Ccna Lab Guide

P age |1
CONTENTS
1. Basic Networks Lab. (Net-Meeting)
2. Basic Router Configurations
3. Configuration of Static Routing protocol
4. Configuration of Dynamic Routing Protocol
a. Configuration of Routing Information Protocol (RIP) b. Configuration of Enhanced Interior Gateway Routing Protocol (EIGRP) c. Configuration of Open Shortest Path First Protocol (OSPF)
5. Remote Accessing of Computers - Telnet 6. Configuration of Access Control List (ACL)
a. Configuration of Standard Access Control List b. Configuration of Extended Access Control List
7. Configuration of Network Address Translation (NAT)
a. Configuration of Static Network Address Translation (S-NAT) b. Configuration of Dynamic Network Address Translation (D-NAT) c. Configuration of Port Address Translation (PAT)
8. Configuration of Dynamic Host Configuration Protocol (DHCP)
9. Configuration of Virtual Local Area Network (VLAN)
10. Configuration Inter-VLAN
11. Configuration of Virtual Trunking Protocol (VTP)
P age |2
12. Configuration of Switch-port security. 13. Port numbers 14. Sub-N0etting Questions
15. CCNA Interview Questions.
P age |3
BASIC NETWORKS LAB
NET MEETING NETMEETING:

Net meeting is a built application in the windows OS, which is used for online presentation and also for sharing files between two hosts (computers) with the help of internet. In other words, NetMeeting enables real-time audio, video, and data communication over the Internet. Windows installs NetMeeting in the \net meeting folder. NetMeeting works best with a fast Internet connection, such as a 56 kilobytes per second (Kbps) or faster modem, or a local area network (LAN). For best viewing results, use 800 by 600 resolution or higher. You can also use compact mode. NetMeeting includes support for the H.323 audio and video conferencing standard and the T.120 data conferencing standard. NetMeeting can be used to place calls to and receive calls from products that are H.323 and T.120 compatible. With appropriate equipment and services from third parties, NetMeeting can place a call to a telephone using an H.323 gateway. NetMeeting also can place calls to H.323 multipoint control units (MCUs) and participate in multipoint audio/video conferences. NETMEETING APPLICATIONS Placing a Call You can place NetMeeting calls to multiple users. Microsoft maintains the Microsoft Internet Directory, which you can use to find other NetMeeting users. To view the Microsoft Internet Directory, click the Find Someone in a Directory button, and then in select a directory, click Microsoft Internet Directory. You cannot call people on the Internet that you have located on Web-based directory servers if your Internet connection uses a proxy server that does not support NetMeeting. Additionally, if you cannot connect to someone by using their computer name, try using their IP address. If you have two active network connections using two separate network cards, you might not be able to connect to a directory service.
P age |4
Receiving a Call You are ready to receive incoming calls if you are running NetMeeting and have not selected Do Not Disturb on the Call menu. You are limited in the number of simultaneous connections you can make, depending on your in TCP/IP registry configuration. Program Sharing Any person in a meeting can share a program with the other participants. When you use the program sharing feature, other people can see the program. When you allow control, other people can both see and use the program. When you share a program and decide to allow someone to control it, remote users can use the File Open and File Save dialog boxes in your program to gain access to or delete files on your computer or network. You cannot drag an object onto a shared program or drag an object from a shared program to the desktop. Whiteboard NetMeeting users can draw simultaneously on the Whiteboard. Everyone in the meeting can see what is drawn on the Whiteboard. When one person in a meeting runs Whiteboard, it appears on everyone's screen. The Whiteboard does not maximize to the full size if you are using an 1152 by 864 or larger display. Chat Chat enables you to type messages for other users to see. When one person in a meeting runs Chat, a chat window appears on everyone's screen if they are using NetMeeting 3.0 or later. NetMeeting 2.11 Chat participants may not be able to close the Chat window if they are participating in a meeting with a NetMeeting 3.0 or later chat participant. Chat files can be saved with the .htm file extension, and then opened in an Internet browser.
P age |5
Audio To use NetMeeting audio features, you need a sound card, speakers, and a microphone. Audio is only supported with one other person. Sound quality can vary significantly depending on your sound card, microphone, and connection. If you modify your sound card device driver in any way, such as upgrading to a full-duplex driver, you need to run the Audio Tuning Wizard again in order for NetMeeting to work correctly. Video To send video with NetMeeting, you need either a video-capture card and camera, or a video camera that connects through your computer's parallel (printer) port or USB port. Cameras that have a video-capture card use less of your computer's processing resources than cameras that connect through your computer's parallel port. Video is only supported with one other person at a time. The default setting for video over a 28.8 Kbps modem connection is Better quality. To change this setting, click the Tools menu, click Options, click the Video tab, and then adjust the Video quality option. Remote Desktop Sharing Using Remote Desktop Sharing, NetMeeting 3.0 or later can call an unattended computer (host) running the Remote Desktop Sharing service, and then access that computers shared desktop. Once you are connected, you can work in the hosts shared desktop and in any program that the host computer has access to. Administrators can give users the ability to access a computer via Remote Desktop Sharing without giving them accounts with administrator privilege.
P age |6
Step 1: start Run conf click on OK
By default when the Microsoft Windows Operating System is installed in a place. The net meeting application wont be enabled and also you cant see it anywhere in the start menu. But you can activate/install the net meeting by following some simple steps.
The snapshot shows the first step of installation of Net-meeting. Click on Start in your desktop task bar. Click on Run, the keyboard shortcut to get the run window is press start button and the Letter R in your keyboard. After getting the Run window. Enter the word as conf and press enter.
P age |7
Step 2: Click on Next
Once after pressing Enter, you will get the net meeting like the one shown in the above snapshot. You have to click on Next tab to move to further installation of net meeting.
P age |8
Step 3: Enter the FirstnameLast name e-mail address Location and Click on next
Here comes the second window, were you have to spend some time to type some information, before going to the further installation steps. In the first name and Last name Tab, if it is a personal computer you can give your name or any name of your interest, if it is a company or organization, it will be a good practice to give the company or organization name in the place of First name and last name tab. In the third tab, you have to enter the valid e-mail id address and it is optional to enter the information on location, where you can give place where you are citied and comments of your interest. Once after filling all the information, click on Next to continue with the next step of installation.
P age |9
Step 4: Dont check on any check box. Click on Next
The snapshot of the next window is shown above, dont check in any box, click on next to proceed with the further installation.
P a g e | 10
Step 5: Click on the speed of your connection and click on Next
Spend few seconds to fill the some important information, in this step, in this step you have to select the speed of your connection. Once after checking the relevant checkbox with respect to your connection speed. You can click on the next tab and proceed with the further step of installation.
P a g e | 11
Step 6: Check on both the check box and click on Next
P a g e | 12
Step 7:click on Next
P a g e | 13
Now the Net meeting has been installed successfully.
P a g e | 14
Step 8: Enter the IP address of the host to who you want to share the share the program, chat and transfer the files. In addition to this you can also use a feature called whiteboard, were you can conduct the seminar /presentation to many clients.
P a g e | 15
BASIC ROUTER CONFIGURATIONS

This session will start with introducing the IOS (Inter-Network Operating system). The IOS runs in the Cisco router and Cisco switches and it allows configuring the devices. We use the Command Line Interface (CLI) to configure the router. You can access the Cisco IOS through the console port of a router, from a modem into the auxiliary (or aux) port, or even through Telnet.
This Cisco IOS software is responsible for, a. Carrying network protocols and functions. b. Connecting high-speed traffic between devices. c. Adding security to control access and stop unauthorized network use. d. Providing scalability for ease of network growth and redundancy. e. Supplying network reliability for connecting to network resources. Figure 2.1: A Cisco Router
ROUTER CONFIGURATION MODES

The router has 4 configuration modes:
a. User mode b. Privileged mode c. Global configuration mode d. Interface configuration mode.
P a g e | 16
a. USER MODE:
User mode is otherwise called as Authentication mode. We can execute basic monitoring commands. In short, we can view the configurations with restrictions.
Example: Router > this syntax denotes that the router is in user configuration mode.
b. PREVILAGED MODE :
Here we can get access to all other router commands. We can view the configurations without any restrictions.
Example: Router# this syntax denotes that the router is in Privileged mode.
c. GLOBAL CONFIGURATION MODE:

What ever command is executed in this mode will affect the entire system. In this mode you can modify the name of the router; you can implement the authentication process and so on. Example: Router (config) # this syntax denotes that the router is in Global Configuration mode.
d. INTERFACE / SPECIFIC CONFIGURATION MODE:

The commands executed in this mode will affect only the particular interfaces, Routing process or Lines only. In this mode you can assign the address to the particular interface, shutdown the particular interface and so on. Example: Router (config-if) # this syntax denotes that the router is in particular
P a g e | 17
MOVING BETWEEN MODES MODES

change from User mode to privileged mode Change from privileged mode to user mode Change to Global Configuration mode from Privileged mode Exit from any configuration mode to privileged mode Enter into Interface configuration mode from Global configuration mode Enter router configuration mode from Global configuration Router> enable
SYNTAX
Router> disable
Router# configure terminal
Router (config) # exit Router(config)#interface <interface name> <interface number> Router (config) # router rip
HELP COMMANDS
COMMAND Router# ? Router #c? Router #clock ? MEANING show all available commands Shows all commands starting with the letter c Shows all available commands for Clock command
P a g e | 18
Example for Basic router configurations:
ROUTER1 BASIC INTERFACE CONFIGURATION Router>enable Router#configure terminal Router(config)#hostname Router0 Router0(config)#interface fastethernet 0/0 Router0(config-if)#ip address 10.0.0.1 255.255.255.0 Router0(config-if)#no shutdown Router0(config-if)#exit Router0(config)#interface serial 0/1/0 Router0(config-if)#ip address 20.0.0.1 255.255.255.252 Router0(config-if)#no shutdown Router0(config-if)#clock rate 64000 Router0(config-if)#exit
P a g e | 19
ROUTER2 BASIC INTERFACE CONFIGURATION Router>enable Router#configure terminal Router(config)#hostname Router1 Router1(config)#interface fastethernet 0/0 Router1(config-if)#ip address 30.0.0.1 255.255.255.0 Router1(config-if)#no shutdown Router1(config-if)#exit Router1(config)#interface serial 0/1/0 Router1(config-if)#ip address 20.0.0.2 255.255.255.252 Router1(config-if)#no shutdown Router1(config-if)#clock rate 64000 Router1#(config-if)#exit
To view the interface details
For example to know the router0 interface details
Router0#show ip interface brief
Output: Interface IP-Address OK? Method Status Protocol
FastEthernet0/0
10.0.0.1
YES manual up
up
Serial0/1/0
20.0.0.1
YES manual up
up
P a g e | 20
CONFIGURATION OF STATIC ROUTING PROTOCOL
ROUTING BASICS
In an internetwork the router is used to route the traffic to all the networks connected to it. In order to accomplish this task, at minimum a router must know the following: The destination address. The neighbor routers from which it ca. learn about remote networks Possible routes to all remote networks. The best route to each remote network. How to maintain and verify routing information.
The router builds the routing table, which describes how to find the remote networks. If a network is directly connected to the router then the router knows to connect to it, on the other hand, if the network is not directly connected to the router, the router can know the remote networks in 2 ways. Static routing. Dynamic routing.
In this session we will have a discussion about the Static routing and the later session we will be discussing the dynamic routing.
STATIC ROUTING:
Static routing is the simple way to add the routing information to the routing table. Static routing is done by adding the routes in each routers table.
Syntax
The syntax used to configure the static route information for a router to possible use in its routing table is, Route#(config)# ip route [Destination network address] [Subnet mask] [Next hop address or forwarding address]
P a g e | 21
DEFAULT ROUTING:
Default routing is used to send packets with a remote destination network not in the routing table to the next-hop router. Default routing is used only on stub networksthose with only one exit path out of the network. A default route as a static route that uses wildcards instead of network and mask information.
Syntax:
Router(config)#ip route [any network (0.0.0.0)] [any subnet mask (0.0.0.0)] [forwarding address or interface name]
Example:
Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.11.1
EXAMPLE--1
Router 0
Router 1
P a g e | 22
Assignment: For the network diagram given below, update the routing table of each router by implementing the static routing protocol using the Cisco packet tracer simulation software?
P a g e | 23
CONFIGURATION OF DYNAMIC ROUTING PROTOCOL
A. ROUTING INFORMATION PROTOCOL (RIP):
RIP version 1
Routing Information Protocol (RIP) is a distance-vector routing protocol. RIP sends the complete routing table to all active interfaces every 30 seconds. RIP uses the hop count only to determine the best route to a remote network, but it has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable.
RIP works well in small networks, but its inefficient on large networks with slow WAN links or on networks with a large number of routers installed.
RIP version 2
RIP version 2 is mostly the same as RIP version. Both RIPv1 and RIPv2 are distance-vector protocols, which mean each router running RIP sends its complete routing Tables out all active interfaces at periodic time intervals. Both RIPv1 and RIPv2 are configured as classful addressing (but RIPv2 is considered classless because subnet information is sent with each route update), and both have the same administrative distance (120).
RIP V1
Distance vector Maximum hop count 15 Classful Broadcast based Not supports VLSM No authentication
RIP V2
Distance vector Maximum hop count 15 Classless Uses multicast 224.0.0.9 Supports VLSM networks Allows MD5 authentication
P a g e | 24
Syntax:
Router (config)#router rip Router(config-router)#Version <1-2> Router(config-router)#network <connected network id>
Once after configuring thr RIP in an router, we can check the routing table whether the routes information is updated. This can be done by the command.
Router#show ip route
To view the RIP updates being sent and received on a router, the following command is used,
Router#debug ip rip
EXAMPLE
ROUTER 0
Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 10.0.0.0 Router(config-router)#network 30.0.0.0 Router(config-router)#network 60.0.0.0
P a g e | 25
ROUTER 1
Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 20.0.0.0 Router(config-router)#network 30.0.0.0 Router(config-router)#network 50.0.0.0 Router(config-router)#network 80.0.0.0
ROUTER 2
Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 40.0.0.0 Router(config-router)#network 50.0.0.0 Router(config-router)#network 100.0.0.0 Router(config-router)#network 101.0.0.0
ROUTER 3
ROUTER 4
P a g e | 26
ROUTER 5
Router(config)#router rip Router(config-router)#version 2 Router(config-router)#network 90.0.0.0 Router(config-router)#network 101.0.0.0
OUTPUT:
In ROUTER5,
Router# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 [120/3] via 90.0.0.1, 00:00:00, Serial0/1/0 [120/3] via 101.0.0.2, 00:00:17, Serial0/1/1
R R R R R R R
20.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1 30.0.0.0/8 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1 40.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1 50.0.0.0/8 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1 60.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0 70.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0 80.0.0.0/8 [120/2] via 90.0.0.1, 00:00:00, Serial0/1/0 [120/2] via 101.0.0.2, 00:00:17, Serial0/1/1 90.0.0.0/30 is subnetted, 1 subnets
P a g e | 27
C R
90.0.0.0 is directly connected, Serial0/1/0 100.0.0.0/8 [120/1] via 90.0.0.1, 00:00:00, Serial0/1/0 [120/1] via 101.0.0.2, 00:00:17, Serial0/1/1 101.0.0.0/30 is subnetted, 1 subnets
101.0.0.0 is directly connected, Serial0/1/1
In ROUTER 1,
Router#debug ip rip
RIP protocol debugging is on router0#RIP: received v2 update from 30.0.0.2 on Serial0/1/0 20.0.0.0/8 via 0.0.0.0 in 1 hops 40.0.0.0/8 via 0.0.0.0 in 2 hops 50.0.0.0/8 via 0.0.0.0 in 1 hops 70.0.0.0/8 via 0.0.0.0 in 2 hops 80.0.0.0/8 via 0.0.0.0 in 1 hops 90.0.0.0/8 via 0.0.0.0 in 3 hops 100.0.0.0/8 via 0.0.0.0 in 2 hops 101.0.0.0/8 via 0.0.0.0 in 2 hops RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (10.0.0.1) RIP: build update entries 20.0.0.0/8 via 0.0.0.0, metric 2, tag 0 30.0.0.0/8 via 0.0.0.0, metric 1, tag 0 40.0.0.0/8 via 0.0.0.0, metric 3, tag 0 50.0.0.0/8 via 0.0.0.0, metric 2, tag 0 60.0.0.0/8 via 0.0.0.0, metric 1, tag 0 70.0.0.0/8 via 0.0.0.0, metric 2, tag 0 80.0.0.0/8 via 0.0.0.0, metric 2, tag 0 90.0.0.0/8 via 0.0.0.0, metric 3, tag 0 100.0.0.0/8 via 0.0.0.0, metric 3, tag 0 101.0.0.0/8 via 0.0.0.0, metric 3, tag 0
P a g e | 28
RIP: sending v2 update to 224.0.0.9 via Serial0/1/0 (30.0.0.1) RIP: build update entries 10.0.0.0/8 via 0.0.0.0, metric 1, tag 0 60.0.0.0/8 via 0.0.0.0, metric 1, tag 0 70.0.0.0/8 via 0.0.0.0, metric 2, tag 0 90.0.0.0/8 via 0.0.0.0, metric 3, tag 0 RIP: sending v2 update to 224.0.0.9 via Serial0/0/0 (60.0.0.1) RIP: build update entries 10.0.0.0/8 via 0.0.0.0, metric 1, tag 0 20.0.0.0/8 via 0.0.0.0, metric 2, tag 0 30.0.0.0/8 via 0.0.0.0, metric 1, tag 0 40.0.0.0/8 via 0.0.0.0, metric 3, tag 0 50.0.0.0/8 via 0.0.0.0, metric 2, tag 0 101.0.0.0/8 via 0.0.0.0, metric 3, tag 0
Click on a PC in any source network. (for eg. 10.0.0.2) Click on command prompt. Type ping <destination ip address>. (for eg. Ping 20.0.0.2)
PC>ping 20.0.0.2 Pinging 20.0.0.2 with 32 bytes of data: Reply from 20.0.0.2: bytes=32 time=125ms TTL=126 Reply from 20.0.0.2: bytes=32 time=141ms TTL=126 Reply from 20.0.0.2: bytes=32 time=125ms TTL=126 Reply from 20.0.0.2: bytes=32 time=125ms TTL=126 Ping statistics for 20.0.0.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 125ms, Maximum = 141ms, Average = 129ms
P a g e | 29
Assignment : For the below given network diagram update the routing table of each router in the network by implanting the RIPV2 protocol using the cisco packet software simulation software?
P a g e | 30
B. ENHANCED INTERIOR GATEWAY PROTOCOL (EIGRP)

Enhanced Interior Gateway Routing Protocol (EIGRP) is a proprietary Cisco protocol that runs on Cisco routers. It is important to understand EIGRP because it is probably one of the two most popular routing protocols in use today. In this chapter, many features of EIGRP and it works, with particular focus on the unique way it discovers, selects, and advertises routes will be discussed.
The main features of EIGRP are listed here:
Support for IP and IPv6 (and some other useless routed protocols) via protocol-dependent modules Considered classless (same as RIPv2 and OSPF) Support for VLSM/CIDR Support for summaries and discontiguous networks Efficient neighbor discovery Communication via Reliable Transport Protocol (RTP) Best path selection via Diffusing Update Algorithm (DUAL)
By default, EIGRP can provide equal-cost load balancing of up to four links (actually, all routing protocols do this). However, EIGRP actually load balance across up to six links (equal or unequal)
CONFIGURATION:
EIGRP commands can be configured in two modes: Router configuration mode. Interface configuration mode.
Router configuration mode enables the protocol, determines which networks will run EIGRP, and sets global characteristics.
P a g e | 31
Interface configuration mode allows the customization of summaries, metrics, timers, and bandwidth.
To start an EIGRP session on a router, use the router eigrp command followed by the Autonomous system number of your network. Then enter the network numbers connected To the router using the network command followed by the network number.
Syntax:
Router(config)#router eigrp < 1-65535> Router(config-router)#network <network address of the connected network> Router(config-router)#no auto-summary
By using the no auto-summary command, EIGRP will advertise all the subnets between the two routers.
Router(config)#router eigrp <1-65535> Router(config-router)#passive-interface <interface name> <interface number>
Doing this will prohibit the interface from sending or receiving hello packets and, as a result, stop it from forming adjacencies. This means it wont send or receive route information on this interface.
P a g e | 32
Example:
ROUTER 0
Router(config)#router eigrp 1 Router(config-router)#network 10.0.0.0 Router(config-router)#network 30.0.0.0 Router(config-router)#network 60.0.0.0 Router(config-router)#no auto-summary
ROUTER 1
Router(config)#router eigrp 1 Router(config-router)#network 20.0.0.0 Router(config-router)#network 30.0.0.0 Router(config-router)#network 50.0.0.0 Router(config-router)#network 80.0.0.0 Router(config-router)#no auto-summary
P a g e | 33
ROUTER 2
Router(config)#router eigrp 1 Router(config-router)#network 40.0.0.0 Router(config-router)#network 50.0.0.0 Router(config-router)#network 100.0.0.0 Router(config-router)#network 101.0.0.0 Router(config-router)#no auto-summary
ROUTER 3
ROUTER 4
ROUTER 5
Router(config)#router eigrp 1 Router(config-router)#network 90.0.0.0 Router(config-router)#network 101.0.0.0 Router(config-router)#no auto-summary
P a g e | 34
OUTPUT:
In ROUTER5,
D D D D D D D
C D
P a g e | 35
P a g e | 36
ASSIGNMENT:
For the below given network diagram, update all the routers in the network by implementing the Enhanced Interior Gateway Routing Protocol (EIGRP), using the Cisco Packet tracer simulation software? Requirements: 1. The network 10.0.0.0 should not communicate to 40.0.0.0 and vice versa. 2. The network 10.0.0.0 can communicate to 20.0.0.0 and vice versa. 3. the network 40.0.0.0 can communicate to 20.0.0.0 and vice versa Hint: the above simulation can be done, by implementing 2 EIGRP protocols in Router1 with different autonomous value and one EIGRP in router0 and router 3.
P a g e | 37
C. OPEN SHORTEST PATH FAST (OSPF)

Open Shortest Path First (OSPF) is an open standards routing protocol that has been implemented by a wide variety of network vendors, including Cisco. This works by using the Dijikstra algorithm. First a shortest path tree is constructed, and then the routing table is populated with the resulting best paths. OSPF converges quickly, although perhaps not as quickly as EIGRP, and it supports multiple, equal-cost routes to the same destination. Like EIGRP, it does support both IP and IPv6 routed protocols.
OSPF provides the following features: Consists of areas and autonomous systems Minimizes routing update traffic Allows scalability Supports VLSM/CIDR Has unlimited hop count Allows multivendor deployment (open standard)
OSPF is supposed to be designed in a hierarchical fashion, which basically means you can separate the larger internetwork into smaller internetworks called areas. This is the best design for OSPF.
CONFIGURATION:
Configuring basic OSPF isnt as simple as RIP, IGRP, and EIGRP, and it can get really complex once you factor in the many options that are allowed within OSPF. These two elements are the basic elements of OSPF configuration: Enabling OSPF. Configuring OSPF areas
P a g e | 38
ENABLING OSPF:
The easiest and also least scalable way to configure OSPF is to use just a single area. Doing this requires a minimum of two commands. The command used to activate the OSPF routing process is as follows:
Router(config)#router ospf <1-65535>
A value in the range 165,535 identifies the OSPF process ID. Its a unique number on this router that groups a series of OSPF configuration commands under a specific running process. Different OSPF routers dont have to use the same process ID in order to communicate. Its purely a local value that essentially has little meaning, but it cannot start at 0. It has to start at a minimum of 1.
CONFIGURING THE OSPF:

After identifying the OSPF process, identify the interfaces to activate OSPF communications on, as well as the area in which each resides. This will also configure the networks youre going to advertise to others. OSPF uses wildcards in the configuration.
Router(config)#router ospf 1 Router(config-router)#network <network id> <wild card mask> area <0-4294967295>
To view OSPF information for one or all OSPF processes running on the router, Router#show ip ospf
To view the topological database used in ospf, Router#show ip ospf database
To view all interfaces related to OSPF information, Router#show ip ospf interface
To view the OSPF information regarding neighbors and adjacency states, Router#show ip ospf neighbor
P a g e | 39
EXAMPLE:
ROUTER 0
Router(config)#router ospf 1 Router(config-router)#network 10.0.0.0 0.255.255.255 area 0 Router(config-router)#network 30.0.0.0 0.0.0.3 area 0 Router(config-router)#network 60.0.0.0 0.0.0.3 area 0 Router(config-router)#no auto-summary
ROUTER 1
Router(config)#router ospf 1 Router(config-router)#network 20.0.0.0 0.255.255.255 area 0 Router(config-router)#network 30.0.0.0 0.0.0.3 area 0 Router(config-router)#network 50.0.0.0 0.0.0.3 area 0 Router(config-router)#network 80.0.0.0 0.0.0.3 area 0 Router(config-router)#no auto-summary
P a g e | 40
ROUTER 2
Router(config)#router ospf 1 Router(config-router)#network 40.0.0.0 0.255.255.255 area 0 Router(config-router)#network 50.0.0.0 0.0.0.3 area 0 Router(config-router)#network 100.0.0.0 0.0.0.3 area 0 Router(config-router)#network 101.0.0.0 0.0.0.3 area 0 Router(config-router)#no auto-summary
ROUTER 3
ROUTER 4
ROUTER 5
Router(config)#router ospf 1 Router(config-router)#network 90.0.0.0 0.0.0.3 area 0 Router(config-router)#network 101.0.0.0 0.0.0.3 area 0 Router(config-router)#no auto-summary
P a g e | 41
OUTPUT:
In ROUTER5,
O O O O O O O
C O
P a g e | 42
P a g e | 43
ASSIGNMENT
For the given network diagram below, update the routing table of routers in the network, by implementing the Open shortest Path first (OSPF) routing protocol, using the cisco packet tracer simulation software and follow the requirements as given below, Requirements: 1. Router 0, Router 1 and Router 2 should be in area 0 2. Router 3 and Router 4 should be in area 1.
P a g e | 44
REMOTE ACCESS OF COMPUTERS TELNET
Telnet is a protocol used on the Local Area Networks for the purpose of bidirectional communications using the virtual terminal connection. The telnet is often thought as a simple facility for remote logins to a computer in the remote location via Internet. It offers the users, the capability of running programs remotely and facilitates remote administration. telnet is a third level protocol the function of which is to make a the system or a terminal (or process) at a using site appear to "directly"
process at a serving site as logically equivalent to a terminal
connected to the serving site.
In order to set up the router to allow Telnet access, issue the line vty command. This command allows for the configuration of Virtual Terminal (VTY) lines for remote console access. You can configure the router to accept one or more Telnet sessions. It is strongly suggested that you configure password checking with the login and password line configuration commands. Telnet may provide you with access to the the CLI (Command Line Interface) of your modem or router.
Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to make connections to remote devices, gather information, and run programs. After your routers and switches are configured, you can use the Telnet program to reconfigure and/or check up on your routers and switches without using a console cable. You run the Telnet program by typing telnet from any command prompt (DOS or Cisco).
SYNTAX:
Router(config)#line vty <0-15 first line number> <1-15 last line number> Router(config-line)#login Router(config-line)#password <word>
P a g e | 45
EXAMPLE:
In this example, we will configure a network with 2 routers and we will implement telnet protocol on both the routers to enable the remote accessing.
Cisco1: Router> Router>enable Router#configure terminal Router(config)#hostname cisco1 cisco1(config)#enable password cisco cisco1(config)#interface fastethernet0/0 cisco1(config-if)#ip addresss 10.0.0.1 255.0.0.0 cisco1(config-if)#no shutdown cisco1(config-if)#interface serial0/1/0 cisco1(config-if)#ip address 30.0.0.1 255.255.255.252 cisco1(config-if)#clock rate 64000 cisco1(config-if)#no shutdown cisco1(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.2 cisco1(config)#line vty 0 4 cisco1(config-line)#login
P a g e | 46
% Login disabled on line 66, until 'password' is set % Login disabled on line 67, until 'password' is set % Login disabled on line 68, until 'password' is set % Login disabled on line 69, until 'password' is set % Login disabled on line 70, until 'password' is set cisco1(config-line)#password cisco
Cisco1: Router> Router>enable Router#configure terminal Router(config)#hostname cisco2 Cisco2(config)#enable password cisco Cisco2(config)#interface fastethernet0/0 Cisco2(config-if)#ip address 20.0.0.1 255.0.0.0 Cisco2(config-if)#no shutdown Cisco2(config-if)#interface serial0/1/0 Cisco2(config-if)#ip address 30.0.0.2 255.255.255.252 Cisco2(config-if)#clock rate 64000 Cisco2(config-if)#no shutdown Cisco2(config)#ip route 0.0.0.0 0.0.0.0 30.0.0.1 cisco1(config)#line vty 0 4 cisco1(config-line)#login % Login disabled on line 66, until 'password' is set % Login disabled on line 67, until 'password' is set % Login disabled on line 68, until 'password' is set % Login disabled on line 69, until 'password' is set % Login disabled on line 70, until 'password' is set cisco1(config-line)#password cisco
P a g e | 47
OUTPUT:
PC>telnet 10.0.0.1 Trying 10.0.0.1 ...
User Access Verification
Password: cisco cisco1>enable Password: cisco cisco1#show ip interface brief Interface FastEthernet0/0 FastEthernet0/1 Serial0/1/0 Vlan1 IP-Address 10.0.0.1 unassigned 30.0.0.1 unassigned OK? Method Status YES manual up Protocol up
YES manual administratively down down up
YES manual up
YES manual administratively down down
cisco1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
P a g e | 48
P - periodic downloaded static route Gateway of last resort is 30.0.0.2 to network 0.0.0.0
10.0.0.0/8 is directly connected, FastEthernet0/0 30.0.0.0/30 is subnetted, 1 subnets
S* 0.0.0.0/0 [1/0] via 30.0.0.2
cisco1#enable cisco1#telnet 30.0.0.2 Trying 30.0.0.2 ...
User Access Verification
Password: cisco cisco2>enable Password: cisco cisco2#show ip interface brief Interface FastEthernet0/0 FastEthernet0/1 Serial0/1/0 IP-Address 20.0.0.1 unassigned 30.0.0.2 OK? Method Status YES manual up Protocol up
YES manual administratively down down up
YES manual up
P a g e | 49
Vlan1
unassigned
YES manual administratively down down
cisco2#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route
Gateway of last resort is 30.0.0.1 to network 0.0.0.0
20.0.0.0/8 is directly connected, FastEthernet0/0 30.0.0.0/30 is subnetted, 1 subnets
S* 0.0.0.0/0 [1/0] via 30.0.0.1 cisco2#exit [Connection to 30.0.0.2 closed by foreign host] cisco1#exit [Connection to 10.0.0.1 closed by foreign host] PC>
P a g e | 50
CONFIGURATION OF ACCESS CONTROL LIST (ACL)

Creating access lists is like programming a series of if-then statementsif a given condition is met, then a given action is taken. If the specific condition isnt met, nothing happens, and the next statement is evaluated. Applying an access list causes the router to analyze every packet crossing that interface in the specified direction and take the appropriate action. There are two types of access list,
a. Standard access list b. Dynamic access list
A. CONFIGURATION OF STANDARD ACCESS CONTROL LIST
These use only the source IP address in an IP packet as the condition test. All decisions are made based on the source IP address. This means standard access lists basically permit or deny an entire suite of protocols. They dont distinguish between any of the many types of IP traffic such as WWW, Telnet, UDP, and so on. Standard IP access lists filter network traffic by examining the source IP address in a packet. Standard IP access list are created by using the access-list numbers 199 or 13001999 (expanded range) or any word. Access-list types are generally differentiated using a number. Based on the number used when the access list is created, the router knows which type of syntax to expect as the list is entered. By using numbers 199 or 13001999, he router creates a standard IP access list, so the router will expect syntax specifying only the source IP address in the test lines.
CONFIGURATION:
1. Access-List: Configures a single access-list statement into a routers memory for use in a complete access list that will be applied to an interface. 2. IP Access-group: Places an access list on a devices physical interface 3. <ID- number>: Identifies an access list by number as a standard or extended list. Also allows the creation and separation of multiple access lists.
P a g e | 51
4. Permit or Deny: Specifies the effect of the access-list statement as allowing or blocking the traffic specified. 5. Hostname or IP address: Specifies the hostname or devices IP address that will be acted upon in the access-list statement. 6. Host: Specifies a single specific host for the statement 7. Any: Specifies that regardless of the host or device IP, it will match the statement.
SYNTAX:
Router(config)#ip access-list standard <1-99/word> Router(config-std-nacl)#permit <address yto match / any source host /a single host address > Router(config-std-nacl)#deny <address yto match / any source host /a single host address > Router(config-std-nacl)#exit Router(config)#interface fastEthernet <interface number> Router(config-if)#ip access-group <1-99 / word> < in> Router(config-if)#exit Router(config)#interface serial <interface number> Router(config-if)#ip access-group <1-99 / word> < out>
P a g e | 52
EXAMPLE:
In our example, we are going to specify the rules as, a host with IP 10.0.0.2 should not communicate with the remote network 20.0.0.0. whereas another host with IP 10.0.0.3 can communicate with 20.0.0.2 and 20.0.0.3
In Router 0, Router(config)#ip access-list standard 1 Router(config-std-nacl)#deny 10.0.0.2 Router(config-std-nacl)#deny any Router(config-std-nacl)#exit Router(config)#interface fastEthernet 0/0 Router(config-if)#ip access-group 1 in Router(config-if)#exit Router(config)#interface serial 0/1/0
P a g e | 53
Router(config-if)#ip access-group 1 out Router(config)# ip route 0.0.0.0 0.0.0.0 30.0.0.2
In ROUTER 1, Router(config)# ip route 0.0.0.0 0.0.0.0 30.0.0.1
OUTPUT:
To view the output, In PC with 10.0.0.2, click on the command prompt and do the following,
PC>ping 20.0.0.2 Pinging 20.0.0.2 with 32 bytes of data:
Request timed out. Request timed out. Request timed out. Request timed out.
Ping statistics for 20.0.0.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>ping 20.0.0.3
Pinging 20.0.0.3 with 32 bytes of data:
Ping statistics for 20.0.0.3:
P a g e | 54
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
In PC with IP 10.0.0.3, do the following,
PC>ping 20.0.0.2 Pinging 20.0.0.2 with 32 bytes of data:
Reply from 20.0.0.2: bytes=32 time=203ms TTL=126 Reply from 20.0.0.2: bytes=32 time=125ms TTL=126 Reply from 20.0.0.2: bytes=32 time=125ms TTL=126 Reply from 20.0.0.2: bytes=32 time=153ms TTL=126
Ping statistics for 20.0.0.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 125ms, Maximum = 203ms, Average = 151ms
PC>ping 20.0.0.3
Request timed out. Reply from 20.0.0.3: bytes=32 time=156ms TTL=126 Reply from 20.0.0.3: bytes=32 time=157ms TTL=126 Reply from 20.0.0.3: bytes=32 time=156ms TTL=126
Ping statistics for 20.0.0.3: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 156ms, Maximum = 157ms, Average = 156ms If the output are displayed in the screen, you have finished learning how to configure the standard access-list. In the next section, we will discuss about the dynamic access list.
P a g e | 55
ASSIGNMENT:
Using the Cisco packet tracer simulation software, for the below given network diagram configure the routing rules by implementing the Standard Access Control List with reference to the below given requirement
Requirements are, 1. deny the host 10.0.0.3 to communicate with the network 40.0.0.0.0 2. deny the host 20.0.0.2 to communicate with the network 10.0.0.0
P a g e | 56
B. CONFIGURATION OF EXTENDED ACCESS CONTROL LIST:

With a standard IP access list, we cant allow users to get to one network service and not another. Said another way, when decisions are to be based on both source and destination addresses, a standard access list wont allow to do that since it makes decisions based on Source address only.
But an extended access list is not like that. Thats because extended access lists allow to specify source and destination addresses as well as the protocol and port number that identify the upperlayer protocol or application. By using extended access lists, one can effectively allow users access to a physical LAN and stop them from accessing specific hostsor even specific services on those hosts.
SYNTAX:
Router(config)#ip access-list extended <100-199/word> Router(config-std-nacl)#deny <icmp / ip / tcp / udp> <source address / any source host / a single source host> <wild card bits> <destination address / any destination host / a single destination host> <wild card bits> Router(config-std-nacl)#permit <icmp / ip / tcp / udp> <source address / any source host / a single source host> <wild card bits> <destination address / any destination host / a single destination host> <wild card bits> Router(config-std-nacl)#exit Router(config)#interface fastEthernet <interface number> Router(config-if)#ip access-group <1-99 / word> < out> Router(config-if)#exit Router(config)#interface serial <interface number> Router(config-if)#ip access-group <1-99 / word> < in>
P a g e | 57
EXAMPLE:
In this example, we are going to fix the rule has, the host with IP 10.0.0.2 should not communicate with 20.0.0.2. whereas, the host 10.0.0.2 can communicate with the host 10.0.0.3 and 20.0.0.2.
In Router 1, Router(config)#ip access-list extended 100 Router(config-std-nacl)# deny ip host 10.0.0.2 host 20.0.0.2 Router(config-std-nacl)#permit ip any any Router(config-std-nacl)#exit Router(config)#interface fastEthernet 0/0 Router(config-if)#ip access-group 1 out Router(config-if)#exit Router(config)#interface serial 0/1/0
P a g e | 58
Router(config-if)#ip access-group 1 in Router(config)# ip route 0.0.0.0 0.0.0.0 30.0.0.1 In ROUTER 0, Router(config)# ip route 0.0.0.0 0.0.0.0 30.0.0.2
OUTPUT:
To view the output, In PC with 10.0.0.2, click on the command prompt and do the following,
PC>ping 20.0.0.2
Ping statistics for 20.0.0.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>ping 20.0.0.3
P a g e | 59
If the output are displayed in the screen, you have finished learning how to configure the extended access-list.
ASSIGNMENT:
Using the Cisco packet tracer simulation software, for the below given network diagram configure the routing rules by implementing the Extended Access Control List with reference to the below given requirement
Requirements are, 1. deny the host 10.0.0.3 to communicate with the network 20.0.0.2 and 40.0.0.4 2. deny the host 20.0.0.2 to communicate with the network 10.0.0.2 and 40.0.0.2 3. deny the host 10.0.0.4 access of TCP application from 20.0.0.2
P a g e | 60
CONFIGURATION OF NETWORK ADDRESS TRANSLATION (NAT)
The original intention for NAT was to slow the depletion of available IP address space by allowing many private IP addresses to be represented by some smaller number of public IP addresses.NAT is typically used in the border router. Here are some situations when its best to have NAT on your side: You need to connect to the Internet, and your hosts dont have globally unique IP addresses. You change to a new ISP that requires you to renumber your network. You need to merge two intranets with duplicate addresses.
Advantages:
a. Conserves legally registered addresses. b. Reduces address overlap occurrence c. Increases flexibility when connecting to Internet. d. Eliminates address renumbering as network changes.
Disadvantages:
a. Translation introduces switching path delays. b. Loss of end-to-end IP traceability. c. Certain applications will not function with NAT enabled. There are 3 different types of network address translation, a. Static Network Address Translation (S-NAT). b. Dynamic Network Address Translation (D-NAT). c. Port Address Translation (PAT).
P a g e | 61
A.
CONFIGURATION OF STATIC NETWORK ADDRESS
TRANSLATION (S-NAT)
This type of NAT is designed to allow one-to-one mapping between local and global addresses. The static version requires one real Internet IP address for every host on your network.
CONFIGURATION:
1. Inside Local: Name of inside source address before translation. 2. Outside Local: Name of destination host before translation. 3. Inside global: Name of inside host after translation. 4. Outside global: Name of outside destination host after translation. 5. ip nat inside source static inside_local inside_global: Statically maps a host with a private IP address to a global Internet address. 6. ip nat inside: Sets the interface as an inside interface. 7. ip nat outside: Sets the interface as an outside interface.
SYNTAX:
Router(config)# ip nat <inside/pool> source static <inside Local IP address/TCP/UDP> <inside Global Address> Router(config)# interface fastethernet 0/0 Router(config)#ip nat inside Router(config)# interface serial 0/1/0 Router(config)#ip nat outside
P a g e | 62
Example:
Router(config)#ip nat inside source static 10.0.0.2 192.168.0.2 Router(config)#ip nat inside source static 10.0.0.3 192.168.0.3 Router(config)#ip nat inside source static 10.0.0.4 192.168.0.3 Router(config)#ip nat inside source static 10.0.0.4 192.168.0.4 Router(config)#ip nat inside source static 10.0.0.5 192.168.0.5 Router(config)#interface fastEthernet 0/0 Router(config-if)#ip nat inside Router(config-if)#interface serial0/1/0 Router(config-if)#ip nat outside
OUTPUT:
To view the output, click on any PC in 20.0.0.0, say for example and ping the system 10.0.0.2 and 10.0.0.3, check whether the following output is displayed. PC>ping 10.0.0.2
Reply from 192.168.0.2: bytes=32 time=172ms TTL=126 Reply from 192.168.0.2: bytes=32 time=125ms TTL=126 Reply from 192.168.0.2: bytes=32 time=111ms TTL=126
P a g e | 63
Reply from 192.168.0.2: bytes=32 time=141ms TTL=126
PC>ping 10.0.0.3
P a g e | 64
ASSIGNMENT:
For the below given network diagram, the clients needs to mask the hosts ip address by implementing the static address translation, do the simulation using the cisco packet tracer simulation software based on the below given requirement. 1. Host with the ip address 10.0.0.2 should be translated as 192.168.0.2 2. Host with the ip address 10.0.0.3 should be translated as 192.168.0.3 3. Host with the ip address 10.0.0.4 should be translated as 192.168.0.4 4. Host with the ip address 20.0.0.2 should be translated as 172.32.0.2 5. Host with the ip address 20.0.0.3 should be translated as 172.32.0.3 6. Host with the ip address 20.0.0.4 should be translated as 172.32.0.4
P a g e | 65
B. CONFIGURATION OF DYNAMIC NETWORK ADDRESS TRANSLATION (D-NAT)

This version gives the ability to map an unregistered IP address to a registered IP address from out of a pool of registered IP addresses. In dynamic NAT there is no need to statically configure your router to map an inside to an outside address as using static NAT, but you need to have enough real, bona fide IP addresses for everyone who is going to be sending packets to and receiving them from the Internet.
CONFIGURATION:
1. ip nat pool pool_name starting_ address ending_address mask: Creates a pool of inside global addresses for the inside local hosts to use 2. ip nat inside source list list_number pool pool_name: Sets the inside local hosts that match the access-list number to use the pool of addresses configured by the ip nat pool command. 3. access-list list_number permit network inverse_mask: Creates an access list that permits the inside local hosts to use the global pool of addresses.
SYNTAX:
Router(config)# ip nat inside source list <1-199 / word> pool <word> Router(config)# ip nat pool <word> <starting address> <ending address> netmask <network mask> Router(config)#ip access-list <standard/extended> <1-99/100-199/word> Router(config-std-nacl)#permit any Router(config-std-nacl)#exit Router(config)# interface fastethernet <interface number> Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface serial <interface number> Router(config-if)#ip nat outside
P a g e | 66
EXAMPLE:
In Router 0,
Router(config)#ip nat inside source list 1 pool cisco Router(config)#ip nat pool cisco 192.168.0.1 192.168.0.20 netmask 255.255.255.0 Router(config)#ip access-list standard 1 Router(config-std-nacl)#permit any Router(config-std-nacl)#exit Router(config)#interface fastEthernet 0/0 Router(config-if)#ip nat inside Router(config)#interface serial 0/1/0 Router(config-if)#ip nat outside
P a g e | 67
OUTPUT:
PC>PING 10.0.0.3
P a g e | 68
ASSIGNMENT:
For the below given network diagram, the clients needs to mask the hosts ip address by implementing the dynamic address translation, do the simulation using the cisco packet tracer simulation software based on the below given requirement. 1. Host in the 10.0.0.0 network should be translated as 192.168.0.0 network 2. Host in the 20.0.0.0 network should be translated as 172.35.0.0 network 3. Host in the 40.0.0.0 network should be translated as 70.0.0.0 network
P a g e | 69
C. CONFIGURATION OF PORT ADDRESS TRANSLATION (PAT)
Port Address Translation (PAT) is the most popular type of NAT configuration. Overloading really is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP addressmany-to-oneby using different ports. By using PAT (NAT Overload), you get to have thousands of users connect to the Internet using only one real global IP address. NAT Overload is the real reason we havent run out of valid IP address on the Internet.
PAT (Overloading) Configuration

1. ip nat pool pool_name starting_ address ending_address mask: Creates a pool of inside global addresses for the inside local hosts to use. 2. ip nat inside source list list_number pool pool_name overload: Sets the inside local hosts that match the access-list number to use the pool of addresses configured by the ip nat pool command. The Overload command configures PAT. 3. Show ip nat translation: Shows the basic translation table. This is probably one of the most important NAT command for verification. 4. debug ip nat Shows the sending address, the translation, and the destination address on each debug line. 5. show ip nat statistics:Shows a summary of your configuration, your active translations, and the inside and outside interfaces that are being used.
Syntax:
Router(config)# ip nat inside source list <1-199 / word> pool <word> overload Router(config)# ip nat pool <word> <starting address> <starting address> netmask <network mask> Router(config)#ip access-list <standard/extended> <1-99/100-199/word> Router(config-std-nacl)#permit any Router(config-std-nacl)#exit Router(config)# interface fastethernet <interface number> Router(config-if)#ip nat inside Router(config-if)#exit
P a g e | 70
Router(config)#interface serial <interface number> Router(config-if)#ip nat outside
Example:
In ROUTER 0, Router(config)#ip nat inside source list 1 pool cisco overload Router(config)#ip nat pool cisco 192.168.0.1 192.168.0.1 netmask 255.255.255.0 Router(config)#ip access-list standard 1 Router(config-std-nacl)#permit any Router(config-std-nacl)#exit Router(config)#interface fastEthernet 0/0 Router(config-if)#ip nat inside Router(config)#interface serial 0/1/0 Router(config-if)#ip nat outside
P a g e | 71
OUTPUT:
PC>ping 10.0.0.3
P a g e | 72
To view the NAT translation, In Router0,
Router#show ip nat translations Pro Inside global icmp 192.168.0.1:21 icmp 192.168.0.1:22 icmp 192.168.0.1:23 icmp 192.168.0.1:24 Inside local 10.0.0.3:21 10.0.0.3:22 10.0.0.3:23 10.0.0.3:24 Outside local 20.0.0.2:21 20.0.0.2:22 20.0.0.2:23 20.0.0.2:24 Outside global 20.0.0.2:21 20.0.0.2:22 20.0.0.2:23 20.0.0.2:24
To view the NAT packets sent and received Router#debug ip nat IP NAT debugging is on Router# NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [8] NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [9] NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [10] NAT: s=10.0.0.3->192.168.0.1, d=20.0.0.2 [11] NAT: expiring 192.168.0.1 (10.0.0.3) icmp 25 (25) NAT: expiring 192.168.0.1 (10.0.0.3) icmp 26 (26) NAT: expiring 192.168.0.1 (10.0.0.3) icmp 27 (27) NAT: expiring 192.168.0.1 (10.0.0.3) icmp 28 (28)
To view the NAT statistics, Router#show ip nat statistics Total translations: 0 (0 static, 0 dynamic, 0 extended) Outside Interfaces: Serial0/1/0 Inside Interfaces: FastEthernet0/0 Hits: 0 Misses: 39 Expired translations: 15 Dynamic mappings: -- Inside Source access-list 1 pool cisco refCount 0 pool cisco: netmask 255.255.255.0
P a g e | 73
start 192.168.0.1 end 192.168.0.1 type generic, total addresses 1 , allocated 0 (0%), misses 0
ASSIGNMENT:
For the below given network diagram, the client requests for an address translation for the network, the client is having only 3 public IP, so he wants the design to be implemented with Port address translation, below given are the private IP provided by the ISP to client, 1. 192.168.0.8 for 10.0.0.0 network 2. 172.50.1.20 for 20.0.0.0 network 3. 223.20.0.15 for 40.0.0.0 network
Show the simulation result using cisco packet tracer.
P a g e | 74
CONFIGURATION OF DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP)

Dynamic Host Configuration Protocol (DHCP) serves as a basic foundation of network infrastructure. In all but the smallest networks, DHCP provides hosts with an Internet Protocol (IP) configuration needed to communicate with other computers on the network. This configuration includes, at a minimuman IP address and subnet mask. DHCP allows you to automatically assign IP addresses, subnet masks, and other configuration information to client computers on the local network. When a DHCP server is available, computers that are configured to obtain an IP address automatically request and receive their IP configuration from that DHCP server upon booting.
With a DHCP server installed and configured on your network, DHCP-enabled clients can obtain IP addresses and related configuration parameters each time they start and join your network. DHCP servers provide this configuration in the form of an address lease offer to requesting clients. One main advantage of using DHCP is that DHCP servers greatly reduce the time required to configure and reconfigure computers on your network. DHCP simplifies administration not only by supplying clients with IP addresses, but also (optionally) with the addresses of the default gateway, DNS servers, WINS servers, and other servers useful to the client. Another advantage of DHCP is that by assigning IP addresses automatically, it allows you to avoid configuration errors resulting from entering IP address information manually at every host.
CONFIGURATIONS
When defining the IP address range of a scope, you should use the consecutive addresses that make up the subnet for which you are enabling the DHCP service. However, you should also be sure to exclude from this defined range any addresses of statically configured computers already existing on your network. To exclude predefined addresses, you can simply choose to limit the scope range so that it does not include any statically assigned addresses. Alternatively, you can configure a scope that makes up the entire subnet and then immediately define exclusion ranges.
P a g e | 75
SYNTAX:
Router(config)#ip dhcp pool <word> Router(dhcp-config)#default-router <ip address> Router(dhcp-config)#dns-server <ip address> Router(dhcp-config)#network <network address> <subnet mask> Router(dhcp-config)#exit Router(config)#ip dhcp excluded-address <Low ip address> <High ip address>
EXAMPLE:
In ROUTER0, Router(config)#ip dhcp pool cisco Router(dhcp-config)#default-router 10.0.0.1 Router(dhcp-config)#dns-server 10.0.0.2 Router(dhcp-config)#network 10.0.0.0 255.0.0.0 Router(dhcp-config)#exit Router(config)#ip dhcp excluded-address 10.0.0.1 10.0.0.10
P a g e | 76
OUTPUT:
To view the output, and, then
Click on the PC0
P a g e | 77
click on the IP configuration
Click on the DHCP.
P a g e | 78
ASSIGNMENT:
For the below given network diagram, assign IP address for all the hosts dynamically by implementing Dynamic Host Configuration Protocol (DHCP), using Cisco Packet Tracer. In the simulation addition to DHCP also implement the RIPV2 protocol in the entire router to update the routing table.
P a g e | 79
CONFIGURATION OF VIRTUAL LOCAL AREA NETWORK (VLAN)

As a logical grouping of users by function, VLANs can be considered independent from their physical or geographic locations. VLANs increase the number of broadcast domains while decreasing their size Network adds, moves, and changes are achieved with ease by just configuring a port into the appropriate VLAN.
BASIC VLAN CONFIGURATION SYNTAX:

Switch(config)#hostname <word> Switch(config)#vlan <2-1001> Switch(config-vlan)#name <word> Switch(config-vlan)#exit Switch A(configure)#interface fastethernet <interface number> Switch A(config-if)#switchport mode access Switch A(config-if)# switchport access vlan <id:2-1001> Switch A(config-if)#exit Switch a(config)#interface fast ethetnet <interface number> Switch A(config-if)# switchport mode access Switch A(config-if)# switchport access vlan <id:2-1001> Switch A(config-if)#exit
EXAMPLE:
P a g e | 80
VLAN CREATION
Switch> Switch#configure terminal Switch(config)#hostname SWITCHA SWITCHA(config)#vlan 2 SWITCHA(config-vlan)#name acc SWITCHA(config-vlan)#exit SWITCHA(config)#vlan 3 SWITCHA(config-vlan)#name sales
P a g e | 81
HOW TO VEIW THE VLAN DETAILS IN SWITCH SWITCH#SHOW VLAN BRIEF

VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 3 VLAN0003 active active active active active
1002 fddi-default 1003 token-ring-default 1004 fddinet-default 1005 trnet-default
VLAN ID ASSIGNING TO SWITCH PORT

SwitchA >enable Switch A# configure terminal Switch A(configure)#interface fastethernet 0/1 Switch A(config-if)#switchport mode access Switch A(config-if)# switchport access vlan 2 Switch A(config-if)#exit Switch a(config)#interface fast ethetnet 0/2 Switch A(config-if)# switchport mode access Switch A(config-if)# switchport access vlan 3. Switch A(config-if)#exit
P a g e | 82
HOW TO CHECK THE VLAN CREATION & VLAN ID ASSIGNING TO SWITCH PORT Switch #show vlan brief
VLAN Name
Status
Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24 2 3 ACC sales active active active active active active Fa0/1 Fa0/2
1002 fddi-default 1003 token-ring-de 1004 fddinet-default 1005 trnet-default
P a g e | 83
ASSIGNMENT For the below given network diagram configure two VLANs viz., ECE and CSC, ECE departmet should not communicate with the CSC department and vice versa. Show the simulation results using Cisco packet tracer simulation software.
Hint: the ports connecting to the switch should be in TRUNK mode for VLAN Configuration.
P a g e | 84
CONFIGURATION INTER-VLAN
By default, only hosts that are members of the same VLAN can communicate. To change this And allow inter-VLAN communication to be possible, you need a router or a layer-3 switch. To support ISL or 802.1Q routing on a Fast Ethernet interface, the routers interface is divided into logical interfacesone for each VLAN. These are called sub interfaces. Anyway, from a Fast Ethernet or Gigabit interface, you can set the interface to trunk with the encapsulation command.
CONFIGURATION SYNTAX:
Switch1(config)#vlan <2-1001> Switch1(config-vlan)#name <WORD> Switch1(config)#vlan <2-1001> Switch1(config-vlan)#name <WORD> Switch1(config)#interface fastethernet <interface number> Switch1(config-if)#switchport access vlan <2-1001> Router1(config)#interface fastEthernet <sub-interface number> Router1(config-subif)#encapsulation dot1Q <2-1001> Router1(config-subif)#ip address <sub-interface ip address> <subnet mask>
P a g e | 85
EXAMPLE:
Step 1: Create VLAN 2 and VLAN 3 on switch1 Switch1#config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch1(config)#vlan 2 Switch1(config-vlan)#name IT Switch1(config-vlan)#^Z %SYS-5-CONFIG_I: Configured from console by console Switch1#configure Terminal Enter configuration commands, one per line. End with CNTL/Z. Switch1(config)#vlan 3 Switch1(config-vlan)#name HR Switch1(config-vlan)#^Z
Step 2: Assign vlan to respective user connected port Switch1(config)#interface fa0/10 Switch1(config-if)#switchport access vlan 2 Switch1(config)#interface fa0/9 Switch1(config-if)#switchport access vlan 3 Switch1(config-if)#^Z Switch1#show vlan brief
P a g e | 86
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig1/1, Gig1/2 2 3 IT HR active active active active active active Fa0/10 Fa0/9
Step 3: Configure the port as trunk in switch1,which is connected to the router1 Switch1(config)#interface fa0/8 Switch1(config-if)#switchport mode trunk
Step 4: Configure subinterface configuration in router fastethernet port,which is connected to the swich1 Router1#configure terminal Router1(config)#interface fastEthernet 0/0 Router1(config-if)#no ip address Router1(config-if)#no shutdown Router1(config)#interface fastEthernet 0/0.1 Router1(config-subif)#encapsulation dot1Q 2 Router1(config-subif)#ip address 192.168.0.1 255.255.255.128 Router1(config)#interface fastEthernet 0/0.2 Router1(config-subif)#encapsulation dot1Q 3
P a g e | 87
Router1(config-subif)#ip address 192.168.0.129 255.255.255.128
Step 5: Verify the communication between vlan 2 and vlan 3,using ping command.
ASSIGNMENT
For the below given network diagram, implement the Inter-VLAN such that the hosts connected to the each switch belongs to individual vlan, ensure that you have to configure three VLANs and all the three should communicate to each other.
P a g e | 88
CONFIGURATION OF VIRTUAL TRUNKING PROTOCOL (VTP)

All Cisco switches are configured to be VTP servers by default. To configure VTP, first you Have to configure the domain name you want to use. And of course, once you configure the VTP information on a switch, you need to verify it. When you create the VTP domain, you have a bunch of options, including setting the domain name, password, operating mode, and pruning capabilities of the switch. Use the vtp global configuration mode command to set all this information. The VTP modes are, 1. VTP Server Mode 2. VTP Client Mode 3. VTP Transparent Mode
CONFIGURATION:
1. vtp mode server: Configures a switch to be a VTP server. In Server mode, the VLAN database is allowed to be modified. VLANs can be added, deleted, modified or changed. Server is the default vtp mode for a Cisco switch. Changing the server option to client or transparent would configure the switch to that mode. 2. vtp domain: Configures the VTP domain name for a group of switches in the layer-2 switch fabric. 3. vtp password: Configures a password to be used by the switches in a VTP domain. The password serves two purposes. It allows updates to be authenticated, ensuring the update came from the correct server. With that authentication, it then adds a step in preventing an incorrect server from joining the domain and wiping out the VLAN database. 4. Show vtp: status displays all the configured options for VTP on the current switch. This is one of the most useful commands when troubleshooting VTP, because it allows the domain name, revision number, and other settings to easily be verified.
P a g e | 89
SYNTAX:
Switch>enable Switch#configure terminal Switch (config) #vtp mode <server/client/transparent> Switch (config) #vtp domain <word>
EXAMPLE:
Configure vtp between three switches:
Switch (config) #vtp domain cisco
Step 1. Switches has to connect by cross over cable. Step 2. The link between switches should be a trunk link. Step 3. Take one switch as vtp server and other two switches as vtp client Step 4. Configure vtp domain name as cisco in vtp server mode switch
Step 5. Configure vlan database on vtp server mode switch Step 6. Verify the vlan database has replicated to all clients switches.
P a g e | 90
CODING:
VTP Server switch>enable VTP Server switch#configure terminal VTP Server switch(config)#interface fa0/6 VTP Server switch(config-if)#switchport mode trunk
VTP Client switch1>enable VTP Client switch1#configure terminal VTP Client switch1(config)#interface fa0/11 VTP Client switch1(config-if)#switchport mode trunk
VTP Client switch1(config)#interface fa0/8 VTP Client switch1(config-if)#switchport mode trunk
VTP Client switch2>enable VTP Client switch2#configure terminal VTP Client switch2(config)#interface fa0/11 VTP Client switch2(config-if)#switchport mode trunk
VTP Server switch>enable VTP Server switch#configure terminal VTP Server switch(config )#vtp mode server
VTP Client switch1>enable VTP Client switch1#configure terminal VTP Client switch1(config )vtp mode client
VTP Client switch2>enable VTP Client switch2#configure terminal VTP Client switch2(config )vtp mode client
P a g e | 91
VTP Server switch>enable VTP Server switch#configure terminal VTP Server switch(config-if)#vtp domain cisco
VTP Server switch>enable VTP Server switch#configure terminal
VTP Server switch(config)#vlan 2 VTP Server switch(config-vlan)#name IT
VTP Server switch(config)#vlan 3 VTP Server switch(config-vlan)#name HR VTP Server switch(config)#vlan 4 VTP Server switch(config-vlan)#name FINANCE
Verify VLAN database on all VTP Client mode switches
VTP Client switch1#show vlan brief VTP Client switch1#show vlan brief
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gig1/1 Gig1/2 2 3 IT HR active active
P a g e | 92
FINANCE
active active active active active
VTP Client switch2#show vlan brief VLAN Name Status Ports
---- -------------------------------- --------- ------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12, Fa0/13 Fa0/14, Fa0/15, Fa0/16, Fa0/17 Fa0/18, Fa0/19, Fa0/20, Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gig1/1 Gig1/2 2 3 4 IT HR FINANCE active active active active active active active
P a g e | 93
CONFIGURATION OF SWITCH-PORT SECURITY

To stop someone from simply plugging a host into one of your switch portsor worse, adding a hub, switch, or access point into the Ethernet jack in their office, we use the security on each switch port. By Default, MAC addresses will just dynamically appear in your MAC forward/filter database. You can stop them in their tracks by using port security.
CONFIGURATION:
1. switch port port-security :Configures access control of a switch port 2. Aging: Configures a timer for dynamically learned addresses to decay out of the cache. 3. Mac-address: Configures a statically assigned secure hardware address for a given ports table. 4. Maximum: Configures a max number of secure addresses for a given port. 5. Violation: Configures an action should a violation on the port occur. There are three violation modes: protect, restrict, and shutdown.
SYNTAX:
Switch #configure terminal Switch(config)#interface fast Ethernet <interface number> Switch(config-if)#switchport mode access Switch(config-if)#switchport port-secrity Switch(config-if)# switchport port-secrity maximum <number> Switch(config-if)# switchport port-secrity mac-address <mac-id> Switch(config-if)# switchport port-secrity violation shutdown
P a g e | 94
EXAMPLE:
For example network admin want to secure the interface f0/1 Switch> Switch #configure terminal Switch(config)#interface fast Ethernet 0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-secrity Switch(config-if)# switchport port-secrity maximum 1 Switch(config-if)# switchport port-secrity mac-address 1110:a230:0000.. Switch(config-if)# switchport port-secrity violation shutdown
P a g e | 95
OUTPUT:
Switch#show port-security interface fastEthernet 0/1 Port Security Port Status Violation Mode Aging Time Aging Type : Enabled : Secure-up : Shutdown : 0 mins : Absolute
SecureStatic Address Aging : Disabled Maximum MAC Addresses Total MAC Addresses :1 :1
Configured MAC Addresses : 0 Sticky MAC Addresses :0
Last Source Address:Vlan : 00D0.5848.A443:1 Security Violation Count : 0
P a g e | 96
ASSIGNMENT: For the below given network diagram, implement the security on all the ports of the switch connected to the hosts and verify the working of the switchport security. Do the simulation with the Cisco packet tracer.
P a g e | 97
PORT NUMBERS
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023.Well Known ports SHOULD NOT be used without IANA registration. The Registered Ports are those from 1024 through 49151. Registered ports SHOULD NOT be used without IANA registration. The Dynamic and/or Private Ports are those from 49152 through 65535. A value of 0 in the port numbers registry below indicates that no port has been allocated. WELL KNOWN PORT NUMBERS The Well Known Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.
Ports are used in the TCP to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port. The contact port is sometimes called the "well-known port".
To the extent possible, these same port assignments are used with the UDP.
The range for well-known ports managed by the IANA is 0-1023. REGISTERED PORT NUMBERS The Registered Ports are listed by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users.
Ports are used in the TCP to name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined. This list specifies the port used by the server process as its contact port.
P a g e | 98
The IANA registers uses of these ports as a convenience to the community.
The Registered Ports are in the range 1024-49151.
DYNAMIC AND/OR PRIVATE PORTS
The Dynamic and/or Private Ports are those from 49152 through 65535.
COMMON WELL KNOWN PORTS TO REMEMBER
PORT NUMBER 7 13 19 20 21 23 25 37 67 68 69 70 79 80 109 110 111 161 162 179 520
PROTOCOL ECHO DAY-TIME CHARACTER GENERATOR FTP-DATA (File Transfer Protocol) FTP-CONTROL TELNET (Terminal Network) SMTP (Simple Mail Transfer Protocol) TIME BOOTP-SERVER BOOTP-CLIENT TFTP (Trivial File Transfer Protocol) GOPHER FINGER HTTP (Hyper Text Transfer Protocol) POP-2 (Post Office Protocol, version 2) POP-3 (Post Office Protocol, version 3) RPC
UDP/TCP TCP UDP/TCP UDP/TCP TCP TCP TCP TCP UDP/TCP UDP UDP UDP TCP TCP TCP TCP TCP UDP/TCP
SNMP (Simple Network Management Protocol) UDP SNMP-TRAP BGP (Border Gateway Protocol) RIP (Routing Information Protocol) UDP TCP UDP
P a g e | 99
SUBNETTING QUESTIONS
1. How many subnets and hosts per subnet can you get from the network 10.0.0.0/20?
4096 subnets and 4094 hosts
2. What is the first valid host on the subnetwork that the node 172.24.66.63/23 belongs to?
172.24.66.1
4. What is the last valid host on the subnetwork 172.18.132.0 255.255.252.0?
172.18.135.254
5. How many subnets and hosts per subnet can you get from the network 172.23.0.0 255.255.252.0?
172.20.110.254
7. Which subnet does host 172.16.138.131 255.255.255.128 belong to?
172.16.138.128
P a g e | 100
8. What is the broadcast address of the network 172.24.109.0 255.255.255.128? 172.24.109.127
9. What valid host range is the IP address 10.214.175.187 255.255.240.0 a part of?
10.214.160.1 through to 10.214.175.254
10.255.80.0
11. What valid host range is the IP address 192.168.155.26/28 a part of?
192.168.155.17 through to 192.168.155.30
12. What is the last valid host on the subnetwork 172.24.244.96/28?
172.24.244.110
172.24.83.30
192.168.34.193
172.27.136.0
P a g e | 101
16. What is the broadcast address of the network 192.168.32.192/27?
192.168.32.223
172.23.9.17 through to 172.23.9.30
18. What is the first valid host on the subnetwork that the node 172.18.54.231 255.255.254.0 belongs to?
172.18.54.1
172.22.96.1
172.19.37.255
172.17.216.0
P a g e | 102
23. What valid host range is the IP address 172.17.227.85 255.255.252.0 a part of?
172.17.224.1 through to 172.17.227.254 24. Which subnet does host 10.7.52.24 255.255.240.0 belong to?
10.7.48.0
172.21.38.1
172.22.111.255
192.168.175.64
192.168.108.126
172.27.234.1
P a g e | 103
192.168.229.0
10.45.48.1 through to 10.45.63.254
192.168.156.254
192.168.122.129
172.23.66.62
192.168.45.255
172.29.96.1 through to 172.29.111.254
172.30.231.126
P a g e | 104
39. You are designing a subnet mask for the 172.16.0.0 network. You want 3200 subnets with up to 8 hosts on each subnet. What subnet mask should you use?
255.255.255.240
192.168.137.190
172.17.174.1
10.36.111.255
172.22.199.193 through to 172.22.199.254
P a g e | 105
172.22.108.1
192.168.93.206
172.19.120.1 through to 172.19.127.254
172.16.32.1 through to 172.16.47.254
P a g e | 106
CCNA QUESTIONS
1. Is EIGRP a distance vector or a link state routing protocol?
EIGRP is a Hybrid routing protocol, it have features of both distance vector and link state routing protocol.
2.
What is the maximum configured bandwidth EIGRP will use on a link? Can this
percentage be changed?
By default, EIGRP uses no more than 50% of the link's bandwidth, based on the bandwidth configured on the router's interface. This percentage to be changed with the command ip bandwidth-percent eigrp.
3.
How do EIGRP and IGRP differ in the way they calculate the composite metric?
EIGRP and IGRP use the same formula to calculate their composite metrics, but EIGRP scales the metric by a factor of 256.
4.
In the context of EIGRP, what does the term reliable delivery mean? Which two
methods ensure reliable delivery of EIGRP packets?
Reliable delivery means EIGRP packets are guaranteed to be delivered, and they are delivered in order. RTP uses a reliable multicast, in which received packets are acknowledged, to guarantee delivery; sequence numbers are used to ensure that they are delivered in order.
5.
Which mechanism ensures that a router is accepting the most recent route entry?
Sequence numbers ensure that a router is receiving the most recent route entry.
6.
What is the multicast IP address used by EIGRP?
EIGRP uses the multicast address 224.0.0.10.
P a g e | 107
7.
At what interval, by default, are EIGRP Hello packets sent?
The default EIGRP Hello interval is 5 seconds, except on some slow-speed (T1 and below) interfaces, where the default is 60 seconds.
8.
What is the default hold time?
The EIGRP default hold time is three times the Hello interval.
9.
What is the difference between the neighbor table and the topology table?
The neighbor table stores information about EIGRP-speaking neighbors; the topology table lists all known routes that have feasible successors.
10.
What is the feasibility condition?
The feasibility condition is the rule by which feasible successors are chosen for a destination. The feasibility condition is satisfied if a neighbor's advertised distance to a destination is lower than the receiving router's feasible distance to the destination. In other words, a router's neighbor meets the feasibility condition if the neighbor is metrically closer to the destination than the router. Another way to describe this is that the neighbor is "downstream" relative to the destination
11.
What information must be stored in the route table?
At a minimum, each entry of the routing table must include a destination address and the address of a next-hop router or an indication that the destination address is directly connected.
12.
What does it mean when a route table says that an address is variably subnetted?
Variably subnetted means that the router knows of more than one subnet mask for subnets of the same major IP address.
P a g e | 108
13.
What are discontiguous subnets?
Discontiguous subnets are two or more subnets of a major IP network address that are separated by a different major IP address.
14.
What command is used to examine the route table in a Cisco router?
Show ip route is used to examine the routing table of a Cisco router.
15.
What are the two bracketed numbers associated with the non-directly connected
routes in the route table?
The first bracketed number is the administrative distance of the routing protocol by which the route was learned. The second number is the metric of the route.
16.
When static routes are configured to reference an exit interface instead of a next-
hop address, in what way will the route table be different?
When a static route is configured to reference an exit interface instead of a next-hop address, the destination address will be entered into the routing table as directly connected.
17.
What is a summary route? In the context of static routing, how are summary routes
useful?
A summary route is a single route entry that points to multiple subnets or major IP addresses. In the context of static routes, summary routes can reduce the number of static routes that must be configured.
18.
What is an administrative distance?
An administrative distance is a rating of preference for a routing protocol or a static route. Every routing protocol and every static route has an administrative distance associated with it. When a
P a g e | 109
router learns of a destination via more than one routing protocol or static route, it will use the route with the lowest administrative distance.
19.
What is a floating static route?
A floating static route is an alternative route to a destination. The administrative distance is set high enough that the floating static route is used only if a more-preferred route becomes unavailable.
20.
What is the difference between equal-cost and unequal-cost load sharing?
Equal-cost load sharing distributes traffic equally among multiple paths with equal metrics. Unequal-cost load sharing distributes packets among multiple paths with different metrics. The traffic will be distributed inversely proportional to the cost of the routes.
21.
Which command in OSPF shows the network LSA information?
The command show ip ospf [process-id area-id] database network displays the network linkstate information.
22.
What command would you use to create a totally stubby area?
The command area area-id stub no-summary will create a totally stubby area. This is a subcommand to the router ospf process-id command. It is necessary only on the ABR, but all the other routers in the area must be configured as stub routers.
23.
What is a virtual link, and what command would you use to create it?
A virtual link is a link that creates a tunnel through an area to the backbone (Area 0). This allows an area that cannot connect directly to the backbone to do so virtually. The command to create the link is area area-id virtual-link router-id. Note that the area-id that is supplied is that of the transit area, and the router-id is that of the router at the other end of the link. The command needs to be configured at both ends of the tunnel.
P a g e | 110
24.
Where would you issue the command to summarize IP subnets? State the command
that is used.
Summarization is done at area boundaries. The command to start summarization is the area range command, with the syntax area area-id range address mask. To summarize external routes, use the summary-address command on the ASBRs.
25.
How would you summarize external routes before injecting them into the OSPF
domain?
The command summary-address address mask is the command that you would use.
26.
When is a virtual link used?
A virtual link is used when an area is not directly attached to the backbone area (Area 0). This may be due to poor design and a lack of understanding about the operation of OSPF, or it may be due to a link failure. The most common cause of an area separating from the backbone is link failure, which can also cause the backbone to be segmented. The virtual link is used in these instances to join the two backbone areas together. Segmented backbone areas might also be the result of two companies merging.
27.
Give the command for defining the cost of a default route propagated into an area.
The command to define the cost of a default route propagated into another area is area area-id default-cost cost.
28.
Give an example of when it would be appropriate to define a default cost.
It is appropriate to define a default cost for the default route when a stub area has more than one ABR. This command allows the ABR or exit point for the area to be determined by the network administrator. If this link or the ABR fails, the other ABR will become the exit point for the area.
P a g e | 111
29.
On which router is the area default cost defined?
The default cost for the default route is defined on the ABR. The ABR will then automatically generate and advertise the route cost along with the default route.
30.
Give the command to configure a stub area and state on which router it is
configured.
The command syntax to configure a stub area is area area-id stub. This command is configured on the ABR connecting to the area and on all the routers within the area. Once the configuration is completed, the Hellos are generated with the E bit set to 0. All routers in the area will only form adjacencies with other routers that have the E bit set.
31.
What is the purpose of the area range command, and why is it configured on the
ABR?
The area range command is configured on an ABR because it dictates the networks that will be advertised out of the area. It is used to consolidate and summarize the routes at an area boundary.
32.
Give the commands to configure a router to place subnets 144.111.248.0 through to
144.111.255.0 in Area 1 and to put all other interfaces into Area 0.
The commands are as follows: network 144.111.248.0 0.0.7.255 area 1 network 0.0.0.0 255.255.255.255 area 0
33.
Give the syntax to summarize the subnets 144.111.248.0 to 144.111.254.255 into
another autonomous system.
The syntax is as follows: summary-address 144.111.248.0 255.255.248.0
P a g e | 112
34.
Explain briefly the difference between the area range command and the summary-
address command.
The area range command is used to summarize networks between areas and is configured on the ABR. The summary-address command is used to summarize networks between autonomous systems and is configured on the ASBR.
35.
Explain the following syntax and what it will achieve: area 1 stub no-summary.
The command area 1 stub no-summary creates a totally stubby area. The number after the word area indicates the area that is being defined as a totally stubby area. This is necessary because the router might be an ABR with connections to many areas. Once this command is issued, it prevents summarized and external routes from being propagated by the ABR into the area. To reach the networks and hosts outside the area, routers must use the default route advertised by the ABR into the area.
36.
Why would you configure the routing process to log adjacency changes as opposed
to turning on debug for the same trigger?
The reason to configure the router process to log adjacency changes to syslog as opposed to running debug is an issue of resources. It takes fewer router and administrator resources to report on a change of state as it happens than to have the debugger running constantly. The debug process has the highest priority and thus everything waits for it.
37.
Give some of the common reasons that neighbors fail to form an adjacency.
Many OSPF problems stem from adjacency problems that propagate throughout the network. Many problems are often traced back to neighbor discrepancies. If a router configured for OSPF routing is not seeing an OSPF neighbor on an attached network, do the following: - Make sure that both routers are configured with the same IP mask, MTU, Interface Hello timer, OSPF Hello interval, and OSPF dead interval.
P a g e | 113
- Make sure that both neighbors are part of the same area and area type. - Use the debug and show commands to trace the problem.
38.
When configuring a virtual link, which routers are configured?
The configuration is between the ABRs, where one of the ABRs resides in Area 0 and the other in the area that is disconnected from the backbone. Both of the ABRs are also members of the transit area. Having created the virtual link, both ABRs are now members of Area 0, the disconnected area, and the transit area.
39.
What does the command area 1 default-cost 15 achieve?
The command area 1 default-cost 15 will assign a cost of 15 to the default route that is to be propagated into the stub area. This command is configured on the ABR attached to the stub area.
40.
Explain what is placed in the parameters area-id and router-id for the command
area area-id virtual-link router-id.
The parameter area-id is the area ID of the transit area. So if the ABR in Area 0 is creating a virtual link with the ABR in Area 3 through Area 2, the area ID stated in the command is Area 2. The router ID is the router ID of the router with whom the link is to be formed and a neighbor relationship and adjacency established.
41.
What port does RIP use?
RIP uses UDP port 520.
42.
What metric does RIP use? How is the metric used to indicate an unreachable
network?
RIP uses a hop count metric. An unreachable network is indicated by setting the hop count to 16, which RIP interprets as an infinite distance.
P a g e | 114
43.
What is the update period for RIP?
RIP sends periodic updates every 30 seconds minus a small random variable to prevent the updates of neighboring routers from becoming synchronized.
44.
How many updates must be missed before a route entry will be marked as
unreachable?
A route entry is marked as unreachable if six updates are missed.
45.
What is the purpose of the garbage collection timer?
The garbage collection timer, or flush timer, is set when a route is declared unreachable. When the timer expires, the route is flushed from the route table. This process allows an unreachable route to remain in the routing table long enough for neighbors to be notified of its status
46.
What is a VLAN? When is it used?
Answer: A VLAN is a group of devices on the same broadcast domain, such as a logical subnet or segment. VLANs can span switch ports, switches within a switch block, or closets and buildings. VLANs group users and devices into common workgroups across geographical areas. VLANs help provide segmentation, security, and problem isolation.
47.
When a VLAN is configured on a Catalyst switch port, in how much of the campus
network will the VLAN number be unique and significant?
Answer: The VLAN number will be significant in the local switch. If trunking is enabled, the VLAN number will be significant across the entire trunking domain. In other words, the VLAN will be transported to every switch that has a trunk link supporting that VLAN.
P a g e | 115
48.
Name two types of VLANs in terms of spanning areas of the campus network.
Answer: Local VLAN End-to-end VLAN
49.
Generally, what must be configured (both switch and end-user device) for a port-
based VLAN?
Answer: The switch port
50.
What is the default VLAN on all ports of a Catalyst switch?
Answer: VLAN 1
51.
What is a trunk link?
Answer: A trunk link is a connection between two switches that transports traffic from multiple VLANs. Each frame is identified with its source VLAN during its trip across the trunk link.
52.
What methods of Ethernet VLAN frame identification can be used on a Catalyst
switch trunk?
Answer: 802.1Q ISL
53.
What is the difference between the two trunking methods? How many bytes are
added to trunked frames for VLAN identification in each method?
Answer: ISL uses encapsulation and adds a 26-byte header and a 4-byte trailer. 802.1Q adds a 4-byte tag field within existing frames, without encapsulation.
P a g e | 116
54.
What is the purpose of the Dynamic Trunking Protocol (DTP)?
Answer: DTP allows negotiation of a common trunking method between endpoints of a trunk link.
55.
What commands are needed to configure a Catalyst switch trunk port Gigabit 3/1
to transport only VLANs 100, 200 through 205, and 300 using IEEE 802.1Q? (Assume that trunking is enabled and active on the port already. Also assume that the interface gigabit 3/1 command already has been entered.)
Answer: switchport trunk allowed vlan 100, 200-205, 300
56.
Two neighboring switch trunk ports are set to the auto mode with ISL trunking
encapsulation mode. What will the resulting trunk mode become?
Answer: Trunking will not be established. Both switches are in the passive auto state and are waiting to be asked to start the trunking mode. The link will remain an access link on both switches.
57.
Complete the following command to configure the switch port to use DTP to actively
ask the other end to become a trunk: switchport mode _________________ Answer: switch port mode dynamic desirable
58.
Which command can set the native VLAN of a trunk port to VLAN 100 after the
interface has been selected?
Answer: switch port trunk native vlan 100
59.
What command can configure a trunk port to stop sending and receiving DTP
packets completely?
Answer: switch port no negotiate
P a g e | 117
60.
What command can be used on a Catalyst switch to verify exactly what VLANs will
be transported over trunk link giga bit ethernet 4/4?
Answer: show interface gigabitethernet 4/4 switch port or show interface giga bit ethernet 4/4 switchport trunk
61.
Suppose that a switch port is configured with the following commands. A PC with a
nontrunking NIC card then is connected to that port. What, if any, traffic will the PC successfully send and receive?
interface fastethernet 0/12 switch port trunk encapsulation dot1q switch port trunk native vlan 10 switchport trunk allowed vlan 1-1005 switchport mode trunk
Answer: The PC expects only a single network connection, using a single VLAN. In other words, the PC can't participate in any form of trunking. Only untagged or unencapsulated frames will be understood. Recall that an 802.1Q trunk's native VLAN is the only VLAN that has untagged frames. Therefore, the PC will be capable of exchanging frames only on VLAN 10, the native VLAN.
62.
What is an OSPF neighbor?
From the perspective of an OSPF router, a neighbor is another OSPF router that is attached to one of the first router's directly connected links.
63.
What is an OSPF adjacency?
An OSPF adjacency is a conceptual link to a neighbor over which LSAs can be sent.
P a g e | 118
64.
What is an LSA? How does an LSA differ from an OSPF Update packet?
A router originates a link state advertisement to describe one or more destinations. An OSPF Update packet transports LSAs from one neighbor to another. Although LSAs are flooded throughout an area or OSPF domain, Update packets never leave a data link.
65.
What is a link state database? What is link state database synchronization?
The link state database is where a router stores all the OSPF LSAs it knows of, including its own. Database synchronization is the process of ensuring that all routers within an area have identical link state databases.
66.
What is the default HelloInterval?
The default OSPF HelloInterval is 10 seconds.
67.
What is the default RouterDeadInterval?
The default RouterDeadInterval is four times the HelloInterval.
68.
What is a Router ID? How is a Router ID determined?
A Router ID is an address by which an OSPF router identifies itself. It is either the numerically highest IP address of all the router's loopback interfaces, or if no loopback interfaces are configured, it is the numerically highest IP address of all the router's LAN interfaces.
69.
What is an area?
An area is an OSPF sub-domain, within which all routers have an identical link state database.
P a g e | 119
70.
What is the significance of area 0?
Area 0 is the backbone area. All other areas must send their inter-area traffic through the backbone.
71.
What is MaxAge?
MaxAge, 1 hour, is the age at which an LSA is considered to be obsolete.

Ccna Lab Guide

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ccna Lab Guide

Hochgeladen von

Copyright:

Verfügbare Formate

P age |1

2. Basic Router Configurations

3. Configuration of Static Routing protocol

4. Configuration of Dynamic Routing Protocol

5. Remote Accessing of Computers - Telnet 6. Configuration of Access Control List (ACL)

7. Configuration of Network Address Translation (NAT)

8. Configuration of Dynamic Host Configuration Protocol (DHCP)

9. Configuration of Virtual Local Area Network (VLAN)

10. Configuration Inter-VLAN

11. Configuration of Virtual Trunking Protocol (VTP)

15. CCNA Interview Questions.

BASIC NETWORKS LAB

NET MEETING NETMEETING:

Step 1: start Run conf click on OK

Step 2: Click on Next

Step 4: Dont check on any check box. Click on Next

Step 5: Click on the speed of your connection and click on Next

Step 6: Check on both the check box and click on Next

Step 7:click on Next

Now the Net meeting has been installed successfully.

BASIC ROUTER CONFIGURATIONS

ROUTER CONFIGURATION MODES

c. GLOBAL CONFIGURATION MODE:

d. INTERFACE / SPECIFIC CONFIGURATION MODE:

MOVING BETWEEN MODES MODES

Router# configure terminal

Example for Basic router configurations:

To view the interface details

For example to know the router0 interface details

Router0#show ip interface brief

Output: Interface IP-Address OK? Method Status Protocol

CONFIGURATION OF STATIC ROUTING PROTOCOL

CONFIGURATION OF DYNAMIC ROUTING PROTOCOL

A. ROUTING INFORMATION PROTOCOL (RIP):

Gateway of last resort is not set

101.0.0.0 is directly connected, Serial0/1/1

B. ENHANCED INTERIOR GATEWAY PROTOCOL (EIGRP)

The main features of EIGRP are listed here:

Router(config)#router eigrp <1-65535> Router(config-router)#passive-interface <interface name> <interface number>

Gateway of last resort is not set

101.0.0.0 is directly connected, Serial0/1/1

C. OPEN SHORTEST PATH FAST (OSPF)

Router(config)#router ospf <1-65535>

CONFIGURING THE OSPF:

To view the topological database used in ospf, Router#show ip ospf database

To view all interfaces related to OSPF information, Router#show ip ospf interface

Gateway of last resort is not set

101.0.0.0 is directly connected, Serial0/1/1

REMOTE ACCESS OF COMPUTERS TELNET

process at a serving site as logically equivalent to a terminal

connected to the serving site.

User Access Verification

YES manual administratively down down up

YES manual administratively down down

10.0.0.0/8 is directly connected, FastEthernet0/0 30.0.0.0/30 is subnetted, 1 subnets

30.0.0.0 is directly connected, Serial0/1/0

S* 0.0.0.0/0 [1/0] via 30.0.0.2

cisco1#enable cisco1#telnet 30.0.0.2 Trying 30.0.0.2 ...

User Access Verification

YES manual administratively down down up

YES manual administratively down down

Gateway of last resort is 30.0.0.1 to network 0.0.0.0

20.0.0.0/8 is directly connected, FastEthernet0/0 30.0.0.0/30 is subnetted, 1 subnets