Beruflich Dokumente
Kultur Dokumente
Sequential Labs
Sequential Labs
The CCNA® labs contained in this lab guide are based on the Boson NetSim. This Windows®-based product
simulates a wide variety of Cisco routers as well as the Cisco Catalyst 1900, 2950, and 5000 switches. The
NetSim supports multiple routing protocols, including RIP, IGRP, EIGRP, and single-area OSPF. It supports differ-
ent LAN/WAN protocols, including PPP/CHAP, ISDN, and Frame Relay. The exercises in this lab guide require only
the NetSim – they do not require access to any external router or switch hardware. It should be noted that the
NetSim supports many, but not all, of the IOS commands available on a real router or switch. All the commands
referenced in this lab guide are supported through the Simulator.
Lab Topology
The Lab Topology is shown in the diagram on the next page. (It can also be viewed by selecting the NetMap but-
ton at the top of the NetSim screen.)
You will have access to the following devices:
1. Four Cisco 2500 routers
Each router has one Ethernet interface and two serial interfaces.
One of the Cisco 2500 routers, Router 1, has an ISDN BRI interface.
2. /NE#ISCOROUTERIDENTIlEDAS2OUTER
This router has one Ethernet interface.
This router has both an ISDN BRI and a PRI interface.
3. Two Catalyst 1912 switches
Each of these switches has twelve 10baseT and two Fast Ethernet ports.
4. Two Catalyst 2950 switches
Each of these switches has twelve 10/100 Ethernet ports.
5. Two PCs
4HE,!.7!.INTERFACESANDNETWORKADDRESSESAREINDICATEDINTHEDIAGRAM3PECIlCINTERFACE)0ADDRESSESARE
included in a later table.
Lab Topology
IP Addresses (FIGURE 1)
Device Interface IP Address Subnet Mask
Router 1 e0 160.10.1.1 255.255.255.0
s0 175.10.1.1 255.255.255.0
s1 215.10.1.1 255.255.255.0
bri0 200.10.1.1 255.255.255.0
Router 2 fa0/0 160.10.1.2 255.255.255.0
bri0 200.10.1.2 255.255.255.0
s0/0 (ISDN PRI) 201.10.1.2 255.255.255.0
Router 3 s0 175.10.1.2 255.255.255.0
s1 180.10.1.1 255.255.255.0
e0 197.10.1.1 255.255.255.0
Router 4 e0 195.10.1.1 255.255.255.0
s0 180.10.1.2 255.255.255.0
Router 5 s0 215.10.1.2 255.255.255.0
Switch 1 - 195.10.1.99 255.255.255.0
Switch 2 - 195.10.1.100 255.255.255.0
Switch 3 - 197.10.1.99 255.255.255.0
Switch 4 - 197.10.1.100 255.255.255.0
PC 1 - 195.10.1.2 255.255.255.0
PC 2 - 197.10.1.2 255.255.255.0
Lab Scenarios
There are 20 labs contained in this lab guide. In order for the labs to function properly, you should complete
them in sequential order. You will be asked questions at various points during the labs. Answers to these ques-
tions are provided in Appendix B at the end of this lab guide.
3AVING2ESTORING#ONlGURATION&ILES
9OUCANSAVEYOURWORKANDEXITATANYPOINT4HEREARETWOSEPARATEOPTIONSFORSAVINGYOURCONlGURATIONS
4OSAVETHECONlGURATIONOFASINGLEDEVICEMAKESUREYOUSELECTTHEAPPROPRIATEROUTERSWITCHOR0#FROMTHE
eRouters, eSwitches, or eStations menus at the top of the Simulator screen. The next step is to select the Save
3INGLE$EVICE#ONlG option from the FileMENUATTHETOPOFTHESCREEN9OUWILLTHENBEPROMPTEDFORAlLE
NAME7HENYOUUSETHISOPTIONEACHINDIVIDUALDEVICECONlGURATIONMUSTBESAVEDSEPARATELY
!LTERNATIVELYYOUCANSAVETHEENTIRENETWORKCONlGURATIONATONETIME4HISWILLSAVETHECONlGURATIONSFORALL
devices. To accomplish this, select the 3AVE-ULTI$EVICES#ONlGS option from the File menu at the top of the
SCREEN9OUWILLTHENBEPROMPTEDFORAlLENAME
7HENYOUDECIDEYOUWOULDLIKETOLOADYOURSAVEDCONlGURATIONSBACKINTOTHE3IMULATORSELECTEITHERTHELoad
3INGLE$EVICE#ONlGOVERWRITE or ,OAD-ULTI$EVICES#ONlGS option from the File menu. Note: This process
can take a few minutes to complete. Be patient!
,AB"ASIC2OUTER#ONlGURATION
Objective)NTHISLABYOUWILLPRACTICEBASICCONlGURATIONANDshow commands on a Cisco router.
1. Select Router 1 from the eRouters drop-down menu in the toolbar. Press ENTER to get to the user
prompt.
Router>
2. The greater-than symbol (>) in the prompt indicates that the router is in user mode. Type ? to see a list
of commands that can be entered in user mode.
Router> ?
3. Type enable to access privileged mode. The pound sign (#) in the prompt indicates that you are now in
privileged mode.
Router> enable
Router#
4. Type ? to see a list of commands that can be entered in privileged mode. Notice that more commands are
available in privileged mode than are available in user mode. For instance, the configure and reload
commands can only be issued in privileged mode.
Router# ?
5. Exit privileged mode by typing disable.
Router# disable
Router>
6. Re-enter privileged mode, and type configure terminalTOACCESSGLOBALCONlGURATIONMODE
Router> enable
Router# configure terminal
Router(config)#
7. #ONlGUREAHOSTNAMEOFrouter1. Notice how the prompt changes.
Router(config)# hostname router1
router1(config)#
8. )NGLOBALCONlGURATIONMODEONROUTERTYPEenable ?. This will show valid parameters that can be
entered with the enableCOMMAND#ONlGUREANENABLEPASSWORDOFccnalab that will not be encrypted
WHENTHEROUTERCONlGURATIONlLEISDISPLAYEDANDCONlGUREANENABLEPASSWORDOFcisco that will be
encrypted.
router1(config)# enable ?
router1(config)# enable password ccnalab
router1(config)# enable secret cisco
A1UESTION7HENBOTHENCRYPTEDANDUNENCRYPTEDENABLEPASSWORDSARECONlGUREDWHICHONEIS
used?
9. #ONlGUREAN)0ADDRESSFORTHE%THERNETINTERFACEONROUTER2EFERTO&)'52%FORALL)0ADDRESSES
and subnet masks.) The interface is currently in shutdown mode; activate the interface. You should see a
message informing you that the Ethernet 0 interface state has changed to up. Practice using the TAB key
by typing int and then pressing the TAB key. (Do not type any spaces.) You should see the word interface
spelled out.
router1(config)# int TAB
router1(config)# interface ethernet0
router1(config-if)# ip address 160.10.1.1 255.255.255.0
router1(config-if)# no shutdown
10. #ONlGUREAN)0ADDRESSFORROUTERSSERIALINTERFACEANDACTIVATETHEINTERFACE2EFERTO&)'52%FOR
IP addresses and subnet masks.) Practice using abbreviated commands for both interface serial0 and
no shutdown.
router1(config-if)# int s0
router1(config-if)# ip address 175.10.1.1 255.255.255.0
router1(config-if)# no shut
11. %XITCONlGURATIONMODEBYPRESSINGTHE#42,:KEYCOMBINATION4HISWILLMOVEBACKTWOMODESTOTHE
privileged mode prompt. You could also accomplish the same result by typing exit twice. The exit com-
mand moves back one mode at a time.
router1(config-if)# CTRL+Z
router1#
12. Type logout to exit the command-line interface.
router1# logout
13. Press the ENTER key to get back to the user mode prompt, and then type enable to enter privileged
MODE9OUWILLBEPROMPTEDFORTHEENABLESECRETPASSWORDWHICHYOUPREVIOUSLYCONlGUREDAScisco.
router1> enable
Password: cisco
router1#
14. Display a summary of all interfaces.
router1# show ip interface brief
15. Display detailed information on each interface.
router1# show interfaces
16. $ISPLAYTHEACTIVECONlGURATIONIN$2!-
router1# show running-config
17. $ISPLAYTHESAVEDCONlGURATIONIN.62!-
router1# show startup-config
17a. Question: Does anything exist in NVRAM? Explain why or why not.
21. Issue the show protocols command to show which Layer 3 protocols are currently running on the
router.
router1# show protocols
22. Select Router 2 from the eRouters drop-down menu in the toolbar. Press ENTER to get into user mode.
&ROMTHEREGOINTOPRIVILEGEDMODETHENGLOBALCONlGURATIONMODE
Router> enable
Router# configure terminal
Router(config)#
23. #ONlGUREAHOSTNAMEOFrouter2ANDCONlGUREANENABLESECRETPASSWORDOFcisco for router2.
router(config)# hostname router2
router2(config)# enable secret cisco
24. #ONlGUREAN)0ADDRESSFOR&AST%THERNETONROUTERANDACTIVATETHEINTERFACE3EE&)'52%FOR)0
ADDRESSESANDSUBNETMASKS 4HISROUTERISA#ISCOMODULARROUTERANDMUSTBECONlGUREDUSING
slot/port notation.
router2(config)# interface fa0/0
router2(config-if)# ip address 160.10.1.2 255.255.255.0
router2(config-if)# no shut
25. $ISPLAYTHESUMMARYSTATUSOFALLINTERFACES2EMEMBERTOEXITGLOBALCONlGURATIONMODEBEFOREISSUING
any show commands.
router2(config-if)# CTRL+Z
router2# show ip interface brief
25a. Question: What status should interface fa0/0 show if it is fully activated?
25b. Question: What status would fa0/0 show if it were in shutdown mode?
26a. Question: Were you successful? If not, what commands should you use for troubleshooting?
,AB!DVANCED2OUTER#ONlGURATION
Objective)NTHISLABYOUWILLPRACTICEUSINGSOMEADVANCEDCONlGURATIONANDshow commands on the Cisco
router. Remember the commands to switch between router modes (i.e., exit, end, disable).
1. /NROUTERCONlGUREACONSOLEPASSWORDOFboson. The console user must type this password before
gaining access to the user mode prompt.
router1(config)# line console 0
router1(config-line)# login
router1(config-line)# password boson
2. #ONlGUREABANNERTHATSAYSh7ELCOMETO2OUTER
!UTHORIZED5SERS/NLYv
router1(config)# banner motd #
Welcome to Router 1 - Authorized Users Only #
3. Test the banner and console password by logging out of the router and logging back in. Enter enable
mode after successfully logging in to the console.
router1# logout
ENTER
Password: boson
router1>
4. #ONlGUREAPASSWORDOFcisco on router2 that will enable remote users to telnet into router2.
router2(config)# line vty 0 4
router2(config-line)# login
router2(config-line)# password cisco
5. On router1, associate a name of router2 with the remote IP address of 160.10.1.2. This will allow you to
ping router2’s name rather than having to remember its IP address.
router1(config)# ip host router2 160.10.1.2
6. On router1, use the show hosts command to verify that the name router2 is now mapped to the IP ad-
dress of 160.10.1.2.
router1# show hosts
7. Ping router2, and verify that the ping succeeds.
router1# ping router2
8. $ISPLAYTHECONTENTSOFmASHMEMORYONROUTER
router2# show flash
A1UESTION7HATISTHENAMEOFTHE)/3IMAGEINmASHANDHOWLARGEISIT
9. Display the history table on router1 in order to view the last 10 commands that were entered on the
router. You can display the command history by pressing CTRL+P or by pressing the UP ARROW key.
router1# show history
router1# CTRL+P
10. On router1, display the serial 0 interface. Note on the third line of the output that the bandwidth is
assumed to be 1,544 Mbps. This is because the router assumes all serial links are T1 links unless you
SPECIFYOTHERWISE#ONlGUREROUTERSSERIALLINKTOHAVEACLOCKRATEOFANDABANDWIDTHOF
+BPS7HENYOUARElNISHEDUSETHEshow interfaces command again.
router1# show interfaces serial 0
router1# configure terminal
router1(config)# interface serial 0
router1(config-if)# bandwidth 64
router1(config-if)# clock rate 64000
router1(config-if)# CTRL+Z
router1# show interfaces serial 0
11. On router1, add a description to interface serial 0 that says “Serial Link to Router 3”. This description
will appear whenever you issue the show interfaces command for serial 0.
router1(config)# interface serial 0
router1(config-if)# description Serial Link to Router 3
router1(config-if)# exit
router1(config)# exit
router1# show interfaces serial 0
12. Select Router 3 from the eRoutersMENUANDCONlGUREITASFOLLOWS4HENSELECTRouter 4ANDCONlG-
ure it accordingly.
#ONlGUREAHOSTNAMEOFrouter3 on Router 3 and a host name of router4 on Router 4.
#ONlGUREANENABLESECRETPASSWORDOFcisco on both routers.
- Assign the appropriate IP addresses and subnet masks to the serial and Ethernet interfaces
on both routers (see FIGURE 1).
- Remember to set the clock rate on the router3 serial 1 interface.
- Activate the serial and Ethernet interfaces on both routers.
- Verify that router3 can ping router1.
- Verify that router3 can ping router4.
3AVEEACHROUTERSCONlGURATIONTO.62!-
Lab 3: CDP
Objective: In this lab, you will practice using Cisco Discovery Protocol (CDP) commands to view information
about directly connected neighbors.
1. On router1, display summary information for router1’s CDP neighbors. You should see one-line entries for
both router2 and router3.
router1# sh cdp neighbors
2. On router1, display detailed information about CDP neighbors. You can do this with either the show cdp
neighbors detail command or the show cdp entry * command.
router1# show cdp neighbors detail
router1# show cdp entry *
3. On router1, display the interfaces where CDP is active.
router1# show cdp interface
4. On router1, change the CDP advertisement interval to 50 seconds and the hold-down interval to 170
seconds. Issue the show cdp interface command to verify that the new timers are set correctly.
router1(config)# cdp timer 50
router1(config)# cdp holdtime 170
router1(config)# exit
router1# sh cdp interface
Lab 4: Telnet
Objective: In this lab, you will practice telneting from one router to another. You will use the CTRL+SHIFT+6 X
key combination to suspend Telnet sessions and use the show sessions and show users commands to display
active Telnet sessions.
1. Make sure you have permitted Telnet access on router3.
router3# config t
router3(config)# line vty 0 4
router3(config-line)# login
router3(config-line)# password cisco
2. From router1, telnet to router2 (160.10.1.2). Once into router2, issue the show users command. This
command shows which remote users are telneted into this local router. You should see router1’s IP ad-
dress (160.10.1.1) as the user that telneted into router2.
router1# telnet 160.10.1.2
router2>
router2> show users
3. Suspend your Telnet session to router2 by pressing CTRL+SHIFT+6 X. You should return to router1 with-
out breaking the active Telnet session. Issue the show sessions command on router1. This command
shows what active, but suspended, sessions exist with other routers.
router2# CTRL+SHIFT+6 X
router1#
router1# show sessions
4. Now, telnet from router1 to router3. Suspend the session, and return to router1. Issue the show sessions
command. You should now see two suspended sessions: one to router2 (160.10.1.2) and one to router3
(175.10.1.2).
router1# telnet 175.10.1.2
router3>
router3> CTRL+SHIFT+6 X
router1#
router1# show sessions
5. Disconnect the two suspended sessions on router1. The number used in the disconnect command
comes from the leftmost column in the show sessions output. Issue show sessions to see if the sus-
pended Telnet sessions have disappeared.
router1# disconnect 2
router1# disconnect 1
router1# show sessions
Lab 5: TFTP
Objective)NTHISLABYOUAREGOINGTOCONlGURE0#ASA4&40SERVER9OUWILLTHENBACKUPROUTERSCONlGU-
ration and restore it to the TFTP server.
1. In the NetSim, select PC 1 from the eStationsMENUINTHETOOLBAR#ONlGURE0#TOHAVEAN)0AD-
dress of 195.10.1.2 with a subnet mask of 255.255.255.0 and a default gateway of 195.10.1.1. Use the
winipcfg utility on the PC to do this. The PC is automatically enabled to be a TFTP server.
c:> winipcfg
2. On router4, make sure you can ping PC 1.
router4# ping 195.10.1.2
3. /NROUTERCOPYYOURRUNNINGCONlGURATIONTOTHE4&40SERVER9OUWILLBEPROMPTEDFORTHE)0ADDRESS
OFTHE4&40SERVER 9OUWILLALSOBEPROMPTEDFORAlLENAMEANYNAMEYOUCHOOSE
router4# copy running-config tftp
4. On the TFTP server (PC 1), issue the show tftp-configsCOMMANDTOSEEIFROUTERSCONlGURATIONWAS
successfully backed up. (This is not a standard PC command; it is only used within the NetSim prod-
uct.)
c:> show tftp-configs
5. 9OUWILLNOWRESTORETHECONlGURATIONYOUSAVEDONTHE4&40SERVERTO.62!-ONROUTER&IRSTDETER-
mine whether router4’s NVRAM is currently empty by issuing the show startup-config command. If it is
not empty, use the erase startup-configCOMMANDTOCLEARIT2ESTORETHECONlGURATIONFROMTHE4&40
server to NVRAM on router4 with the following copy command. (Type the PC’s IP address and previously
SAVEDlLENAMEWHENPROMPTED
router4# copy tftp startup-config
6. Issue the show startup-configCOMMAND9OUSHOULDNOWSEETHERESTOREDCONlGURATIONlLEIN.62!-
router4# show startup-config
A1UESTION7ASITNECESSARYTOCLEARROUTERS.62!-INORDERTOCOPYAlLEINTOIT%XPLAINWHYOR
why not.
Lab 6: RIP
Objective)NTHISLABYOUWILLBECONlGURING2)0
1. /NROUTERROUTERROUTERANDROUTERCONlGURE2)0VERSIONONALLSERIALAND%THERNETINTERFACES
(except for the ISDN and Frame Relay interfaces).
router1(config)# router rip
router1(config-router)# network 160.10.0.0
router1(config-router)# network 175.10.0.0
2. On router1, issue the show ip protocols command. This command shows information about all dynamic
routing protocols that are running on the router.
router1# show ip protocols
3. On router4, issue the show ip route command. You should see two directly connected routes (180.10.1.0
and 195.10.1.0) and three remote routes (160.10.0.0, 197.10.1.0, and 175.10.0.0).
router4# show ip route
4. /NROUTERPINGBOTHROUTERANDROUTER4HEPINGSSHOULDSUCCEEDIF2)0ISCONlGUREDONALLROUTERS
router4# ping 175.10.1.1
router4# ping 160.10.1.2
5. On router4, use the clear ip route * command to clear and re-create the IP routing table. Using this
command is sometimes necessary for troubleshooting unusual routing problems.
router4# clear ip route *
6. On router1, type the debug ip rip command. This will show the periodic (every 30 seconds) RIP updates
being transmitted and received on each interface.
router1# debug ip rip
7. After you examine a few debug updates, turn debugging off with the undebug all command.
router1# undebug all
Lab 7: IGRP
Objective)NTHISLABYOUWILLCONlGURETHE)'20ROUTINGPROTOCOL
1. Begin by turning off RIP on router1, router2, router3, and router4. You can verify RIP is turned off by us-
ing the show ip protocols command.
routerx(config)# no router rip
routerx# show ip protocols
2. Turn on IGRP on router1, router2, router3, and router4. Use Autonomous System number 200.
router1(config)# router igrp 200
router1(config-router)# network 160.10.0.0
router1(config-router)# network 175.10.0.0
3a. Question: How frequently does IGRP send out routing updates?
3b. Question: What is the hold-down interval for IGRP?
3c. Question: What is the default hop count for IGRP?
5. &ROMROUTERPINGROUTERANDROUTER4HESEPINGSSHOULDSUCCEEDIF)'20ISCONlGUREDONALLTHE
routers.
router4# ping 175.10.1.1
router4# ping 160.10.1.2
6. On router1, issue the debug ip igrp events and debug ip igrp transactions commands. Both com-
mands can be used to show periodic (every 90 seconds) IGRP routing updates being sent and received
by the router.
router1# debug ip igrp events
router1# debug ip igrp transactions
6a. Question: What is the difference between the two debug ip igrp commands?
Lab 8: EIGRP
Objective)NTHISLABYOUWILLCONlGURETHE%)'20ROUTINGPROTOCOL
1. Begin by turning off IGRP on router1, router2, router3, and router4.
routerx(config)# no router igrp 200
2. #ONlGURE%)'20ONROUTERROUTERROUTERANDROUTER5SE!UTONOMOUS3YSTEMNUMBERAND
CONlGURE%)'20TOSENDANDRECEIVEUPDATESONALLINTERFACESEXCEPTTHE)3$.AND&RAME2ELAYINTER-
faces.
router1(config)# router eigrp 100
router1(config-router)# network 160.10.0.0
router1(config-router)# network 175.10.0.0
3a. Question: What is the maximum router hop count with EIGRP?
8. &ROMROUTERPINGROUTERANDROUTER4HESEPINGSSHOULDSUCCEEDIF%)'20ISCONlGUREDONALLROUTERS
router4# ping 175.10.1.1
router4# ping 160.10.1.2
Lab 9: OSPF
Objective)NTHISLABYOUWILLCONlGURETHE/30&ROUTINGPROTOCOL
1. Begin by turning off EIGRP on router1, router2, router3, and router4.
routerx(config)# no router eigrp 100
2. #ONlGURE/30&ONROUTERROUTERROUTERANDROUTER5SE0ROCESS)$ANDCONlGURE/30&TOSEND
and receive updates on all interfaces except the ISDN and Frame Relay interfaces.
router1(config)# router ospf 1
router1(config-router)# network 160.10.1.0 0.0.0.255 area 0
router1(config-router)# network 175.10.1.0 0.0.0.255 area 0
5a. Question: What is the OSPF cost for a 10-Mbps Ethernet interface?
7. &ROMROUTERPINGROUTERANDROUTER4HESEPINGSSHOULDSUCCEEDIF/30&ISCONlGUREDONALLROUTERS
router4# ping 175.10.1.1
router4# ping 160.10.1.2
,AB#ATALYST3WITCH#ONlGURATION
Objective)NTHISLABYOUWILLCONlGUREBASIC)/3COMMANDSON#ATALYSTSWITCHES
1. From the eSwitches menu in the tool bar, select Switch 1. Press ENTER to get into user mode. Type en-
able to get into privileged mode. Type ? to see a list of privileged mode commands. Type disable to go
back to user mode.
> enable
#?
# disable
>
2. /N3WITCHGOINTOPRIVILEGEDMODEANDTHENINTOGLOBALCONlGURATIONMODE!SSIGN3WITCHAHOST
name of 1900sw1. Use the exitCOMMANDORTHE#42,:KEYCOMBINATIONTOGETOUTOFCONlGURATION
mode.
> enable
# configure terminal
(config)# hostname 1900sw1
1900sw1(config)# exit
1900sw1#
3. On 1900sw1, type show running-configTOSEETHEACTIVECONlGURATION
1900sw1# show running-config
3a. Question: Do you need to issue copy running-config startup-config on 1900sw1 to save the running
CONlGURATION%XPLAINWHYORWHYNOT
4. /NSWERASETHECURRENTCONlGURATIONWITHTHEFOLLOWINGCOMMAND7HENPROMPTEDTODELETE
NVRAM, press the Y key.)
1900sw1# delete nvram
5. /NSWGETINTOPRIVILEGEDMODEANDTHENINTOGLOBALCONlGURATIONMODE2E
ASSIGNTHESWITCH
a host name of 1900sw1 and an enable password of cisco. Assign the switch an IP address of
195.10.1.99 with a subnet mask of 255.255.255.0 and a default gateway of 195.10.1.1 (router4’s Ether-
net address).
> enable
# configure terminal
(config)# hostname 1900sw1
1900sw1(config)# enable password level 15 cisco
1900sw1(config)# ip address 195.10.1.99 255.255.255.0
1900sw1(config)# ip default-gateway 195.10.1.1
6. On 1900sw1, issue the show ip command to verify that the IP address, subnet mask, and default gate-
way are correct.
1900sw1# show ip
7. On 1900sw1, issue the show interfaces command.
1900sw1# show interfaces
7a. Question: What is the Spanning Tree (802.1D) state of interface e0/1?
7b. Question: What is the duplex setting for interface e0/2?
of 1900sw2 and an enable password of cisco. (The enable password should be encrypted when the
CONlGURATIONlLEISDISPLAYED #ONlGUREAN)0ADDRESSOFANDADEFAULTGATEWAYOF
195.10.1.1 on 1900sw2.
> enable
# configure terminal
(config)# hostname 1900sw2
1900sw2(config)# enable secret level 15 cisco
1900sw2(config)# ip address 195.10.1.100 255.255.255.0
1900sw2(config)# ip default-gateway 195.10.1.1
9. On 1900sw2, issue the show version command.
1900sw2# show version
11. On 1900sw1, issue the show mac-address-table command to display which devices are attached to
which switch ports.
1900sw1# show mac-address-table
12. On 1900sw1, permanently assign a device with MAC address 1111.1111.1111 to port e0/5. Issue the
show mac-address-table command to verify that the device is in the table as a permanent entry.
1900sw1(config)# mac-address-table permanent 1111-1111-1111 e0/5
1900sw1(config)# exit
1900sw1# show mac-address-table
13. /NSWCONlGUREPORTSECURITYFORPORTE4HESWITCHWILLSTICKY
LEARNTHE-!#ADDRESSOFTHE
device connected to port e0/9 and will allow only that device to connect to this port in the future.
1900sw1(config)# interface e0/9
1900sw1(config-if)# port secure
1900sw1(config-if)# port secure max-mac-count 1
5. On 1900sw1 and 1900sw2, create VLAN 10 and name it ccnavlan. Issue the show vlan command to
verify that the VLAN was successfully created.
1900swx(config)# vlan10 name ccnavlan
1900swx(config)# exit
1900swx#show vlan
5a. Question: Do you see any ports connected to VLAN 10? Explain why or why not.
6. On 1900sw1 and 1900sw2, assign the e0/1 ports to the new VLAN you created. Router4 and PC 1 are
attached to these ports. Issue the show vlan command on both switches to verify that these ports have
been moved to VLAN 10. Also, issue the show vlan-membership command. This is another command
that shows VLAN assignments by port on Catalyst 1900 switches.
1900swx(config)# interface e0/1
1900swx(config-if)# vlan-membership static 10
1900swx(config-if)# CTRL+Z
1900swx# show vlan
1900swx# show vlan-membership
7. Now that both router4 and PC 1 are in VLAN 10, try to ping from PC 1 to router4. The ping should fail.
c:> ping 195.10.1.1
7a. Question: If both devices are in the same VLAN, why should the ping fail?
8. -AKETHELINKBETWEENSWANDSWATRUNKLINECAPABLEOFCARRYINGTRAFlCFORANY6,!.5SE
the show trunk a command to verify trunking is enabled on port fa0/26 on both switches (you should
see Trunking: on).
1900swx(config)# interface fa0/26
1900swx(config-if)# trunk on
1900swx(config-if)# CTRL+Z
1900swx# show trunk a
8a. Question: What trunking protocol does the Catalyst 1900 switch use: ISL or 802.1Q?
9. Now, ping from PC 1 to router4. The ping should succeed because both devices are in the same VLAN and
THEINTER
SWITCHLINKISATRUNKLINECAPABLEOFCARRYINGTRAFlCFORANY6,!.
c:> ping 195.10.1.1
,AB#ATALYST3WITCH#ONlGURATION
Objective)NTHISLABYOUWILLCONlGUREBASIC)/3COMMANDSON3WITCHAND3WITCHWHICHARE#ATALYST
2950 switches.
1. From the eSwitches menu in the tool bar, select Switch 3. Press ENTER to get into user mode. Type en-
able to get into privileged mode. Type ? to see a list of privileged-mode commands. Type disable to go
back to user mode.
> enable
#?
# disable
>
2. /N3WITCHGOINTOPRIVILEGEDMODEANDTHENINTOGLOBALCONlGURATIONMODE!SSIGN3WITCHAHOST
name of 2950sw3. Type exitORPRESS#42,:TOGETOUTOFGLOBALCONlGURATIONMODE
> enable
# configure terminal
(config)# hostname 2950sw3
2950sw3(config)# exit
2950sw3#
3. On 2950sw3, type show running-configTOSEETHEACTIVECONlGURATION
2950sw3# show running-config
3a. Question: Do you need to issue copy running-config startup-config on 2950sw3 to save the run-
NINGCONlGURATION%XPLAINWHYORWHYNOT
8a. Question: What is the Spanning Tree (802.1D) state of interface fa0/1?
8b. Question: What is the duplex setting for interface fa0/2?
9. From the eSwitches menu in the tool bar, select Switch 4#ONlGUREITWITHAHOSTNAMEOF2950sw4
and an enable password of cisco4HEENABLEPASSWORDSHOULDBEENCRYPTEDWHENTHECONlGURATIONlLE
is displayed.) Assign it an IP address of 197.10.1.100/24 and a default gateway of 197.10.1.1.
> enable
# configure terminal
(config)# hostname 2950sw4
2950sw4(config)# enable secret cisco
2950sw4(config)# interface vlan1
2950sw4(config-if)# ip address 197.10.1.100 255.255.255.0
2950sw4(config-if)# no shutdown
2950sw4(config-if)# exit
2950sw4(config)# ip default-gateway 197.10.1.1
10. On 2950sw4, issue the show version command.
2950sw4# show version
11. On 2950sw4, issue the show spanning-tree command.
2950sw4# show spanning-tree
12. On 2950sw4, issue the show mac-address-table command to display which devices are attached to
which switch ports.
2950sw4# show mac-address-table
13. On 2950sw4, permanently assign a device with MAC address 4444.4444.4444 to port fa0/5. Issue the
show mac-address-table command to verify that the device is in the table as a permanent entry.
2950sw4(config)# mac-address-table static 4444.4444.4444 vlan 1 int fa0/5
2950sw4(config)# exit
2950sw4# show mac-address-table
14. /NSWCONlGUREPORTSECURITYFORPORTFA4HESWITCHWILLSTICKY
LEARNTHE-!#ADDRESSOFTHE
device connected to port fa0/9 and will allow only that device to connect to the port in the future.
2950sw4(config)# interface fa0/9
2950sw4(config-if)# switchport port-security
2950sw4(config-if)# switchport mode access
2950sw4(config-if)# switchport port-security maximum 1
c:> winipcfg
2. Verify that you can ping between PC 2 and router3. If you cannot ping successfully, ensure that the IP
address of router3’s Ethernet 0 interface is 197.10.1.1/24 and that the interface is enabled. Next, use
the winipcfgUTILITYTOENSURETHAT0#ISCONlGUREDWITHAN)0ADDRESSOF
c:> ping 197.10.1.1
3. On 2950sw43 and 2950sw4, issue the show vlan command. You should note that, by default, all
switch ports are in VLAN 1. Because router3, PC 2, and the switch-to-switch link are all in VLAN 1, you
should be able to ping between PC 2 and router3.
2950swx# show vlan
4. On 2950sw3 and 2950sw4, set up a VTP domain and name it classroom, then use the show vtp status
command to verify that the domain has been created.
2950swx# vlan database
2950swx(vlan)# vtp domain classroom
2950swx(vlan)# CTRL+Z
2950swx# show vtp status
5. On 2950sw3 and 2950sw4, create VLAN 20 and name it 2950vlan. Issue the show vlan command to
verify that the VLAN was successfully created.
2950swx# vlan database
2950swx(vlan)# vlan 20 name 2950vlan
2950swx(vlan)# exit
2950swx# show vlan
5a. Question: Do you see any ports connected to VLAN 20? Explain why or why not.
6. On 2950sw3 and 2950sw4, assign the fa0/1 ports to the new VLAN you created. Router3 and PC 2 are
attached to these ports. Issue the show vlan command on both switches to verify that these ports have
been moved to VLAN 20.
2950swx(config)# interface fa0/1
2950swx(config-if)# switchport mode access
2950swx(config-if)# switchport access vlan 20
2950swx(config-if)# CTRL+Z
2950swx# show vlan
7. Now that both router3 and PC 2 are in VLAN 20, try to ping from PC 2 to router3. The ping should fail.
c:> ping 197.10.1.1
7a. Question: If both devices are in the same VLAN, why should the ping fail?
8. -AKETHELINKBETWEENSWANDSWATRUNKLINECAPABLEOFCARRYINGTRAFlCFORANY6,!.5SE
the show interface fa0/12 switchport command to verify that trunking is enabled on port fa0/12 on
both switches.
2950swx(config)# interface fa0/12
2950swx(config-if)# switchport mode trunk
2950swx(config-if)# CTRL+Z
2950swx# show interface fa0/12 switchport
8a. Question: Which trunking protocol does the Catalyst 2950 switch use: ISL or 802.1Q?
9. Now, ping from PC 2 to router3. The ping should succeed because both devices are in the same VLAN and
THEINTER
SWITCHLINKISATRUNKLINECAPABLEOFCARRYINGTRAFlCFORANY6,!.
c:> ping 197.10.1.1
3. Test your access list by pinging from router3 and router4 to router2. The pings from router3 (in subnet
175.10.1.0) should succeed, whereas the pings from router4 (in subnet 180.10.1.0) should fail.
4. /NROUTERBUILDANEXTENDED)0ACCESSLISTTHATWILLALLOW4ELNETTRAFlCFROMROUTER ALLOW
)#-0TRAFlCFROMROUTER ANDBLOCKALLOTHERTRAFlC2EMOVETHEPREVIOUSACCESSLISTAND
apply this new one to router1’s serial 0 interface.
router1(config)# access-list 100 permit tcp host 175.10.1.2 any eq telnet
router1(config)# access-list 100 permit icmp host 180.10.1.2 any
router1(config)# interface serial0
router1(config-if)# no ip access-group 1 in
router1(config-if)# ip access-group 100 in
4a. Question: What are two ways you can specify a host address in an extended IP access list?
4b. Question: What is the number range for extended IP access lists?
4c. Question: What statement permits RIP routing updates?
5. Test access list 100 by pinging and telneting from router3 and router4 to router2. Router3 (175.10.1.2)
should be able to telnet to router2, but not ping it. Router4 (180.10.1.2) should be able to ping router2,
but not telnet to it.
router3# ping 160.10.1.2
router3# telnet 160.10.1.2
4a. Question: Does the inside global IP address normally represent a public or a private IP address?
5. Select Router 2 from the eRouters menu, and disconnect your Telnet session to router3.
router3# CTRL+SHIFT+6 X
router2#
6. /NROUTERREMOVETHEPREVIOUSSTATIC.!4COMMANDSANDCONlGURE.!4TOTRANSLATEROUTERS%THERNET
address to a dynamically assigned address. You will utilize a pool of public addresses in the range of
169.10.1.50 to 169.10.1.100.
router1(config)# no ip nat inside source static 160.10.1.2 169.10.1.2
router1(config)# ip nat pool pool1 169.10.1.50 169.10.1.100 netmask 255.255.255.0
router1(config)# ip nat inside source list 2 pool pool1
router1(config)# access-list 2 permit 160.10.1.0 0.0.0.255
6a. Question: If the pool of dynamically assigned addresses only contains one IP address entry, what is
another term for this form of NAT translation?
7. Test the dynamic NAT translation function by telneting from router2 to router3. Once into router3, is-
sue the show users command. The output of this command should show that the logged-in device is
169.10.1.50 (the translated address). Also, use the show ip nat translations command to display the
NAT translation table on router1.
router2# telnet 175.10.1.2
router3# show users
translate router2’s Fast Ethernet address (160.10.1.2) to the serial 0 interface address (175.10.1.1) on
router1.
router1(config)# no ip nat pool pool1 169.10.1.50 169.10.1.100 netmask 255.255.255.0
router1(config)# no ip nat inside source list 2 pool pool1
router1(config)# ip nat inside source list 2 interface serial0 overload
9. Test the overloading (PAT) function by telneting from router2 to router3. Issue the show users command
on router3. The output should show that the logged-in device is 175.10.1.1 (the translated IP address).
Also, issue the show ip nat translations command on router1 to display the NAT translation table.
router2# telnet 175.10.1.2
router3# show users
4. From router1, ping the ISDN interface of router2. This should cause an ISDN call to be initiated, and the
pings should succeed.
router1# ping 200.10.1.2
A1UESTION7HICHCONlGURATIONPARAMETERSONROUTERIDENTIFYTHEINTERESTINGTRAFlCTHATWILLTRIGGERA
call?
5a. Question: What does the output show for Layer 3 status?
6. Issue the show interfaces bri0 1 2 command on router1.
router1# show interfaces bri0 1 2
,AB)3$."2)
"2)5SING$IALER0ROlLES
ISDN Parameters
Router IP Address Mask SPID1 ,OCAL4EL ISDN Switch
router1 200.10.1.1 /24 32177820010100 7782001 basic-ni
router2 200.10.1.2 /24 32177820020100 7782002 basic-ni
Objective:)NTHISLABYOUWILLUSEDIALERPROlLESTOCONlGURE)3$."2)ONROUTERANDROUTER5SINGDIALER
PROlLESEFFECTIVELYMOVESSOMEOFTHELOGICAL)3$.PARAMETERSFROMTHEPHYSICAL"2)02)INTERFACETOADIALER
interface.
1. !NY)0PACKETSHOULDREPRESENTINTERESTINGTRAFlCINTHISLABANDEITHERROUTERSHOULDBEABLETOINITIATE
the call. PPP encapsulation and CHAP authentication should be used. Refer to the table above for ISDN
switch type, IP addresses, subnet masks, and telephone numbers.
router1(config)# isdn switch-type basic-ni
router1(config)# dialer-list 1 protocol ip permit
router1(config)# username router2 password cisco
router1(config)# interface bri0
router1(config-if)# encap ppp
router1(config-if)# ppp authentication chap
router1(config-if)# isdn spid1 32177820010100
router1(config-if)# dialer pool-member 1
router1(config-if)# no ip address 200.10.1.1 255.255.255.0
router1(config-if)# no shut
router1(config-if)# interface dialer 1
router1(config-if)# no shut
router1(config-if)# ip address 200.10.1.1 255.255.255.0
router1(config-if)# encap ppp
router1(config-if)# dialer-group 1
router1(config-if)# dialer pool 1
router1(config-if)# dialer remote-name router2
router1(config-if)# dialer string 7782001
router1(config-if)# ppp authentication chap
,AB)3$.02)5SING$IALER0ROlLES
ISDN Parameters
Router IP Address Mask SPID1 ,OCAL4EL ISDN Switch
router1 200.10.1.1 /24 32177820010100 7782001 basic-ni
router2 200.10.1.2 /24 ----- 7782002 primary-5ess
Objective)NTHISLABYOUWILLUSEDIALERPROlLESTOCONlGURE)3$."2)ONROUTERAND)3$.02)ONROUTER
Router2 has a primary rate ISDN interface (s0/0) as well as a basic rate ISDN interface.
1. !NY)0PACKETSHOULDREPRESENTINTERESTINGTRAFlCINTHISLABANDEITHERROUTERSHOULDBEABLETOINITIATE
the call. PPP encapsulation and CHAP authentication should be used. Refer to the table above for ISDN
switch type, IP addresses, subnet masks, and telephone numbers.
router1(config)# isdn switch-type basic-ni
router1(config)# dialer-list 1 protocol ip permit
router1(config)# username router2 password cisco
router1(config)# interface bri0
router1(config-if)# encap ppp
router1(config-if)# ppp authentication chap
router1(config-if)# isdn spid1 32177820010100
router1(config-if)# dialer pool-member 1
router1(config-if)# no shut
router1(config-if)# interface dialer 2
router1(config-if)# no shut
router1(config-if)# ip address 201.10.1.1 255.255.255.0
router1(config-if)# encap ppp
router1(config-if)# dialer-group 1
router1(config-if)# dialer pool 1
router1(config-if)# dialer remote-name router2
router1(config-if)# dialer string 7782001
router1(config-if)# ppp authentication chap
A1UESTION)FTHIS02)WEREBEINGCONlGUREDIN%UROPEWHATOPTIONSWOULDBEAVAILABLEFORCONTROLLER
type, framing, and linecode?
B1UESTION/NTHE02)INTERFACESTATEMENTWHATISTHESIGNIlCANCEOF
2. Issue the show isdn status command on both router1 and router2. You should see the following:
Layer1: Active
Objective: In this lab, you will use both physical interfaces and point-to-point subinterfaces to set up Frame
Relay permanent virtual circuits (PVCs) between router1 and router5. Both routers will be Frame Relay data
termination equipment (DTE) devices connected to a Frame Relay cloud.
1. 5SINGPHYSICALINTERFACESNOSUBINTERFACES CONlGURE&RAME2ELAYONROUTERSSERIALINTERFACEAND
on router5’s serial 0 interface. Refer to the chart above for IP addresses and local DLCIs. Both routers
will use ANSI as their LMI type. Frame Relay map statements should be used for static mapping.
router1(config)# interface serial1
router1(config-if)# encapsulation frame-relay
router1(config-if)# ip address 215.10.1.1 255.255.255.0
router1(config-if)# frame-relay map ip 215.10.1.2 105 broadcast
router1(config-if)# frame-relay lmi-type ansi
router1(config-if)# no shut
2. Issue the show interfaces serial 1 command on router1 and the show interfaces serial 0 command
on router5 in order to see whether the routers are successfully connected to their local Frame Relay
SWITCHES"OTHTHEINTERFACEANDTHELINEPROTOCOLSHOULDBEUPONBOTHROUTERS/NTHElFTHLINEOF
output, you should also see DTE LMI up. The encapsulation type should be Frame Relay.
router1# show interfaces serial1
,ABn3WITCH#ONlGURATION
A.O4HE#ATALYSTSWITCHAUTOMATICALLYSAVESANYCONlGURATIONCHANGESYOUMAKETO.62!-
7a. It is in the forwarding state.
7b. The duplex setting for interface e0/2 is half-duplex. 10baseT ports default to half-duplex.
9a. Version V4.00.00
9b. 00-0C-55-09-32-11
10a. 000C.1835.8565
10b. 100
10c. 20 seconds
10d. 2 seconds
Lab 11 – VLANs and Trunking (Catalyst 1900 Switches)
4a. The Catalyst 1900 switch defaults to server mode.
5a. No. Although VLAN 10 has been created, no ports have been manually assigned to it yet.
A4HELINKCONNECTINGSWANDSWISSTILLIN6,!.4HELINKMUSTBECONlGUREDTOBEIN6,!.
ORCONlGUREDASATRUNKLINEWHICHBYDElNITIONISCAPABLEOFSUPPORTINGALL6,!.S
8a. ISL
,ABn#ATALYST3WITCH#ONlGURATION
A9ES4HEACTIVECONlGURATIONISNOTAUTOMATICALLYSAVEDTO.62!-ON#ATALYSTSWITCHES
8a. forwarding
8b. The duplex setting for interface fa0/2 is auto. 10/100 ports default to auto-negotiate on Catalyst 2950
switches.
11a. 000C 1835 8565
11b. 19
11c. 20 seconds
11d. 2 seconds
Lab 13 – VLANs and Trunking (Catalyst 2950 Switches)
5a. No. Although VLAN 20 has been created, no ports have been manually assigned to it yet.
A4HELINKCONNECTINGSWANDSWISSTILLIN6,!.4HELINKMUSTBECONlGUREDTOBEIN6,!.
ORCONlGUREDASATRUNKLINEWHICHBYDElNITIONISCAPABLEOFSUPPORTINGALL6,!.S
8a. 802.1Q
Lab 14 – IP Access Lists
2a. No. An implicit deny any statement is at the end of every access list.
2b. This is a wildcard or reverse mask. It means permit any device where the source address starts with
INTHElRSTTHREEOCTETS
2c. No. Standard IP access lists are in the range 1-99 or 1300-1999.
4a. You can specify host 172.16.1.1 or 172.16.1.1 0.0.0.0.
4b. 100-199 or 2000-2699
4c. access list 100 permit udp any any eq 520 (RIP uses UDP port 520)
Lab 15 – NAT/PAT
4a. The inside global IP address normally represents a public, or registered, IP address. NAT/PAT translates
the inside local IP address, which is usually a private IP address, to an inside global IP address, which is
usually a registered IP address.
A4HISISALSOKNOWNASOVERLOADINGOR0ORT!DDRESS4RANSLATION0!4 )TISPOSSIBLETOCONlGUREOVERLOAD-
INGBYDElNINGONEORAFEW)0ADDRESSESINTHEDYNAMICADDRESSPOOL4HISISANALTERNATIVETOPOINTING
TOAPHYSICALINTERFACEINTHE0!4DElNITIONS
Lab 17 – ISDN BRI-BRI using Legacy DDR
3a. Both B channels are down and the line protocols are down because no calls are active.
4a. The dialer-list and dialer-groupCOMMANDSAREUSEDTOIDENTIFYINTERESTINGTRAFlC
5a. It should show 1 Active Layer 3 Call.
6a. Now that a call has been established, one of the B channels should be up and the line protocol should
be up. The other B channel should still have a status of down and down.
,ABn)3$.02)5SING$IALER0ROlLES
1a. In Europe, the controller type is E1, the framing is either crc4 or no-crc4, and the linecode is hdb3.
1b. The number 23 represents the ISDN signaling channel on the PRI/T1 link. It is the 24th time slot on the
T1 link.
Lab 20 – Frame Relay
1a. cisco