950 Switch, and deleting them.

Instructions: 1. Enter into privileged mode of SW1 and add vlans 20 and 50 by entering into vlan database mode 2. Enter into global configuration mode of SW1 and add ports 2,3 and 4 to vlan 20 and check the same using show vlan command 3. Configure WS1 with IP Address 192.168.100.1 255.255.255.0 and WS2 with IP Address 192.168.100.2 255.255.255.0 4. Enter into vlan database mode of SW1 and issue no vlan command to remove a specific vlan 5. Issue show vlan command to verify the changes and view the vlan information that has been set. Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

3.6

Network Simulator: Configuring VTP on 2950 switch

Description : This lab exercise demonstrates configuring VTP on a 2950 Switch.

Instructions: 1. Configure SW1 with fast ethernet 0/11 interface and enable trunk line by issuing switchport mode trunk command 2. Enter into vlan database mode of SW1 and configure vtp server on SW1 and set vtp domain to certexams 3. Configure SW2 with fast ethernet 0/11 interface and enable trunk line by issuing switchport mode trunk command 4. Enter into vlan database mode of SW2 and configure vtp server on SW2 and set vtp domain to certexams, and then create VLAN 30 and VLAN 100 on SW2 5. Confirm that the VLANs set on SW2 are seen on SW1 Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 3.7 Network Simulator: Configuring VTP with a VTP client

Description : This lab exercise demonstrates configuring VTP with a VTP client.

Instructions: 1. Configure SW1 with fast ethernet 0/11 interface and enable trunk line by issuing switchport mode trunk command 2. Enter into vlan database mode of SW1 and configure SW1 as VTP Server and set vtp domain to certexams, create VLAN 10 and VLAN 40 on SW1 and view the VTP information by issuing show vtp status command 3. Configure SW2 with fast ethernet 0/11 interface and enable trunk line by issuing switchport mode trunk command 4. Enter into vlan database mode of SW2 and configure SW2 as VTP Client and set vtp domain to certexams, and make sure that VLANs cannot be created on SW2 as SW2 is in the client mode, and view the VTP information by issuing show vtp status command 5. Confirm that the VLANs created on SW1 are seen on SW2 by issuing show vlan command Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

3.8

Network Simulator: Troubleshooting lab with non-matching domanins

Description : This lab exercise demonstrates vtp domain concept in VLANs. i.e with nonmatching domains set up on the two switches and see that vlan info is not propagated between the switches, correct the configuration and verify the same.

Instructions: 1. Enter into database mode on SW1, set the mode to server and domain to cisco and create VLANs 10, 20 and 50 2. Issue show vlan command on SW1 and check the VLAN information 3. Configure SW2 as client and set its domain to ciscosys 4. Configure port fa 0/11 on SW1 and SW2 as trunk ports 5. Issue show vlan on SW2 and in the response VLAN information on SW1 will not be displayed even after trunk is configured between the two switches because the switches are configured with different domains, so VLAN information is not propagated from SW1 to SW2 6. Correct the configuration on SW2 by setting its domain name same as on SW1 i.e, cisco 7. Issue show vlan command on SW2 and see that the VLANs created on SW1 are seen 8. Also view VTP information by issuing show vtp status command on SW2 Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 3.9 Network Simulator: Troubleshooting lab with trunk functionality

Description : This lab exercise demonstrates trunk concept in VLANs. i.e with trunk set up on only one of the the two switches and see that ping fails from R1 to WS1, correct the configuration by setting up trunk on both the switches and verifying the same.

Instructions: 1. Configure Work station WS1 with IP Address 192.168.100.2/24 and a default-gateway of 192.168.100.1 2. Configure Router R1 Ethernet interface with IP Address 192.168.100.1/24 3. Check ping from WS1 to R1 and see that it is successful 4. Configure SW1 with vtp domain cisco, password ccna and create VLANs 50, 60 and 70 on it 5. Issue show vlan and show vtp status commands and verify the configurations 6. Configure SW2 with vtp domain cisco, password ccna and create VLAN 50 on it and verify the same using show vlan and show vtp status commands 7. On SW1, configure port fa 0/1 to VLAN 50 and check the same using show vlan command 8. On SW2 also, configure port fa 0/1 to VLAN 50 and check the same using show vlan command 9. Now ping from WS1 to R1 and see that it fails as there is no trunk line enabled to carry traffic on any VLAN 10. Configure trunk on fa 0/12 port of SW1 and now ping form WS1 to R1 and see that it fails because trunk is to be configured on both the switches to carry traffic 11. Now configure trunk on SW2 also on fa 0/12 port and issue appropriate show commands to check the same 12. Ping from WS1 to R1 and see that ping is now successful Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

3.10

Network Simulator: Configuring devices to support VLANs

Description : This lab exercise helps to get familiar with the benefits of a VLAN and also in understanding the process to configure a router and a switch to support VLANs.

Instructions: 1. Connect to R1 and configure the IP address of 192.168.200.1 255.255.255.0 on the fastethernet interface and set the interface up by issuing no shutdown command 2. Connect to workstation WS1 and set its IP address to 192.168.200.3 255.255.255.0 and default-gateway to 192.168.200.1, and then connect to WS2 and set its IP address to 192.168.200.4 255.255.255.0 and default-gateway to 192.168.200.1 3. Ping R1 and WS1 from WS2 and see that the ping is successful 4. Connect to Switch SW1 and set up the VLANs. Start by creating VLAN 20 to set up a separate VLAN for the WRS (workstations) 5. Now assign ports to the new VLAN , assign port 1 for WS1 to VLAN 20 6. Connect to WS2 again and try to ping R1 and WS1 ( Ping is success from WS2 to R1 but not from WS2 to WS1, this is because on the switch, VLAN 20 is set to cover only port 1) 7. Connect to SW1 again and now configure port 2 wherein WS2 is connected, to be included in VLAN 20 8. Repeat the pings from WS2 to R1 and WS1.This time ping to WS1 would be successful but not to R1 (This is because when the ping packets came in, they were tagged with VLAN 20. Consequently, the packets could only travel out port 1 to WS1) 9. Connect to SW1 again and issue appropriate show commands to view the VLAN port assignments 10. Now on SW1, assign fastethernet 0/12 to VLAN 20 . This would allow to ping all of the devices 11. Issue pings from R1 to WS1 and WS2 and from WS1 and WS2 to R1 and check the connectivity Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 3.11 Network Simulator: connection VTP Configuration to establish client/server

Description : This lab exercise helps to understand the configuration process of VLAN Trunking Protocol (VTP) to establish a server and client connection , assigning VLANs to multiple ports, creating a trunk line between switches to carry VLANs.

Instructions: 1. Assign IP address 192.168.100.1 255.255.255.0 to SW1 on its interface and IP address of 192.168.100.2 255.255.255.0 to SW2 on its vlan interface 2. Add vlan 30 and 40 to SW1 and assign ports 2 through 5 to vlan 30 and assign ports 6 through 10 to vlan 40 3. To verify the configuration, issue show vlan command on SW1 4. Configure SW1 as a VTP Server and SW2 as a VTP Client and change the VTP domain to certexams and assign a VTP password of ccna 5. To create the trunk link that will transport the VLAN configurations from SW1 to SW2, enable trunking on the port that links between the two switches 6. After this configuration, you should be able to view the VLANs from SW1 on SW2. Use show vlan command to verify the VLAN configurations, and show vtp status command to display VTP specific information Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 3.12 Network Simulator: VLANs and trunking between switches

Description : This lab demonstrates setting up VLANs on two switches namely SW1 and SW2 and test them by pinging between Router R1 and Workstation WS1 as shown in the figure below.

Instructions: 1. Configure workstation WS1 with an IP Address of 192.168.100.2/24 and a default-gateway of 192.168.100.1 2. Configure R1 with an IP Address of 192.168.100.1/24 on Ethernet 0 interface and enable the interface 3. Verify ping between R1 and WS1. Because R1, WS1 and switch-to-switch link are all in VLAN 1, the ping should be successful 4. Issue show vlan command on SW1 and SW2 and note that by default all switch ports are in VLAN 1 5. Enter into database mode on SW1 and SW2 and set up a vtp domain by name certexams and verify the same by issuing show vtp status command 6. Create VLAN 30 and name it switchvlan on SW1 and SW2, verify the same by issuing show vlan command 7. Next assign fa 0/1 port to the new VLAN created on SW1 and SW2. R1 and WS1 are attached to these ports. Issue show vlan command on SW1 and SW2 to verify if the ports have been moved to VLAN 30 8. Ping from WS1 to R1 and see that it fails because now both R1 and WS1 are in VLAN 30 and there is no trunk line enabled to carry the traffic for any VLAN 9. Configure trunk line between SW1 and SW2 and issue show interface fa 0/12 switchport command to verify that trunking is enabled on the port 10. Now ping from WS1 to R1 and check that ping is successful because both devices are in the same vlan and the inter-switch link is a trunk line Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

3.13

Network Simulator: Routing between VLANs

Description : This exercise demonstrates the concept of Router on a stick.

Instructions: 1. Configure R1 with sub-interface fastethernet 0/0.10 with IP Address 192.168.100.2 255.255.255.0 and set the encapsulation to dot1q 2 and sub-interface fastethernet 0/0.20 with IP Address 192.168.200.2 255.255.255.0 and set its encapsulation to dot1q 3 2. Check the routing table on R1 by issuing show ip route command 3. Connect to switch SW1 and create VLANs 2 and 3 4. Add the SW1 port fa 0/1 to VLAN 2 using switchport access vlan <num> command 5. Add the SW1 port fa 0/2 to VLAN 3 using switchport access vlan <num> command 6. Configure the workstation WS1 with IP Address 192.168.100.1 255.255.255.0 and a defaultgateway of 192.168.100.2 7. Configure the workstation WS2 with IP Address 192.168.200.1 255.255.255.0 and a defaultgateway of 192.168.200.2 8. Ping R1 from WS1 and WS2 and Ping WS2 from WS1 and see that it fails 9. Configure the trunk link between R1 and SW1 by issuing switchport mode trunk command on SW1. Also specify switchport trunk encapsulation dot1q on SW1 in interface configuration mode 10. Check the trunk information using show interfaces trunk command 11. Ping R1 from WS1 and WS2 and Ping WS2 from WS1 and see that it is successful as there is a trunk line now created on SW1 Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

4.0

Acces List
4.1 Network simulator: Creating access-list

Description: Create an access-list and configure the same according to a given set of rules. Instructions: 1. Enter into Global Configuration Mode 2. Create an IP access-list to permit traffic from address 192.168.10.5, and deny all other traffic. Use 1 as IP access-list number. 3. Create an access-list 2 that blocks only the single IP address 196.145.25.5. 4. Type the command used for permitting packets from any IP Address. use Access-list number as 2 R1>enable R1#configure terminal

R1(config)#access-list 1 permit 192.168.10.5 R1(config)#access-list 2 deny 196.145.25.5 R1(config)#access-list 2 permit any 4.2 Network simulator: Applying access-list to an interface

Description: To apply access-list 1 to interface ethernet 0 on router R1. Apply the access-list on both incoming and outgoing interfaces. Instructions: 1. Enter into Interface Configuration Mode. Use the interface Ethernet 0. 2. Use no shut down Command on Ethernet 0 Interface 3. Assuming that access-list 1 is already created, apply it to the interface Ethernet 0 as an inbound access-list. 4. Apply an access-list 1 to interface Ethernet 0 as an outbound access-list R1>enable R1#configure terminal R1(config)#interface ethernet 0 R1(config-if)#no shutdown R1(config-if)#ip access-group 1 in R1(config-if)#ip access-group 1 out
4.3 Network Simulator: View access-list entries

Description: Configure standard access-list #1 to permit ip 192.168.10.5 and view access-list entries by using appropriate show command. Instructions: 1. enter into Global Configuration Mode 2. Create an Access-list that permit traffic from address 192.168.10.5. Use access-list number 1. Exit from the global configuration mode. 3. Use the Show Command to see the Access-list R1>enable R1#configure terminal R1(config)#access-list 1 permit 192.168.10.5 R1(config)#exit R1#show access-list 4.4 Network Simulator: Standard access-lists: Scenario lab 1

Description: Configure standard access-list according to a given set of conditions. Instructions: 1. Hosts on Router R3 should not be able to access hosts on R2. 2. Only WS11 on R1 can access hosts on R2. 3. All other communication is allowed. Use standard access lists with ACL #1. 4. Apply the access-list#1 on serial interfaces s0 and s1. R2>enable R2#configure terminal R2(config)#access-list 10 deny 10.3.1.0 0.0.0.255 R2(config)#access-list 10 permit host 10.1.1.2 R2(config)#access-list 10 deny 10.1.1.0 0.0.0.255 R2(config)#access-list 10 permit any R2(config)#interface serial 0 R2(config-if)#ip access-group 1 in R2(config-if)#exit R2(config)#interface serial 1 R2(config-if)#ip access-group 1 in R2(config-if)#exit 4.5 Network Simulator: Standard access-lists: Scenario lab 2

Description: Configure a standard access-list according to a given set of conditions. Instructions: 1. Hosts on R1 should not be able to communicate with hosts on R3 e0. 2. Host W32 on R3 can communicate only with other hosts on R3 e0. 3. Hosts on R1 should be able to communicate with hosts on R2 e0.

R3>enable R3#configure terminal R3(config)#access-list 30 deny 10.1.1.0 0.0.0.255 R3(config)#access-list 30 deny host 10.3.1.3 R3(config)#access-list 30 deny any R2>enable R2#configure terminal

R2(config)#access-list 20 permit 10.1.1.0 0.0.0.255 R2(config)#access-list 20 deny any 4.6 Network Simulator: Router access-list configuration Description: Configure according to a given set of instructions. Instructions: 1. Enter global configuration mode. 2. Define access list with the following conditions: a. IP 192.12.10.3 should be able to access hosts connected to R3. b. All hosts on the subnet as Bret should not be able to access hosts connected to R3. c. Permit all other communications. 3. Enter interface configuration mode for serial 0. 4. Apply the access list to interface 0. 5. Exit interface configuration mode. 6. Exit global configuration mode.

R3>enable R3#configure terminal R3(config)#access-list 56 permit 192.12.10.3 R3(config)#access-list 56 deny 192.12.10.0 0.0.0.255 R3(config)#access-list 56 permit any R3(config)#interface serial 0 R3(config-if)#ip access-group 56 in R3(config-if)#exit R3(config)#exit 4.7 Network Simulator: Configuring and Verifying Standard Access List Description : This lab exercise demonstrates the concept of Standard Access List by configuring and verifying the same.

Instructions: 1. Connect to R1 and set the IP Address on Ethernet 0 interface to 192.168.1.1/24 and the Serial 0 interface to 192.168.2.1/24 and enable the interfaces. Enable Routing Protocol RIP on R1 and add the network to Ethernet 0 and Serial 0 interfaces 2. Connect to R2 and set the IP Address on Ethernet 0 interface to 192.168.1.2/24, enable the interface and enable RIP on R2, add the network to Ethernet 0 interface 3. Connect to R3 and set the IP Address on Serial 0 interface to 192.168.2.2/24 and Serial 1 interface to 192.168.3.1/24 and enable the interfaces. Enable RIP protocol on R3 and add the network to Serial 0 and Serial 1 interfaces 4. Connect to R4 and set the IP Address on Serial 0 interface to 192.168.3.2/24, enable the interface and enable RIP on R3, add the network to Serial 0 interface 5. Ping R2 from both R3 and R4 and see that it is successful 6. Configure a Standard Access-List on R1 that permits traffic from subnet 192.168.2.0 but blocks traffic from all other devices. 7. Next, apply this access-list to R1s Serial 0 interface for inbound traffic 8. Verify the access list that is applied on R1 by issuing ping statements i.e, ping R2 from R3 and R4 and check that ping from R3 in subnet 192.168.2.0 is successful whereas ping from R4 in subnet 192.168.3.0 is not successful 9. Now connect to R1 and issue show access-list command which displays the access-lists that are applied on R1 10. Now , try out different cases of applying standard access list and test the same as given below. But before that remove the previously configured Access Lists on R1 by issuing "no ip access group 1 in" command on R1 serial 0 interface and "no access-list 1" command on R1 in global configuration mode Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 4.8 Network Simulator: Configuring and Verifying Extended Access List Description : This lab exercise demonstrates the concept of Extended Access List by configuring and verifying the same.

Instructions: 1. Connect to R1 and set the IP Address on Ethernet 0 interface to 192.168.1.1/24 and the Serial 0 interface to 192.168.2.1/24 and enable the interfaces. Enable Routing Protocol RIP on R1 and add the network to Ethernet 0 and Serial 0 interfaces 2. Connect to R2 and set the IP Address on Ethernet 0 interface to 192.168.1.2/24, enable the interface and enable RIP on R2, add the network to Ethernet 0 interface 3. Connect to R3 and set the IP Address on Serial 0 interface to 192.168.2.2/24 and Serial 1 interface to 192.168.3.1/24 and enable the interfaces. Enable RIP protocol on R3 and add the network to Serial 0 and Serial 1 interfaces 4. Connect to R4 and set the IP Address on Serial 0 interface to 192.168.3.2/24, enable the interface and enable RIP on R3, add the network to Serial 0 interface 5. Ping R2 from both R3 and R4 and see that it is successful 6. Configure Extended Access-List 101 on R1 that allows telnet traffic from R3 (192.168.2.2) and allow icmp traffic from R4 (192.168.3.2) and block all other traffic 7. Apply this access-list to R1s Serial 0 interface on inbound traffic and check the same using show ip interface command 8. Verify the Extended Access List applied on R1 by pinging and telneting R2 from R3 and R4 (R3 (192.168.2.2)) should not be able to ping R2 but should be able to telnet to R2 and R4 (192.168.3.2) should be able to ping R2 but not telnet to it)) Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 4.9 Network Simulator: Configuring and Implementing Extended Access List Description : This lab exercise demonstrates configuring and implementing Extended AccessLists.

IP Address Assignment Table

Device Interface IP Address R1 R2 R3 E0 S0 E0 S0

Mask

192.168.200.1 255.255.255.240 192.168.200.17 255.255.255.240 192.168.200.2 255.255.255.240 192.168.200.18 255.255.255.240

Instructions: 1. Connect to R1 and set the IP Address of Ethernet and Serial interfaces as given in the table and enable the interfaces 2. To facilitate communication between R2 and R3, enable RIP Routing Protocol on R1 and add the network for Ethernet 0 and serial 0 interfaces 3. Connect to R2 and set the IP Address of Ethernet interface as given in the table and enable the interface 4. On R2, enable RIP and add the network for Ethernet 0 5. From R2, ping R1s Ethernet 0 interface to ensure that the connection exists 6. Connect to R3 and set the IP Address of Serial interface as given in the table and enable the interface and ping R1s Serial 0 interface 7. Also verify that you can ping R2s Ethernet interface from R3 8. Enter into global configuration mode of R1 9. Now create Extended Access List that accomplishes two things. i. Allow only telnet traffic from the subnet off of R1s Serial 0 interface to come into R1. ii. Next, allow any traffic from R1s Ethernet 0 subnet to travel anywhere 10. Create access list 101 to allow only telnet traffic from the 192.168.200.16 subnet. Use the keyword log to display output to the router every time this line on the access list is invoked. 11. Create access list 102 to permit all traffic from 192.168.200.0 subnet and use the keyword log. 12. To apply these access lists on the interfaces, enter into interface configuration mode for Serial 0 interface of R1 and apply access list 101 inbound and 101 outbound and access list 102 inbound for Ethernet 0 interface Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 4.10 Network Simulator: Verifying Extended Access List Description : This lab exercise verifies Extended Access lists that are set up in the previous lab to ensure that they have been set up and configured correctly.

Instructions: 1. Connect to R3 and try to ping R1s Serial 0 interface, the result is ping should be unsuccessful if the access lists are configured correctly 2. Next, verify that telnet traffic from that subnet is allowed to reach R1, connect to R1 and enable telnet access, and set password to cisco 3. Connect to R3 again and try to telnet into R1s Serial 0 interface

4. The hostname in the router prompt should change to R1 if telnet access is permitted, now press CTRL+SHIFT+6 key combination followed by X key to return to R3.Then type disconnect 1 to close the connection to R1 5. Connect to R2 and try to ping R3s Serial 0 interface and see that the ping is not successful Explanation : The packet starts at R2, travels through R1, and reaches R3. Once it arrives at R3, it is repackaged and sent back to R1. When R3 repackages the packet, the packets source IP address becomes the destination IP address, and the destination IP address becomes the source IP address. When the packet encounters the access list on R1s serial 0 interface, it is blocked because the packets source IP address is R3s serial 0 address. 6. Try to ping R1s Ethernet 0 interface from R2 7. Now try to telnet into R1s Ethernet 0 interface from R2. The hostname in the router prompt should change to R1 if telnet access is permitted. Press CTRL+SHIFT+6 followed by X to return to R2, then type disconnect 2 command to close the connection to R1 8. Issue show access-lists command which displays the access lists that have been created on a router and also specifies how many packets have been permitted or denied Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 4.11 Network Simulator: Named Access List Description : This lab exercise demonstrates creating Named Access Lists

IP Address Assignment Table Device Interface IP Address/Mask R1 R2 S0 E0 S0 192.168.100.1/24 192.168.100.17/24 192.168.100.2/24 Default-Gateway

Device IP Address/Mask WS1

192.168.100.18/24 192.168.100.17

Instructions: 1. Configure the routers R1, R2 and workstation WS1 as per the table given above. 2. Configure RIP on the routers with proper network statements 3. Issue show ip route command to make sure that the routes have been received on each router 4. Verify ping to R1 from WS1 5. Create an access list that prevents ping traffic originating from WS1 and destined for R1 from reaching R1 6. Extended access list is created and the statement deny icmp host 192.168.100.18 192.168.100.1 0.0.0.0 log denies any ICMP traffic with a source IP Address of 192.168.100.18 that is destined for 192.168.100.1, the wild card mask of 0.0.0.0, i.e the IP Address must match exactly 7. Next, apply the access list to inbound traffic on the Serial 0 interface of R1 8. Try pinging R1 from WS1 and R1 from R2

9. Connect to R1 again, two separate log messages must be seen here. The first one is denying the ping from WS1 and second which is allowing the ping from R2 Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands.

5.0

Routing Fundamentals Labs

5.1 Router Simulator: Configuring RIP routing protocol

Description : Enable RIP routing on router R1 for network 1.0.0.0. Instructions : 1. Enter into Global Configuration Mode 2. Enable RIP routing on the router. 3. Associate network 1.0.0.0 in the RIP routing process. R1>enable R1#configure terminal R1(config)#router rip R1(config-router)#network 1.0.0.0